New Fathom IT - Blog , SecurityNew Fathom IT - Blog , Securityhttps://www.newfathom.com/blogs/securityFri, 03 Apr 2026 10:35:10 -0700http://zoho.com/sites/<![CDATA[Windows 10 End-of-Life: How to Stay Safe (and Why It’s Time to Move On)]]>https://www.newfathom.com/blogs/post/windows-10-end-of-life-how-to-stay-safe-and-why-it-s-time-to-move-on

Windows 10 Is Going Away

Windows 10 is officially reaching its end-of-life on October 14, 2025, which means Microsoft will stop providing free security updates and support to most users. But if you're not ready—or able—to upgrade your system to Windows 11, you're not entirely out of luck. Microsoft is offering Extended Security Updates (ESUs) for Windows 10 users, giving them more time to transition. Here's how you can stay secure on Windows 10 a little longer—and why upgrading still makes sense.

Extended Security Updates: Your Options

Microsoft's Extended Security Updates program was originally designed for enterprise customers, but for Windows 10, it’s being made available to individual users as well.

You now have two main options if you want to stay on Windows 10 past its official support end date:

  • Free Updates Through Microsoft Accounts (With Strings Attached): Microsoft is offering free ESUs for some Windows 10 users, particularly those who log in with a Microsoft account and allow telemetry and cloud integration features like OneDrive, Edge, and Microsoft 365 integration. While this is a generous offer, it does come with privacy trade-offs and may not be suitable for users with more restrictive security requirements.

  • Paid Updates ($30 per Year): For users who don’t want to enable Microsoft cloud features or who use Windows in a professional or disconnected environment, Microsoft is offering a more traditional paid ESU plan—starting at $30 per year per device. This provides peace of mind with minimal strings attached, ensuring you get critical security patches through at least October 2028.

Why Staying on Windows 10 Isn’t Ideal — But May Be Necessary If You’ve Delayed

Let’s be clear: Extended Security Updates for Windows 10 aren’t a long-term solution—they’re a safety net. If you’re still running Windows 10 in 2025, it likely means you've put off upgrading longer than you should have. Whether it's due to hardware limitations, budget constraints, or just procrastination, the reality is that this option exists to buy you a little more time, not to encourage you to keep using an outdated OS indefinitely.

Here’s why some users might need to rely on ESUs:

  • You’re Stuck with Legacy Hardware: If your current PC doesn’t meet Windows 11’s hardware requirements—like TPM 2.0 or newer CPUs—you might not be able to upgrade without replacing your device. That’s understandable, but still something you’ll need to address soon.
  • You Haven’t Budgeted for a Replacement: Organizations and individuals that didn’t plan ahead may find themselves scrambling to update systems or find room in the budget for new hardware.
  • You Need More Time to Migrate Critical Software or Workflows: If you’re relying on legacy software or workflows that haven’t been tested on Windows 11, the ESU program gives you a short grace period to adapt.

But make no mistake: continuing to use Windows 10—even with ESUs—is a compromise. You’re relying on limited updates, missing out on new features, and holding onto a platform that Microsoft is gradually leaving behind.
This is your final warning window. Don’t use ESUs as an excuse to stay complacent—use them to plan your transition as soon as possible.

But Let’s Be Honest: Windows 11 Is the Future

While ESUs buy you time, Windows 11 is clearly where Microsoft is investing its resources. Here’s why making the move is ultimately the better long-term choice:

  • Ongoing Support and Updates: Windows 11 gets regular feature and security updates without added cost or complexity.

  • Improved Security: Windows 11 requires modern hardware with built-in security features like TPM 2.0 and VBS (Virtualization-Based Security), which make it much more resilient to modern threats.

  • Modern User Interface and Features: From better window snapping to native Android app support and AI integration with Copilot, Windows 11 is designed for productivity and future compatibility.

Final Thoughts

If you're not ready to move to Windows 11 yet, Microsoft’s Extended Security Updates for Windows 10 are a valuable option—especially with the free tier now available to personal users. But ESUs are a short-term solution, not a permanent fix. Use the extra time wisely: assess your hardware, back up your data, and plan your move to Windows 11. The future of Windows—and your security—depends on it.

