Resources: IT Security

Is your Virtual Office Secure?

Many companies have found themselves forcing employees to work from home throughout the pandemic and now as we navigate hybrid learning environments. This trend has been a long time coming, but it seems like we’ve progressed more in the last six months than the previous 20 years combined.

Pandemic or not, remote working will be the future for many of us if it isn’t already the case. This month, we’ll be going over various reasons why you may want to consider making a move to a virtual office. In this article, we’ll be discussing a reason that’s near and dear to our hearts: security. 

Virtual vs Physical Office 

When some of you hear the term “virtual office,” you’re probably thinking of someone at home on their computer, all their work online. While that’s true, it’s important to understand that what we’re talking about is more specific than that.  

A proper virtual office allows someone to actually go to work in the most literal way possible without even stepping foot in a building. All the software and data that your employees would need would be available after logging into your system, often via a login on your company’s webpage. Once inside, your employees can literally do anything they need to do. They would be remote clients of every software your company uses, including accounting packages.  

A Safe Solution 

Virtual offices are one of the safest ways for your company to do business remotely. The biggest reason for this is the lack of any software on your employees’ own computers. Even if their computer gets hacked, there’s nothing on the hard drive that would belong to the company. In addition, since the employee is logging into the system, unless someone is literally behind their shoulder, there is no way for them to see what they’re doing.  

Much of the time, hackers get information based on the connection between your computer and the server you’re communicating with (the website’s hosting server). You could think of it like being wiretapped — the person listening in can get all the information you’re sharing with your friend on the other line. With a digital office, you’re basically entering a digital building, doing all your business inside, then leaving for the day.  

What a Digital Office Is Not 

Some of your smarties reading this article might be thinking, “Oh! They’re talking about a VPN.” While VPNs and virtual offices share some similarities, there are a few important differences. For one, VPNs work by encrypting your communication between you and the website you’re visiting. However, once you’re in contact with that website, you’re still vulnerable. What if the site uses cookies to track you or if their servers have been compromised? That VPN won’t do you a lick of good. 

Also, VPNs are often used on a network. It’s true that the entire network will be better protected with a VPN than without one, but if one device on the system gets infected, your entire network is defenseless. Even entire VPN services have been hacked in recent months, leaving millions of customers vulnerable. 

Let’s use the example of your child opening an infected email. If you’re using a virtual office, none of your company’s files, passwords or any other type of data will be in danger. The only way to access that information is to have the credentials to enter the entire system.  

This might make you think that gaining access is just as easy as someone stealing your password. However, entering the virtual office would require a password in addition to multi-factor authentication that would be monitored by your MSP. While any system could theoretically be breached, this form of accessing the system is about as ironclad as you can get these days.

A Smart Solution 

Of course, we’d be lying if we said that virtual offices are an impenetrable castle wall that would be 100% safe. Even with physical castle walls, it isn’t just the bricks and mortar that protect that people inside — it’s the design, workmanship and upkeep that stop the enemies from rushing in. 

Understanding how a virtual office works, best practices in its implementation and maintenance is what will decide the quality of your system in the long run. This sort of workspace can be complicated to set up and get used to, but once your company works this way for a short while, the peace of mind you have will make you wonder why you didn’t do this years ago. 

Naturally, with something this important, you’re going to want a company that knows what they’re doing from years of practical experience, not just from learning by watching a YouTube video on the topic. Especially when putting all your eggs in one basket (so to speak), you better make sure that basket is made from galvanized titanium covered in diamonds. Well, maybe not literally, but you get the point. 

Our team has been working with virtual offices (in whole or in part) for decades. We know what needs to be done and understand the very real danger of not doing it right the first time. If you’re finding your workplace become more and more sparse with your employees working remotely, don’t wait to call us today. We’d be happy to go over your specific needs and help develop a solution that will make your virtual office a secure workplace.  

The Hidden Costs of Hiring an IT Tech

If your business is at the point where you’re thinking about hiring a fulltime IT tech, congratulations! Having enough consistent needs to fill this role means you’ve worked hard and made good decisions that drove business growth. Our best advice? Don’t stop now!

Moving forward with hiring requires a lot of analysis to avoid major consequences down the line, though. One of the biggest decisions whether you’ll hire someone directly or use a third-party MSP (Managed Service Provider). In this article, we’ll get into the specifics of both scenarios.

Why Do You Need an IT Tech at All?

