Author: Casserly Consulting

Categories
Best Practices

Tip of the Week: 4 Scams to Look Out for and What You Can Do to Prevent Them

b2ap3_thumbnail_basic_net_security_400.jpg There’s no question that cybersecurity is an important part of managing a business, especially with so much technology in your office. Yet, the real challenge comes from making sure that your employees know and understand best practices, and are willing to adhere to them. Here are some easy ways that you can help your employees understand just how important IT security really is.

Change Passwords Frequently
Password security is a big problem for both the commercial and domestic computer user. Too often you see stories about users having passwords like “password” or “123456.” To help your team avoid this, create a handout that has the following best practices on it:

  • Make your passwords long (at least 16 characters). The longer, the better, as this makes the passwords more difficult to guess.
  • Make your passwords complex. Use a plethora of special characters, numbers, and both upper and lower-case letters.
  • Never use the same password twice. When a hacker steals a password, they may try to use it on other related accounts.

Of course, a password manager makes these tips much easier to accomplish; particularly one that allows you to share passwords across your organization’s network. You can group together users and distribute credentials as they’re needed, synced in real time to their devices. As a bonus, you can use complex passwords without the frustrations of forgetting and remembering them.

Watch Out for Spam
Hackers will often spread spam in the hopes that someone will slip up and offer important credentials or personally-identifiable information via email or phone call. We’ve outlined a couple of common spam situations below, so that you know what to look for:

  • A big congratulations: If you get an email saying that you’ve won the lottery or a big winner who needs to claim the prize, you can disregard it as spam. In general, if something is urging for immediate action, you might want to think twice about what it is.
  • Fake law enforcement threats: Hackers know that people are intimidated by the authorities, so they will create messages claiming to be from the FBI or local law enforcement. They will then declare that you have done something wrong and that there is a fine. Messages like this use fear against you, so be careful not to fall into the trap.
  • Spear phishing tactics: These are tactics in which hackers will target specific users and tailor their attacks to the individual. Details to look for could include customized phone numbers, addresses, and personal information regarding their schedule or workplace. Since the attacks don’t look like generic spam, they can fool users.
  • Whaling schemes: These are top-tier social engineering threats that almost don’t classify as spam due to how dangerous they are. Whaling schemes, or CEO fraud, is when a hacker impersonates the business owner in an attempt to get financial departments to wire transfer funds to offshore bank accounts. Look for inconsistencies with email addresses, or simply ask the one who has sent the message, if it’s a real request or not.

Many of the above email threats can be mitigated with an enterprise-level spam blocking solution. Spam blocking keeps suspicious messages from hitting your inbox in the first place, which increases the chances that your employees won’t see them at all. However, there are still some that might manage to squeeze past filters. Therefore, the only real way to prevent these problems is by taking proactive security measures.

To learn more about cybersecurity, reach out to COMPANYNAME at PHONENUMBER.

Categories
Cloud

3 Compelling Reasons Why Your Business Should Move to the Cloud

b2ap3_thumbnail_introducing_cloud_computing_400.jpg Businesses are turning to the cloud because it’s designed to make operations easier and save them money. In light of these benefits, organizations that have yet to move to the cloud may be missing out on some serious advantages by continuing to do IT the hard way. If you’re still unsure about the cloud, then consider how these three features of cloud computing can change how you do business.

The Cloud Takes the Burden Off of Running an In-House Network
A business that hosts their data and IT infrastructure in-house is in charge of overseeing every aspect of maintaining their network. This includes everything from putting out fires when things go wrong to procuring new equipment. For many SMBs, what makes this responsibility challenging is the obvious fact that they’re not an IT company. However, by owning all of this equipment an SMB essentially has to take on some very technical responsibilities requiring professional knowledge.

The advantage of hosting your data and applications in the cloud is that you’re essentially outsourcing this responsibility to a cloud provider whose sole job is to oversee and protect your data. This frees up resources to better invest in your business goals, and gives you peace of mind that your data is being handled by professionals so that nothing is being overlooked.

