Cloud Services: Solving Data Storage

Data storage is an issue that every business will have to face at one point or another. Data accessibility is crucial for efficient operations. However, it can be a challenge to ensure that data is both readily available and secure. Cloud services are the answer to that challenge.

Before the Cloud

Before cloud services were widely in use, businesses historically stored their data on physical storage devices. These storage methods included hard drives, flash drives, and SSD’s. They presented two major challenges.

First, data can be easily lost using these storage methods since equipment is vulnerable to physical damage. Second, data stored on hard drives requires someone to be in close proximity to gain access. 

As a result, data silos were a common experience before the cloud. Data often became trapped in the hands of one person or department within an organization.

For this reason, collaboration is much more difficult within businesses that do not use the cloud to store essential data.

Since the concept of the cloud was first popularized over a decade ago, cloud availability has increased and the service cost has dropped considerably.

The use of cloud services is no longer limited to major corporations, but increasingly used by small and mid-sized businesses alike. The new data storage method comes with unquestionable security and accessibility benefits.

Secure Data

There are many occurrences that can pose a threat to data stored locally. To start, there is always a possibility of machine failure, infection, or theft. Additionally, your data becomes vulnerable to natural disaster or accidental occurrences such as a fire or flooding.

Cloud services offer businesses a chance to store data remotely and redundantly. Redundant storage refers to information being stored in at least two locations. This guards against external threats like those mentioned above.

Accessible Data

The growth of a business is dependent on ironing out processes that impede daily operations. One major obstruction to operations can be difficulty accessing data.

This obstruction can inhibit employee productivity and lead to wasted resources. For instance, if one department within a business has control of data that could be useful to another department, cloud services help to bridge that gap.

Service & Support

If you are not currently using cloud services to support your business, a managed service provider can give you the support you need to better manage your data. Talk to a Starfish specialist today about the cloud services we offer to provide support to your business.

Managed IT Services: Why Your Business Needs Them

Technology has integrated into every part of business operations. As a result, many organizations are looking outside of their own workplace to meet increasing IT needs. Managed IT Services offer companies a chance to meet these evolving demands through the use of a third-party IT provider. This provider is commonly referred to as a managed service provider(MSP).

Managed service providers offer either complete or supplemental IT services. Complete IT services may be ideal for businesses who do not have a current IT provider. In contrast, supplemental services allow businesses with a dedicated IT team to outsource as needed.

Let’s examine some of the reasons a business may consider bringing on an MSP to handle specific IT needs.

Address IT needs proactively.

Whether a business is in the market for complete or supplemental IT services, one thing is certain. All businesses must approach IT needs proactively.

With virtual landscapes constantly changing, the need for dedicated personnel to keep up with those changes has become a necessity.

Prevent network downtime.

Businesses across every industry depend on proper network function. Networks allow them to connect their employees, provide access to essential information, and perform key business functions.

As a result, downtime can be costly, resulting in a loss of sales and new customers. Moreover, it can also lead to a decrease in productivity, loss of data and have an adverse affect on brand reputation.

Understaffing is one common reason for frequent IT outages. If there is not a dedicated team to monitor the network 24/7, downtime is likely.

Cut in-house IT costs.

Savings potential is a driving factor for many businesses to outsource IT needs. For small to medium-sized businesses with limited resources, outsourcing is a great way to cut back on operational costs.

Outsourcing cost advantages can vary depending on the task. However, there are consistent savings brought by reducing or eliminating training costs, salaries and benefits.

Businesses can hire skilled professionals to perform work as needed. This can cut the hefty cost of an in-house IT team. Alternatively, if an onsite team is essential, MSP’s can be great to use for focused projects or tasks. By reserving unplanned needs for MSP’s, businesses can allow onsite employees to stay dedicated to long term IT goals. Moreover, businesses can save money by paying on a per product basis, without taking on additional staff expenses.

Address remote office IT needs.

The workplace has shifted drastically in the wake of COVID-19. We shared some tips recently for businesses as they adjust to the demands of this new norm of remote work. To be clear, part of that plan should include consulting with an IT professional.

Employees working from home have opened the door in new ways to cybercriminals. It is imperative to have a dedicated team working twice as hard to counteract those risks.

