AT&T Attack Reveals 73 Million Customer Records Exposed On The Dark Web

AT&T, the largest telecommunications company in the United States, recently disclosed a concerning discovery: a dataset for sale on the “dark web” containing information of approximately 7.6 million current and 65.4 million former AT&T account holders, totaling around 73 million affected accounts.

The released data includes passcodes (PIN numbers) and Social Security numbers dating back to 2019 or earlier, but does not encompass personal financial data or call history. However, it may include email and mailing addresses, phone numbers, and birthdates.

In response, AT&T has notified all customers via email or mail to reset their passcodes. It’s crucial for AT&T customers to scrutinize any password-change requests, ensuring they originate from AT&T to thwart potential cybercriminals attempting to exploit the breach by sending deceptive emails with malicious links. If in doubt, contact AT&T support directly for assistance in resetting passcodes.

The origin of the breach remains uncertain, with investigations underway to determine whether it stemmed from AT&T or one of its vendors. AT&T is deploying computer forensics specialists to uncover the root cause and is tasked with eradicating any malware from its customer account system while maintaining service for unaffected customers. However, addressing this issue entails substantial expenses, including investigation costs, legal fees, and potential lawsuits.

At Mirrored Storage, we emphasize proactive cybersecurity measures as a fundamental strategy. While no system is impervious to attacks, robust security measures significantly reduce the risk of breaches. Dealing with the aftermath of a cyber-attack far outweighs the cost of prevention.

If you’re concerned about your organization’s security, we offer a complimentary Security Assessment conducted by our team of cybersecurity experts. This assessment examines your network for vulnerabilities that hackers could exploit and provides recommendations for enhancing security measures, including collaboration with third-party vendors to fortify data protection.

Hackers employ various tactics to infiltrate networks, but as a CEO, your priority is fortifying defenses. We’re committed to assisting you in safeguarding your organization. Schedule your Security Risk Assessment with our cybersecurity experts by clicking here or contacting our office at 214-550-0550. Protecting your data integrity and security is our top priority.

Cyber hygiene: The key to your business’s good cyber health

Cyber hygiene: The key to your business’s good cyber health

We all know that basic hygiene is a must to lead a healthy life. Did you know that the same rule applies to IT as well? There’s something known as cyber hygiene that plays a key role in keeping your business healthy from the IT perspective. So, how do you ensure your business doesn’t fail when it comes to cyber hygiene? Here are a few tips.

Follow industry benchmarks and standards
Remember that if an IT practice has gained industry-wide recognition and adoption, it is because it certainly offers some benefits. Protocols like the HTTPS implementation, SSL security certificates, CIS Benchmark, etc., are examples of industry standards that you must follow to maintain good cyber hygiene. Following these standards enhance your cybersecurity quotient and also play a positive role in helping you win your customer’s trust.

Stronger IT administration
The role of an IT administrator is very critical in any organization. IT administration involves exercising control over most of the IT activities with a view to ensure the security of your IT environment is never compromised. Make sure your IT admin rules and policies are clearly formulated and covers everything including-

  • Clear definition of user roles
  • Permission levels for each user role
  • Restrictions regarding download/installation of new software
  • Rules regarding external storage devices
IT Audits
Conduct regular IT audits to spot vulnerabilities and gaps that may threaten the security of your IT infrastructure. During the IT audits pay special attention to-
  • Outdated software or hardware that is still in use
  • Pending software updates that make an otherwise secure software vulnerable
Fix what you can and get rid of what is too outdated to be made safe.

Password policy adherence
When it comes to cyber hygiene, passwords are the weakest link as often, people compromise on the password policy for convenience’s sake. Here are a few things to look into at the time of your IT audit to ensure your password policy is being adhered to.

  • Check if passwords are strong enough and follow the standards set for secure passwords
  • Discourage password repetition or sharing
  • Ensure multi-factor authentication, where apart from the password, there is at least one more credential, such as a secret question, a one-time password (OTP) sent to the user’s mobile phone, or a physical token or QR code, to verify and approve data access
Ensure basic security mechanisms are in place
As a part of your cyber hygiene check, ensure you have all the basic security mechanisms in place. These include
  • Anti-malware software programs
  • Firewalls
  • Data encryption tools
  • Physical security and access control tools like biometric access

Pay attention to what happens with obsolete data
How do you get rid of data you no longer need? Even though old data may not be of any use to you from the business perspective, a breach of that data can still hurt you legally. Ensure you get rid of old data safely. It is a good practice to deploy data wiping software and also create policies for the safe destruction of physical copies via shredding or other methods.