Cloud Offers Flexibility
Today’s business environment makes accessing your work while on the go practically a necessity, and hosting your data can prove to be a complex endeavor when sharing files and information internationally. ITProPortal explains, “Global expansion has increased the need for international data centers, especially as security and privacy concerns lead to strict regulations that vary from country to country… Cloud computing with an established cloud partner with physical data centers across multiple geographies means your data can ‘live’ in just about any jurisdiction, and mitigates this problem.”

Plus, providing your workforce with anytime, anywhere access to their important files along with the ability to collaborate on projects in real-time is a huge bonus that will boost the productivity efforts of your business.

The Cloud is Secure
In the early years of cloud computing, one of the loudest arguments against the cloud was that it couldn’t be trusted because you’re essentially handing over sensitive data to a third party provider with unproven security protocols. However, with the rise of cloud computing in recent years, the public cloud option has undergone security upgrades by leaps and bounds and the data centers hosting your data have vast resources to commit to the security of your data–resources that SMBs lack. Therefore, today’s cloud options give users the security they need without having to sacrifice flexibility.

When all three of these features are considered, going with the cloud allows businesses to do much more for less. This allows SMBs to better distribute their resources toward profit-making initiates, while enjoying the benefits of a professionally maintained IT infrastructure, without having to pay for an in-house IT staff. To get started with cloud computing for your business, call COMPANYNAME at PHONENUMBER.

Categories
Miscellaneous

This Hacker Messed With the Wrong Transportation Agency

b2ap3_thumbnail_san_francisco_transportation_hack_400.jpg While San Francisco residents might not be happy that they’ll again have to pay fares to ride the city’s rail system, the reason they again have to do so is understandable. Plus, it provides an excellent example of the importance of maintaining a backup and using complex passwords.

A hacker or group of hackers, operating under the moniker Andy Saolis, managed to halt the collection of fares by the San Francisco Municipal Transportation Agency (or Muni) by hacking their station computer system and introducing a strain of ransomware into it. As a result, Muni employees were unable to access their workstations and some of the agency’s systems were disabled.

However, the hacker claimed to have accomplished more, as ticketing kiosks across the city would only display “you hacked. ALL data encrypted.” The ransom demand for the decryption key was approximately $73,000 in Bitcoin. Despite the hacker’s apparent confidence in their accomplishment, Muni elected to not pay the ransom, deciding instead to restore their systems from a backup and allowing cybersecurity experts to strike back against the hacker, not just once, but twice.

Two independent vigilante hackers managed to access the email account of “Andy Saolis” to collect information that helped to stop the attack, both by correctly guessing the answer to the account’s security question. It would seem that the hacker(s) known as Andy Saolis had been active for a while, but had never before targeted anything other than private companies, which very well may have led to their downfall.

Once the attack was thwarted it came to light that seemingly no data, including that from Muni’s customer payment systems, had been accessed, despite the attack affecting 25 percent of Muni’s network. Saolis, unsurprisingly, gave a considerably different account online.

Claiming to have stolen data from the payment kiosks, as well as 30 gigabytes of data from Muni’s system on their employees, customers, and technical matters, Saolis wasn’t shy about casting himself (or themselves) in the light of the vigilante against an unjust system.

According to an email sent through Russian service Yandex.com, “They give Your Money and everyday Rich more! But they don’t Pay for IT Security and using very old system’s !”

Shortly after the attack ended, security experts were also able to establish that the emailer was based in Iran, and had gained access to the hacker’s servers.

Though Muni never had to pay a ransom for their data, this attack wasn’t cheap, costing them the combined total of the free rides they granted to commuters as their systems were compromised. However, this total would certainly be less than the actual cost of the Bitcoin ransom, and so a good general rule to follow is to never give in to a hacker’s possibly insincere demands.

On the topic of the hacker, whose password was guessed by two separate strangers, how weak must this password have been? While nobody should ever complain about a hacker being foiled, it goes to show how a complete stranger could find their way into your accounts if you aren’t being careful..

This case is far from over, as the Federal Bureau of Investigation and the U.S. Department of Homeland Security are still investigating the matter, which provides proof that public systems are still unable to be fully trusted.