Get Started Now
]]>Tue, 15 Jul 2025 09:52:14 -0700<![CDATA[Modern Data Security: Beyond Castle Walls]]>https://www.newfathom.com/blogs/post/Modern-Data-Security-Beyond-Castle-Walls

In the ever-evolving landscape of data security, the analogy of fortresses and moats, reminiscent of medieval times, has been a longstanding one. Traditionally, building a strong boundary around one's castle, akin to erecting firewalls and encryption protocols around data, was deemed the pinnacle of protection. However, as technology progresses and threats become more sophisticated, this old-school method of defense is proving insufficient in the face of modern cyber threats. In this blog, we delve into the shortcomings of the castle-and-moat approach and explore how modern data security strategies have evolved to address these challenges.

Perimeter-based Security: A False Sense of Safety

The castle-and-moat strategy relies heavily on perimeter-based security measures. Just as a medieval castle was fortified with thick walls and a surrounding moat to repel invaders, organizations would deploy firewalls and intrusion detection systems to guard their network perimeters. However, this approach operates under the assumption that threats will always come from outside the fortified boundary. In today's interconnected world, where employees access sensitive data remotely and cloud services blur the lines of traditional network perimeters, this assumption no longer holds true.

Vulnerabilities Within: The Trojan Horse of Data Breaches

One of the fundamental flaws of the castle-and-moat model is its failure to address insider threats. While medieval fortresses were designed to withstand external assaults, they were often infiltrated by spies or traitors who bypassed the defenses from within. Similarly, in the realm of data security, the greatest threats often come from within an organization. Whether through malicious insiders or unwitting employees falling victim to social engineering tactics, the castle walls do little to protect against these internal vulnerabilities.

Dynamic Threat Landscape: Adapting to the Changing Tides

In the digital age, cyber threats are constantly evolving, rendering static defenses ineffective. A medieval castle may have stood firm against conventional siege tactics, but it would have been defenseless against modern weaponry. Likewise, relying solely on static security measures such as firewalls and antivirus software leaves organizations vulnerable to sophisticated cyberattacks like zero-day exploits and advanced persistent threats. To combat these dynamic threats, modern data security strategies emphasize continuous monitoring, threat intelligence, and adaptive defenses that can quickly respond to emerging threats.

Data Accessibility vs. Fortified Isolation: Balancing Security and Usability

Another drawback of the castle-and-moat approach is its inherent trade-off between security and usability. Just as a medieval castle's thick walls and narrow drawbridges restricted movement in and out of the fortress, strict security measures can hinder productivity and collaboration within an organization because you need to be physically inside. In today's fast-paced business environment, where agility and accessibility are paramount, rigid security protocols can impede innovation and inhibit digital transformation efforts. Modern data security aims to strike a balance between protecting sensitive information and enabling seamless access for authorized users.

The Perils of Compliance: Meeting Regulatory Standards vs. True Security

For many organizations, compliance with regulatory standards such as GDPR, HIPAA, and PCI DSS is a top priority. However, the castle-and-moat approach often leads to a checkbox mentality, where organizations focus on meeting minimum compliance requirements without truly addressing underlying security risks. Just as a castle's defenses could be breached despite meeting regulatory standards, compliance alone does not guarantee protection against sophisticated cyber threats. Modern data security strategies emphasize a risk-based approach, focusing on identifying and mitigating actual security vulnerabilities rather than simply checking boxes on a compliance checklist.

Embracing a Zero Trust Mindset: Redefining Security for the Digital Age

In response to the limitations of the castle-and-moat model, a paradigm shift is underway in the field of data security. Known as Zero Trust Security, this approach challenges the notion of implicit trust within traditional network perimeters and adopts a "never trust, always verify" mindset. Zero Trust Security assumes that threats may already exist within the network and requires continuous authentication and authorization for every user and device attempting to access resources. By removing the assumption of trust and implementing granular access controls, organizations can better protect their data assets in today's dynamic threat landscape. This doesn’t have to be overly burdensome as companies have created easy biometric authentication and passwordless sign in. These strategies can also protect information at the data level wherever that data goes, whether at a coffee shop in Italy or a ski resort in Bend, whether on a sophisticated server or on a mobile phone in your pocket. 