In the past, business people and tech people were two different breeds. Over the years, the gap has gradually shrunk to the point that many people are tech-savvy enough to get by for the little things. As your business has grown, though, you likely have needed to delegate many of your previous duties, like IT — even if you feel perfectly capable of handling them yourself. After all, when do you think was the last time Jeff Bezos packaged a shipment? Your IT needs have also likely grown much more complex.

If you don’t choose to delegate now, you fall into a major pitfall of leaving IT duties unassigned. In our current landscape, leaving an IT post open could be a death wish. Cyber attacks of all types are on the rise, and the amount of damage each one could impose is ballooning. For example, in 2016, the average ransomware attacker demanded $522. In 2020, that average sits around $84,000! Sadly, many of these attacks take place as a result of not having someone the wheel.

In addition, there’s the issue of efficiency and cost-effectiveness. Being lax over time can make your systems out of date, making it harder for everyone to get their work done at a reasonable rate. In addition, only replacing equipment when it’s broken and not when it functionally obsolete can create situations where portions of or your entire workforce will be unable to do any work at all for a time.

An In-House Solution

So, let’s say you’re on board with having one or more people make up your IT team, and you make the decision to hire them directly. One certain benefit is that you can look through a collection of qualified candidates and pick just the right person(s) that you want! But then the other shoe drops.

Just like any other employee, before you hire someone for your IT needs, you have to consider the costs. For instance, the average price of an IT professional is $60,000 per year. Alright, so you budget out $60,000 — then you’re all set, right? Far from it!

Where is this person going to work? Maybe you already have space for them, but these professionals require more expensive hardware and monitor setups. Additionally, you need to factor in the network diagnostic software plus any industry-specific software. Since they’ll generally be on call, they’ll need a phone with a good plan so you can always reach them and possibly a company car (or at least some form of vehicle reimbursement) if you have multiple locations. Don’t forget that expense account!

Besides the specific expenses mentioned above, remember that this person is still an employee, so you have all the other general costs your other employees have associated with them. This can include health/life insurance, vacation time, sick time, 401K plus any bonuses or overtime pay they may rack up.

And what do you do if they leave? The implicit and explicit costs can be truly staggering when you take the time to add it all up.

A Safer Option

In the past, the above option was the only choice most employers had available to them. Based on the high costs (both known and unknown) associated with hiring an IT professional, it’s no surprise that companies have flocked to an alternative option: MSPs.

With an MSP, you have all the benefits of a fulltime employee without the downsides.

They will be consistently available, knowledgable in your network, and focused entirely on IT rather than other day job expectations. Need assistance when it’s time for regular upgrades or maintenance? Want someone to redesign your entire IT setup? Looking for someone to completely take over your IT operations, including telephone, so you can focus 100% on your core business? These are the sorts of services you can get out of an MSP.

Even better, the price you sign in the contract is the price you know you have to pay month after month, unlike the many unknown costs of an employee. There are no HR issues to worry about and the work is on the shoulders of a company, not an individual.

If your company is at the point where you know you need dedicated IT personnel but are unsure about which direction you’d like to go, contact us ASAP. We would be more than happy to go over your needs and discuss the best options.

Surf Securely while Staying at Home

As this COVID-19 crisis drags on, we’ve noticed a few new habits amongst our clients. Some have taken this opportunity to get their business in order and prepare for a resurgence. Some are just gritting their teeth and holding on. Nearly all of them have increased their time on social media. In addition to typical surfing, we’re seeing dramatic increases in people filling out those pesky Facebook quizzes about their first loves, childhood homes, mother’s maiden names, and other little-known facts.

These quizzes seem innocent enough at first; however, they are a hacker’s dream. In fact, most of these quizzes are planted by hackers in hopes that people fill them out, innocently reveal their security question answers, and create an easy target to breach. Here are a few tips to keep safe.