Communication has largely taken place in a controlled, centralized environment. It has now been spread across open format platforms such as Zoom that are difficult to secure.

Globally, the Managed Services market is on track to meet growth projections from $178.5 billion in 2019 to 309.4 billion by 2025. The COVID-19 pandemic may contribute to market growth estimates being reached sooner due to an increased demand for cybersecurity talent.

If you are looking for an MSP to meet your business’s current IT needs, call us today and speak to a Starfish specialist. We’ll show you the difference between Starfish and other IT companies!

If you’re still wondering how Managed IT Services fit into your business model, here is some information you might find useful.

Phishing Scams Employees Must Avoid

In 2020, security threats have risen to an all-time high. Many of these threats come in the form of phishing scams. Phishing scams trick you into exposing sensitive information like passwords, account numbers and other personal information. 

This information in the wrong hands can be detrimental to any individual or business.  Scammers commonly pose as an individual or institution that you trust. For instance, they may do so through fake emails, websites, or social accounts. Commonly, they will assume the  identity of your bank, an online store you’ve purchased from, a government agency or even a coworker.

Top phishing scams of 2020

Scammers are constantly finding new ways to deceive innocent people. They change their tactics often to catch their unknowing victims off guard. As a result, thousands of phishing attacks take place every day. Here are some to watch out for:

  1. Typosquatting 

Hackers will buy domain names of common misspellings for reputable companies. For instance, to target Apple Customers, a hacker might purchase the domain “”. Moreover, they can build a site that looks legitimate to any visitors unlucky enough to find it. That site could lead to malware being downloaded onto a device. Additionally, it may result in your information being collected during an attempted log-in.

  1. Fake Log-In Pages

Fake log-in pages mimic trusted sites like an email account. They can be fairly difficult to distinguish from a valid page. As a result, login credentials can easily be compromised. This is perhaps the easiest way for a hacker to gain access to an account.

  1. Business Email Targeting

Business email targeting is a phishing tactic focused on specific people within an organization. Technology and financial companies are the most frequent targets. Once scammers have gained access to specific business emails, they can use deceptive tactics to reach key stakeholders. As a result, they can extract business or personal funds from their intended victims. This type of phishing has risen with many employees working from home. We explore similar challenges and offer tips in a recent blogpost on cybersecurity tips for remote work.

  1. Deepfake Scamming

Deepfake technology uses artificial intelligence to manufacture fake audio content. In 2019, deepfake technology allowed scammers to extract nearly a quarter of a million from the CEO of a UK-based company. Similar scams will only rise in the approaching months. 

Can you stop phishing attempts?

The best way to stop phishing attempts is to ensure a secure network. Firstly, speak to your managed service provider or in-house IT team about how to properly safeguard your business from such attacks. If you don’t have a designated team to handle this, we’re happy to help. You can schedule a consultation today with a Starfish specialist to address all of your current security needs.

However, even with security systems in place, there is still a chance of some phishing attacks being successful. Secondly, you should always remain cautious of any suspicious emails and learn to recognize indications that an email is fraudulent. Be aware of language that is incongruent with the supposed sender.

Thirdly, start using multi-factor authentication for added protection. This protocol requires additional credentials outside of a username and password to access an account. These additional credentials form another security layer that is unlikely to be accessed by scammers.

Navigating the cyber world becomes more difficult each day with rising attempts from scammers. Stay updated with scams that are currently circulating. This will ensure you protect yourself and your business. 

Portland Bans Facial Recognition Software

Portland has become the fifth U.S city to block the use of facial recognition software.

Mayor Ted Wheeler and Commissioner Jo Ann Hardesty introduced a bill jointly that restricted use of the technology. It passed unanimously Wednesday, September 9, 2020.

The new law prevents police departments from using facial recognition software to identify suspects. It also keeps private businesses from using this software.

Delta Airlines had already began to use this software to allow entry onto flights. Moreover, a convenience store in Portland also used it to identify customers and grant store access.

Proponents of the software believe that there are many industries that would benefit from using it. However, facial recognition poses a threat for many reasons.

Why is facial recognition software problematic?

There could be consequences of collecting information without consent. This practice could result in the mishandling or selling of personal data.