Conclusion: Building Stronger Defenses for a Digital Future

While the castle-and-moat analogy served as a useful metaphor for data security in the past, it is no longer sufficient to protect against modern cyber threats. As technology evolves and the threat landscape continues to expand, organizations must adapt their security strategies accordingly. By embracing a holistic approach that goes beyond perimeter-based defenses, prioritizes insider threat detection, adapts to dynamic threats, balances security with usability, moves beyond compliance, and embraces a Zero Trust mindset, organizations can build stronger defenses for a digital future. Just as medieval fortresses evolved in response to changing warfare tactics, so too must our approach to data security evolve to meet the challenges of the 21st century.

Get Started Now
]]>Thu, 09 May 2024 16:52:11 -0700<![CDATA[Securing Your OT Network]]>https://www.newfathom.com/blogs/post/Securing-Your-OT-NetworkOperational technology network security. What is an OT network and what are the best practices for securing an OT network?]]>

Securing Your OT Network

An OT network, also known as Operational Technology network, is a type of computer network used to manage and control industrial processes and physical devices in various industries such as manufacturing, energy, transportation, and utilities. OT networks are distinct from traditional Information Technology (IT) networks, which primarily deal with data processing, business applications, and general-purpose computing.

Key characteristics of OT networks include:

  1. Industrial Control Systems (ICS): OT networks are designed to support Industrial Control Systems, which encompass technologies like Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs). These systems help control and monitor physical processes like manufacturing, power generation, and infrastructure management.
  2. Real-Time Operations: OT networks operate in real-time or near-real-time, ensuring that processes are controlled and monitored with minimal latency. This is essential for maintaining the safety and efficiency of industrial processes.
  3. Specialized Protocols: OT networks often use specialized communication protocols, such as Modbus, PROFIBUS, and OPC, which are optimized for industrial automation and control.
  4. Critical Infrastructure: Many OT networks are associated with critical infrastructure, making them essential for the functioning of various industries and, in some cases, public safety.
  5. Isolation and Segmentation: OT networks are typically isolated or segmented from the broader IT networks to reduce the risk of cyber threats and maintain the integrity of industrial operations.
  6. Robustness: OT network devices and components are built to withstand harsh industrial environments, including extreme temperatures, humidity, and electromagnetic interference.
  7. Security Concerns: Security in OT networks is crucial due to the potential for cyberattacks that could disrupt operations, damage equipment, or compromise safety. Protecting against these threats is a primary focus in the field of OT cybersecurity.
  8. Legacy Systems: OT networks often incorporate legacy systems and equipment, which can pose challenges in terms of compatibility, security, and maintenance.

The convergence of IT and OT networks, often referred to as IT/OT convergence, is a growing trend as organizations seek to improve efficiency and gain insights from data collected from their industrial processes. However, it also introduces new challenges related to cybersecurity and interoperability between the two types of networks.

Security Best Practices for OT Networks

Securing an Operational Technology (OT) network is crucial to protect critical infrastructure and industrial processes from cyber threats. Here are some best practices for securing an OT network:

