Author: Casserly Consulting

Categories
Security

The “S” in HTTPS is More Important Than You May Think

b2ap3_thumbnail_secure_web_browsing_400.jpg It would be an understatement to say that security, particularly encryption, is important while browsing the web. Though it was only recently that encryption became a major pain point for government regulation, encryption has been around for a very long time. The average user can get a taste of online encryption through the average website security certificate.

Hypertext Transfer Protocol, with an S on the end for “security,” is designed to protect a website visitor’s privacy by encrypting information sent from the website to a receiving server. Ordinarily, the connection wouldn’t be private, so data can be accessed while it’s in transit. This is why HTTPS is commonly used on pages that require sensitive credentials, like passwords, usernames, credit card numbers, Social Security numbers, and so on. For example, banking institutions and other accounts that are linked to financial credentials (like any payment pages on websites) need to be using a security certificate to guarantee the user’s security.

One good way of describing online encryption is like a pipe. A normal HTTP connection is like a transparent pipe that you can see through. Hackers can collect data while it’s in transit because the pipe is see-through. Now, imagine the same pipe, only with an opaque hue to it. You can still see the insides, but they’re hidden and jumbled to the point where you can’t get a clear image. This is what it’s like for hackers to see encrypted data; they may have stolen it, but it’s locked down and indecipherable, making it essentially worthless.

The main thing that the average business owner must understand about HTTPS and online encryption is that you need to drill best practices of handling data into your employees as early and as often as possible. Before entering sensitive information into any website, be sure to look for the following abnormalities:

  • A lack of a security certificate: Before you enter any information into a website, make sure that it’s protected by a security certificate. You can verify that a website is secure by clicking on the green padlock icon next to the URL’s name in the address bar. It’s important to keep in mind that, while SSL and TLS might largely seem like the same thing, SSL is an antiquated security protocol that, thanks to vulnerabilities like POODLE (a man-in-the-middle exploit), could be dangerous.
  • Suspicious URLs or domain names: Sometimes hackers will create a site that looks exactly like a banking institution’s website, and use it to steal credentials. They will use sneaky tactics to make you think that what you’re looking at is the real deal, but look for out-of-place letters, numbers, or symbols in the domain before thinking you’re in the clear. Basically, the site that you’re on should be the institution’s official site. If something looks out of the ordinary, contact the organization through the information that you have on file.

For more great tips and tricks on how to stay safe online, be sure to contact COMPANYNAME at PHONENUMBER.

Categories
Technology

Tip of the Week: 4 Accessories Every Smartphone Needs

b2ap3_thumbnail_smartphone_accessories_400.jpg Smartphones are very convenient technologies, but with a couple of improvements to your device repertoire, you can drastically improve both your user experience and the value of your device. Here are four smartphone accessories that can enhance the way you use your mobile device.

Portable Battery Pack
Sometimes, no matter how much you charge your battery, you might find yourself falling short of the juice required to work while on the go. You aren’t always going to have access to an outlet, and even a quick charge may not be enough to get the job done. In instances like this, a portable battery pack is a huge help. There are battery packs available that are compatible with modern USB technology, so all you have to do is plug in your phone to charge your device. For starters, you can check out this one made by Anker.

A Long USB Cord
Your typical smartphone charging cable is generally only a few feet long, which means it’s easy to come up short when you need a charge. If you regularly find yourself needing the extra length, you can try out this huge USB cord by Anker. It makes a perfect partner for the portable battery pack we brought up. Plus, this cord is built out of some pretty hefty material, which means that you won’t have to worry about your pet chewing it, or severing it unexpectedly when moving a heavy piece of furniture around. With reinforced stress points, the cord can be bent and wrapped up for quite a bit, making it a long-lasting solution to your USB cord woes.

Bluetooth Headset
How often do you find yourself sick and tired of holding a phone to your face while trying to get work done? In cases like this (particularly long meetings with no end in sight), a Bluetooth headset for your smartphone can come in real handy. All you have to do is tether the device to your smartphone, pop it in your ear, and voila–you have a hands-free way of talking on the phone while getting to your work.

