Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works, Inc. Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How Hackers Steal Your Data (Part 2 of 2)

In Part 1 How Hackers Steal Your Data of our data hacking article, we explored two of the most common methods cybercriminals are using to attempt to access your data. In Part 2, we’ll look at three slightly more sophisticated attacks that you should be aware of to properly steel yourself against data breach attempts.

Social Engineering

A catch-all term that can include phishing (discussed in Part 1 of this article), social engineering uses your real-world instincts against you to get you to divulge information you usually would be hesitant to reveal. Typically speaking, hackers use technological vulnerabilities to exploit holes in your cybersecurity, but in social engineering attacks, hackers lean on your personal weaknesses.

Some examples of this might be:

• A hacker calling and posing as a client who’s locked out of their account and needs you to give them access.
• A hacker calling or emailing pretending to be a local charity asking for financial information to make a donation.
• A hacker texting you posing as a friend, boss, or coworker that needs urgent help.

Relying on psychological manipulation, these few examples illustrate the importance of slowing down, staying skeptical, and carefully reviewing any “urgent” issues before taking action. Be wary of links or downloads even if they seem to be from a trusted source, set your email spam filters to the highest setting, and always be wary of anyone asking for credentials in a text, email, or phone call if you want to avoid being misled by this form of emotional manipulation.

Man-In-The-Middle Attacks

In a man-in-the-middle (MITM) attack, an adept hacker will use IP, ARP, or DNS spoofing to position themselves in the middle of a conversation between you and an application to intercept user traffic. After they’ve intercepted this traffic, the attacker will decrypt it using HTTP spoofing or SSL hijacking to avoid detection. This allows them to then monitor and control the session and steal account details, log-in credentials, banking info, etc. A MITM attack is hard to detect, but can be prevented with due diligence. Avoiding the use of free Wi-Fi hotspots, closing out secure connections when they are not in use, and steering clear of unsecured websites are key preventative measures you should be taking to avoid this scenario. If you’re also a web administrator, you’ll want to be preventative against these types of attacks on your site by making sure you’re using SSL/TLS to secure each page of your website and not just log-in pages.

IoT Attacks

The wave of the future, The Internet of Things (IoT) is a term used to describe the increasing array of interconnected devices that interact with each other across your network. The more devices become “smart” and connect and share information, however, the more entry points hackers have to gain access to your systems. It might seem far-fetched, but hackers can actually install viruses or hack into your wireless routers, printers, and any new device you introduce that may connect to your network regularly. If you are investing in IoT devices to stay current, only buy them from reputable vendors with track records for reliable security. Many businesses are also guilty of sticking with the factory preset passwords that come out-of-the-box with new devices. These factory passwords are often not strong enough, are easily found in product manuals, or have been made public on databases stored in the dark web. So, make sure you create a unique set of new credentials for each IoT device as soon as you introduce them to your network.

Although using the preventative measures detailed for these five types of attacks can dramatically decrease your chances of data theft, there are endless ways that cybercriminals can target you. Therefore, the true key to making sure you avoid a data breach is to have a plan. This is where an MSP like Capstone Works can help. By assisting you with formulating a comprehensive, structured approach to cybersecurity, we can streamline the time-consuming tasks of learning about new threats, keeping your systems up-to-date, and educating your team. Contact Capstone Works today to put your cybersecurity plan in motion.

Continue reading

How Hackers Steal Your Data (Part 1 of 2)

securityIt’s no secret that your data is a hot commodity. Each day sophisticated cybercriminals attempt to make money by stealing your private information to pose as you, blackmail you, or simply sell your information to someone who will. If you want to stay in business, you’ll need to be able to thwart these attempts. But to do so, you must understand the increasingly advanced methods hackers use. In this two-part article, we’ll examine the techniques hackers are currently employing to gain access to your sensitive data.

Cracking Passwords

The fact that hackers might simply guess your passwords probably seems painfully obvious, but the hard truth is that many companies still lack proper password management. If your password is a series of common words, a dictionary attack can use algorithms to cycle through a word database and quickly discover your chosen phrase.

Simply adding some numbers won’t be enough, either, as hackers can up the ante with a brute force attack which allows them, with some additional computing power, to cycle through alpha-numeric combinations until they strike gold.

And if they are very determined and well equipped, a hacker can also use a rainbow table attack. When passwords are attempted, they are “hashed” to avoid sending the actual plaintext password over the communication line. In this type of attack, pre-computed tables are used to recover these hashes and reverse them to reduce guessing time and discover complex passwords.

To prevent these, you’ll need to create unique passwords that are more than ten characters long and have a mix of numbers, lowercase and uppercase letters, and symbols for each account. One popular trick for this is to think of a phrase and codify it. For example, “Cousin Greg lives in Seattle” becomes “C0u$iNGr3gLiV3SinS3ATtLE”.

Additionally, you should use multi-factor authentication whenever possible so that your password isn’t the only thing standing between an attacker and access to your accounts.