  1. Network Segmentation: Isolate the OT network from the broader corporate network and the internet. Implement network segmentation to create separate zones for different OT systems and control access between them with “default-deny” firewall rules.
  2. Access Control: Enforce strict access controls to limit who can access and make changes to the OT network. Use strong authentication methods, like multi-factor authentication (MFA), and follow the principle of least privilege. Don’t re-use logins for OT equipment.
  3. Patch and Update Management: Regularly update and patch all software and firmware in the OT network, including industrial control systems (ICS) components and network equipment. Be cautious when applying updates and thoroughly test them in a controlled environment prior to rolling them out to a production environment.
  4. Network Monitoring: Implement continuous monitoring to detect abnormal network behavior or security incidents. Use intrusion detection and prevention systems (IDPS) and security information and event management (SIEM) solutions to analyze network traffic and log data.
  5. Air-Gap Critical Systems: For the most critical OT systems, consider physically isolating them from the network by creating a true air gap. While this may not always be practical, it provides an additional layer of security. This is especially important for legacy equipment that does not get regular security updates.
  6. Security Policies and Procedures: Develop and enforce comprehensive security policies and procedures specific to the OT environment. These should cover topics like incident response, remote access, and configuration management.
  7. Application Whitelisting: Use application whitelisting to allow only authorized software and applications to run on OT devices and systems. This prevents the execution of unapproved software.
  8. Physical Security: Secure physical access to critical OT infrastructure, such as control rooms and industrial equipment. Install security cameras, access control systems, and alarms to monitor and control entry.
  9. Regular Backups: Implement regular backups of critical data and configurations to ensure rapid recovery in case of a cyber incident or system failure. Backups should be monitored, encrypted in transit and at rest, and have an offsite copy to protect from ransomware.
  10. Incident Response Plan: Develop a well-documented incident response plan specific to OT networks. The plan should outline the steps to be taken in case of a security breach and should be tested periodically. Other incidents to include would be extended power outages and any local relevant natural disasters that could hit your area.
  11. Vendor and Supply Chain Security: Evaluate the security practices of OT equipment and software vendors. Ensure that your supply chain is secure, and that vendors provide timely security updates. Require vendors working on site to use your own managed computers for accessing the systems instead of plugging in directly with their own devices. Require vendors to provide cyber security policies for their own operations.
  12. Regulatory Compliance: Understand and comply with relevant industry standards and regulations specific to your sector, such as NIST, ISA/IEC 62443, or other applicable guidelines.
  13. Security Assessment and Audits: Regularly engage in security assessments and audits to evaluate the effectiveness of your OT security measures and identify areas for improvement.

Securing an OT network is an ongoing process that requires continuous monitoring, assessment, and adaptation to evolving threats. The specific security measures you implement will depend on the unique characteristics and requirements of your OT environment. Collaboration between IT and OT teams is essential to ensure a holistic and effective security strategy.

If you need to have your OT network analyzed and secured, click on the button below to get started!

Get Started Now
]]>Wed, 25 Oct 2023 14:44:49 -0700<![CDATA[What can happen when you click a link?]]>https://www.newfathom.com/blogs/post/what-can-happen-when-you-click-a-link

What are the things that can happen when you click a link in a malicious email?

Stage 1 (Just by clicking the link)

  1. Bad actor gets the indication that your email works
    1. Most links sent in an email will be unique to the email it's sent to. If you click the link the bad actor will know that your email address is up and working. Also, they'll know that you are the type of person that clicks links so they'll probably send you more spam!
  2. Bad actor gets your browser "fingerprint"
    1. Your browser session (and every browser session being used) has a footprint based on the information that's available from your session on that website. There are over 50 different data points that your browser gives to a web page just by visiting it. This information (although some is trivial) can disclose information about you and your company. So just clicking a link is giving bad actors 50 clues about you and your company. Here's a few of the things that can be part of your fingerprint: Public IP address, browser used, operating system (e.g. Windows, Mac), browser language, time zone, extensions, and much more! You can go to https://amiunique.org/fingerprint to see how unique your browser session is (the more unique the worse off you are, don't be snowflake!).
  3. Everything and anything
    1. It's also possible if your browser is not updated that bad guys could use a vulnerability in your browser to do lots more than just gather information. Here's a list of the vulnerabilities that Chrome has had: Reference. Some of these allow for someone to own your browser completely. But don't worry, Chrome does a great job of updating, but if you're using an outdated browser or turned off automatic updates you could be in trouble.
  4. Downloading a file
    1. Sometimes just clicking a link can begin the process of downloading a file onto your computer. Usually it will require you to open or run the file to do anything truly malicious, but just getting the file on your computer is a bad step!