Strong cyber hygiene practices can keep your data safe from cybercriminals lurking out there. However, consistently following up and ensuring these best practices are being adhered to, can be taxing on your internal IT team. It may be a good idea to bring an MSP on board who is well versed in cybersecurity to assist you with cyber hygiene.

What are the essentials of a business continuity plan?

What are the essentials of a business continuity plan?

An unexpected emergency can wipe out your business! A business continuity plan can help it survive. But, what should a good business continuity plan cover? Read this blog to find out.

A list of your key contacts
One of the most important elements in your business continuity plan is a list of all your important contacts who should be informed of the disaster. This can include all your C-level execs, HR managers, IT Manager, client facing managers, etc.,

A comprehensive list of your IT inventory
Your business continuity plan should contain a list of all the softwares, apps and hardware that you use in the daily operations of your business. This list should identify each of those as critical or non-critical and mention details pertaining to each of them such as

  • The name of the app/software
  • Version/model number (for software/hardware)
  • Vendor name and contact information for each of them
  • Warranty/support availability details
  • Contact information for customer support for these hardware/apps
  • Frequency of usage

Backup information
Data backups are critical to your disaster recovery and so your business continuity plan should include information about data backups. It should mention how often data is backed up, in what formats and where. It should also mention what data backups are available–ideally, you should be backing up ALL data already!

What’s your Plan B?
Make sure your business continuity plan lists a backup operations plan that will come into play in the event of a disaster. Examples include alternative workflows such as options to work remotely or to allow employees to bring their own devices to work (BYOD) until the time regular business premises or systems are ready.

Floor plans and location
Your business continuity plan should also include floor plans of your offices with the exit and entry points clearly marked up, so they can be used in the event of any emergency. It should also mention the location of data centers, phones, key IT systems and related hardware.

Process definition
Make sure your business continuity plan defines the SOPs to be followed in the event of an emergency.

Think business continuity planning is too complicated? Don’t give up! A lot of SMBs, don’t create a business continuity plan thinking it is too much of a hassle. But this can prove fatal to your business later. A qualified MSP can help you understand business continuity planning and even help you create a business continuity plan that’s best suited for you..

10 Things Great IT Providers Always Do

In the realm of IT support, there’s a stark contrast between mediocre service and the excellence that truly sets providers apart. At Mirrored Storage, we’ve observed a consistent trend: clients often switch to us not because they were unaware of their previous support’s inadequacy, but because they hadn’t experienced the true standard of exceptional support.

Today, we’re unveiling the core tenets that distinguish top-tier IT providers from the rest. It’s time to bid farewell to tech frustrations and subpar services that endanger your company’s security and productivity. Here’s what exceptional IT providers consistently deliver:

  1. Immediate Emergency Response: During emergencies, waiting is not an option. High-quality providers prioritize urgency, answering calls live or responding within 30 minutes to provide immediate assistance.
  2. Accessibility and Responsiveness: Exceptional providers are consistently easy to reach and highly responsive, addressing both emergencies and routine tech issues promptly to ensure minimal disruption.
  3. After-Hours Support: Recognizing the need for around-the-clock assistance, top-tier IT companies offer after-hours support, ensuring accessibility and rapid response regardless of the time.
  4. Proactive Network Monitoring: Instead of waiting for issues to arise, leading providers proactively monitor networks for potential threats, downtime, and inefficiencies, presenting proactive solutions to clients.
  5. Customer-Centric Systems: A customer-centric approach is reflected in user-friendly ticketing systems that streamline issue resolution. Top providers prioritize ease of use, ensuring seamless communication and efficient problem-solving.
  6. Comprehensive Cybersecurity Planning: Given the pervasive threat of cyberattacks, reputable IT providers devise and implement robust cybersecurity plans, safeguarding clients against evolving threats like ransomware and data breaches.
  7. Transparent Invoicing: Transparent billing practices are paramount. Top providers furnish detailed invoices, clearly delineating services rendered and associated costs, fostering trust and accountability.
  8. Comprehensive Insurance Coverage: To mitigate risks, leading IT teams carry cyber liability and errors and omissions insurance, protecting clients against potential damages, data loss, or workplace incidents.
  9. Regular Backup Testing: Ensuring data integrity is non-negotiable. Reputable providers conduct periodic test restores of backups to verify data integrity and readiness for disaster recovery scenarios.
  10. Timely and Budget-Conscious Project Delivery: Exceptional IT providers adhere to project timelines and budgets, swiftly addressing setbacks and proposing solutions to ensure timely and cost-effective project completion.

