Category Archives: Cyber Security

Why do you want your security in the clould?

GenCare Security: Is this your security pla?

Security has been a 2 edged sword for both IT Staff and IT Users.  You need it but it made using your tools harder.  That all changes with cloud managed security.

  • Loved by Users
  • Loved by IT
  • Trusted by All

General Networks can help you coordinate security across multiple platforms, using multiple apps and manage them all from a single plane of glass.  At the same time we can reduce the impact on your staff.   Making application sign ins secure and easy.

  • Single Signon
  • Passwordless Signon
  • App Portal for all your apps (Cloud and Line of Business)
  • When an employee leaves, just one place to restrict access.
  • Self Service Password Reset
  • Encrypt Data Everywhere (at rest and in transit)

The list of great features is much longer.  Contact us for more information.


Share this

Covid-19 and Security: What’s Changed?

What’s the landscape for security in the Work From Home (WFH) era or Covid-19

While the basics of security and the threats have not changed much, the landscape has changed significantly.  While most organizations are not working from the office, the normal situation of “build a security wall” and put important resources behind it is changed.  These same organizations are having staff work from their personal computers where intuitional security (firewall, antivirus, passwords, etc.) do not protect the systems.  Most organizations have not considered these changes as they rushed to get critical staff connected to the data, they need to keep the organization running.  That combined with people’s desire to be connected and know what is going on around them combines to make social engineering threats much higher than they were in the past.

What can you do to help?

IT staff and consultants can deploy what called “Zero Trust” security solutions that make sure that identity and data are protected no matter where that data goes.  What is great about this is Zero Trust solutions can make WFH easier than ever before.  Passwords can be eliminated, and security escalated as all important information and communications are encrypted.  So even if a hacker, virus, or crypto locker gets into a staff members computer, the attack will have no access to cooperate data.

If you are interested in knowing more, you can sign up for a free security evaluation for the office and home computers and we can send you some reports.  Book a free 30 Minute Security Review

Share this

The Problem With Passwords

Microsoft is now saying passwords are not good security.

What is the problem?
1) People will write down passwords if they are too complex.
2) Hackers have great tools to get uninformed people to give up their passwords unintentionally.
3) Even the best passwords can be hacked.

What are the solutions?
1) Stop forcing passwords expirations and replace with a password manager (LastPass, Keeper Security, etc.).
2) Turn on Multi-Factor Authentication (MFA) on all services.
3) Setup Single Sign-On (SSO)
4) Use bio recognition as a factor for MFA (Finger Print Reader, Facial Recognition, etc.)

Get the security add-on
Enterprise Mobility and Security (EMS). EMS can protect Office 365, G Suite and traditional on-premise Windows Server solutions (RDS and File Sharing). Bundled in you get not only the feature above but Mobile Device Management, Managed Antivirus, email and file encryption, and many other security solutions. You can do some truly amazing things with EMS like firewall corporate data from personal data on BYOD devices.

Get fingerprint readers for mobile devices. USB fingerprint readers are available for under $50. There are even Bluetooth fingerprint readers available that can protect not only computers but corporate data on mobile devices (phone and tablets) when used in conjunction with EMS.

Of course, General Networks Corporation (GNC) is here to help with engineers trained on deployment of multiple security tools and training options.

Share this

Using Multiple Cloud Apps? Secure all your data with Cloud App Security

General Networks can help you secure multiple cloud apps with Microsoft Cloud App Security! 

Check out this video

Microsoft Cloud App Security is a Cloud Access Security Broker (CASB), powered by a unique approach to deliver state-of-the-art security for multi-cloud environments, via native integrations. It is designed with security professionals in mind – providing simplicity of deployment, centralized management, and innovative automation capabilities.

Contact us at

Share this

How to Spot Phishing Messages Like a Pro

Update to STAY SAFE FROM PHISHING. 5 Ways to Stay Safe

June 2018 Volume 13 Issue 06

From the desk of Thomas F. Duffy, MS-ISAC Chair

The Federal Trade Commission’s definition of phishing is “when a scammer uses fraudulent emails or texts, or copycat websites, to get you to share valuable personal information.”[1] When a user falls for a phishing message, the malicious actor achieves their purpose of getting the victim to hand over sensitive information such as login names and passwords. Though we count on technologies and controls to minimize threats, phishing exploits users through social engineering, which allows the malicious actors to side step these protections. This is why it is important that everyone learn to spot these fraudulent messages. Let’s take a look at some example emails of phishing messages.