Facial recognition software also contains flaws that make it unreliable for its proposed uses. An MIT study found that it showed a clear bias against women and those with darker complexions, often misidentifying them. According to a police department in Detroit, that misidentification occurred 96% of the time, resulting in wrongful arrests. 

“I don’t think anyone in their right mind would use a GPS that is wrong 96% of the time.  You would never get anywhere, especially on time!  So, why would a police department or business arrest someone or ban them from their store based on facial recognition that is inaccurate so often?” said RJ Arhar, CEO of Starfish Computer Corporation.  

It’s not acceptable to trust unreliable software to make such life-altering decisions.

“Imagine if you were that person that was wrongfully identified, arrested and prosecuted, explained RJ Arhar. “Either the technology is not good enough or the people running it don’t know how to use it.  In either, case this is where the technical solution is not solving a problem, it is creating one.  It may work in the movies but it is not ready for the real world.  That’s not to say that it will not work in the future but with that high of a false positive rate it should not be relied upon.”

How Portland compares to other cities in the U.S

As of now, Portland’s ban is the strictest facial recognition ban in the nation, perhaps in the world. There is one major distinction between Portland and other cities who have banned facial recognition software. Those cities did not include private businesses.

Portland takes a step further in its legislation with the introduction of two separate bills. Each bill addresses the private and public sector separately.

The city is leading the way by protecting the rights of its citizens. City leaders hope to serve as a model to other cities that will be faced with the same decision.

Until facial recognition software can perform with greater accuracy rates, it has no place in our society. For now, the risks outweigh the benefits. The best way to protect those most vulnerable to the flaws of this technology is not to use it at all.

5 Cybersecurity Tips for Working Remotely

The COVID-19 outbreak has not only changed the way we live, but it has completely altered the way most of us work. Due to the pandemic, countless companies around the globe have moved their staff from the office to the virtual world, making remote work the primary method of doing business. 

The technologically-advanced reality we live in enables companies and their employees to easily switch from office to remote work, and continue performing all regular duties without any interruptions or complications. In fact, a lot of people worked remotely, full-time or part-time, even before the global health crisis. 

While remote work helps protect people’s health, brings about positive shifts within a company, and increases productivity, it also comes with more than a few challenges. A lot of those challenges are linked to online security, since working at a home environment does not come with the same cybersecurity measures as working at an office. Thus, employees are more likely to make security mistakes at the comfort of their cyber-insecure homes than at the protected workplaces.

Considering the fact that online threats are everywhere, and have further increased with the rise of remote work, companies have to take additional cybersecurity measures and fully adapt their security policies in order to avoid breaches that could be devastating. 

Here are 5 things companies and workers can do to maintain a safe level of cybersecurity

  1. Use strong passwords and two-factor authentication

This policy of using extra strong passwords and two-factor authentication should be applicable to emails, domain names, applications, and everything else employees use on a daily basis to perform their tasks. Additionally, a company should enforce a policy of using different passwords for different things, since a lot of people have a tendency to use the same one across platforms. A business should also set automatic logouts after a period of inactivity, for further safety and security. 

  1. Audit and secure home working environments

It’s extremely important for employees to audit their homes and the devices they use for work, and secure potential threats. All devices, including laptops, phones, and etc. should be updated and scanned regularly, router passwords should be changed, and outdated software should be removed or replaced with newer software. Ideally, employees should perform all tasks on company-managed devices. 

  1. Always use VPN encryption

VPN or Virtual Private Networks are commonly used to bypass geographic restrictions on certain sites and view content that is only available at certain locations. However, they are also used for securing, encrypting and protecting employees’ online data, so that it can’t be exploited. 

  1. Beware of work-from-home scams

Online scams targeting remote workers are literally everywhere, since hackers and cybercriminals are increasingly looking to make money on IT security vulnerabilities that come with the new reality of working from home. Employees should take special precautions when opening emails, since many phishing messages look rather harmless. Companies should also advise employees to never click on links or download attachments from any emails that look even remotely out of the ordinary. 

  1. Avoid using public Wi-Fi networks and keep devices secure 

Companies should advise employees to avoid public Wi-Fi networks at all costs, since those networks can be accessed by many other people, and cybercriminals consistently use them to gain access to people’s data. If employees do have to work in a public space, or if they live with other people who aren’t allowed to see their work information, they have to keep their devices secure with passwords and encryptions.    