Other Bluetooth Technology
Basically, anything that uses Bluetooth technology is great for your smartphone, as it allows you to wirelessly tether devices to it. For example, you could use a wireless keyboard when you need to write a document or email. If you want to listen to music, you could hook up a pair of Bluetooth headphones so as not to bother others who might be in the vicinity.

What are some other great accessories that you can use for your mobile device while out and about? Be sure to let us know in the comments, and subscribe to our blog for more great tips and tricks.

Categories
Security

Let the 80/20 Rule Be Your Guide for IT Security

b2ap3_thumbnail_eighty_twenty_rule_for_it_400.jpg IT security is something that businesses of all shapes, sizes, and varieties have to be concerned about. You’ll be faced with the question of whether you have adequate security practices on a daily basis. For help with understanding why the smallest vulnerabilities often result in the most data loss, look no further than the 80/20 rule.

This rule, often called the Pareto Principle , is defined as such by Investopedia: “[the Pareto Principle] specifies an unequal relationship between inputs and outputs. The principle states that 20 percent of the invested input is responsible for 80 percent of the results obtained. Put another way, 80 percent of consequences stem from 20 percent of the causes.”

In other words, the Pareto Principle is a strategy that attempts to explain how you should delegate your organization’s security resources in order to maximize the security you get. In this case, you are using your assets to protect your network from online threats. However, you might realize that even if you search and search for network vulnerabilities, you won’t find all of them. There are simply too many threats out there to identify. Instead, you use the Pareto Principle to identify where you can do the most good for your organization’s network security.

This principle can also work in reverse; only 20 percent of the vulnerabilities on the Internet lead to 80 percent of the data loss. When you think about it, this makes sense. How often do you hear about major data breaches in which multiple vulnerabilities were exploited? Instead, it’s usually just one major hack that led to many compromised accounts.

Yet, the biggest part of effectively using the 80/20 rule is determining what your priorities should be, and which threats are the most dangerous. After all, if everything is a priority, then nothing can get done. This results in all-around subpar security that leaves large threats unchecked.

A penetration test can help COMPANYNAME  to find where your organization’s most important security flaws lie. We can locate and resolve your most critical security flaws through a process called Remote Monitoring and Management (RMM), which allows us to connect to your office’s technology solutions and issue the required patches and security updates without an on-site visit. In fact, most situations will only call for remote access, so you can save both time and money with an RMM tool.

In fact, there’s one solution that is capable of protecting the majority of your network without much effort at all. It’s called a Unified Threat Management solution, and it includes all of the major components of network security in one convenient package. With an enterprise-level firewall, antivirus, spam blocker, and content filter, you can know with certainty that one solution covers the majority of the challenges presented by network security.

With COMPANYNAME’s managed IT services, you’re creating many opportunities for enhanced network security, improved network performance, and optimized operations. To learn more about how we make technology work for you, reach out to us at PHONENUMBER.

Categories
Security

From Heart Attack to Hack Attack: Hackers Can Now Control Pacemakers

b2ap3_thumbnail_medical_device_hacks_400.jpg Medical technology has allowed for vast improvements in the way that conditions are treated. For example, the pacemaker allows some people with heart conditions to live longer and more comfortably. However, a European research team has concluded that even pacemakers are susceptible to being hacked, with deadly results.

The researchers made a note to describe the dangers of using implantable cardioverter defibrillators, from a hacking standpoint. Many modern pacemakers have the ability to communicate with other devices. While this capability is designed as a benefit to the patient, allowing the devices to be examined without an invasive surgical procedure, it can have dire consequences if hacked. If the patient is away from the doctor’s office within two hours, the pacemaker can still receive signals from other devices, thus making it vulnerable to a cyber attack.

