In the heat of the summer, we want to remind you to stay cool and be alert to some of the latest technology hacks that are out there: Phishing, Vishing, Smishing...and Pharming. This month, we'll break them down for you.
Tech Tip #34: Pay close attention and be super aware of the websites you’re redirected to.
Pharming is the latest, and most difficult act of cybertheft to detect. The cybercriminals lure you into clicking on a link that redirects you to a site that you think is legitimate, but it’s far from it. The sites are owned by the hacker and look identical to the original site. The most common site these hackers like to target are online banking sites. Once you click on the link, the virus lets loose and the hackers have all your information. Be very wary about clicking on links. Make sure you KNOW their legitimacy, and never give your personal information unless you are 100% sure it’s safe.
Tech Tip #33: Your mobile device can help you, but it can also get you in trouble.
Scammers, hackers, fraudsters, whatever you call them, they can cause us a lot of grief. The latest scheme has these cyberthieves in the palm of our hands, and not in a good way. We’re talking about Smishing. Like phishing and vishing, this type of hack comes through the sms channel, via text message.
For example, you may receive a text message from your bank stating that your debit card is in danger of lockdown due to fraudulent activity. They ask you to click on a link to confirm your personal information. You get scared and do it. Guess what? You’ve been smished.
Never click on links and submit your personal information unless you are sure of who the sender is, and that it is a secure request.
Tech Tip #32 – Don’t believe everything you hear!
The phone rings. You answer it, and the person on the other end tells you their calling from ‘such-and-such’ credit card company and that you’re paying too high an interest rate, and they can help you lower it. All you need to do is verify your credit card account and provide the cvv number on the back, and whatever other personal information they request, and voila – you’ll have a lower interest rate! If only the credit card companies were so nice!
Vishing is the equivalent of phishing, but with a voice! Be it your home phone or your cell phone, the scammers will call to bait you in to giving them access to your credit cards and/or bank accounts. Don’t trust the person on the other end of the line. Always call your account company directly to confirm legitimacy.
Tech Tip #31: – Don’t be the bait on the end of the phishing hook.
Phishing is the most common cyber-attack in today’s technological world. It is an attack that arrives via email, appearing to come from a reliable source such as a bank or other financial institution. The email will contain a sense of urgency, luring you in to click on a link and submit and/or verify your personal and confidential information. Once you do that, the ‘phisher’ has you hooked and moves fast to access your bank accounts, e-wallets, and other financial accounts you may have given away.
To avoid being the victim of a phishing attack, keep a keen eye on emails that arrive in your inbox. If you don’t recognize the sender, don’t open the email…and by no means should you click on any links that may be embedded in that email. Even if you DO recognize the sender, be sure to question the intent of the request for you to open the link. Phishers have a clever way of disguising themselves as a trusted source.
Searching the web is all about domain names, and creating a solid domain and keeping the keys to your castle is crucial. This month, we’ll focus on the importance of domain names and what they can mean to your business.Tech Tip #30: Choosing the right domain name could make all the difference when it comes to your business’s success.
Having the right domain name gives credibility to your business. It’s the first impression people have about your business. It shows professionalism and gains people’s trust. If you have your own domain name versus a generic one, you’re more likely to attract the customers.
It also shows that your business is up to date with today’s technologies, and more importantly, your domain name builds your brand. For example, which company would you be more likely to choose to do business with, one with a generic domain name such as ‘www.hostedwebsites.com/tech2020solutions or a company who owns their domain name such as ‘www.Tech2020Solutions.com? The latter would be more likely to attract business!
As a general rule of thumb, if you have been in business for more than a year, and you are still showing a gmail.com, yahoo.com, or aol.com address for your email, it is time to make the change and invest in yourself, your brand and your business buy purchasing a domain. Need assistance with that? Just give us a ring.
Choosing the right domain name can make or break your business. Remember, it’s your brand, and it can affect your SEO (Search Engine Optimization), affecting the way people can find you on the internet.
If you’re having trouble creating the right name or would like more information about the importance of domain names, we’re here to help!
Tech Tip #29: Don’t let your domain registration expire!
Its important to remember to renew your domain registration on an annual basis. If you forget to renew it and let your domain expire, it could cause you a lot of grief. Someone else could buy it out from under you, and you won’t be able to get it back – unless the new owner is willing to sell it back to you…which could be quite costly. If you end up with an expired domain that you can no longer get back, you’ll ultimately have to settle for and create a new name, and then have the trouble of re-marketing and re-branding your business.
A good way to avoid the risk of forgetting to renew your registration is to invest in a reputable domain-hosting company. Yes, there are some companies that will host your domain for free, but that is risky too, because they might register your name in their name). The benefit to having a reputable company host your domain name is they can manage it and keep an eye on its expiration date for you.
Tech Tip #28 – Be careful of the email address you use to register your domain name
We’ve already shared with you the importance of registering your domain name in YOUR name or your business’s name, but when doing so, be sure to use a different email address than the domain you are registering. For example, you registered your domain name as www.mydomain.com. What you don’t want to do is have your registrant contact email as ‘firstname.lastname@example.org’. The reason being is that if a problem arises and the domain registrar needs to contact you, the email on the domain in question may well be unavailable and you won’t be able to be reached.
Tech Tip #27: Be the King or Queen of Your Domain.
Your domain name is vital when it comes to your business. It’s the first thing people see. It is your brand. It can open the door for your business and is ultimately what drives people (and potential customers) to your site. Therefore, when registering your domain name, make sure it is YOUR name or your business’s name that is listed as the owner.
Some domain hosting companies (especially those that are free of charge) will register and host your domain name for you, but unbeknownst to you, these companies may list themselves as the owner. This can cause issues when and if you ever decide to change hosts. If YOUR name is not listed as the owner, you will have a battle on your hands trying to regain control of your own domain name.
Move over landlines! Many businesses today are opting for the latest technology and VoIP solutions for their office phone systems. This cloud-based solution can improve your team’s productivity and save you money, but what exactly is VoIP and which system is right for your business? Let us explain:
Simply put, VoIP stands for Voice over Internet Protocol, and it is widely growing in popularity. VoIP experimental transmissions began in 1973 however, it wasn't until 1995 that the first Internet Phone Software – Vocaltec – appeared; commercial implementations began in the early 2000’s. VoIP uses IT infrastructure (business data networks) to make and receive calls over the network, versus using the traditional dial tone derived from the Public Switched Telephone Network (PSTN). From the audio signal of a call, small packets of data are digitized and then routed through the internet. The phones themselves may look very much the same, but the technology and the features of the phone have significantly changed and grown.Tech Tip #26: When considering VoIP, you will need to decide whether you want an on-premise or a hosted solution. Let’s look at each.
On-Premises VoIP is a system that you own, this includes the phone equipment and software for the VoIP system that is installed “on-premise” at a location of your choosing. Your tech team or local provider is responsible for everything related to the service including the procuring, installing, cabling and maintaining of the equipment and software. You also have complete control for the programming and feature settings for the system. This system is usually managed by your technical staff or a VoIP provider.
Once you’ve chosen your on-premise VoIP system, you make the purchase (financing is often available). When investing in this type of system, you can depreciate the system’s value as you do with other types of office equipment. Since you own it, you can consider it a capital expenditure and make the tax deduction accordingly (always consult your tax professional).
Important Note: With on-premise systems, you must still subscribe to a phone service (dial tone) provider, i.e. Verizon, Altice Cable, Roadrunner, etc. these include either a local utility or national provider. These fees can be greatly reduced when compared to traditional telephone services. Contact us for further information.
When you move to a Hosted VoIP system, your IT / VoIP provider handles everything for you. In this type of model, other than the physical phones and network switches and internet routers or systems necessary for the VoIP system in provided virtually and hosted elsewhere. In addition, your telephone numbers are generally moved to the Hosted VoIP providers system.
Any upgrades, maintenance, and support requests are handled by the provider. So, just remember that if you want to make a system change or need support, you’ll have to go through the provider’s support team which might mean a reduction in responsiveness.