The Internet, Deep Web, and Dark Web, Explained

Everyone who uses the Internet has probably come across the terms “Deep Web” and “Dark Web” at a certain point. These terms are thrown around constantly, everywhere, in news, TV shows and movies, but especially in articles that cover IT security, hackers, data breaches and similar World Wide Web related topics.

Since these phrases can be quite confusing for the average Internet user, we’ve created this guide that covers all the basics. 

The Internet

This is pretty straightforward. The Internet is a global system of thousands of networks. We use the good ol’ Internet on a daily basis to access various websites, check our emails, communicate via Facebook, Instagram, other apps, and etc.

The Internet is not one centralized place and it is not owned by one single entity. Rather, it’s a decentralized network of networks that consists of lots of networks run by companies, governments, universities and other entities.   

The most popular way to publish information on the Internet is the internet application known as the World Wide Web. Most people believe it to be synonymous with the Internet itself, however, that’s not the case, as there are other internet applications as well.

The computer programs used to view websites are known as web browsers, the most popular being Google’s Chrome, Apple’s Safari, Mozilla’s Firefox, and others. 

Web searches are carried out through programs known as web search engines that “crawl” through the Internet, search for content, index that content, and rank it so that they can provide the best answer to a search query.

The Deep Web

This is where it gets more complicated. The Deep Web is the portion of the Internet that is not indexed by the big search engines. While the contents of the regular web can be accessed by everyone through a simple search, the contents of the Deep Web cannot, as they don’t appear in search results. 

In order to access something on the Deep Web, a user cannot simply type in a search query and get there. Instead, they need the direct URL or IP address. 

The Deep Web is not necessarily a bad and malicious part of the Internet. A lot of common things such as online banking, web mail, private social media profiles, videos hidden behind a subscription fee, and etc. are included there as well.  

In simple terms, search engines have limited crawling and indexing capabilities, which is why they cannot index the vast space that is the Deep Web. 

The Dark Web

This is where it gets even more complex. The Dark Web is the portion of the Deep Web that is not only not indexed by search engines, but it also requires special software and configurations that use encryption to anonymize web traffic, in order to access.

Since these tools, which include Tor (“The Onion Routing” project) and I2P (“Invisible Internet Project”), provide anonymity to both users who access the websites, and servers where those websites are hosted, the Dark Web is often used for criminal activities. However, due to its privacy, it is also used by law enforcement organizations, cryptologists, journalists and other legitimate businesses and individuals. 

Despite the anonymous nature of the Dark Web and the inability to access it without specific software, it can still affect average Internet users. With the rise of corporate and government hacks, comes the rise of stolen information about regular users and companies for sale on the Dark Web.  

Every user and every company is highly vulnerable to cyber attacks, which is why we offer a Free Dark Web Scan here at Starfish. With this scan, you’ll either receive an ALL-CLEAR or an ALERT of your current risks in just 24 hours.


Satellites Are A Wide-Open Channel For Hackers

The recent Black Hat 2020 Conference went virtual this year, like other major conferences.

The industry-recognized information security event ran August 1-6, 2020 and featured a combination of training, briefings, and keynote speakers.

One keynote, an academic researcher and Oxford doctoral candidate, brought to light some alarming information regarding the widespread accessibility of eavesdropping hacking.

James Pavur spoke about gaps in the communications streaming process created by wide coverage areas.

It turns out that conversations that take place in your home may be open to any prying ear with just a mere $300 in equipment costs needed to gain access.

Satellite communication equipment can be used by attackers from across the globe due to their wide geographical attack area. While outgoing connections from a user to a satellite take place through a narrow channel of communication, the reverse down link between the satellite and the user is a broadcast transmission that is more susceptible to interception.

Pavur demonstrated the process of tuning into channels with a low-cost satellite dish, an easy piece of equipment to acquire second hand. He explained that when paired with a PCIe satellite tuner card and a satellite locator software like EPS Pro, hackers could easily identify vulnerabilities.

This is startling news for the average consumer, but the implications of these capabilities are far-reaching for many industries that rely on satellite ISPs in areas where terrestrial communications are insufficient.