Hackers can send a signal to the pacemaker that keeps the device from returning to “sleep mode,” which is what makes it vulnerable to exploitation. By analyzing the signals sent to the tested devices, researchers could spot various ways that a hacker would use this exploit. The results varied from draining the battery’s life to stealing personal data that may be stored on it. In other words, the hacker can make the patient’s life rather difficult by either turning off the device, or stealing data and using it to steal their identity. Hackers could even activate the pacemaker’s resuscitation shock without need, jolting the heart and making things difficult for the victim.

There are at least 10 different types of lifesaving devices that are vulnerable to this simple exploit. In fact, the hacker doesn’t necessarily need to know anything about the device itself. The reason why these devices are so vulnerable is thanks to the manufacturers not believing that pacemakers are clear targets of cybercriminals. This led them to release the devices without the IT security necessary to prevent these targeted attacks. The lesson learned: “Nobody will consider pacemakers a target,” is no excuse to use lackluster security.

Keep in mind that this study was conducted by researchers, rather than hackers. Still, have you ever considered the fact that your organization could be at serious risk? Some SMBs are under the impression that their small size means that they aren’t a target. However, most hacking incidents aren’t targeted events, and are instead massive campaigns meant to infect anything and anyone who happens to click on the wrong link. Furthermore, all businesses have some data that’s worth stealing, like employee records and financial credentials, and it needs to be protected properly.

If you want to maximize your company’s security, give COMPANYNAME a call at PHONENUMBER.

Categories
Business

Tip of the Week: 4 Ways to Attract and Retain Top Talent

b2ap3_thumbnail_attract_talent_400.jpg The endgame for most businesses is to improve what they do and increase their profitability. While this might mean selling more products, getting more customers or clients, or a myriad of other metrics, the driving force behind your business’s operations–your employees–are crucial toward this goal.

Top talent can be difficult to come by. There are several factors that come into play, especially in a competitive industry. However, employees that go above and beyond are easily worth the struggle that it takes to find them. Therefore, it makes perfect sense to do everything you can in order to make your business attractive to them. Here are four ways that you can make your business a magnet that attracts talented workers.

Offer Benefits
One of the most effective ways to attract new employees is by offering benefits and sign-on bonuses. However, this can lead to you getting more applications than you have time to go through, with many of them possibly not being qualified for the position at all. On the other hand, this makes a particularly impressive employee stand out from the rabble.

In fact, these benefits don’t necessarily have to involve finances. Instead, something as simple as flexible work hours, career advancement, and education may be motivation enough.

Challenge Them
Hard workers appreciate challenges as they provide a valuable outlet for users to test themselves. When you’re looking for new employees, consider implementing some sort of challenge or homework assignment that you can use to gauge whether the prospective employees actually know what they’re doing. This effectively helps you cut down on unqualified applicants, while also allowing you to engage your prospects from the get-go.

Idealize the Workplace
You can hire as much talent as you want, but if you don’t provide your high-demand talent with a great work environment, they may pack their bags and look for a place that does. Be sure that you emphasize to your new onboards what the strengths of your company are, and allow the prospective employees to get a feel for your workplace. Plus, if your current employees have plenty of good to share about the company with the prospect, they’ll be more likely to seal the deal themselves.

Provide the Latest Technology
It’s a known fact that the latest technology can significantly improve the way that you do business, but did you know that it’s also great for attracting new workers? A study of millennial workers found that 42 percent of them will seriously consider leaving a job if the technology used by the company doesn’t meet their high standards. It’s important to keep in mind that they will make up the majority of the workforce as early as 2020.

One of the ways that you see millennials using their technology in the office is through the use of smartphones, which can also put your business at risk. Be sure that you implement a solid BYOD policy and ensure that they adhere to it. COMPANYNAME can provide you with the assistance needed to do so.

Basically, these four tips are meant to help you attract the best talent possible. Plus, if you manage to get some good employees, that means that they aren’t working for your competition, which is always a plus.

Bonus Tip: Outsource the Technology Upkeep and Maintenance
One of the biggest issues that SMBs might have is finding qualified technicians to take care of their office technology solutions. While this is a challenge, it doesn’t necessarily have to be. Outsourcing services like IT is often preferable to hiring new employees and adding new salaries to your budget. Instead, all you have to do is make room for an IT budget, which can save you plenty of capital in the long run, and then be used to onboard talented staff. In fact, we highly recommend outsourcing as much as possible. To get started, reach out to us at PHONENUMBER.