There is a lot for SMBs to learn from this story. How confident are you in your IT security? If you feel it’s time for a security audit in order to determine how protected your business is from all kinds of threats, reach out to COMPANYNAME at PHONENUMBER.

 

Categories
Best Practices

Tip of the Week: 6 Tips to Avoid Getting Scammed This Holiday Season

b2ap3_thumbnail_are_you_being_scammed_400.jpg The ingenuity of criminals knows no bounds, especially when it comes to the holidays. You’d think that scammers would be merciful during this time of peace on Earth and goodwill to man. Nope. This is when they step up their scamming efforts, which means you need to be ever vigilant.

Here are six scams to be mindful of this holiday season.

Be Careful Where You Donate
The holidays are a great time to make end-of-the-year donations that you can deduct from your taxes. Unfortunately, scammers know how to play on people’s heartstrings and they’ll set up fake charities with slick online websites in order to scam you out of money that should be going to help others.

To make sure you’re giving to a legitimate charity, AARP recommends, “Before donating to a charity, make sure it is registered with the Secretary of State and ask how much of the money goes to the charitable fundraiser and how much goes to the charitable purpose.”

Be Wary of Fake Gift Cards
Often used as a gift for the person who “has everything” or as a small supplement to be given besides a larger gift, gift cards are a very popular gift to give. However, gift cards are also a vehicle for scammers to use. For example, how often do you see great deals on gift cards on online auction sites? As it turns out, those “great deals” are very likely for stolen, worthless cards.

The easiest way to avoid this sort of scam is to only purchase gift cards from a trusted, licensed merchant. Also, if you’re purchasing the card at the store it’s for, ask the cashier to check the balance of the card so you don’t get scammed into buying a bogus card placed on the rack by the thief.

Be Sure to Track Your Packages
The holidays are crunch time for parcel delivery services. For thieves that may lack hacking and technical skills, simply walking up to a front porch and stealing a package is an easy way to make some fast cash. They may even have zero use for what’s in the box, but that won’t keep them from walking off with your goods, just in case there’s a chance that it contains an item of value.

To prevent this risk, when you order a package make sure that your signature is required in order to receive it. This will prevent the package from being left on your steps for a thief to easily grab. Also, remember that you can have the package delivered to your work address if nobody will be at your house to sign off for your package.

Watch for Credit Card Skimmers
Some thieves even have the know-how to steal data from your credit card using skimming devices at ATMs and other POS devices. Therefore, it’s preferable to shop with a credit card over a debit card, and there’s a lot to be said for cash being a secure way to pay for things. Also, look closely at the device before scanning your card. If it looks like it’s been tampered with, then you’ll want to alert store management.

Don’t Fall for Bogus Deals
Finally, it never hurts to rely on some relatively timeless shopping advice: if an offer sounds too good to be true, it probably is. Before completing any purchase that seems like the deal of a lifetime, make sure you at least familiarize yourself with all of the terms and consider the ones that probably aren’t mentioned. No deal is worth risking your financial future for.

Be Safe Online
Finally, there are plenty of scams to be found online. The best way to avoid getting taken by an online Grinch is to follow best security practices. These include:

  • Before submitting any sensitive information, look for the padlock icon in the address bar, along with HTTPS at the beginning of the URL.
  • Only shop on websites that have a good reputation.
  • Avoid using public Wi-Fi when shopping online.
  • Avoid using your debit card online. Instead, use credit cards and gift cards.
  • Be skeptical of unsolicited emails in your inbox, especially when it comes to fake invoices and bogus shipping orders.

By avoiding these six scams you can shop with confidence this holiday season. It’s also important to keep in mind that these scams are utilized by thieves all year round, so you’ll want to always be looking out for them.

Have you fallen for any of these scams or encountered any of them while shopping? If so, share with us your scam story in the comments. 

Categories
Security

How 2 Keystrokes Can Bypass the Security of Windows

b2ap3_thumbnail_shift_and_f10_400.jpg Usually, when a troubleshooting feature is put in place, it is meant to assist the user in resolving an issue. However, one such feature in Windows 10 could ultimately lead to more problems, as it also can serve as a free-ride vulnerability for an opportunist bystander.