Industries that rely on satellite communication like aviation, oil, and cruise lines are particularly vulnerable. In fact, Pavur cited one example that could give hackers access to the same information your internet service provider sees.

“Imagine a cruise line that has a bunch of Windows devices aboard it ships. This Windows local area network with all that internal LDAP traffic and SDP traffic will be broadcast over the satellite link, giving an eavesdropper perspective from behind the firewall.”

What can businesses do to guard against attack via satellite?

With the presence of commercial satellites increasing, it has become more and more important for businesses to prioritize defending themselves against unwanted access. The first step in this direction is to create and maintain a cybersecurity policy within your organization. Whether your plan consists of in-house IT management or outsourcing, it’s important to have a dedicated team that handles cybersecurity needs.

That team should address the following security needs:

  • Utilize secure tunneling to protect sensitive information
  • Adhere to strong encryption practices for all transmitted data
  • Implement stronger authentication requirements

The attack surface for hackers seems to be expanding at a rate that is difficult for many businesses to keep up with. We’re happy to audit your current cybersecurity system.

Schedule a consultation today with a Starfish Computer specialist!

Here’s Why You Should be Very Worried About the Garmin Hack

Do you wear a smartwatch or other wearable devices? Do you track your health and fitness activities? Do you rely on navigation while driving your car or, perhaps, while you’re out sailing?

If the answer is yes, you should definitely be very worried about the implications of the recent cyber attack on Garmin, the global leader in GPS navigation technology and communication devices, not just for the fitness industry, but for the automotive, marine, aviation, and outdoor markets as well.

On July 23, the company published a vague update on their official Twitter profile:

“We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time. (1/2)

This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)”

After days of Garmin’s systems being down, the company issued a statement confirming the rumors that it was, in fact, hacked.  

“Garmin Ltd. was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation.” 

The statement that the outage had encrypted some of their systems, suggests a confirmation of the speculations that Garmin was hit by a ransomware attack, which affected a big chunk of their data. 

According to BleepingComputer, the ransomware is known as WastedLocker, and is attributed to Evil Corp, a cybercriminal group believed to be constituted of Russian hackers. Evil Corp’s primary targets are US businesses and organizations. Multiple sources online report that the ransom payment was set at $10 million.

While the company confirmed that the outage had affected the Garmin Connect mobile app, website, as well as their call centers, emails and chats, BleepingComputer reports that it failed to mention that flyGarmin services used by pilots, including the flyGarmin website and app, Connext Services and Garmin Pilot Apps used to download flight plans were also down as well. Furthermore, they share that the hack affected inReach satellite tech and Garmin Explore.

Considering the sensitivity of data that is collected by Garmin on a daily basis, such as GPS, health, fitness, flight plans, marine routes, and much more, and the use of Garmin’s systems not just by regular people, but entities such as the US military, cybersecurity should be taken extremely seriously by the company. Yet, it wasn’t, and it was targeted by hackers that are looking to (1) make money and (2) obtain such data, for whatever purposes. 

Despite the fact that Garmin reported that they “have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen,” the question remains whether data that is even more critical was extracted. 

Garmin may be “happy to report that many of the systems and services affected by the recent outage, are returning to operation,” but it is still not clear whether they had to pay the $10 million ransom to restore the services used by both consumers and companies worldwide.

Many Credit Unions Are Missing This Crucial First Step to Cybersecurity

You’ve probably never encountered a major security breach within your company, but that doesn’t mean that hackers don’t already have your sensitive information on the dark web.

Chances are, there are details about your company and its employees sitting in databases on hidden websites not accessible to ordinary computer users. 

This information is just waiting for the right buyer to name the right price and could consist of the following:

  • usernames and passwords
  • internal email addresses
  • employee social security numbers
  • financial credentials 

What steps has your business taken to ensure that this isn’t your company’s reality?

According to Michael Bruemmer, vice president at Experian Data Breach Resolution:

“There has never been a more important time for organizations to be equipped with the knowledge and resources needed to try to prevent and respond to a data breach.”

Experian discovered a major data breach on July 29, 2017 that had been going on for several months without the company’s awareness. That attack wasn’t the first and proceeding cyber attacks confirmed that it would not be the last.