The best way to figure out if VoIP is the right solution for your business is to discuss it with the experts! Contact your IT Team to discuss how to implement a system that’s right for you. As always, if you’re ready to make the switch, we’re here to help!
Tech Tip #25: Phone calls aren’t the only things VoIP phone systems can offer your business.
Besides being able to conduct phone calls, you can also stay connected with your clients and employees by using conference calling and video-conferencing options, via VoIP phone systems. So, if you’re at home, or on the opposite side of the country, or traveling abroad, you can still have the flexibility to attend meetings and share documents with your main office as needed, without physically being there.
VoIP phone systems also offer the benefit of having your faxes and voicemail forwarded to your email. This means you can receive all your messages in one place and have the ability to store them or forward them on to others as needed.
Tech Tip #24 - Whether you are a road warrior or dial in to the office from a remote or home office, there are many benefits to implementing VoIP phone systems for your business.
It doesn’t matter if you work remotely from a home office or you are constantly on the go, having a VoIP system can give you the convenience and flexibility for seamless communications.
From your home office, you can set up your phone to mirror your office phone. VoIP allows you to see all incoming calls, use your voice mail, call forwarding and all the features you typically have when you are sitting at the office like intercom features, and being able to connect from one extension to another without the need to dial the main number.
For the “Road Warriors”, or for when you’re away from the office, most VoIP systems have the capability using an app on your cell phone to harness the office features of the office’s VoIP system. With the VoIP App, you can connect from virtually anywhere; masking your cell phone number so the call looks like it is coming from the office. This way, when you are on the golf course, only you will know.
Tech Tip #23: VoIP phone systems are convenient and offer a variety of features.
The cost to operate a VoIP phone system is generally much less than the expense of the traditional phone company, and long-distance calls can be significantly less expensive as well. With VoIP, you also save when it comes to adding, changing or moving employees. Simply move your IP phone to a different broadband, plug it in and you’re good to go!
VoIP systems offer a variety of benefits and functionality that businesses of all sizes can take advantage of including:
It is important to note that not all VoIP systems offer the same functionality, so compare that system’s features and benefits to make sure you choose the system that works best for your business.
- Voicemail and voicemail forwarded to email
- Automatic Call Distribution
- Operator Console & Auto Attendant
- Call Forwarding & Screening
- Do Not Disturb
- Coaching Tools
- Utilization & Call Detail Reporting
- Follow-Me Dialing / Routing
- Door Phone Entry Buzzer Integration
- Music on Hold
- Web Based Click to Talk
- Simplifies Remote Office Communications – Remote Phones
- Take Calls while out of the office
By now we should all be familiar with the ADA (Americans with Disabilities Act) civil-rights law, and if you’re not sure what it means, we’ll tell you! The ADA-act is a law that was passed by Congress in 1990. It addresses the needs of individuals with disabilities and protects them from discrimination. The law applies to public and private spaces, employment, State and Local government, transportation, building codes, telecommunication, and now - this law applies to your website.
This month, we’ll share some valuable tips with you regarding what you need to know about making your website accessible to everyone.Tech Tip #22: ADA-compliance has many benefits. Be sure you know where your website stands with its compatibility!
Having an ADA-compliant website can give your business a competitive edge and might even lead to increased business. It offers a better overall experience across browsers, provides digestible information for Google and other search engine results, and helps the site reach a wider audience and reduces the likelihood of ADA litigation.
By designing an accessible website, you’ll keep your business ahead of the game and avoid potential lawsuits. Additionally, having a website that is fully accessible and in compliance can lead to a better ranking on search engines (for a modest investment).
If you want to see how your current website ranks as far as being ADA-compliant, there is a free testing tool you can use. Just visit http://wave.webaim.org. If you have questions about your website and compliance, feel free to reach out to Jodi Jacobs at jodi@Tech2020solutions.com.
If you’re still unsure about your current website’s compliance status, or if you’d like to learn more about becoming compliant, don’t hesitate to give us a call at 516-876-8761.
Tech Tip #21: Implement automatic alternatives and suggestions when a user encounters input errors.
It is important that users who have disabilities can easily navigate your site and find the content they need. Be sure your site automatically offers recommendations should they encounter input errors.
ADA-compliance standards must be followed carefully and will evolve just as your website does. Additionally, all website contributors must know to stay within ADA- guidelines. Staying ADA-compliant isn’t something that you can just set in place and forget about. It does require some web management in order to keep on top of it.
Tech Tip #20: Create alt tags for all files containing images, audio, and video.
What is an ‘alt’ tag, you ask? An alt tag is something that gives a description of the content and its purpose on the site. Creating alt tags enables users with disabilities to be able to read or listen to descriptions of content that they might not be able to see or hear.
Next, be sure to identify the site's language in the header code. By identifying what language the site should be read in will help those users who utilize text readers and will enable them to function accordingly.
Tech Tip #19: Have a consistent, well-organized layout.
Make sure all menus, buttons and links are laid out in a concise and well-organized manner. They should be clearly separate from each other, and easy to navigate throughout the entire website.
Next, create text transcripts for audio and video. Having text transcripts available will help hearing-impaired users to understand the content which otherwise would have been inaccessible.
Tech Tip # 18: How to determine if your website ADA Compliant, and if it really needs to be.
Before you panic and scream “mayday”, know that there are currently no clear accessibility rules and guidelines for business websites. However, with the number of lawsuits claiming website discrimination on the rise, it’s wise to make sure your site provides accessibility to users with disabilities.
So, how can you determine if your website is ADA compliant when there isn’t a real clear definition of exactly what that is? …and how can you determine how to build an ADA-compliant website, or how to update your existing site?
Luckily, there are a few relatively simple actions you can take that will set you on the right path toward ADA compliance, and at the very least, will help you show that your business has made a good-faith effort at being compliant if you end up in court.Stay tuned for our next set of tips as we’ll share some of the ways your business can address accessibility issues on your website.
For many businesses, the Cloud is becoming an increasingly attractive option. But whether to move to the Cloud or not, and what exactly to move into it requires a good deal of thought.
Let’s assume you’ve made the decision to move your business to the Cloud. Now you need to figure out what kind of Cloud you are looking for, and exactly what you want to move into it.
Tech Tip #17: Consider your company’s goals (and budget) before making the decision to make a move to the Cloud.
It seems that in an effort to make things accessible and save infrastructure costs, some companies that moved to the Cloud have started to look at the bottom-line costs for Cloud computing, and the numbers have not always been kind.
In fact, according to a Datalink/IDG survey of over 100 IT professionals, almost 40% of companies with a public-Cloud experience have migrated back to an in-house data center citing concerns with security, pricing and manageability. Many businesses have seen once-attractive entry costs for moving to the Cloud skyrocket as data and storage rates have continually increased. In addition, changing subscription services for line-of-business applications has also created issues as many of these platforms require an active subscription to access archived data; thus requiring business owners to run more than one subscription service. Still, other companies feel that stronger security and a greater degree of control can be provided with an on-premise solution.
A previous study by CompTIA in late 2016 found that business and IT execs ranked these reasons to return to on-premise systems:
This goes to show that every business needs to truly consider its goals prior to making any decision about the Cloud. These conversations are best to be had with a knowledgeable IT company that can help point out the pros and cons and keep you grounded as you make your decision to put your head (and your business) in the Cloud or not.
- security (58%),
- failure to achieve cost goals (30%),
- failure to integrate (24%)
- dissatisfaction with reliability (22%).
Tech Tip #16: Keep in mind that it might make sense to move some aspects of your business to the Cloud, but not all.
You may find you want more direct control and feel more comfortable keeping sensitive information or mission critical applications on premise. However, if you are looking to utilize conferencing software or want to work with a collaborative project-management platform, you may want to consider a SaaS (Software as a Service) solution. Your business’ unique needs will help guide your decision.
Here are a few other things you can do to help with the process:
* Remember, it does not have to be all or nothing when it comes to the Cloud.