It’s time to elevate your expectations and demand superior IT support. If you’re ready to experience trustworthy, reliable service, we invite you to schedule a FREE, no-obligation Network Assessment with our expert team. Discover how we can optimize your network, enhance cybersecurity, and streamline your technology infrastructure.

To embark on a journey towards stress-free IT management, click here to book your FREE Network Assessment now or contact our office at 214-550-0550. Say goodbye to tech woes and embrace the peace of mind that comes with superior IT support.

Free Internet Access? Don’t fall for this one

Free Internet Access? Don’t fall for this one

One of the popular internet scams that has been doing the rounds since 2017 is the one about “Free Internet”. This scam seems to resurface and somehow manages to claim quite a few unsuspecting victims. Here’s how they catch you.
  • Ads are created on Google, Facebook, popular search engines and social media platforms advertising free internet hours.
  • The ads look professional and show up on general searches and on social media when surfing. This offers a sense of validity.
  • Once you click on the ad, you will be taken to their website, where you will be asked to perform an action, such as
    1. Filling out a form with your Personally Identifiable Information (PII)
    2. Sharing your credit card information, and though you will be promised that your card won’t be charged, you may end up signing up for something or subscribing to a service for which your card will be charged later.
    3. Sharing a few email IDs or phone numbers–basically contacts with whom you will be asked to share the message in return for free internet service.

How to stay safe?
As always, remember no one offers something for free. Whether it is free internet access or tickets to a concert, if it is something of value, then you will be expected to provide some value in return. Steer clear of offers that seem too good to be true. If you receive a message from someone you know and trust, please let them know that their link may be a problem. No matter what, don’t open a link from anyone if you aren’t entirely sure the links are valid.

Cyber-Attack Takes Omni Hotels & Resorts Offline; Here’s How To Travel Safely

Another day, another cyber-attack! In early April, Omni Hotels & Resorts was the victim of a cyber-attack that brought down the entire IT system and led to a company-wide outage. The organization took immediate action and brought the entire network offline to isolate the issue, protect its data and prevent further damage from occurring. Unfortunately, this process heavily impacted the hotel’s operations and day-to-day functions, such as managing reservations, unlocking hotel room doors manually and using point-of-sale (POS) systems in restaurants and shops within the hotel. Some estimates expect this attack to cost the Omni over a million dollars. While unconfirmed by the hotel, several sources speculate that the type of cyber-attack was a ransomware attack similar to what happened to MGM in Las Vegas several months ago.

I was at an Omni Hotel for a conference in Nashville when this was going on. If I wanted to park I had to have exact change CASH or port somewhere else. If I wanted to eat there they said the card would be held and charged “sometime next week”. I can’t imaging the lost revenue, damaged reputation, lose of confidence, etc. they had that week and with customer of the over-term.

While most customers were aware of the inconveniences of the Omni outage, many weren’t aware of the dangers associated with cyber-attacks. When a network is compromised, unless you have high-grade tools to protect you, every device you connect to is put at risk. When you’re traveling, it’s important to treat everything like a risk to ensure your safety. In today’s article, we’re sharing a couple of tips to keep you safe when you’re on the road for work or even on vacation this summer.

  1. Don’t connect to the public Wi-Fi in the hotel. Truthfully, this also applies to coffee shops, airport lounges, etc. If a network is compromised and you connect to it, you could be giving hackers access to your devices.
  2. Turn off the auto-connect feature. Even if you don’t actively connect to the hotel’s Wi-Fi, if a hacker has set up a fake Wi-Fi network and your device auto-connects to it, that could be a big problem. Shut the feature off and only manually connect to sources you trust.
  3. Use your phone’s hotspot. Instead of connecting to public Wi-Fi, most cell phones come equipped with a hotspot that allows your other devices to connect to your phone’s internet. If not, one call to your wireless provider can often add this feature.

These tips will help protect you, but if you travel for work or have employees who travel for work, it’s important that all work devices have professional-grade cybersecurity tools installed on them. You don’t want to send your sales team to a hotel-hosted trade show, and instead of bringing back a list of leads, they bring back malware that could shut down your company altogether.

There is one final lesson in this terrible incident that all SERVICE AREA business owners need to understand: No matter the size of the company, you can still be the victim of a cyber-attack. The Omni chain, which boasts over 50 properties nationwide, would likely have a large budget to defend itself from cyber-attacks and yet still fall victim to hackers. No system is 100% impenetrable, but small business owners who don’t have any security measures in place are putting a big red target on their backs.