Stage 2 (After you click the link)

  1. Web page asks you to enter login credentials
    1. This is call phishing or credential harvesting. These bad actors are trying to get your login information. Usually it's an attempt to get your business email login, but it could also be for other things like your Amazon account or bank account. See Brian Krebs great blog on the value of a compromised email account here: Reference.
  2. Web page installs a malicious extension
    1. If a malicious extension is added the bad actor will basically own your browser and be able to read information on web pages you visit including. Many times these extensions fall into "adware" where they will get paid to re-direct your website to a different web page or send you pop up notifications, but they could also be more malicious.
  3. You open or run a downloaded file
    1. This could be "game over" on your computer. Depending on the malware this could spring board to installing viruses on your system. Sometimes these files would be an office file with macros, or perhaps just an executable or a PDF that will exploit a vulnerability in Adobe or some other application.
    2. The reason bad actors may want to do this are many, see Brian Krebs blog on the value of a compromised PC: Reference.
Get Started Now
]]>Thu, 24 Aug 2023 09:44:02 -0700<![CDATA[What if your personal data has been taken in a breach?]]>https://www.newfathom.com/blogs/post/what-if-your-personal-data-has-been-taken-in-a-breach

Your Personal Data is Out There

Just this year there was a massive data breach at the Oregon DMV. The data taken included license numbers, addresses, last 4 of SSN, and of course first and last names. So, my data is out there and yours likely is too. According to the Identity Theft Resource Center there were 1802 data breaches in 2022. These breaches include usernames, passwords, SSN's, addresses, birth dates, phone numbers, and a myriad of other personal information. If you want to know if your information has been involved in any of them, you can check your email address at www.haveibeenpwned.com.

My personal email address has been involved in at least four data breaches and in 2019 a breach happened with my information that involved dates of birth, email addresses, employers, genders, geographic locations, IP addresses, job titles, names, phone numbers, and physical addresses. So even if the DMV hadn't been hacked this year my info is already out there! So what do you do to protect yourself when someone can likely get a hold of all of your personal information if they really wanted it?

What to Do About It

With the reality of your data being exposed, there are a few things you can do to make it less likely that your identity get's stolen. Here's a list of things we'd recommend (And it's the same list we recommended to our employees when the Oregon DMV was breached):

  • Place a freeze on your Experian, TransUnion, and Equifax accounts
  • Set up MFA on each account above
  • Freeze your credit in each account (If you do this you will need to remember to "unfreeze" it when you apply for additional credit)
  • Register for an ssa.gov account (using your login.gov account or other option)
    • Set up email notifications
  • Register for a myE-Verify account
    • Lock your SSN (read the details before doing so)
  • Here's some other things you could do: Reference
    • You could file a report with the IRS
    • You could file a report with the FTC at identitytheft.gov
    • You could request a new SSN from the SSA (you may need proof to this and is a process to do)
  • Finally, practice good cyber hygiene:
    • Check our cyber security basics
    • Use a password manager and use unique passwords
    • Enable Multi-Factor Authentication (aka 2-step verification)  wherever possible, especially on important accounts (like your email account)
    • Keep a good anti-virus on your computer and phone
    • Enable auto-updates (if possible) on your systems and keep them updated
Get Started Now
]]>Thu, 27 Jul 2023 09:19:56 -0700<![CDATA[Why Should You Use MFA]]>https://www.newfathom.com/blogs/post/Why-Should-You-Use-MFAEnabling MFA may be the single most important thing you can do to protect against cyber attacks.]]>

What is MFA

MFA stands for multi-factor authentication and basically means that you are using two different types of authentication to log into your account. There are three primary types of authentication factors:

Knowledge Factor

Something only you know (e.g. password).

Possession Factor

Something only you have (e.g. mobile phone w/ MFA app).

Inference Factor

Something only you are (e.g. biometrics).

Find Out More

Why Should You Use It

Enabling MFA may be the single most important thing you can do to protect against cyber attacks.

Find Out More

Microsoft found that 99.9% of account breaches happened to accounts without MFA enabled.

]]>Wed, 31 Mar 2021 14:19:44 -0700<![CDATA[Recognizing Malicious Emails]]>https://www.newfathom.com/blogs/post/recognizing-malicious-emails

How to Recognize and Avoid Malicious Emails

According to Britannica, 50% of email on the internet is spam. These emails range from selling Viagra knock-offs to trying to convince you to wire them money. Some of these emails are so obvious they need no introduction, but cyber-criminals are becoming more and more sophisticated. In this blog we're going to help you recognize a malicious email, respond appropriately, and recover if you've fallen for them. The last section is how to prevent these things happening in the first place.