* Pick and choose what applications, access and storage options make the most sense to you and your business.
* Have a goal and a strategy for what you want to have in the Cloud (or not) and stick to it.
* Communicate with your team every step of the way as you go through any Cloud migration to get buy-in and adoption of your new Cloud protocols.
* Understand the security behind your choice of Cloud service, and relay this to the team to allay any concerns about the confidentiality and accessibility of data.
Finally, use the Cloud-migration opportunity as a chance to review data, files and applications that are no longer relevant to your business, and purge. There is no sense in paying for things in the Cloud that you have no use for.
Tech Tip #15: There are basically three types: public, private and a hybrid (we typically recommend this for our clients). Look below to see what kind of Cloud your business would benefit most from.
● A public Cloud provides services over the Internet and is usually your less expensive option. Most Software as a Service (SaaS) applications run on a public Cloud.
● A private Cloud is a network dedicated solely to your company. While more costly, it may be your best choice for software and data that require a high level of security.
● A hybrid Cloud combines both public and private Cloud services. This is a popular choice for many businesses because it allows you to keep very sensitive information more secure while also taking advantage of public-Cloud efficiencies where it makes sense.
Tech Tip #14: When considering moving to the Cloud, you must assess your own business needs.
You need to consider whether investing in hardware, such as a new server, makes more sense than paying to host your software applications and data on a Cloud service provider’s equipment. Many times, you also need to consider whether you have people working on the road who need remote access to company applications and documents. To make sure you get the “right Cloud” for your business, it is important to articulate what you need, and what you are looking for.
The following are some of the benefits businesses cite for moving to the Cloud. They include:
Streamlined Implementation: ‘SaaS’, or Software as a Service, can be set up quickly; much faster than traditional software installations and implementation, so you and your employees can be up and running in a few hours, and sometimes in minutes. .
Predictable Expenses: Since the Cloud is based on sharing resources, there is an efficiency that can’t be denied in most cases, and the costs for these shared services are generally more economical. However, be sure to inquire about additional fees resulting from increased storage used, adding users, etc. If you don’t, you may get “sticker shock” in future years.
Leveling the Competitive Playing Field: The Cloud gives smaller companies the opportunity to utilize the same technology resources that larger companies use, making access to software platforms and infrastructure support accessible and not cost prohibitive for small companies, so they can compete toe-to-toe with larger companies.
Ease of IT Administration: When you use a reputable Cloud service provider, you will get automatic software updates, system upgrades, backups, and other services. NOTE: Just make sure you have someone, or an outsourced IT team that can oversee and handle the project management of the Cloud service provider.
Communication and Collaboration Anytime, Anywhere: As long as you have Wi-Fi and can access the internet, you can join in the conversation, troubleshoot, or get your work done. For today’s on-the-go workforce, this can truly be advantageous.
World Backup Day is March 31st, and we want to know - when was the last time you backed up your data? If you answered never, believe it or not, you’re amongst the 30% of people who have never performed a backup! With today’s rapidly-increasing development of IT, it’s so important to get into the habit of performing backups on a regular basis.Tech Tip #13: Don’t be a statistic. Prepare yourself for data loss BEFORE it happens.
Maybe you’ve spent hours on a project or created documents to help prepare you for tax season. What will happen if your system crashes and you haven’t made copies of them? These documents may be irreplaceable. Are you prepared to start from scratch and redo them? How much time (and money) will you have lost? …and what a nightmare that will be! But it doesn’t have to be. Give yourself peace of mind and simply make duplicate copies of your important files on more than one storage device.
Here are some National Backup Day Facts:
- 29% of all data loss is caused by human error
- System failure accounts for 31% of data loss
- 60 seconds of downtime can cost a company up to $1000
- On average, a lost file can cost about $150
Don’t you agree that it’s better to be safe than sorry? Take the World Back Up Day pledge, and ‘solemnly swear to backup your important documents and precious memories on March 31st’. You’ll be glad you did!
Tech Tip #12: Pick a date and time each week or month and have a company backup party.
There are many circumstances that can lead to systems crashing. It’s not just cyber criminals and viruses that cause a system to crash, human error plays a big factor. Therefore, its important to educate your entire staff on data backup.
Pick a date and time of every week or month and invite all employees to do an office-wide backup at the same time, using an external drive (USB) or an online Cloud storage service. This will create a safer environment amongst your staff and prevent important data from being lost.
Tech tip #11: With cybercrime on the rise, think of data back up as a form of self- defense.
When it comes to your business and personal data, you want to do everything you can to protect it, right? After all, cyber criminals are going out of their way to infiltrate your data. Data loss is a major issue and it can be quite costly to recover lost data should your system crash. Rather than storing gigabytes of data solely on your laptops and PCs, back it up on an external drive, or USB.
The same goes for your mobile devices. We store thousands of personal photos and videos on our phones, and these need to be backed up as well! Statistically, 113 phones are lost or stolen every day. So, if your phone gets lost or stolen and you’ve backed up your data, you will be able to retrieve it. If you haven’t backed it up, consider it lost forever.
Get into the habit of backing up your data a minimum of once a year, but better yet, once a month. It doesn’t take long to perform a backup, and 15 minutes to an hour could save you a world of trouble and regret. Remember, self-defense is your best offense, and we’re here to help you if you need us.
What’s not to love about an IT company that aims to keep you steps ahead of the game when it comes to your cyber security? This week, we help you focus on what you are doing (or not doing) with regard to compliance and audits.
Tech Tip #10: It’s important to review and revise your security documents, such as: policies, standards, procedures, and guidelines, on a regular basis.
Remember, if you are not currently implementing any of the above, we suggest you carefully review its applicability to your organization and implement or improve controls to decrease potential risk. Again, every business is different, and the above items are all scalable to the size and number of employees that you have in your business.
- Audit your processes and procedures for compliance with established policies and standards.
- Be sure to test your disaster plans on a regular basis.
- Implement a regular, Management review of lists for all the individuals who have physical access to sensitive information, secure facilities or that have electronic access to information systems.
User-error accounts for the majority of threats that businesses face when it comes to data and network compromise. Are you doing enough to make sure that your employees and fellow staffers are educated in proper protocols for working on your network and protecting the company’s data? Here are a few points to consider.
Tech Tip #9: Be sure to provide information about computer security to your entire staff.
If you’re currently not implementing any of these tips, it is time to give us a call and talk about what kind of training your employees could use and we’ll be happy to help!
- Implement security training on a regular, recurring basis.
- Make sure all employees are taught to be alert to possible security breaches.
- Put a mandatory rule in place for all employees to maintain secure passwords.
- Each of your employees should be able to identify and protect classified data, including paper documents, removable media, and electronic documents.
- Create an awareness and education plan to teach proper methods for managing credit card data (PCI standards) and personal, private information (social security numbers, names, addresses, phone numbers, etc.).
When it comes to your business and its sensitive data, security is key. It’s up to you to ensure its safety and it’s imperative to have a plan of action in place BEFORE disaster strikes. If you don’t have a ‘plan B’ set up and ready to go, we highly recommend you take action now to create one.
Tech Tip #8: Create and implement a business continuity plan and have an emergency/incident management communications plan in place.
1. Implement a process for creating retrievable back-up and archival copies of critical information.2. In the event of a disaster or other security incident, have a procedure for notifying authorities.
• Identify who should be contacted in the case of a security disaster.
• Include all contact information.
• Sort and identify all contact information by incident type.
• Make sure your procedure identifies who should make the contacts.
• Identify who will speak to the press/public in the case of an emergency or an incident.
Make sure your communications plan covers internal communications with your employees and their families, and ensure that all emergency procedures can be appropriately implemented, as needed, by those responsible.
Again, if any of the above points refer to you and your company, and you’re not currently implementing them, it is time to reconsider what you are doing to keep yourself and your company prepared to face any type of disaster that impacts your business.