If you don’t have a cybersecurity system in place, or if you do and someone else is managing it but you’d like a second opinion, we offer a FREE Security Risk Assessment. This assessment will go over every area of your network to identify if and where you are vulnerable to an attack and propose solutions to fix it.

Click here to book your Security Risk Assessment with one of our cybersecurity experts, or call our office at 214-550-0550.

3 Reasons to prepare a business continuity plan

3 Reasons to prepare a business continuity plan if you haven’t done so already

A business continuity plan is the blueprint you need during an emergency to keep your business running smoothly. If you don’t already have one, here are 3 key reasons why you should focus on creating one ASAP.

It helps retain clients
As a business, if you have problems functioning, it will definitely affect your clients. For example, if your servers are down or your supply-chain mechanism is affected or your delivery process breaks, you won’t be able to fulfill your promise to your clients. Even worse, in some situations you may not even be in a position to communicate about the crisis to your clients adding to their frustration. A business continuity plan addresses these issues beforehand and can help reduce client dissatisfaction.

Salvaging brand image and reputation
There are certain events that end up affecting only your business. For example, ransomware attacks, virus attacks, data leaks, etc., Having a business continuity plan that caters for such events can be a blessing in times of such crisis.

Minimizing revenue loss
A business continuity plan can minimize the revenue losses that occur as a result of a crisis that interrupts your business operations.

In short, a business continuity plan helps minimize the impact of the crisis on your client relations, your brand image and your revenue by equipping you with a plan to handle the situation better.

Online shopping? Watch out for these red flags

Online shopping? Watch out for these red flags

Who doesn’t like online shopping? Online shopping has opened up a whole new world to us. Get whatever you want, whenever you want, without wandering from store to store. It doesn’t matter if it is too hot to venture outside or if there’s a blizzard out there, you do your shopping from the comfort of your couch and the stuff at your doorstep. You get great deals, some are better than in-store specials. But, did you know cybercriminals love the concept of online shopping as much as you do. Cybercriminals are exploiting the growing popularity of online shopping to cheat unsuspecting buyers through techniques such as phishing, malware injection, etc. Here are a few tips that may work to keep you safe from being a target of cybercriminals as you shop online.

How to determine if the ad or shopping site is genuine?
As you browse the web, you will come across various ads targeted at your interests. Businesses engage in ‘Retargeting’ which means they use cookies to target you with very specific ads until you buy something. For example, look at a wallet and, you will see ads for wallets on various other sites you browse even if they are not shopping sites. Are those ads genuine? Before clicking on any ad you see online and making a purchase, be sure to verify if the ad is genuine. The same goes for shopping sites. Before you shop, you need to ensure the site is genuine, especially since you will be sharing your credit card details or Personally Identifiable Information (PII) such as your address. Here are a few things to check before you make that online purchase.

English: Keep an eye out for grammatical errors or spelling mistakes in the ad. Fake ads and sites may look a lot like the actual ones, but spelling mistakes or grammar errors may tell the true story. Scammers don’t have content writers to write great sales content!

Check the URL: When at a shopping site, always check the URL in the address bar to ensure it is genuine. For example, if you see www.1amazon.com or www.amazon-usa.com, you should know it is not the same as www.amazon.com. Checking the URL also lets you detect website cloning and phishing. Website cloning is one of the most popular methods used by scammers to fleece consumers. As the term suggests, the cybercriminal first creates a ‘clone’ site that looks exactly like the original one, barring a very minor change in the URL.

Don’t Get Phished!
Phishing is when you receive a message, usually through an email or a text message asking you to take an action, such as clicking on a link, filling out a form, logging into an account, etc., Such messages look as though they are genuine. But, the form fill, account login, or link will take you to a spurious site where your information will be captured for bad use. Checking the URL will help you detect phishing frauds as well.

Check before you download anything: Sometimes you may receive a link and asked to download a coupon or a gift card that entitles you to a sizable discount. It may be a fraud. In fact, it probably is.

Download only from legitimate marketplaces: With so many shopping options it is tempting to download every new app that you come across. But, only download from authorized marketplaces like Google Play Store for Android or the App Store for iOs.

At the end of the day, remember, there is no free lunch. If something seems too good to be true, it probably is.

The Safest Way To Shop For Mother’s Day Online

Are you planning on buying gifts for the special women in your life for Mother’s Day? If you shop online, there are a few ways to do it SAFELY. During the holidays, cybercriminals ramp up various scams to capitalize on innocent people looking for gifts online. These scams range from fake offers to sham giveaways, all with the goal of stealing your money and information. Times and technology have changed drastically in just the last year, meaning what kept you safe before is no longer enough. In today’s article, we’ll share the best way to pay for your online purchases, the common scams to look out for and the top online shopping best practices to keep you safe.