Key Takeaways

  •   STOP! If you think an emails seems a little off, stop and investigate.
  • Check Links, Check the "From", Look for Grammar mistakes and misspelled words
  • Look out for urgency and manipulation. Aka, someone wants something fast or they have something you need.

Types, Detecting, and Responding

Business Email Compromise (BEC)

When someone takes over a legitimate email account and uses that account to send malicious emails, that's called Business Email Compromise. These emails are the hardest to stop and detect because they usually appear to be from someone you know and trust because they are, in fact, from their email account. These accounts get taken over when someone has gotten the login information for the compromised account, they've signed in, and are using that account for their own practices. 

Detecting BEC Emails

When you receive an email from a compromised account, it usually has a couple clear tell tale signs that it's a fake. Here's how to spot them:

  • There's almost always a link
  • The link almost always takes you to a page requesting login information
  • It seems off and non-typical
  • You didn't request it
  • Check for bad grammar and spelling errors. Many of these people use a translator app and English isn't their first language

Responding to BEC Emails

If you've gotten a BEC email, or one that you suspect is a BEC email, what should you do?

  1. Verify that it's not legitimate
    1. If you get an email from someone that just seems off, use out-of-band communication to contact them. Do NOT email them back and ask "Is this real?" or use the phone number on the signature. If their email is compromised then of course they will say "Of course it's legit," and the signature phone numbers are usually changed as well. 
      1. Call the phone number of the person if you have one on file, or call their company's main number
      2. Text them, fax them, or email someone else at their office. Use something other than that email address to contact the person. This is what we mean by "out-of-band" communication. 
    2. ​Examine links in the file. If it says it goes to a Word document, does the link go to OneDrive or SharePoint? Also, just because it does, doesn't mean you should go there, but that's a good way to tell if it's spam. 
      1. Here's a great site to see where a link actually goes: https://wheregoes.com/ 
  2. Find out who else in your company has also received the email and warn them, especially if it's really tricky. Warn your colleagues or contact your IT department about the scam. It just takes one person to give your company a really bad name. 
  3. Delete the email. Or if you're feeling like you want to have some fun, email the person back and see how long they'll talk with you. Maybe you can get them to wire you some money :-)

General Spam: Solicitations and Trickery

Sometimes the email isn't from someone you know, and they try to convince you to click a link, wire money, or the like anyway. Let's look at some types of these scams, why they happen, and how to respond. These are a different category because these usually are not legitimate accounts, but they appear legitimate. 

Types

Faking the "From"

A common trick out there is to change the "From" name of an email address. If your boss's name is Jane Smith and their email is jane@company.com, a spammer can change their name to be "Jane Smith" even though their email is jane@anotheremail.com. This is usually a good trick and most people don't pay attention to the whole email address. Here are the tell tale signs of these:

  • Check the actual email address
  • Eventually they will ask you to send gift cards or some strange financial request (think wiring money)
Blackmail and Heart Strings

There's really no limit to the ways scammers will try to blackmail you. My neighbor was scammed by a company she was trying to return something she'd purchased and they said they had to get on her computer and check her bank accounts to verify the purchase... well... that wasn't all they were doing. Here are some common ones:

  • I'm a destitute person in [name of third-world country] and I need help
  • I have your email and password and I have sensitive information about you i'm going to publish if you don't pay me
  • I have naughty pictures of you and I"ll release them if you don't pay me (sometimes this one is along with the one above)
  • We could run away together, I just need some money to come visit
Too Good to be True

This may come as a shock, but you probably aren't that lucky to win the lottery or that car, or whatever else they're selling. Don't fall for it and don't click the links!

Detecting

Besides the signs of scammers mentioned above, there are usually a lot of other signs you can look for too in scammers emails:

  • Poor use of the English language. English is usually not their native tongue and so an easy way to tell a scam is by how they handle the complex language:
    • Bad grammar
    • Bad spelling
    • Weird phrasing
  • ​Check for links. It's a good idea to check any link before you click on it. Does it actually go where it should? When it's asking for a login to Microsoft, are you actually on a Microsoft web page?