Computer equipment and IT is constantly changing. It seems that once we update our systems, new technology is introduced, making our ‘new’ systems seem like ‘yesterday’s news’. With all the constant upgrading we do, we must give careful thought to the proper and safe disposal of our old equipment in order to keep our sensitive data protected.
Tech Tip #7: When disposing old computer equipment, be sure to protect against loss of data by implementing proper disposal procedures (i.e. by erasing old disks and hard drives).
Make sure your disposal procedures identify appropriate technologies and methods for making hardware and electronic media unusable and inaccessible (such as shredding CDs and DVDs, electronically wiping drives, burning tapes) etc.).
Next week we’ll be focusing on tips to make you consider how well you are prepared for Disaster Recovery.
Let’s talk about Cyber Security Controls
This year we are kicking off our tech tip series with weekly pointers designed to get you to think about different aspects of your current security such as:
Account and Password Management
Confidentiality of Sensitive Data
Security Awareness and Education
Compliance and AuditTech Tip #6: When it comes to information security, how you save, retrieve and even dispose of sensitive data is extremely important. Consider the following tips to help keep your information safe and private:
• Create a process for retrieving back-up and archival copies of critical information.
• Implement procedures for the disposal of waste material.
• Be sure waste paper is binned and shredded, and that your shred bin remains locked at all times.
Continuing along the lines of maintaining and managing the Confidentiality of Sensitive Data, this week we bring more tips for you to consider putting into place, if you haven't already!
Tech Tip #5: Implement a policy which will identify the retention of information (both hard and soft copies).
- Put procedures in place to deal with credit card information.
- Implement procedures which will cover the management of personal, private information.
This week, our tech tips are meant to help you begin to carefully consider how confidential you are keeping the sensitive data that is under your company’s control.
Tech Tip #4: Consider the following and take note of any that you are not currently implementing. Use these areas as the starting point for tightening up on your information security protocols or call us and we’ll help show you the way!
1. Classify your data! Identify sensitive versus non-sensitive data.
2. Exercise responsibilities which will help protect sensitive data under your control.
3. Be sure that the most valuable or sensitive data is encrypted.
Tech Tip #3: Put policies and standards in place to cover electronic authentication, authorization, and access control of personnel and resources to your information systems, applications and data.
Ensure that only authorized personnel have access to your company’s computers.
Require, and enforce appropriate passwords for all authorized users/employees.
Be sure that all your passwords are secure and not easy to guess. That they are regularly changed, and do not allow use of temporary or default passwords.
Make sure all your computers are set up so that others cannot view your staff when entering their passwords.
Remember, if you not currently implementing any of the above points, it may be time to revisit this and speak to your local IT company to help create a stronger account and password management policy for your organization. Again, these items are all scalable based on the size of your company and the number of employees.
Tech Tip #2: This week we focus on considering your existing Cyber Security Controls for Physical Security and access.
1. Implement policies and procedures that address allowing authorized physical access, and limiting unauthorized physical access, to electronic information systems and the facilities in which they are housed.
2. Put policies and procedures into effect that specify the methods used to control physical access to your secure areas, such as door locks, access control systems, security officers, or video monitoring.
3. Make sure that access to your computing area is controlled (ie: single point, reception or security desk, sign-in/sign-out log, temporary/visitor badges).
4. All visitors should be escorted into and out of controlled areas by authorized personnel.
5. Be sure that all your PCs are inaccessible to unauthorized users (e.g. located away from public areas).
6. Ensure that your computing area and equipment is physically secured.
7. Implement procedures that will prevent computers from being left in a logged-on state, no matter how briefly.
8. Set all computer screens to automatically lock after being idle for more than 10 minutes.
9. Make sure all modems are set to Auto-Answer OFF, so as not to accept incoming calls.
10. Implement procedures for protecting data during equipment repairs.
11. Make sure you have policies covering laptop security (e.g. cable lock or secure storage).
12. Have a current emergency evacuation plan in place.
13. Put a plan in action to identify areas and facilities that need to be sealed off immediately in case of an emergency.
14. Make sure all key personnel are aware of which areas and facilities need to be sealed off, and how.
Next, we will be raising some key points for you to consider about the Account and Password Management policies and standards you have set for your company. As you consider these tips, take note of any that you are not currently implementing. We encourage you to carefully review its applicability to your organization.
Remember, improving controls and implementing tighter security protocols can significantly decrease the potential exposure you face for falling victim to cyber threats and other vulnerabilities.
Tech Tip #1: This week, we start our analysis with a look at your Personnel Security.
Ask yourself the following questions when thinking about the security measures your company has in place, and keep in mind that these items are scalable to each individual company’s needs based on its size and number of employees:
1. Does your company require all staff to wear ID badges?
When it comes to Personnel Security, a good rule of thumb is to make ID badges mandatory.
Additionally, all ID badges should include a current photo of the employee.
2. Are there various levels and types of authorized access involved when it comes to your personnel (i.e.: employee, contractor, visitor)?
If your company has more than one level of authorized access, each level of authorization should be clearly identified on all ID badges.
3. Is there a security check for the credentials of all external contractors?
For the safety and security of your business, this should be a mandatory procedure. Be sure to check the credentials of anyone you are contracting to do business with.
4. Does your company have a background-check policy for all employees and contractors?
If your answer currently is ‘no’, it’s time to re-think that! Nowadays it’s crucial to know who you’re doing business with. Consider implementing a background-check policy for your business today.
5. When an employee or contractor’s employment is terminated, do you have a process in place to effectively cut off access to facilities and information systems?
The best answer to this question is ‘yes’. If your company does not have this type of procedure in place, now is the time to implement one!
As you review the above, take note of any answers that might reflect a “no” in regard to your company’s current situation. We strongly encourage you to carefully review its applicability to your organization! Improving controls and implementing tighter security protocols can significantly decrease the potential exposure you face for falling victim to cyber threats and other vulnerabilities.
The Holiday shopping season is upon us, and while many people ventured out to the stores on Black Friday to begin their shopping madness, many chose to stay home (or at the office) and ‘click’ the shopping season off on Cyber Monday - the official beginning of the online shopping season.
Today’s society seems to prefer to shop comfortably, and conveniently, from the warmth of their homes, the comfort of their couches, using laptops, tablets and cell phones. Some will shop from the train on their way to work. Others will shop from their offices, using the company’s high-speed connections.
No matter where you’re doing your online shopping, it’s imperative to take precautions. Otherwise what should be a happy season of celebration could end up with the Grinch who steals more than Christmas! Let’s kick off the holiday season with these safe online shopping tips:
Tech Tip #52: Oh, the weather outside is frightful – make online shopping at home delightful!
There’s no place like home, where you have a secure network connection! Be sure your network is safe and secure, and that you have a robust firewall in place. Especially when you’re transmitting vital personal information such as passwords and credit card numbers. If you’re using public Wi-Fi, it’s wise to refrain from making a purchase, but rather ‘window shop’ until you can have access to a secure connection. This doesn’t just apply during the holidays, but every day of the year.
The most important thing to remember whether shopping online or out in the public stores, is to use caution. If you are shopping on mobile devices, a great way to protect your device and data is to have mobile anti-virus software installed. If you want to find out more, contact us today.
Tech Tip #51: Shop ‘APPily’, and safely online
When shopping online via an app, be sure the app is downloaded from a secure and trusted source. Apps, when downloaded, will ask for ‘permissions.’ Read through the fine print to see what exactly the app is asking permission for, such as, is it asking for your list of contacts? That’s a red flag! Also, it’s wise to read through the comment section for feedback from other online shoppers who have shopped that specific site. Be sure to look for sites that have high ratings.
Tech Tip #50: Keep your devices safe in locked mode
The majority of people unknowingly leave their devices unlocked. By not locking your device, you’re opening the door of opportunity to thieves who might be able to ‘see’ (and steal) your personal information. By simply placing your device(s) in locked mode, using a password or code, you’ll keep your information safe and secure from prying eyes.
Tech Tip #49: Careful what you click on!