On July 19, 2019, Capital One discovered that the credit applications of 100 million Americans & 6 million Canadians had been compromised. Those records included credit applications submitted from 2005 through 2019.

The cyberattacks on financial institutions predictably continued into 2020 with Fifth Third Bank’s involvement in a “fraud ring” that compromised personal data of 100 customers. While admittedly not as high profile as the former examples, the problem in all cases is clear.

Each institution was forced into a reactive response that might have been avoided with heightened proactivity.

Equifax bungled its attempt to inform and protect compromised customers with a poorly functioning crisis resolution site and ill-planned responses. This was an additional hit to their credibility.

Capital One’s reaction was better organized. They contacted account owners involved in their data breach by mail within several weeks of the discovery.  No doubt this presented a tremendous drain of resources needed to correspond with affected customers. 

Similarly, when Bank of America discovered the breach on Paycheck Protection Program applicant data, they offered customers affected a free two-year identity theft protection membership through Experian. They also encouraged their clients to follow safety tips like close account monitoring for at least the next year.  

The costs may have been different in each scenario, but loss was unavoidable. The best way to avoid similar turmoil within your business is to take a proactive response to security.

It’s difficult to be certain of when there are so many entry points accessible to the right hacker. A 2019 Global Data Risk report published by Varonis Data Lab found that individual employees have an access to an average of 17 million files and 1.21 million folders.

Without strong security infrastructure in place, your company may be vulnerable to attack. There were 1,473 data breaches in 2019 and more than 164 million records exposed.

Address your company’s security proactively. Schedule a free dark web scan today to ensure that you and your customers aren’t the victim of the next data breach.

CRYPTOJACKING: How to Protect Yourself from Cyber Crime

With the rapid rise of cryptocurrency, comes the rapid rise of cryptojacking – a form of cybercrime which entails an unauthorized use of the processing power of a person’s computer, tablet, mobile phone, or other device, to mine for cryptocurrency on behalf of the hacker. Essentially, cryptojacking allows hackers to make free money by gaining access to someone else’s device with just a few lines of code.

The reason why cryptojacking is attractive to hackers is because mining for cryptocurrency is an expensive process that requires a lot of resources, such as costly computer equipment and extensive use of electricity, which brings about higher bills. In addition to that, the more machines hackers get access to, the faster they mine and create coins.

There are two types of cryptomining attacks:

  1. Cryptojacking: mining via compromised websites
  2. Malware-based cryptomining: mining via a malware on a device

How does cryptojacking work?

Cryptojacking occurs when a person’s browser is used to mine cryptocurrencies without their consent. Since hackers don’t have to use malware, browser-based attacks are much easier compared to other forms of cryptomining. By infecting a single web server, hackers can subject all visitors of the websites hosted on that server to cryptojacking.

Here’s how cryptojacking happens:

  1. The hacker compromises a website with a cryptomining script, which can be included in the website, a third party ad loaded by the website, an extension or browser plugin, as well as a pop-up window
  2. The user visits a compromised website, and the cryptomining script starts working
  3. The user, thus, starts unknowingly mining cryptocurrency for the hacker
  4. The hacker receives cryptocurrency

What happens to the device used for cryptojacking?

While the cryptojacking script is running, the user will notice a very high graphics card and/or CPU usage level. The device will start overheating and running slower than usual, and the battery levels will drain faster.

How to know if your device is being used for cryptojacking?

Check the Windows Task Manager on a Windows device and/or the Macintosh Activity Monitor on an Apple device, and review if there’s a substantial increase in CPU usage.

How to defend yourself against cryptojacking?

Fortunately, cryptojacking can be managed fairly easily. Here are some tips on how to protect yourself from this cryptomining form of cybercrime:

  1. Use an ad-blocker
  2. Only use browser extensions and plugins that are distributed by a trusted app store such as Google Play. In addition, check your browser extensions regularly, and remove/disable the ones that you don’t use
  3. If you notice that your device is heating up, restart the web browser
  4. Disable JavaScript and only allow trusted websites to run it
  5. If you’re concerned about how malware could be compromising your businesses’s sensitive information, give us a call today! We’ll walk you through the solutions that we provide so you can be confident in your company’s security.