Recovering From Spam After You've Fallen for It

Sometimes we all make mistakes and sometimes we realize our mistake right after we make it. If you've fallen for a BEC scam here's what you do:

If you just replied to the email

  • Don't really need to do anything. You just sent them a message and engaged them. Just delete their future emails to you.

If you gave them your email and password

  • Reset your password immediately
  • Reset any other accounts that use that same password
  • Make sure your account isn't forwarding emails to an unknown email account. This is a common tactic if an email has been compromised, then they can map out your organization long-after you've changed your password
  • Make sure you don't have an auto-reply you don't recognize

If you've downloaded a program and run it

  • Disconnect your computer from any network connections (WiFi and/or Ethernet)
  • Reset your computer and start over or rollback your computer to a backup before you ran the program
  • If you downloaded a file but didn't open it. Delete the program/file and run a virus scan. You may still need to reset your computer, but you may also be fine.

If you did a remote session and they were on your computer

If you made it this far with someone, they're probably after your money and it's a simple scam to that extent. I would do the same thing as the program downloaded and run. 

An ounce of prevention is worth a pound of recovery

So, what if we just made some changes that stopped spammers in their tracks and made it much fore difficult to fall for these things in the first place? Here are some ideas that will help you be less impact if you fall for spam, and hopefully make you less likely to get it.

  • Use Multi-Factor Authentication for your email account
  • Disable Auto-Forwarding in your email account (You have to be an admin to do this, but it's a really good idea)
  • Deploy an advanced anti-virus on your computer. This advanced anti-virus should be doing active scanning of any downloads
  • Deploy a password manager for you and your team
  • Create alerts for emails that are "Faking the From" so people in your company can more easily recognize them
Get Started Now
]]>Thu, 01 Oct 2020 08:58:00 -0700<![CDATA[What I Learned from Presenting with the FBI]]>https://www.newfathom.com/blogs/post/What-I-Learned-from-Presenting-with-the-FBI

Earlier this month I had the opportunity to present to the Oregon Government Finance Officers Association on a panel with the FBI, the CIS from University of Oregon, and a lawyer. I've heard the guy from the FBI speak before and it's always enjoyable, but as I was listening to him this time I realized something that caught me off guard: The malware breaches that they have to respond to started with really simple ways that we all know how to defend against. Simple. Like a black cup of coffee, no fru fru.

 

Like it or not, the way businesses are compromised initially is still pretty simple: human error. These are errors in configurations (sometimes) and errors in judgement (mostly). Most of the judgement errors are spam emails that people erroneously think are legit and so they respond to them, either with a reply or with a click.

 

So, what can you do? There are technical things that you can do for sure, but there are also a lot of non-technical solutions you can deploy right now to help your business… and to deploy those, you don't have to be techy. Here they are:

  1. Train your people
    1. Consider videos or pre-built trainings so you don't have to build the outline yourself.
    2. Train them to pay attention
    3. Train them to not trust email
  2. Make a team that's responsible for your cyber security
  3. Regularly meet with that team to talk about your plan, and how to improve.
    1. Consider these things for your plan:
      1. Deploy Multi-Factor Authentication where you can
      2. Deploy a password manager.
      3. Deploy a patching policy.
  4. Train your people some more

 

None of those things require you to be a nerd, they just require you to pay attention. If you will do some simple things and be faithful to do them year in and year out, you will drastically reduce your likelihood of falling victim.

 

I'm still pondering the fact that a lot of cyber security really isn't that complicated. It's probably like raising children, it's not complicated, it just takes time, attention, and consistency. 

Get Started Now
]]>Thu, 12 Mar 2020 15:14:06 -0700<![CDATA[What is a Firewall?]]>https://www.newfathom.com/blogs/post/What-is-a-Firewall

What is a Firewall?

In construction, a firewall is a wall in a building that prevents a fire from spreading to other parts of a building. These are super important and help protect people when a building is on fire so they can escape before the whole building burns up. 

In the cyber world, a firewall has a similar function to protect you from the dangerous "fires" around the internet or in your local cafe. So what is it, and what does it actually do?