With all the emails you’ll receive this holiday season offering deals that seem too good to pass up, don’t let your excitement make you ‘click-happy’. It could be a phishing scam! Instead of clicking on the link in the email, type the full name of the website that is offering the ‘deal’ into your browser. Be sure you see the ‘https://” rather than ‘http://’ (without the ‘s’). If you see the ‘s’, that’s a sign that the site is ‘s’afe.
Plastic. It’s the way to pay in today’s society. With just a swipe of a card, or an input of numbers online, you can purchase anything - without ever touching a single dollar. But there’s a risk that goes along with every purchase. It’s called Credit Card (or debit card) Fraud, and unfortunately, it’s becoming more common. This month, we’ll share some tips with you on how to recognize and protect yourself from credit / debit card fraud.
Tech Tip #48: Keep your money safe and be careful where you use your debit card!
Using a debit card can be riskier than using cash, but if you absolutely HAVE to use one, it’s a good idea to set up several bank accounts to protect your money. Keep a minimal amount of funds in the account that is linked to your debit card and keep the majority of funds in a separate account. This way, if your debit card is compromised, the thieves won’t have access to ALL your funds.
Where you use your card can be dangerous. Especially at the gas pump! Gas stations typically put a hold on your account for up to four days. This can cause insufficient funds resulting in bounced checks. Then there’s online purchases. You’re better protected when you use a credit card. If you use a debit card and you don’t get your merchandise, you have little to no chance of getting your money back. If you use your debit card at the supermarket, ATM machines, and again, gas stations… watch out for skimmers! These sneaky devices copy and steal your card number and security PIN number, leaving the thieves with complete access to your account.
The bottom line is this: BE AWARE! Check your account statements every month and check your debit accounts daily! You owe it to yourself to keep your money where it belongs…in YOUR account.
Tech Tip #47: Understanding your rights if you are faced with credit/debit card fraud.
Once fraudulent activity is discovered, you should immediately notify your card issuer or bank and close the account. It should only take a few days to clear up the issue if any unauthorized charges are found, and those charges are usually reversed. Most credit card companies have strict internal fraud prevention standards in place and will not hold you liable for the charges made to your account.
Most of the time, fraudulent activity is investigated by the credit card provider or issuing bank when the amount is less than $2,000. For cases above $2,000, the local police will usually get involved…and in larger cases, the Federal Trade Commission may get involved.
By following safe credit and debit card practices, you can be sure to do everything you can to stay protected.
Tech Tip #46: Avoid debit cards. Use credit instead!
While debit cards appeal to card holders as a way of controlling spending, it’s the most dangerous way to make purchases. Yes, using a debit card will limit the amount you spend based on the amount of funds in your account, however, if thieves get a hold of your debit card or number, they’ll have access your entire bank account. When using a credit card, you suffer no immediate financial despair, and your money remains in your bank account until you pay your bill.
The plus side of using credit cards vs. debit cards is that credit card companies have protection plans in place that will offer immediate protection, whereas debit cards/banks can take several weeks to resolve the issue and there’s no guarantee that you’ll get your money back. Look out for next week’s tip where we’ll take a look at your rights when faced with fraud.
Tech Tip #45: Practice credit and debit card safety.
The best way to prevent credit/debit card fraud is to use your cards responsibly. By following these general credit card safety practices, you can protect yourself from becoming a victim of fraud:
- Keep all your cards in a safe place.
- Check your account statements and credit reports each month.
- Avoid auto-pay! This will ensure that you will look at your statements each month!
- Reduce the number of cards you have. The less accounts you have, the easier it will be to monitor your account.
- Sign all new cards as soon as you receive them….and use permanent ink! This will make it difficult for a thief to erase or sign over your signature if your card becomes lost or stolen.
- Avoid carrying your cards and cash together in the same wallet. By carrying two wallets, if one gets lost or stolen, you will still have the other.
- Report suspicious activity immediately.
- Don’t lend your card to anyone for any reason.
Tech Tip #44: Understanding what credit / debit card fraud is.
What exactly is credit / debit card fraud? Simply put, it’s the illegal and unauthorized use of your credit or debit card. When someone other than yourself gets a hold of your information and uses it to purchase goods without paying for them, or to withdraw funds from your account. It’s a type of theft which can lead to a larger scale of fraud if it goes unnoticed, such as identity theft.
The last thing you want (or need) to deal with is being the victim of credit card or debit card fraud. Awareness is key and knowledge is power, and with the holiday shopping season just around the corner, you'll need to be extra careful.
October is National Cyber Security Awareness Month, and we’d like to remind you that WHAT YOU CAN’T SEE, CAN HURT YOU.
It creeps its way into your system, takes control of your files, locks them up and holds them hostage…and if you want to get them all back, it demands ransom. ‘It’ is Ransomware, and its pretty scary stuff! This month, we’ll provide you with important tips that can help keep your network and data safe.
With Ransomware continually on the rise and running rampant in today’s cyber society, it’s critical for business owners to take serious action and implement preventative measures in an effort to avoid falling victim to an attack.
Ransomware can infiltrate your system by several methods. It can infiltrate a system via emails, using links or documents that appear legitimate; tricking the recipient to click on the link, opening the door to malicious codes that will lock your system up and encrypt your files.
So how can you prevent this from happening? Here’s this week’s tip:Tech Tip #43: Don’t pay that ransom!
When it comes to ransomware, we strongly advise that you do not pay the 'ransom' – remember you are dealing with cyber criminals, and there is no system of checks and balances. So even if they “say” they’ll give you the key to your data if you pay, it doesn’t mean they actually will. Besides, cyber criminals “talk” and paying the ransom once, makes you a likely candidate to pay it again (assuming you haven’t learned a valuable lesson the first time).
Again, the best thing to do if you get hit with Ransomware, or cryptolocker, is to leave your “bit-coin” in your pocket, take your computer off line, turn it off, and call your IT professional as soon as possible.
Tech Tip #42: Back up your data
It is critical to back up all your data on a daily basis, and do not overlook the importance of having a strong disaster recovery plan in place. Additionally, all the information on employee’s devices should be backed up daily as well (full system image backups can be performed on a routine basis, once or twice a month is typically adequate). Multiple copies of your data, documents, pictures, etc., can be saved to a secure, offsite location, or on a back-up drive or cloud storage such as One Drive, Drop Box, etc.
When plugging in external hard drives, or a USB, be sure to scan it for viruses (be wary of using “thimb” drives received from vendors or salespeople, they too can be compromised).
Tech Tip #41: Have an up-to-date Anti-virus software installed
Cyber criminals have become more sophisticated, and Ransomware exposes the vulnerabilities with today’s data security. Where there’s a will, there’s a way, and if someone wants to get in, they’re going to get in.
The key to securing and protecting your system is by using a multi-layered approach. A bare minimum would include installing a firewall and Anti-virus software. Make sure all Anti-virus software subscriptions are renewed BEFORE they expire. Be sure to install a good firewall, not simply a router. Activating the integrated Windows Firewall & Windows Defender is a good place to start, however a Security Subscriptions from a proven provider is always preferable. AVG, SOPHOS, WebRoot, Avast, Trend Micro and Panda are just a few of the providers that we recommend considering.
Keeping all software, operating systems and applications up to date is a good idea, however at times that can be problematic too. The more complex the system, the more susceptible it can be to an incompatibility with an update.
If you’re unsure as to whether or not your have the proper protection in place, give us a call. We’re happy to help.
Tech Tip #40: Educate your employees...and be careful what data they have access to.
Make sure all employees are trained to read all emails carefully and verify their validity before opening any attachments or clicking on any links, especially from unknown sources. If it looks suspicious, delete it, and make all other employees aware just in case they receive the same email.
Limit the amount of important data that your employees have access to. Ransomware is an inside job, meaning that once someone within the company clicks on a link and launches the ‘attack’, the malware takes on that user’s identity and encrypts the data. Keep access to the company’s most vital data limited to only those who need to access it.
Implement a communication strategy which will inform employees if, and when, a virus has infected the company network.