Categories
Business

Is Break-Fix IT Breaking Your Budget?

b2ap3_thumbnail_managed_services_agreement_400.jpg Most modern businesses rely on specific technology solutions to ensure operations can work as intended. This includes servers for data storage, networks for data distribution, and workstations for employee productivity. Of course, you have to wonder if this is wise; after all, what happens when this technology fails?

Break-fix IT used to be the staple for business technology maintenance. Organizations would use their technology solutions until they broke down, and would only utilize IT when it needed to be fixed. At the same time, companies would have to struggle with downtime–any time when technology isn’t working as intended. This can quickly lead to a time sink in which you’re losing out on possible revenue, all while fixing technology issues that could have been prevented in the first place. These big hits to budgets can make operations difficult even after recovering from downtime.

Managed IT services are an option that modern SMBs have in order to bypass the shortcomings of break-fix IT. Instead of only resolving IT issues as they happen, proactive managed IT aims to take preventative measures to keep problems from happening in the first place. This includes most all solutions that are managed and hosted by a third-party provider, with the intention of removing responsibilities from your in-house team. Unlike your in-house team, who may struggle with managing some aspects of your technology, you can rely on a third-party managed service provider to guarantee that your technology gets the attention it needs.

A good comparison would be comparing an automobile to managed IT services. If your car is making weird sounds, like the engine spitting and sputtering, you’ll naturally want to get it checked for major problems. However, due to the cost of vehicle maintenance, you might choose to forego maintenance. After all, your car still runs, so surely the problem can wait a bit. In this case, it’s better to get the problem resolved quickly before a motor problem leaves you stranded on the side of the road, with both a towing fee and the repair costs.

On the other hand, having your own team of mechanics that can repair and maintain your car for a monthly fee is a better investment, as they will perform the tuneups and the maintenance needed to keep your car in good shape. This is what having managed IT services feels like.

Preventative maintenance can help to keep technology solutions from experiencing hardware failure for as long as possible. No technology lasts forever, so the ideal way to minimize the damage done by hardware failure is to plan for it. By implementing preventative solutions like data backup and disaster recovery, you can limit how much damage downtime causes your organization, and you’ll be able to make the transition to new technology much easier.

Does your business use proactive maintenance to mitigate threats to your business? If not, reach out to us at PHONENUMBER.

Categories
Miscellaneous

Hack a Hospital and Get Blacklisted By Other Hackers

b2ap3_thumbnail_ethics_of_hackers_400.jpg Hackers are notorious for committing cybercrimes and exploiting what seems like everybody and anybody. Yet, just as there exists honor among thieves, there’s an unwritten rule within the hacking community: leave hospitals alone.

Of course, if you’re familiar with the activity of hackers, then you’ve perhaps heard of stories of hospitals and healthcare institutions getting hacked. To be sure, any organization handling healthcare records makes for a tempting target to a hacker. These records contain very personal and sensitive information that can be sold for big bucks on the black market (this is one reason why protection laws such as HIPAA are put into place). However, if a hacker chooses to act on this impulse, they do so at the risk of being shunned by their own.

While it’s one thing to stealthily steal files from a hospital server unit, it’s even more of a dastardly deed for a hacker to unleash a ransomware attack on a hospital network. This is due to the fact that attacks like ransomware will disable a computer until a ransom is paid to the hackers. As you can imagine, if a hospital were to have any of its equipment taken offline, then patients in critical condition would be unable to receive the care they need until the system is back online. Potentially, a move like this could result in death.

What could motivate a hacker to attempt a hack where human life is on the line? For the hacker attempting such a hack, it’s perhaps because the crisis it creates makes for a higher chance of a payout. Compared to hacking a business that’s prepared for a ransomware attack and can afford to brush it off and lose a few hours or a few days-worth of data (depending on when the last backup was made), hospitals must act as quickly as possible to get their system back online, which very well could mean paying the hacker.