All firewalls basically work to prevent unauthorized connections with your computer or your network and they allow authorized connections through. It might be helpful to think of what would happen without a firewall. If you had no firewall, anyone on your network could access files on your computer or attempt to do other things. On a network level, if you didn't have a firewall people could see your devices and potentially get into your network from the outside. 


There are over 65,535 ports* that could potentially allow access to your computer and network, and it's your firewall's job to make sure only the right ports are open and the right ones are closed. 


It's a rough world out there with a lot of bad folks who wouldn't mind taking advantage of your computer to do bad things. 

Types of Firewalls: Hardware and Software

There are basically two main types of firewalls. There are hardware firewalls that sit on the edge of your network (like where the internet comes in) and they filter internet traffic. There are also software firewalls that run on your phone, computer, or (sometimes) smart devices.


Software firewalls are usually built in to whatever computer you're using, and it's best to just leave them on or make sure that they are on.


Hardware firewalls sometimes require custom configuration to work correctly, but for most homes and small offices, the default "on" should work.

When you should turn off your firewall?

Just about never. I'm racking my brain for when the average person should turn off their firewall (either on their network or on their computer), and I just can't bring them to mind. If you are on a trusted network, you can enable sharing of some files and resources, but you should never completely turn off your firewall. 

Contact Us

*There are 65,535 TCP ports, and another 65,535 UDP ports, but who's counting. Here's a good article explaining ports and the differences: https://www.bleepingcomputer.com/tutorials/tcp-and-udp-ports-explained/

]]>Mon, 17 Feb 2020 11:01:13 -0800<![CDATA[What is a VPN?]]>https://www.newfathom.com/blogs/post/What-is-a-VPN

If you're like most of the people I run into, they're often asking "Do I need a VPN?" They've seen some ad from a VPN provider and are convinced they need it. But what is a VPN? For the sake of this conversation, we'll be talking about VPN's you would setup on your computer, not ones from your firewall/router.


For understanding when you need a VPN, check out our other blog here: [add blog]

What is a VPN?

VPN is an acronym that stands for Virtual Private Network. A Virtual Private Network basically creates a direct connection to wherever you are trying to connect. A lot of remote workers will have a VPN that goes directly to their headquarters. Then when that worker is remote, they are actually directly connected to the office from their home office, or coffee shop. It also encrypts all of that traffic, so that if someone is eavesdropping they won't be able to tell what you're doing. You can think of it like a tunnel. If you setup a VPN, your have a direct tunnel into the headquarters network (or wherever) that can't be looked on from outside. In order to tell what's happening in the tunnel, you have to be in the tunnel.

Types of VPN's: Full and Split Tunnels

There are also two main types of VPN's out there, one is a Full Tunnel VPN, and one is a Split Tunnel VPN, and these are important to understand as some popular VPN's are only split tunnel. A full tunnel VPN is going to take all of your network traffic, and put it in the tunnel of your VPN. A split tunnel, is only going to take the traffic that needs to go to your headquarters network (or wherever), and all the other traffic will go directly to the internet outside of the VPN. With a split tunnel, most of your traffic will act exactly like it would if there wasn't a VPN setup at all.

Connecting without a VPN (Keybox=VPN)

In this connection, all of your internet traffic goes through your local internet to whatever websites you're accessing. Not encrypted unless the website you access is (for example, if you see the "https" it's encrypted, but not if it says "http".

Connecting with a  Full Tunnel VPN (Keybox=VPN)

In this connection, all of your traffic is encrypted from the VPN on your computer, through your local internet connection, and then to your headquarters network, then to whatever websites your going to. The last leg (HQ internet to website) is not encrypted unless the website your connecting to has "https" setup. 

Connecting with a  Split Tunnel VPN (Keybox=VPN)

In this connection type, only traffic that needs to go to your headquarters network goes there. The rest of the connections go right out to the websites. This isn't really helpful from a security setting, but designed to allow your computer to get access to company resources while you are remote.

Green arrows are traffic for your headquarters network.
Contact Us
]]>Mon, 20 Jan 2020 11:25:01 -0800