Keeping your network safe is your number one priority. It’s our priority too, and we’re here to help.
September is National Disaster Preparedness Month. Your data is important to your business, and you can’t afford to have your operations halted for days, or worse yet, weeks, due to data loss or corruption.
A disaster can happen at any time, on any day, and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster happen before you have a plan in place to handle it. This month, we’ll share some valuable tips you should implement right away, to make sure your business could be back up and running again in the event of a disaster.
Tech Tip #39 - Image your server.
Having a copy of your data off-site is a good idea, but keep in mind that all of the information has to be RESTORED someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications (like Microsoft Office, your database, accounting software, etc.) even though your data may be readily available. Imaging your server is like making an exact replica. That replica can then be directly copied to another server, saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations, or favorites. To find out more about this type of backup, ask your IT professional.
Maintain Your System. One of the most important ways to avoid disaster is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem.
Finally, test your disaster recovery plan once a year. If you are going to go through the trouble of setting up a plan, then it pays to invest in hiring an IT professional to run a test once a month to make sure your backups are in working order, and your system is secure. After all, the worst time to test your parachute is AFTER you’ve jumped out of the plane.
If you’re not sure if you have a back-up recovery plan, or would like help implementing one, we’re happy to help.
Tech Tip #38 - Automate your backups.
If backing up your data depends on a human being doing something, it’s flawed. The number one cause of data loss is human error (people not properly swapping out tapes, someone not setting the backup to run properly, etc.). ALWAYS automate your backups so they run like clockwork.
Have an off-site backup of your data.
Always, always, always maintain a recent copy of your data off-site, on a different server, or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.
Have remote access and management of your network. Not only will this allow you and your staff to keep working if you can’t physically go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant should be able to access your network remotely in the event of an emergency or for routine maintenance.
Tech Tip #37 - Hire a trusted professional to help you.
Trying to recover your data without professional help after a disaster strikes, is business suicide. One misstep during the recovery process can result in weeks of downtime, or worse yet, losing your data forever. Be sure to work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you CAN restore your network), and experience in data recovery.
Implement a solid communications plan. If something should happen where your employees couldn’t access your office, e-mail, or use the phones, how should they communicate with you? Make sure your plan includes this information, including MULTIPLE methods of communication.
Tech Tip #36 - Have a written plan of action.
As simple as it may sound, just thinking in advance of what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back up fast.
At a minimum, your disaster recovery plan should contain details on what types of disasters could happen (i.e., hurricane, flood, fire, etc.) and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers, and username/password information for various key web sites.
Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that can get you back up and running sooner than later. Here, you may want the ability to virtualize your server, allowing the office to operate off of the virtualized server while the real server is repaired. If you can afford to be down for a couple of days, there are cheaper solutions. Consult with your IT team to find the right solution for your business.
Once your disaster recovery plan is written, print out a copy and store it in a fire-proof safe. Also, keep a copy offsite (at your home) and another copy with your IT consultant.
Tech Tip #35 - To close out the month of August and our focus on Two-Factor Authentication, and because this is such an important subject, this week we are re-posting our latest blog which focuses on 2FA (Two-Factor Authentication) to provide you with more information on this subject.
Here’s the blog, and a refresher on 2FA:
The X-Factor for Cyber Security is Two-Factor Authentication
Gone are the days where a user name and a password were the only thing standing between and you and the site you wanted to log into. Even with clever and complex choices for your passwords, we soon learned that cyber thieves had ways to hack these “password protected” accounts and access personal financial information or confidential business information.
It is clear that the “gate-keeping” to our networks needed a more robust answer. Enter the X-Factor or rather Two-Factor Authentication.
Most of you are already familiar with Two-Factor Authentication (2FA). Take for example people who do on-line banking. When doing this, have you ever tried to access your account from a different computer? You put in your proper login credentials and then you get a message that basically tells you, “Whoa, we are not sure that you are you, so we are going to send an authentication code to your phone to cover our …...” Probably the first time this happened to you, you were a little surprised, or even annoyed, as it adds another few seconds to your usual login routine, but you typically get the code quickly and you can get on with your business within a minute or so.
2FA is an added buffer that gives you an additional layer of security to help to protect you from cyber-thieves looking for your data. It protects your logins such as those for your email, your phone system, your on-line banking and requires a second step whenever you are trying to access your information. This second step is known as, go figure, 2-Step Verification and it requires a username and password AND the entering of an auto-generated security code as part of your routine sign in process. To keep things one step ahead of hackers, the security code that is generated changes every time you access your account.
If you add a 2FA feature, here’s a brief overview for how it works when you try to login:
- You type in your username and password as usual.
- You proceed to the next step, which will ask you for an authentication code.
- You open the authenticator app to get the code
- You type the security code into the website, and you’re in.
August is a hot month and cyber security is a hot topic! For any company that wants to protect the data that it stores, accesses and uses on a day-to-day basis, simple login credentials and passwords are no longer doing “enough”. Enter the age of Two-Factor Authentication (2FA) as an added layer of protection against cyber-thieves. Tech Tip #34 – Why arm your business with 2FA?
It’s clear that Two-Factor Authentication is a must have for savvy business owners that are looking to bolster their cyber security defenses.
But although 2FA isn’t new, it is certainly becoming more and more popular as a secondary measure to ensure your security. Remember that the more access points into your business that you can protect, the greater you are able to reduce the chances of a hacker hacking their way into your accounts.
Requiring multiple components to help confirm a user’s identity goes a long way to protecting your employees and your business. That's why 2FA makes good sense for your business.
Tech Tip #33: How Does 2FA Work?
If you add a 2FA feature, here’s a brief overview for how it works when you try to login.
1. You type in your username and password as usual.
2. You proceed to the next step, which will ask you for an authentication code.
3. You open the authenticator app to get the code.
4. You type the security code into the website, and you’re in.
Not to worry, most browsers will keep you logged in long enough to go through the process, and a few extra seconds on the front end to ensure your security on the back end is time well spent.
Tech Tip #32: So just how does 2FA protect your data?
2FA is a type of multi-factor authentication. It works by confirming a user’s claimed identity during login by running an extra verification check on the user attempting to log in with their username and password. With 2FA, a user will enter their username and password as normal.
But, to prove it’s really the account owner trying to log in, the user will then have to provide the “second factor”, which can be based on something you know, something you have and something you are (bio-metrics). For instance, using a PIN number, a security question answer or a password is something that you would “know”. Having the appropriate bank card details, or being able to confirm through your phone or having a security token would be something you “have”. Finally, something biometric, like a physical fingerprint, or facial recognition, a retina scan or voice activation would be something you uniquely “are”.
Adding any one of these elements can vastly improve the security of your accounts.
Tech Tip #31: So just what is Two-factor Authentication?
Two-factor Authentication (also known as 2FA) allows users to add an extra security layer to their login process. In addition to the initial login where you need to have your user name and password, 2FA requires that an auto-generated code is created and sent to you (typically on your mobile phone) that provides a unique security code which you then enter as part of your login credentials.
This type of multi-factor authentication helps protect valuable or confidential information by preventing unwanted parties from getting access to your accounts.
The National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year. That number is growing rapidly as more businesses utilize cloud computing, mobile devices and store more information online. Tech Tip #30: Keep Your Network Up-To-Date.
New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office. Therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.
If you are not under a managed IT plan or you are unsure if you currently are, contact us today to find out why this alone can be one of the best measures you can take to protect your network, your data, and your business.
Tech Tip #29: Require STRONG passwords and passcodes to lock mobile devices.
Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised.
Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.
Tech Tip #28: Create An Acceptable Use Policy (AUP) – And Enforce It!
An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls.
We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.
Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.
If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised?
Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
Tech Tip #27: Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust). If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.
Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.
Make cyber security an important part of your corporate culture and keep your network and your data safe.
With phishing and spoofing emails on the rise, we want to help keep you safe in the inter'NET' of things. We’ve p:ut together some ‘phishing tips’ that are aimed to help you identify phishing, or spoofing, emails. Tip 26: Always have your guard up and don’t be so trustworthy when it comes to receiving emails.