  1. Just say no. We know we sound like a Debbie-Downer here, but it’s safest to just avoid Facebook quizzes altogether. Let’s paint the picture. Recently, there was a push to post your graduation photo and year “in support of 2020 graduates.” This sounds like a cute idea, but there’s a dark side. Hackers now have three pieces of information that are common security questions: where you went to high school, what year you graduated, and your high school mascot (they can easily look this up based on the information provided). Your support of graduates just opened you up to hacking. Sure, this doesn’t give up your username and password, but hackers might already have this information based on some previous phishing attempt or breach of a major database (think Target, medical records, or social media profile leaks). Now, they have the secondary layer of protection to your personal data. Alternatively, they use this information to create fake Facebook profiles that appear believable. Then, they send a bunch of friend requests to your existing friends and use it to harvest their personal data when they accept.
  2. Pretend everything you post is public. Regardless of your privacy settings, pretend that Facebook is a wall in the grungiest bathroom on your last road trip. Is this information that you would like posted on that wall? When you excitedly shared about your daughter’s first car, you revealed her security question information. You nostalgically told a story about your childhood neighborhood, there was another security question. It doesn’t matter if your profile is private or not. Hackers will find away.
  3. Give Fake Security Question information. If you just cannot refrain from taking these Facebook quizzes or posting, give fake information for your security challenge questions. For example, if the security question asks where you met your significant other, put something completely incorrect. Make sure it’s something that you will remember, but it shouldn’t be something that hackers could find published online.

Social media opens up privacy concerns that we’ve never had to consider before. We recognize that there is no turning back and becoming a recluse isn’t an option. Through this crisis and beyond, take every precaution you can to protect yourself, protect your business, and protect your identity.

5 Reasons Hackers Steal Your Data

As professionals in the IT business, we all have firsthand knowledge that the web can be a dangerous place for anyone, especially if you run a business. The more we analyze security breaches, the more we ask the most crucial question: why? Why do people go through all that trouble to make life more difficult and dangerous for the rest of us?

Well, you can imagine that it differs from hacker to hacker. Just a  few common factors likely end up being the reasons why they do what they do and why they started in the first place. In today’s blog, we’ll take a deep-dive into the villains of our story, and explore some reasons why they do what they do.

1.) Identity Theft

Though you may not realize it, you are more important than you think—well, more valuable, anyway. You might think of you or your company’s value in terms of what is in your bank account, or the assets you may hold. However, you probably carry more potential value that you don’t tap into, such as not opening additional accounts and not maxing out your credit cards.

Consumer Affairs estimates that the average loss for an individual involved in credit card fraud last year was about $2000. That number might seem a bit low to some, but remember that most people only have a few thousand dollars maximum available on their credit card at any given time. Imagine if your company’s credit card was compromised. How much could you be on the line for? Or what if someone opened accounts or took out loans using your stamp of approval? For many of us, the losses could be staggering.

2.) Ransomware

The last few years have taught all of us to fear that word. From small to large businesses, from individuals to local and national governments, no one is safe from these threats. As far as a reason for this type of attack, the answer is simple: hackers identify and attack victims that can give them a good return on their time invested.

When hackers hold an organization for ransom, the victim often ends up paying because they can’t afford to operate too long without productivity. While some sources report that overall ransomware attacks are down, lately, they have become more sophisticated and demand more money to release the “hostage” data or systems.

3.) Mooching Off Your Equipment

Hackers generally have less money and fewer resources than the people they steal from. Sometimes the reason for the attack isn’t just for cash, but rather for access to available operating systems. This type of hacker is looking to take advantage of large servers with massive computing power for activities such as mining Bitcoin. Sadly, they probably don’t plan on giving you a cut. They’ll use your processing power late in the night and stick you with the extra electrical charges. Another reason why you should always check your bills!

4.) Because They Can

You could consider this to be the scariest category of a hacker since there’s nothing that can be done to stop them. They can best be summed up in a quote from Alfred in The Dark Knight when he said; “Some men aren’t looking for anything logical like money… some men just want to watch the world burn.”

Since a person like this doesn’t have anything other than personal accomplishments as a goal, they can be harder to catch and harder to convince to change their dastardly ways. For example, in one month in 2000, a young man by the name of Michael Calce (who used the handle “Mafiaboy”) took down the systems of CNN, Yahoo, Dell, and Amazon. All are substantial companies with state-of-the-art security systems. What was his grand reason for doing this? To prove that he could. While this is not the most common category of the hacking community, they can still be some of the most difficult hoodlums to deal with.

5.) To Sell Your Information

This is one of the more significant issues today. We live in an era where the greatest currency is information. Once hackers get their hands on information such as credit card numbers, passwords or even patient records, selling personal data on the Dark Web is very straightforward. To make it lucrative, they need to deal in volume. According to some reports, credit card numbers typically sell for around $10 a piece. For the same amount of time and energy it would take to steal your private information, they can accumulate hundreds or thousands of pieces of information by accessing your customers’ records.