Phishing Schemes

One of the most common methods of data hacking, phishing scams are so effective, they’ve produced many high-profile data breaches including the hacking of Clinton campaign chairman John Podesta, who unknowingly gave up his Gmail password, and Snapchat, where an employee gave up payroll information that led to widespread identity theft.

In a phishing scheme, disguised e-mails are used to lure the recipient into a trap. Posing as a trusted source, such as someone you do business with, your bank, or your email provider, hackers trick you into providing them information directly, clicking a link that leads you to a fake site, or downloading an attachment that then allows them access to your system. One of the oldest tricks in the book, phishing is an evergreen technique that is continually being re-invented in order to become harder to spot.

The best way prevent being hooked in by a phishing scam is to study the way they are being used and stay vigilant. Make sure to check the spelling of URLs in email links and watch out for URL redirects. Keep your browsers up-to-date to ensure you have the most recent security patches and install anti-phishing toolbars on your browser that can run checks on sites you visit and compare them to a database of known phishing sites. And, of course, never give out personal information over email.

These are two of the most popular ways attackers attempt to gain access to your system but stay tuned for Part 2 of this article as we dive into three more sophisticated methods cyber attackers are currently using. Concerned you’re not as safe as you thought? Contact Capstone Works immediately. Our cybersecurity professionals have the expertise to make sure you’re one step ahead of the latest tricks, scams, and hacks that could threaten your business.

Continue reading

Is It Time To Upgrade The Operating System On Your Office Devices?

Are you using Windows 7, older versions of Outlook for email, or Windows Server version 2011 and below? If so, it’s time beproactiveto learn about Microsoft’s End of Life Support. You do not want to find yourself in need of tech support for an unsupported product. That’s why being prepared is critical. What products are nearing the end of their support life cycle and what can you do to help your business stay on top of these changes?

First, it is important to know when products are being phased out. Microsoft has specific product life cycles. According to their website, support for Windows 7 ends on January 14, 2020. That gives users less than one year to prepare. Windows 7 launched on October 22, 2009, at which time Microsoft committed to ten years of product support. As this time period expires, it is important to note that this lack of support can leave you vulnerable if you do not upgrade your Operating System. For example, those automatic updates that many users get in the habit of ignoring often include critical security patches that you will no longer receive. If you’re using Windows 7, it is time to upgrade. 

Now that you are thinking about upgrading your Operating System, how do you get started? The process can certainly sound overwhelming. You may have questions or, alternatively, you may be unsure as to what questions you should be asking. It’s time to contact a trusted Managed Service Provider like Capstone Works to help you navigate this process.

What else do you need to know to keep your IT updated? Microsoft has been moving toward a subscription-based model, pushing clients and companies to move toward Office 365 subscriptions instead of the old model of buying a disc, loading Microsoft Office onto your device, and having a perpetual license for the product. Users who have a perpetual license, such as those on Office 2016, will need to upgrade by 2020 in order to use their product in conjunction with the suite of Office 365 products, like SharePoint and Exchange. These end dates are important to keep track of in order to keep all of your products working together. When you connect Office 365 products with “legacy” versions of Microsoft tools, you do not benefit from the full range of the current product capabilities and certain aspects may not work properly. Therefore, it is important to have a trusted Managed Service Provider on your side to help you keep everything working together, make timely upgrades, and keep track of product lifecycle end dates.

How else can Capstone Works help? We can guide you as you choose the right IT products and software solutions for your office. For example, we can go over the pros and cons of moving to Office 365 now, staying with a perpetual license model, or waiting until the End of Life deadline to make any changes. With all the other aspects of running a business taking up time, it can be a challenge for business decision-makers to navigate the many options available. We are here to take IT off your plate and help you ensure you are making the best, most informed decisions possible in a timely manner. With a partner like Capstone Works on your side, you will not be caught off guard when a product nears the end of its support life cycle, and you will be able to make proactive, informed business IT decisions.

Contact Capstone Works today and be prepared for any changes technology companies throw your way!

Continue reading

Preventing Data Breaches on Data Privacy Day

b2ap3 medium network securityThe start of 2019 comes with promises of many new technologies that you, as a business decision-maker, can use to help grow your business. Though these new avenues can open many doors for your business, these advancements are also creating new vulnerabilities and avenues for hackers, thieves, and phishers to take advantage of. Luckily, Data Privacy Day is right around the corner.

The day is celebrated on the 28th of January each year and is intended to educate users on data privacy to promote a safer, more secure, and more private internet for citizens all over the world. It’s also a good day for people to review their social media privacy settings, update old passwords, and take a look at the state of your digital data security. 

The purpose and goals of Data Privacy Day are of particular importance to businesses. Each year, millions of businesses face attacks to their security as a result of totally preventable vulnerabilities within their IT infrastructure. While not all attacks turn into breaches, that doesn’t mean they’re not cause for concern. 

So, what can you do to protect yourself this Data Privacy Day? Depending on your business, a good place to start is to increase your password security. This can be done by requiring more complex passwords from your employees, requiring they change them up regularly, and by instating two-factor authentication, which provides additional security to confirm the person logging into your network is legitimate.