Never click on attachments! A common phishing tactic is to include malicious attachments that contain viruses and malware that can steal your passwords, spy on you without you knowing it, and ultimately damage files on your computer. Unless you know the sender and you were expecting the attachment. DON’T OPEN IT! It’s a good idea to check with the sender (if you know the sender) to make sure the attachment is legitimate.
Phishers will try to reel you in by spoofing the header in the email address. Not only will they spoof the brand in the ‘from’ section, but they will also spoof it in the display name. Always be observant of the sender’s name!
Absolutely never give out any of your personal information. Legitimate companies such as banks, or the IRS, will never use email to ask for personal credentials – so be sure not to give it to them.
In conclusion, phishers are pros at their game. Be very skeptical when opening your emails. Simply because an email appears to have ‘real’ brand logos and a valid email address, and the language in the body of the email appears convincing, doesn’t mean it’s legitimate. If it looks the slightest bit suspicious, don’t open the email.
Tip 25: Look out for mistakes in grammar and spelling and watch out for threatening language!
Legitimate companies take their emails seriously. After all, their reputation is on the line. Always read through the email carefully, and if you find major spelling errors and/or poor grammar, steer clear of engaging in that email, and report anything suspicious.
Be wary of emails that include threatening or drastic language in the subject line. A common phishing tactic involves invoking a sense of fear, or urgency. If you receive an email which claims your “account has been suspended” or you had an “unauthorized login attempt”, beware! This could be an indication of a potential phishing attack.
Tech Tip #24: The way an email is addressed (and signed) can reel you in - ‘hook, line…and sinker!’
It’s a good idea to get in the habit of analyzing who (and how) an email is addressed. If it’s addressed vaguely to a “Valued Customer,” then your red flag should go up. Legitimate businesses will address their emails by using a personal salutation, including your first and last name.
Next, you should always look at the way the email is signed. Phishing emails generally lack details about the signer. If there’s no company information, and no indication of how you can contact the sender, there’s a good chance you’re being baited! A legitimate business sending a legitimate email will always provide you with their contact details.
Tech Tip #23: Be wary of the sender’s display name
One of the most popular phishing tactics used by cybercriminals is spoofing the display name of an email. Emails that arrive in your inbox using an address such as 'My Bank Account' <email@example.com> should indicate a red flag and shouldn’t be trusted.
These emails appear to be legitimate because the inbox will only show the display name as ‘My Bank Account’. But chances are, 'My Bank Account' doesn't own the secure.com domain. Therefore, never trust the display name and always check the email address in the ‘From’ section of the header. If it looks suspicious, don’t open the email!
Furthermore, if you look the email over, be sure not click on any links! You can hover the mouse over any links attached to the email to see if the address looks suspicious, and if you have the urge to test the link, simply open a new window and type the website address in full. This is much safer than clicking on links embedded in unsolicited emails.
Tech Tip #22: There are no bullet-proof cyber protection plans, and like many things, the best protection is prevention. However, nothing can take away the fact that the quickest key to getting back up and running lies in having a robust back up.
When you do, make sure that you take a multi-prong approach to your back up strategy that ensures that you have three copies of your data in two different places, and that one of those places is completely off-site from the other. This simple 3-2-1 rule will help you get back to business sooner than later in the case of a cyber-attack.
Tech Tip #21: When it comes to ransomware, prevention is the best defense. Make sure you have the following things in place, in addition to a robust back up system.
- use a multi-layered strategy for your IT security that include commercial grade firewalls and anti-virus
- spend time and money on user-training – most attacks are because of employer error, so teach your team how to spot bogus emails and teach them best practices for surfing the net and engaging in on-line correspondence
- make sure that your security software is updated regularly with all available patches, this will proactively help you keep new cyber threats at bay.
- use a multi-layered strategy for your IT security that include commercial grade firewalls and anti-virus
- spend time and money on user-training – most attacks are because of employer error, so teach your team how to spot bogus emails and teach them best practices for surfing the net and engaging in on-line correspondence
- make sure that your security software is updated regularly with all available patches, this will proactively help you keep new cyber threats at bay.
Tech Tip #20: Being the strong, silent type when you get hit with Ransomware is not really the best thing to do.
First, you are going to want to make sure you get all users that have reported being attacked, or that have been affected by the attack, off the network.
Once you have a handle on the cause of the infection (perhaps identified the phishing scheme or bogus email with malicious link), share an alert with other users to let them know what they need to watch out for. If there is anyone else outside of your company that needs to know about the attack, advise them as soon as possible. It's better to be pro-active than to find out you’ve been the doorway for someone else’s cyber-attack.
Tip #19: When it comes to ransomware, we urge you...Make No Pay Day for 'MayDay'! – remember you are dealing with cyber criminals, and there is no system of checks and balances. So even if they “say” they’ll give you the key to your data if you pay, it doesn’t mean they actually will. Besides, cyber criminals “talk” and paying the ransom once, makes you a likely candidate to pay it again (assuming that you haven’t learned a valuable lesson the first time).
Again, the best thing to do if you get hit with ransomware, or cryptolocker, is to leave your “bit-coin” in your pocket, take your computer off line, turn it off, and call your IT professional as soon as possible.
Tip #18: If you get hit with ransomware, you may not know it at first. Sometimes, the cyber creep that is hacking you, will work behind the scenes to encrypt a good deal of your data before letting you know that you’ve been attacked. Other times, they will not wait long at all, so in these cases you should be able to retrace your steps to figure out what triggered the attack. Either way, some questions to ask the ransomware “victim” are:
- Did you open a document that might have seemed odd, or different in some way?
- Did you click on and open any links or attachments in an email?
- Did you visit any websites that you typically don’t go to?
Once you realize something is wrong, the most important thing to do after an attack is to isolate the infected computer(s) as soon as you can. Taking the computer(s) offline by disconnecting them from the network will enable you to learn more about the attack and where you need to begin to fix the issue.
Remember to contact your IT professional. They can help you identify the encrypted files, and investigate how far the infection has spread. Getting help quickly is key, so act fast!
Tip # 17: If you really want the highest level of security, some secure messaging apps offer a self-destruct functionality. This function automatically deletes messages after they’ve been read. Depending upon the level of security you need, this might be an option for you.
It is important to note that no messaging application is completely foolproof, but savvy business users that are concerned about the privacy of their emails can certainly look into additional measures to limit any exposure. As we close out this month, remember that the internet is the gateway of communication for your company but it also opens your front door to hackers and cyber criminals to rob you of your data and compromise your business.
Let us know if you would like help finding a secure messaging application that can work for you and your team. We’re always here to help!
Tip # 16: When it comes to sensitive data, many of our clients (particularly accountants) are finding an added level of security by using a “Secure Messaging” platform. This helps tremendously in keeping sensitive e-mail communications protected when exchanging private info with clients and your internal teams.
Secure messaging encrypts your messages before they leave your device. Even if a message is intercepted, the encrypted messages cannot be read by anyone other than the intended recipient. Want the ultimate confidence that your data will not be compromised? Consider adding a secure messaging application today.
If you need a hand, we’re here to help.
This month we continue our focus and tech tips on updating network security.
Tip # 15: Each week, news stories remind us of the constant threats that exist. In business, our exposure is just too great to rely on a simple router that can be purchased at Best Buy or Staples.
As we review our client’s system performance we have seen a noticeable difference between our customers in terms of Internet threats and intrusions that have a firewall and those that have a router.
When it comes to potential cyber threats, clients that use commercial grade firewalls fare much better than customers who rely on a router.
If you are ready to upgrade your router to make sure that it is doing all it can to protect you, we can help.
Tip #14: Let’s face it, there is no rest for the weary when it comes to tax season, particularly for businesses and the accountants that prepare their taxes. The information you share with your accountant is just about as confidential as it gets, so April it is the perfect time to focus our tech tips on the value of updating network security.