How To Make Online Purchases Safely

Should you use your debit card to buy online? No! Debit cards are linked directly to your bank account. If you make a bad purchase online, it can be very difficult to get your money back once you’ve alerted your bank. To avoid headaches, hours on the phone arguing with customer support, losing money and, if things escalate enough, legal fees, use your credit card or a third-party payment system instead.

Credit cards have extensive fraud monitoring systems, which can often catch discrepancies as they occur. These companies use statistical analysis and machine learning to track and analyze your transactions to quickly identify suspicious activity, allowing you to dispute the purchases and avoid being charged.

Some credit card companies, like Capital One, go a step further to keep you secure by offering virtual credit cards. These cards provide you with a random 16-digit number, a three-digit CVV and an expiration date that you can use for online or even in-store purchases. While these DO connect to your real accounts, retailers are unable to see your actual card details, keeping your information secure. Bonus: These can be “turned off” at any time, eliminating the hassle of canceling unneeded subscriptions without going through the merchant.

Third-party tools like PayPal are also a great option because no personal information is exchanged with the seller. The company you’re purchasing from does not receive your financial or banking information, keeping your data secure.

Online Shopping Best Practices

Using a credit card, virtual card or third-party payment tool is a great start, but it isn’t the only proactive step you should be taking to stay safe online. If you’re making purchases online, make sure you’re also:

Shopping from real websites – Cybercriminals will set up fake websites that look exactly like big-name websites. Go to the REAL website and search for the item you’re looking for.

Avoid too-good-to-be-true offers – If it sounds like a scam, it’s probably a scam! If you’re interested, go to the website and look up the deal to see if it exists.

Do NOT click on promo links in e-mails – Cybercriminals will set up spoof e-mails mirroring your favorite brands. When you click on the offer links, they can infect your network.

Use a VPN – This hides your location and web browsing information from snoopers.

Don’t save your information – Password tools are trying to make your life easier by saving your payment information, but they make you more vulnerable to having it swiped.

Use unique logins for loyalty accounts – Using the same e-mail and password combo for all your loyalty accounts means that if one is compromised, a smart hacker could break into all of them, and some will have your payment information available.

Set up alerts – Go into your banking system and enable notifications. You can request to be notified when any purchases or purchases over a certain amount are made, so you can quickly report any suspicious activity.

Cybercriminals will use any method they can to steal your information and money. To stay safe, you must take a proactive approach to protecting your financial information. This is equally true for your business. If hackers are willing to put this much effort into stealing money for low-dollar purchases, imagine what they would do to access your company accounts. Your customer data, employee information, trade secrets and more can be worth millions to them.

If you’re not sure if your company is as secure as it should be or you just want to get a second set of eyes on your system to make sure there aren’t any holes in your security, we’ll perform a FREE Network Security Assessment for you. We’ll go through our multi-step security checklist and let you know if and where cybercriminals can get into your network.

Click here to book your FREE Network Security Assessment now or call our office at 214-550-0550.

Business continuity planning: A must-have, not a luxury

Business continuity planning: A must-have, not a luxury

Business continuity planning is not an alien concept anymore. In recent times we have witnessed a lot of events that only serve to further intensify the need for business continuity planning. Examples include natural calamities like hurricanes, floods, wildfires, events like terror attacks or even pandemics like the recent Covid-19 outbreak.

While a business continuity plan cannot completely safeguard your business from all these events, it can certainly minimize the damage inflicted on your business. Top business consultants urge their clients to develop a business continuity plan as they consider it a part of the best practices for running a business. A business continuity plan can make the difference between survival and shutdown of a business during a crisis situation.

What is business continuity planning?
Business continuity planning is the process of creating a blueprint that helps your business respond and recover effectively from an unforeseen mishap. As discussed before, the unforeseen event could range from natural disasters to pandemics, or even accidents that affect just your place of business like a fire or even a cybercrime attack directed at your business in particular–basically, any event that can paralyze your business. A business continuity plan serves as a step-by-step guide that you can follow during an emergency to keep your business running smoothly.

True, a business continuity plan is not a sure shot method to survive a crisis, it won’t instantly eliminate the impact of the disaster, but it gives you the best chances of survival. If you are not sure of what a good business continuity plan entails , you can reach out to a reputable MSP to help you with the preparation and implementation of one.