The scary part is, once your stolen data is out there for the highest bidder to snatch up, you can be on the hook for damages. Currently, there are dozens of high-profile lawsuits in progress for businesses whose systems were hacked and now private and sensitive data from their clients are exposed for all the world to see… for the right price.

Regardless of the reason hackers do their dirty work, it’s up to us to protect the data we have access to. We just need to update our security systems and stay one step ahead of the criminals. If you don’t feel that your current security measures are up to snuff, give us a call today! We’d be more than happy to assess your current set-up, and show you how you can implement a plan to make sure you won’t be defenseless against those unsavory characters on the web.

The Risks of Cyberattacks with Windows 7

We hope you understand that this article is being written with tears in our eyes. After months of being part of the loud choir warning about the End of Life of Windows 7, some estimates state that up to 32% of all computers worldwide are still using this operating system!

Currently, the most common cyberattacks against small and medium businesses are phishing, malware, denial of service attacks, man-in-the-middle attacks, and ransomware. A man-in-the-middle attack is named that way because a hacker wedges a barrier between two parties who are conducting a business transaction. The hacker then becomes the liaison for data swapping, so it is easy to steal sensitive data. An SQL breach involves installing malicious code into a SQL server and then siphoning out the data. And we’ve all heard the latest horror stories on how ransomware is holding businesses, corporations, and even whole cities hostage.

Although the funeral seats of Windows 7 are still warm, the first major attacks and vulnerabilities are already starting to raise their ugly heads. As the OS becomes more and more obsolete and more information is passed from hacker to hacker on the Dark Web, the overall safety of your data becomes less and less.

Count the Costs

Data breaches do a lot more than just cause chaos in your office. Once your system has been compromised, you need to find a way to get your information back, either because you need it to function or because it may contain sensitive information. The 2018 IBM Cost of a Data Breach report calculated that on average, a data breach can cost your company $148 — per record. Many companies have hundreds, thousands or even millions of records!

Besides the costs of just having the records themselves stolen, think of the liability that those stolen records can expose you to. Think about lawsuits if your customers’ personal or financial records become available to the public. If you’re a medical office or happen to have medical files on patients, a hack can put you in hot water with HIPPA violations, which can put you on the line for up to $25,000 for each breached file. Clearly just on a financial level, making sure your company is protected is worth its weight in gold.

The Problem and Solution

So, what exactly are hackers looking for? In a perfect world, they can trick you by either downloading a virus or hooking you with a phishing scheme. However, computer users have become more knowledgeable over the years, so those scenarios have become only minor tools for hackers.

As the expression goes, “Every lock has a key.” Sometimes there are ways to get into your system that were put there by design and sometimes the programmers made a mistake and created a backdoor in the OS without realizing it. Either way, it’s usually only a matter of time before one or more hackers find their way into your system. Once one finds their way in, they rarely keep this information to themselves and often sell it or just give it away.

In a normal situation like this, once Microsoft is aware of the vulnerability, they will create a patch to remedy the problem. A patch is downloaded code that will update the part of Windows where the problem is located. It is always recommended that you download and install patches as soon as they become available.

The End of Life Problem

When Microsoft or any other company says that its software is at its End of Life, it usually doesn’t mean that it will stop working. Rather, it just means that the company will no longer support it. In the case of Microsoft, that means that they will no longer provide security patches or any other updates in addition to not offering support from their techs. Really, it’s just a matter of time before the system becomes obsolete and holes are found in its armor.

Speaking of which, 2 security researchers at Guardicore Labs recently announced that the Barbarians are not only at the gates, they have already entered. According to them, a medium-sized medical tech company was hacked when pirates found a way into their system via WAV files. As we said, it’s just a matter of time before this grows to more and more ways to undermine the system of Windows 7 users.

The Obvious Solution

We’re not going to beat a dead horse on the topic, so we’ll just say that the best way to avoid these problems is by upgrading to Windows 10. But not so fast! Simply upgrading your OS is not going to keep you safe forever. Just because you will then have access to the safety protections that Windows 7 now lacks doesn’t mean it’s a one-and-done situation. You need to make sure that your systems are always up to date. Did you just get a pop-up for a new update? Stop what you’re doing and make sure that every machine on your system is updated. Having just one person put it off can put your whole network in danger.

We understand that there is a big difference between taking care of a single personal computer at home and a whole network of computers and servers at your business. Updates, especially on servers, can often be a time consuming and daunting task. That’s why we’re here to help. If you feel that you need a helping hand in making sure your system is up to date and stays that way, please contact us to see how we can assist.