Security expert Sami Lailo discovered that if someone keys in Shift + F10 during a ‘Feature Update’ in Windows 10, they are able to access a Command Prompt window with Admin privileges. Compounding this with the fact that Microsoft updates disable BitLocker while they are in progress, means that someone could feasibly access the hard disk without the aid of any external device.

If that someone happened to be ill-intentioned, they could potentially wreak havoc through the command-line interface. Admittedly, the perpetrator would have to move quickly, but if they had come in with a plan and the foreknowledge of a Feature Update being implemented, they would have plenty of time to do what they had come to do.

Lailo reached out to Microsoft, and the company is now working to resolve this issue.

The current fix? Don’t leave an updating workstation unattended, despite the long periods of time updates can sometimes take.

Once Microsoft releases a patch, businesses and organizations will want to apply it. Keep in mind, any COMPANYNAME clients on our managed services will have the update applied once it is tested. Give us a call at PHONENUMBER to learn more.

Categories
Technology

The Case for Hosting Your Phone Solution In-House

b2ap3_thumbnail_on_premise_phone_system_400.jpg Traditional communications solutions are all well and good, but they’re quickly growing antiquated and outdated with the inception of more dynamic solutions. Some organizations have found that cloud-hosted VoIP has advantages over an on-premise telephone solution. While there’s a certain degree of truth to this, an on-site system still presents value.

When you host your own VoIP solution, the biggest difference to consider is the fact that you’ll be managing your own hardware. An in-house system is stored in the server room or another dedicated part of your infrastructure. Alternatively, when you use cloud VoIP, the system is stored off-site, hosted and maintained by an outsourced provider.

Keep in mind that when we talk about on-site VoIP systems, we’re not referring to the traditional landline telephone system that many organizations still use. Rather, we’re talking about a virtual phone system that uses your Internet connection rather than a landline cable infrastructure to send and receive calls. Though VoIP is a service that can easily be outsourced to a third-party provider, it’s possible for you to host an in-house system on a dedicated server… assuming you have the staff to properly manage and maintain it.

Regardless, there are still some benefits to consider regarding on-site VoIP hosting rather than going through a cloud provider. Here are a couple of them.

  • Control: In comparison to a hosted solution, your business has greater control over an in-house phone system. You can easily add new users and phone numbers rather than going through support to do so. This also means that you’re in a greater position of responsibility, so it’s important that you have the staff on-site and ready to maintain your system, should you choose to go this route.
  • Use your existing infrastructure: Consider for a moment how much effort went into building your current infrastructure. You already have a network, servers, and other important hardware hooked up to it. What’s a little more in the form of your in-house VoIP system? If you wanted to add VoIP to a cloud infrastructure, you have to go through the hoops of configuration and setup, which is something that you may not have control over with a hosted solution.

If your organization is considering revamping its communications infrastructure, look no further than COMPANYNAME. We can help your business get the most return on investment from your phone solution. To learn more, reach out to us at PHONENUMBER.

Categories
How To

Tip of the Week: How to Know if You’ve Experienced a Data Breach

b2ap3_thumbnail_breach_of_your_security_400.jpg Your data is vital to the success of your business, and as such, it needs to be protected. Can you identify the warning signs that someone has managed to get past your protections to access your data?

According to the Identity Theft Resource Center, or ITRC, there were 781 data breaches in 2015 within the United States alone. This marked the second-highest number since 2005, when the ITRC began to track these occurrences. Of particular interest, the ITRC report noted that, in 2015, the business sector saw the highest percentage of publically reported breaches with almost 40 percent of all reports coming from business organizations. What’s more, motive analysis saw that more and more thieves sought financial gain through accessing sensitive personal data.

Presumably, the report for 2016 should show more of the same.

Business owners should therefore be extremely cautious and prepared when it comes to possible data breaches, not only in terms of preventing them but also in terms of identifying them within their organizations. What follows are some best practices to assist you in determining if a data breach has occurred on your systems.

First, determine what is normal within your systems.
After all, you will need to know what is right to identify if something is going wrong. This can be largely accomplished by familiarizing yourself with the typical goings-on of your employees at different times of day, and with different levels of access.