Message #1

Subject: Low Cost Dream Vacation loans!!!

Dear John,

We understand that money can be tight and you may not be able to afford to go on vacation this year.   However, we have a solution. My company, World Bank and Trust is willing to offer low cost loans to get your through the vacation season. Interest rates are as low at 3% for 2 years. If you are interested in getting a loan, please fill out the attached contact form and send it back to us. We contact you within 2 days to arrange a deposit into your checking account.

Please email your completed form to

Your dream vacation is just a few clicks away!

Dr. Stephen Strange

World Bank and Trust

177a Bleecker Street, New York, NY10012

What did you notice in message #1? 

In this message, you can see that the phisher wants to give us a low-cost loan with no credit check. They say we just need to send them our information and they will give us money, right? Not only does it seem too good to be true, but also when you hover the cursor over the email address to examine it further, you see that the link actually has a different destination. It is the email address of the attacker. Lastly, as much as you might like Dr. Strange, he’s probably not working for a bank part-time.

Message #2

Subject: Free Amazon Gift Card!!!

Dear Sally,

You name has been randomly selected to win a $1000 Amozan gift card. In order to collect your prize, you need to log in with your Amazon account at the link below and update your contact information so we can put your prize in the mail. This is a limited time offer, so please respond to the request within 2 business days.  Failure to respond will forfeit your prize and we will select another winner.

What did you notice in message #2? 

Aside from this seeming too good to be true, you can see that “Amazon” is misspelled as “Amozan” on the link provided. If you read this quickly, you may think you are responding to the real company to get your gift certificate. In reality, you are providing your information to the attacker. For the purposes of this example, the link actually navigates to the Center for Internet Security, which is a trustworthy site.

Message #3

Subject: Urgent – Take Action Before Your Email Account is Deactivated

Dear User,

Following changes to our Microsoft email systems, each user must authenticate their account to prevent it from being deactivated. You can accomplish this by heading to the link below and entering your Microsoft Outlook email account credentials, and then we will know your account is active and should remain so.

Thank you,

Information Technology

Helpdesk Support Team

What did you notice in message #3?

This email is fairly well crafted without errors. Note that it establishes a sense of urgency that the malicious actor hopes will cloud your judgment and threatens the deactivation of your email account. Additionally, the link at the bottom looks like a link to Microsoft, yet it is, in fact, heading somewhere else! Luckily, for the purposes of this example, that link simply leads to the Center for Internet Security, which is a legitimate site.

With these three examples considered, here are some basic recommendations to help protect you from becoming a phishing victim:

  • If it seems too good to be true, it probably is;
  • Hover your cursor over links in messages to find where the link is actually going;
  • Look for misspellings and poor grammar, which can be good signs a message is a fraud;
  • And, never respond to an email requesting sensitive personal information (birthday, Social Security Number, username/password, etc.).


Additional information and a phishing game can be found on the FTC’s website,


Share this

What Should You Know about Cryptolocker and Other Cyber Attack Threats in 2015?









There’s no question that 2014 was a very good year for hackers as there were a number of high profile data breaches, including those in retail, communications, finance, and hospitality. According to a Ponemon Institute survey conducted last year, a successful cybercrime will cost a company on average $8.6 million, but there was a huge discrepancy among industries. For example, a business in the financial industry could take a hit of $20 million or more. Therefore, it’s more important than ever to safeguard against cyber threats with a combination of training, anti-virus software, and best practices. Here are some questions you might have about some of the cyber threats out there as well as how General Networks can help your organization stay on top of security.

How was Cryptolocker different from other malware seen by security experts?