If you own your own business or particularly if you own your own accounting practice, you must protect your assets and data as well as the personal and financial information of your clients.
Off the shelf routers from box stores are simply not robust enough to truly guard you against the proliferation of internet threats and intrusions. Upgrading your router to a commercial grade firewall provides vastly superior protection for today’s network and is an easy, cost effective way to safeguard your company while potentially saving you thousands of dollars in costs associated with data loss and downtime.
Tip #13: World Backup Day is March 31st – are you ready?
Here we share 7 more tech tips for winning backup strategies.
- You’ll want to make sure you have a solid baseline for subsequent backups, so make sure that your first backup is robust.
- When you run your backup you will want to make sure that all files and folders (and partitions if you are doing an image backup) are included. Make sure to include things like your calendar, your address book and the all important e-mail. When trying to see where these things are stored on your system, you will want to open the application and look for the option for “file-storage settings” to find out.
- If you really and truly want your data to stay private, consider using password-protection and encryption.
- You can always save some space by compressing the backup.
- Always make sure that the data has been copied correctly, so use the application’s “verify” function to do this.
- Rather than run the backup twice, create a second copy of the backup so you have two (in case one gets damaged. Remember in the future, you can save space and time by doing differential or incremental backups (this only backs up the data that has been changed since the last baseline backup).
- Lastly, never overwrite your original baseline backup, but feel free to overwrite any of the differential or incremental backups as you continue to create data.
Tip # 12: Here are some startling stats you should know:
- Only 25% of users frequently back up their files, yet 85% of those same users say they are very concerned about losing important digital data.
- More than 22% said backing up their PC’s was on their “To Do” list but they seldom do it.
- 30% of companies report that they still do not have a disaster recovery program in place, and 2 out of 3 feel their data backup and disaster recovery plans have significant vulnerabilities.
- 1 in 25 notebooks are stolen, broken or destroyed each year.
- Today’s hard drives store 500 times the data stored on the drives of a decade ago. This increased capacity amplifies the impact of data loss, making mechanical precision more critical.
Tech Tip #11: In the words of William R. Stanek, “Because data is the heart of enterprise, it’s crucial for you to protect it”.
We continue to concentrate on the importance of back up! Here we share the key causes for data loss.
o 78% Hardware or system malfunction
o 11% Human error
o 7% Software corruption or program malfunction
o 2% Computer viruses
o 1% Natural disasters
Simple anti-virus programs are not enough to keep you safe. The biggest issues are addressed by keeping your hardware and systems updated and by providing on-going user training. Both of these can help you greatly reduce the chances of data loss. A reliable IT provider should be able to provide this for you…we certainly do!
Tip #10: To avoid a major IT security blow, make sure to ask your IT company to provide you with a professional management and monitoring plan so that you are never scrambling to salvage your data if disaster strikes.
Here are some of the things that a professional management and monitoring plan can do for you and your data.
Proactively manage, maintain and monitor:
Your IT company should use monitoring software, 24x7/365, sending them an alert for system events that require attention. The benefits of having management and monitoring include:
- All server event logs
- Proper AV updates and activity
- Backup status: On-site & Remote
- Firewall activity
- Hacking and Spam Attempts
- Application services
- Other web-based support and reports
1) improved productivity (your systems will be consistently updated and working at optimal levels).
2) greater reliability (small issues can be identified and dealt with early on before they create larger issues).
3) significant cost savings (pro-active support is always less expensive and more consistently delivered than reactive).
Tech Tip #9: To Celebrate World Back Up Day (March 31st), we’re dedicating the entire month of March to data backup awareness. Each week we’ll provide you with valuable statistics, tips and information regarding the importance of backing up your data.
First, we want to share some startling facts.
Did you know that:
· Only 34% of companies test their backups and of those who do, 77% have found failures.
· 60% of companies that lose their data will go out of business within 6 months of the disaster.
· Over ½ of critical corporate data resides on unprotected PC desktops and laptops.
· The average failure of disk and tape drives is 100% - all drivers eventually fail.
Don’t allow your business to fall into one of these scary statistics. If you’re wondering if you’re doing enough to protect your data, you probably can use some support. Let us know how we can help!
Tech Tip #8: As no single or group of technologies can be 100% effective in protecting your network and your data, it is important that YOU also take an active role in your own cyber security. Safe computing practices and on-going staff training (on what to look for and what to look out for) are critical in minimizing your exposure to cyber threats. In the meantime, you will also want to:
Make sure that your IT service provider offers remote monitoring and has recommended this type of service to you.
Make sure you have asked your IT service provider to monitor your system off-site and as well as having an on-site backup.
Make sure that your IT service provider backs up your network BEFORE performing any upgrades or other types of projects.
Make sure that your IT service provider is based locally. The last thing you need is to have to deal with an outsourced tech-help hotline that is based in a foreign country!
Look for techs that maintain current vendor certifications, and that arrive on time and are dressed professionally. They should be courteous and never tell you that your problem is ‘not theirs to fix’.
Ultimately, your IT company should be committed to your satisfaction and take pride in making sure that you know that your technology is in great hands.
Tech Tip #7: It's week #3 of our 'What to look for in your IT provider' series. Your IT company should:Provide You With One Stop Shopping.
Your IT provider should have the experience, partners and resources to know exactly who to call when you are having a complex technical issue. So whether you have a problem with software, the network, your internet provider, your mobile devices, the printer, the copier, or your phone or security system, one call to your IT provider does it all.
Make Sure You’ll Be Ready.
When your technology runs smoothly and efficiently, so can your business. Make sure that your IT provider is offering you both routine and proactive service maintenance options that will enable them to handle any blip on your technology radar, ensure business continuity, data retention and quick response to disaster recovery.
Keep You in the Know.
Your service provider should be constantly educating and informing you about best practices or new cyber threats through blogs, newsletters and important updates on sneaky viruses, computer scams, and manufacturer support changes that can impact your business so you are always prepared and up to speed.
Tip # 6. It’s week two of our 'What to look for in your IT provider' series. Make sure that they provide the following:
Detailed Attention and Responsive Service. Your business doesn’t wait for you to catch up, so you shouldn’t have to wait for service. Make sure your IT company offers remote support services so that they can address your issues in real time and get you back up and running. Tech Answers in Plain English. Make sure that your provider speaks in another language than “Geek Speak” and can provide you with answers to your technical questions quickly, comprehensively and in a language that you understand.Budgeting and Forecast Accuracy. Your IT provider should be able to provide you with budget forecasts for your technical expenditures to help you plan for growth and to be prepared for upgrades, reliable maintenance, service and change.
Tip #5. Does your IT service provider insist on remotely monitoring your network 24/7/365?
Are they able to provide you with periodic reports showing all the updates, security patches and status of your network so you know for SURE your systems have been secured and updated?
Do they have back-up technicians on staff to help in case your ‘regular guy’ gets sick or goes on vacation?
Can they provide written documentation detailing what licenses you own, your user information, and all critical information? Your service provider shouldn’t be the only one with the ‘keys to your castle’!
Tip #4.Too many passwords to remember? There are password managers you can use that will enable you to manage the plethora of passwords you use. Do some research and find the one that works best for you.
Tip #3.Never use the same password twice, and don’t use the same password on shopping sites that you do for your banking or other sensitive sites.
...and remember, the FDIC does not insure losses resulting from debit card fraud…make a point today to change your debit card and never use it on line!
Tip 2. When creating a new password, get creative! Passwords need character! For instance, the number 1 can be used in place of an L. The @ symbol can be used for the letter a, you can use an ! instead of an l, 3 for an E, 5 for S, 4 for H…you get the idea!
Consider creating a phrase or use a word that has meaning to you but cannot be easily guessed.
So for example if your password is: baseballs123, make it B@53ba!!s!23 instead or you may want to use a phrase like I like golfing….1Likeg0lfing
Tip 1.For a strong password, use no less than 12 characters (16-20 would be optimal).
Include a combination of at least 1 uppercase letter, numbers and special characters, and remember to NEVER share your password!