Keep an eye out for unusual activity.
There are numerous warning signs that a data breach has occurred in your systems. These warnings might be as subtle as a piece of equipment suddenly becoming slower. They may include:

  • Unusual/unapproved programs: If there are suddenly unauthorized programs appearing on the company’s workstations, you may have a breach. You must be diligent in keeping an eye out for such red flags, as well as encouraging employees to do the same by insisting that they report any sudden appearances of new software that were not mandated by the company.
  • Unexplained “employee” activity: Have records suddenly shown users logging on to the system at odd times and from odd locations? Are your accounts being altered without your knowledge or approval? Have employees suddenly had unexplainable difficulties in remembering their passwords? These are also indicators that your system has been breached.
  • Other breach attempts: Have you had to fend off an overt cyber attack recently, such as a Distributed Denial of Service attack? If so, these attempts may have served a secondary purpose as a smokescreen to conceal a more insidious attack. It’s becoming a best practice to assume that an attack isn’t over, even when it’s over (because it may not be).

Educate your employees.
The first and last line of defense against most cyber threats is educated vigilance, including from your end users. Make sure your employees are also aware of the signs of a data breach, as well as other security threats. COMPANYNAME can help you to keep your systems safe from these attacks as well. To see what we can set up to keep you secure, reach out to us at PHONENUMBER.

Categories
Technology

In Case of Emergency, Activate Facebook’s Safety Check

b2ap3_thumbnail_facebook_safety_check_400.jpg In 2014, Facebook launched Safety Check, a helpful tool allowing users to “check in” that they’re okay during a crisis event, like a natural disaster, mass shooting, etc. Recently, Facebook made a major change to Safety Check by allowing users affected by the crisis to activate the feature. This is yet another example of how social media is changing the way people find out about major events and react to them.

To give you an idea of the sizeable difference this change makes, consider the fact that in the first year of Safety Check (when it was exclusively controlled by Facebook), the feature was activated 39 times worldwide. Since the change was made in December of 2015, Safety Check was activated a total of 328 times over the following six months. That is a significant number of crisis situations that would have been overlooked if Facebook alone was at the helm.

Rest assured, Facebook is still involved in Safety Check’s activation process. Otherwise, jokesters and Internet trolls would surely abuse the tool and “cry wolf” every chance they get, which would effectively render the tool useless. To prevent this, Facebook has a two-step activation system.

  • Step 1: A user submits a crisis event to Facebook they deem to be worthy of Safety Check activation.
  • Step 2: Facebook checks on the validity of the event by analyzing the chatter over its social network, along with third party organizations.

If the crisis event makes it through rigors of this automated process, then Safety Check is activated and those affected can begin “checking in” that they’re okay.

Of course, the Internet being the Internet, there will always be those who make light of a crisis situation by “checking in” on Safety Check events that have nothing to do with them. However, this annoyance aside, society can only benefit from the public having a tool like Safety Check to quickly notify scores of friends and family of one’s status during a crisis.

Have you used Facebook’s Safety Check to notify your friends that you’re okay? If so, then share with us in the comments if you’ve found this tool to be useful or not.

Categories
Security

Even Small Businesses Need a Big Security Solution

b2ap3_thumbnail_small_business_security_400.jpg One of the main benefits of a small business is that it’s small. You can make decisions quickly regarding all sorts of matters. Your workforce isn’t nearly as large as other organizations, meaning that you’re a closer, tight-knit group. One of the misconceptions of small business is that they’re not as susceptible to hacking attacks, which can be a dangerous assumption to make.

The reasoning for this is simple: hackers don’t care who you are or what you do. They don’t care if you’re a large business with thousands of employees, or if you’re a small startup in the suburbs of your hometown. They don’t care if you’re in the healthcare industry or if you’re just a small goods manufacturer. All they care about is stealing your data, and if you don’t take measures to protect it, you could be dealing with a major issue that can’t be swept under the rug and forgotten about.