What’s worse, even if a hospital pays a hacker’s ransom, there’s still no guarantee that they will regain control of their system, which could translate to a significant loss of life. Given the possibility of such a sad situation, it’s easy to see why hackers will blacklist any of their peers known for going after hospitals. After all, where do the hackers go when they get sick? That’s right, the hospital.

To give you a hacker’s perspective on the matter, ZDNet references a forum where hackers discuss, get this, the ethics of hacking. “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong.”

While these words may be somewhat comforting for a hospital administrator to hear, keep in mind that there are some hackers who disregard any form of ethics altogether, so the risk is still there. Also, for the average SMB not associated with healthcare, there’s likely no “hacker’s code” protecting your organization from being targeted. In fact, regarding the typical SMB, hackers can build a pretty solid case on why they should pull the trigger on a hack attack.

Therefore, whether your business is in the crosshairs of hackers or not, every organization needs to be prepared and have a security solution in place that can withstand such attacks. This defense plan must include a way to defend against even ransomware, which means backing up your data with BDR and having a means to restore your backed up copy as quickly as possible so that downtime is at a minimum.

To make sure that your business is prepared for anything that a hacker throws at you, call COMPANYNAME today at PHONENUMBER.

Categories
Business

Tip of the Week: Maximize Workflow By Rethinking Your Office Layout

b2ap3_thumbnail_office_setup_design_400.jpg Of all the potential causes for a deficit within the office environment, the physical office itself isn’t likely to first come to mind. Even so, the value of establishing certain practical design and organization strategies have shown to improve employee morale, collaboration, and productivity. While these solutions may not be for every office, if your company is experiencing hindrances in productivity, these tactics may be beneficial implementations to incorporate within your business.

Keep it Clear
Are the desks in your office cluttered with papers, equipment, and other items that are keeping employees from completing their work? If so, it may be time to distribute more storage solutions to encourage your employees to keep their desk clear and relatively distraction free. Otherwise, you could institute the many solutions available to help your business go paperless. Document management solutions can allow many employees to access, edit, and collaborate on the same document without the expense and mess of multiple paper copies.

If office clutter is caused more by the equipment your employees use, there are a variety of solutions that can assist in reducing the amount of real estate this equipment takes up. Office telephony is clunky and expensive and may easily be replaced by a space- and cost-efficient, hosted VoIP solution. As far as wires are concerned, if not properly managed, they can quickly become a distracting waste of space. Fortunately, there is a trend in manufacturing to assist in managing and concealing wires at the workstation. If data storage, whether it’s incorporated into each employee’s workstation or housed in a large on-premises drive, is creating a space deficit, a cloud solution can reduce the amount of in-house storage needed to maintain operations.

Provide Spaces to Collaborate
If your business needs to keep its lines clear to contact clients, limiting the availability of VoIP communication, or if a face-to-face conversation is simply the more effective option when it comes to collaborating on a project, it is best to have a space dedicated to communal work. This can be as simple as a large table set aside for groups to utilize, or as complex as mobile workstations and adjustable equipment. A highly effective approach to encouraging positive, organized group work is a concept known as a war room.

A war room is simply a dedicated space designed to engage the spatial memory of those using it. By putting a certain piece of information in a certain space, it becomes easier to remember. By filling a room with whiteboards (or even rolling whiteboards) and movable furniture, you create the ideal space for a group to meet and create a plan that can be referenced and adjusted as needed.

Prepare for the Worst
If disaster struck your office, be it fire, flood, or failure of some essential equipment, would you still have a way to safely access your data in order to continue your operations? These circumstances, along with any others that would qualify as a disaster, are why one of your most important office setup considerations should be completely removed from the office. To fully protect your data, the most advisable course of action is to use an off-premises, isolated backup solution that can restore your data, should it ever be lost.

While many considerations are totally yours to act upon when setting up a workspace, COMPANYNAME can provide the expertise to be sure any of your technical systems will meet the very high standards you need them to reach. Give us a call at PHONENUMBER for help with any of your technology needs.