If you haven’t already, setting up firewalls and using encryption to secure your network is also a great idea to keep out hackers. Additionally, limiting privileges to certain parts of your network only to those for whom access is necessary. This limits the potential that certain information will fall into the wrong hands.

Finally, having back-ups, either of your entire environment, or simply of vital data, is one of the best ways to prevent attacks that corrupt, steal, or try to ransom your data.

Whatever your needs, Capstone Works takes the initiatives of Data Privacy Day to heart. We will work with you to craft a customized security plan that will prevent attacks from happening and keep your business’ data safe and secure.

Not only have we made it our mission to stay updated on all the latest possible threats to your industry, but we also work to educate our clients on these matters, and make sure they’re able to make informed decisions about how to protect their businesses.

After an audit of your current security infrastructure, we can determine where your vulnerabilities lie and prevent them from being used against you. Whether you need as simple a fix as a software patch, or a more substantial overhaul of your internal security procedures, like making sure users are forced to use secure passwords, servers run on secure protocols, etc., Capstone Works has you covered.

Start your New Year off right. Data Privacy Day is a great time to give your business’ security measures an update, so don’t pass by without a second thought. Contact Capstone Works today and rest assured that 2019 will be a great year for your business.

Continue reading

Does Your Workplace have a Bring Your Own Device (BYOD) Policy?

tabletWe are in the business of making sure you are prepared for whatever today’s ever-changing technology environment will throw your way. One of the biggest current trends is Bring Your Own Device, or BYOD. BYOD is exactly what it sounds like — your employees using their own devices in the work-place. With the holidays coming up, and employees receiving new devices, much of your workforce will be equipped to handle a BYOD policy. As this practice becomes more common, it is time to craft an official policy to help protect your business from the risks.

A Bring Your Own Device Policy outlines the rules around employees using their own laptops, tablets, and smartphones for work, whether that means in-office work, or work from home. Today, much of the workforce accesses work files remotely on personal devices. If you do not yet have a BYOD poli-cy, it is time to build one.

Why do you need to set a policy?

There are particular risks and benefits that arise when employees use their own devices. To be sure you enjoy the benefits and decrease the risks, you need a policy that helps employees understand how best to utilize their personal devices in the workplace. You need a formalized document that sets rules and protections in place so that employees have the tools to use their own devices without put-ting your network at risk.

Given that human error is the biggest flaw that hackers exploit, developing a policy and educating your employees as to BYOD best practices is critical to the health of the modern business. But first, do you even want to permit this practice? When making this decision, it’s important to know the benefits you can expect.

What are the benefits of BYOD?

Employee morale
Team members get to work on the devices with which they are most confident and familiar. For example, instead of being a Mac user at home who has to adjust to a PC at the office, or vice versa. Em-power them to work when they feel most efficient and creative, rather than having to wait to get to their office desktop device. Additionally, they may enjoy access to business software in their down-time that they would not have bought themselves, like Adobe Creative Cloud, and come to view it as another perk of the job.

Newer technology
Your employees may opt to upgrade their devices more frequently than the company does.

Reduced costs
When your employees use their existing smartphone rather than a work-provided device, you can en-joy a cost-savings. Similarly, instead of buying a laptop when you onboard a new employee, you may only need to purchase supplemental software like Photoshop and antivirus solutions.

Convenience
Save your team the annoyance of switching between personal and work phones, or accidentally leaving an important document on their workplace desktop and being unable to retrieve it when they want to continue the project over the weekend.

While you can see there are many benefits of allowing your team to work on their own devices, there are many risks and complications that can arise if this practice is not implemented with a policy in place.

Your employees are not all going to be IT professionals, and that means that BYOD policies leave more room for user error and security risks than if every worker is using devices selected and maintained by your IT department. You will need to set specific security policies, and look at providing a secure net-work for your employees to access from home, rather than accessing unsecured WiFi networks. When you implement a BYOD policy, you necessarily give up a level of control; and when an employee leaves, that device goes with them. If you do not have a set policy, there is a risk they could be taking potentially sensitive information with them, like company passwords. That doesn’t mean you shouldn’t implement BYOD at your company, only that you need IT experts in your corner to help you do it. That’s what Capstone Works is here for. Contact us with any of your BYOD questions and we can help you determine your next steps. We help you anticipate the pitfalls of empowering employees to bring their own devices into the workplace so that you can avoid them, and enjoy the benefits instead.

We have outlined some of the general productivity, cost and convenience considerations. We can also help you assess the costs and benefits of a BYOD policy for your unique business, and create a strategy for you. Ultimately, BYOD is becoming a more and more common business practice, but is it right for your company? We can answer that together. Contact Capstone Works today!

Continue reading

Latest News & Events

Capstone Works, Inc. is proud to announce the launch of our new website at http://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works, Inc. can do for your business.

Call Us Today
Call us today
(512) 343-8891 x2

715 Discovery Blvd
Suite 101

Cedar Park, Texas 78613