All businesses rely on their mission-critical data to function, and all businesses have information that’s valuable to hackers. For example, most companies have a human resources department that collects information about employees and potential new hires, including Social Security numbers, dates of birth, addresses, phone numbers, email addresses, and so on. On a more personal note, your business’s finance department holds payment information for both your clients and your own business, which could be catastrophic if it were to fall into the hands of hackers.

However, even though hackers will use variable tactics to infiltrate and infect a network with viruses, malware, spyware, or other threats, they often don’t target specific data. In fact, hackers often don’t target specific businesses at all, and instead will send out widespread scams designed to infect any and all who are foolish enough to download a file, or click on a suspicious link. These threats are most often found in phishing emails (scams that are designed to get a user to visit a malicious website, download an infected attachment, or click on a link) that executes a malicious payload. A small business like yours will rarely experience a direct hacking attack specifically designed to infiltrate your exact systems.

Due to this oversight, your business can make significant steps toward proper cybersecurity practices by implementing security solutions that are designed with the enterprise in mind; specifically, a firewall, antivirus, spam blocking, and web content filtering solutions. These security measures are all necessary if you want to minimize your business’s exposure to online threats. They can keep your team from accessing malicious websites, keep threats out of your system, and eliminate the majority of spam that hits your inbox. Furthermore, a powerful antivirus can swiftly destroy any threats that do manage to infiltrate your system.

With a small business, you still need to implement security solutions. There’s no getting around that. What you can do to make it easier on your organization is to contact COMPANYNAME. Our skilled technicians understand the everyday difficulties that come from managing technology, including optimizing security. Ask us about a Unified Threat Management solution that includes all of the above-mentioned services, and don’t forget to inquire about remote monitoring and maintenance that’s designed to detect and resolve abnormalities in your systems. To learn more, contact COMPANYNAME at PHONENUMBER.

Categories
Technology

Tip of the Week: Every Mobile Device Policy Needs to Cover These 3 Areas

b2ap3_thumbnail_smb_mobile_400.jpg Smartphones, laptops, tablets, and other mobile technology are practically necessities in today’s modern workplace; especially if you want to keep productivity flowing at all times. However, implementing mobile devices into your workplace infrastructure is more complicated than it sounds, especially if you want to preserve security. Here are three topics to consider when implementing mobile devices in the workplace.

Data Security
One of the key concerns that any business using mobile devices needs to account for is security. When you add new devices to your business’s network, you’re adding endpoints that could potentially fall victim to hacking attacks. The more devices that are connected to a network, the more patches and updates that need to be installed in order to maintain security. Basically, adding new devices means more work, and more work can lead to cut corners, which inevitably leads to compromised devices.

A mobile device management solution is capable of securing all of your organization’s devices, be they smartphones or laptops. It’s the easiest way to manage access to mission-critical data, whitelist and blacklist apps, and remotely wipe devices that have been compromised.

Connectivity
When you’re taking mobile devices out of the office, you need to consider how your employees (and yourself) are going to connect to sensitive corporate data. While you could just connect to your cloud solution through a public Wi-Fi connection, this is discouraged, as public Wi-Fi can often be compromised. You never know who else could be on the network, watching your every move.

In instances like these, a virtual private network (VPN) is a valuable tool. With a VPN, you can access your network’s data over an encrypted connection, meaning that as long as you are connected to a wireless network, the data sent to and from your device will be secured so that any onlookers won’t be able to do anything with your data. The data sent to your device is encrypted and then decrypted upon arrival, so if any hackers try to steal it in transit, they’ll only get a jumbled batch of letters and numbers.

Cloud Access
Of course, you’ll need access to your organization’s data, especially when you’re out of the office and using several different devices. To do so, you need a cloud solution that allows your business to share and collaborate on files in real time, across multiple platforms. Most importantly, you want to ensure that your team can open crucial data that’s needed to keep operations moving forward, even when out of the office. A dynamic cloud solution–either public, private, or hybrid–is the key to solving this pain point. Depending on your business’s specific needs, you’ll want one that prioritizes the functionality and security your business requires.

For all of your business’s mobile device security needs, you can contact COMPANYNAME. We’ll work with you to ensure that your devices aren’t putting your business’s data at risk. To learn more, reach out to us at PHONENUMBER.