Categories
Security

Helpful Suggestions to Improve Password Security

b2ap3_thumbnail_password_security_400.jpg Passwords are important for any online account (and for most accounts in general). Sometimes they might feel like inconveniences, but it’s crucial to remember that these passwords are often the first line of defense, if not the only line of defense, that stands between your data and hackers. We’ll discuss ways that you can augment password security with other powerful measures.

There are two major ways that you can improve password security; two-factor authentication and password managers.

Two-Factor Authentication
2FA provides organizations and users with secondary credentials that can protect their network or online accounts. This type of protection can come in the form of an SMS message, a phone call, or an email sending you a secondary credential. You then enter this code into the app or service, and since you know without a doubt that only you could have access to this code, you can practically guarantee that you’re the only one accessing your account.

Basically, the biggest way this helps your organization is by making it as hard as possible for hackers to infiltrate your network and company accounts. When you involve devices like smartphones with two-factor authentication, you make it much more difficult for hackers, as they would need access to two different devices rather than just one. Reach out to COMPANYNAME and ask us about our two-factor authentication solutions.

Password Managers
A good password is often long and complex, consisting of several different types of characters, numbers, and letters. As you might expect, these types of passwords are rather difficult to remember. Plus, since you can’t (or shouldn’t) use the same password for multiple accounts, you can easily use the password for another account on accident, eventually leading to an account lockout. This is both frustrating and unnecessary. Alternatively, you can keep track of your passwords using a password manager, allowing you to use complex passwords without any problems.

An enterprise-level password manager from COMPANYNAME can allow your organization to take advantage of complex passwords. Your passwords are stored in a secure encrypted database that shields them from hackers. Furthermore, you only pull the passwords as they are needed. There’s no better way to take advantage of complex passwords, as the password manager will keep track of multiple account credentials without you having to remember them.

COMPANYNAME can help your business with all of its password managing needs. To learn more, reach out to us at PHONENUMBER.

Categories
Business

Why FitBit’s Purchase of Pebble Matters to Businesses

b2ap3_thumbnail_pebble_unsupported_400.jpg Smartwatch enthusiasts now have one less brand from which to select, as rival Fitbit has successfully taken over the former Kickstarter project Pebble’s business. For companies that rely on software for their mission-critical tasks, lessons learned from the end of Pebble reminds business owners that, when it comes to innovative technology purchases, there is always a bit of risk.

First, some background: Pebble made the announcement on its Kickstarter page that “due to various factors,” the company “could no longer operate as an independent entity” and had “made the tough decision to shut down the company” after Fitbit completed the purchase of some of Pebble’s assets. The company went on to disclose that they would no longer be continuing any hardware operations, ceasing the production of their wearable products.

As for the devices that had already been sold, Pebble advised their customers that their devices “will work normally for now.” However, since what remains of the company will no longer release software updates, the devices will quickly become vulnerable to malicious threats until they gradually become totally obsolete. These devices are also no longer eligible to be returned or exchanged, leaving their users stuck with a device with a considerably-shortened shelf life, and with no financial recompense.

In short, it’s clear that out of all parties affected by this buyout, it’s the users who are left with the short end of the stick; stuck with insecure electronic devices that they may have contributed a significant financial investment towards, and without warranty.

While this transaction will likely have little effect on a business, it’s worth considering the ramifications of tech companies engaging in similar deals.

For example, let’s say your workplace is exclusively equipped with desktop solutions from Company A. One day, it’s suddenly announced that Company B has come in and bought Company A, and is ending support for Company A’s products. As a result, your office is now filled with unsupported devices that will become obsolete much quicker than anticipated, with an increased susceptibility to security threats after support has ended. Sure, you could update your workstations, but it would be costly to receive customized support.

If you want to be protected against the whims of the tech industry, give COMPANYNAME a call at PHONENUMBER. We can keep your systems maintained with a managed services solution, and an eye on the industry to help you roll a bit better with the punches.