Other viruses or system exploits may seek to obtain valuable data to be used against a business or its customers.  This could include obtaining personal information like credit card numbers and social security numbers for ID theft or fraudulent charges.  A leak of this data typically doesn’t entirely eliminate a company’s ability to conduct business.  Cryptolocker, on the other hand, seeks to slow or stop business operations by holding hostage critical data.  Cryptolocker hackers seek to create enough of a headache that paying a ransom to make the pain go away becomes a reasonable proposition.  These ransoms are often thousands of dollars, creating a direct impact on the bottom line to affected organizations.

Do you suspect copycats will try to have the same success with a different variation of the Trojan?

This “business model” will likely expand.  An entire cottage industry has formed around the cryptolocker concept.  They operate anonymously and their viruses are indiscriminate, making it an opportunistic enterprise without much capital required to get started.  They are able to cast a wide net and wait for victims to call them, requesting access to their encrypted data.  These groups have become so sophisticated that they provide their own tech support to those who pay ransoms.  If word got out that they weren’t handing the data back to their victims, businesses would be dissuaded from paying what they ask!

What are some of the biggest cyber threats out there for 2015?

The cryptolocker virus is near the top of the list, if not #1.  Phishing emails that ask for users to change their passwords or provide credit card numbers are troublesome, especially in environments where non-technical employees who are unaware of the risks of phishing attempts become victims.  While exploiting big networks can mean big money for hackers, effects on small businesses are disproportionately impactful on operations and bottom lines.

What can users do on an individual level to mitigate the threat?

User training is the best way to get proactive against all forms of cyber threats, fraud, etc.  Most malware can’t gain access to the data it seeks to exploit if a user isn’t giving the application permission in the first place.  The thinly veiled disguises used can be made more obvious to end users with a little training:

  • Infected email: is the sender familiar to you and is the language in it typical of your interactions with this user?  Is there a call to action (possibly termed as a threat or with a time limit) to click on an unfamiliar link within the email?  Does the URL of the link match what it claims to be, or is it a gobbled mess of IP addresses, .exe extensions, and other red flags?
  • Infected websites: Is the website you’re going to appropriate, safe, and familiar to you?  If not, it’s best to stay away or talk to a technical representative at your organization to help the end user understand what the signs of a malware-spreading site might look like.

What can be done on an organizational level?

In addition to end-user training, proactive and reactive steps should be used in tandem.

Proactive: Basic steps should be taken to keep virus definitions and patches up to date.  This includes endpoint protection of desktop antivirus programs and centralized network protection of firewall firmware updates, as well as operating system patches and 3rd party software patches (Java, Adobe, Chrome, Firefox, …).  Those are proactive steps to limit the number of exploits experienced.

Reactive steps to mitigate impact of a cryptolocker infection are important to have in place in case those do not prove 100% effective.  Backups should be in place and checked frequently for integrity and usability.  These backups will allow IT departments to restore critical data that would otherwise be lost to cryptolocker.  In general, data should be stored according to corporate policies in locations where impact of encryption would be minimized and all files will be backed up.  Storing files on unprotected local drives is a common reason that infected PCs lose data.

How can organizations calculate the value of IT security to optimize productivity and determine ROI?

This comes down to the value of their business operations as a whole.  With the understanding that some viruses eliminate an organization’s ability to operate or have regular access to critical data, a dollar value can be assigned by calculating the opportunity cost of lost productivity.  A virus can eliminate an entire business’s ability to operate, or just a single user.  This can either be temporary or permanent.  Calculating this ROI for security involves estimating the value of your employee’s productivity.

In a 2010 Gartner study, 43% of businesses were immediately put out of business due to major data loss.  A higher percentage of affected companies had folded in the year following the data loss.  Even in conservative estimates of cost based on worst case scenarios, the message is clear that investment in the basic proactive and reactive steps is critical.  Investing in IT security isn’t about increasing revenue – returns on investment are best measured by an absence of crippling issues.

How does General Networks assess and determine a client’s IT security needs?

The first step is to ask how the topic is addressed within the organization today.  If it hasn’t been addressed, we look to our experience in network infrastructure and starting from ground zero with our other clients.  We partner with our clients to implement a mix of proactive steps, reactive capabilities, and end-user awareness to address these challenges.  Throughout this process, we prioritize balancing investment with either basic or more advanced requirements (compliance standards imposed on certain industries).


Share this