fbpx

Resources: IT Security

are-apps-dangerous

Are Your Apps Dangerous?

Apps make the modern technology world go ‘round. If it weren’t for apps, smartphones and other mobile devices wouldn’t be nearly as useful. Of course, there are many factors to consider before using an app. You should ask yourself, could this be a potentially dangerous app? This is especially true if you’re using a device for business purposes.

Earlier this month, we asked and concluded that allowing cookies is safe in most circumstances. In this week’s blog, we will be delving into using apps for business purposes and whether or not they pose a risk to your safety.

Apps for the Business Place 

There is literally an app (or 50) for just about anything you can think of. However, even helpful apps can be a breeding ground for people who want to steal your information.

Generally speaking, most app makers are honest and ethical. However, because it is so easy to make an app, you may find less than trustworthy creators offering new apps. Securitymagazine.com stated that  “71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data.” Of course, other general business apps often have similar vulnerabilities.

Additionally, some people create apps specifically so they can steal your personal data. When you download and install an app, it will typically ask for various permissions. It may ask for the ability to use your microphone or have access to your contacts. Some apps ask for just about every piece of information you have available. You may find yourself simply handing over all of your personal data without even realizing it. This is where apps can become very dangerous. Even if you come to this realization and delete the app, your device could already be infected with spyware.

Personal Apps Can Be Dangerous

On the other hand, even if you only use trusted apps for business or no apps at all, you need to be careful of the apps you download for personal reasons. Just like with business apps, you may find that people have created an app for a particular reason — and that reason may be to gain access to the data on thousands or millions of mobile devices.

Be honest with yourself: how many times have you downloaded an app that you’ve never heard of just because someone told you it was the greatest app ever? Later, when you feel uncomfortable with how the app works you immediately delete it. We’ve all been there at some point. The scariest part is that the damage is already done once the app is successfully installed. Any information you use for your business (such as emails and customer information) is now freely available to the app developer.

Data Breaches

Another potential threat is using a legitimate app from a valid organization that becomes hacked and breached. As an example, this past year, the Walgreens app was victim to a major data breach. The hack allowed access to private conversations containing personal information. This breach was exposed through various apps that were designed to track COVID-19 cases. This happened to a major corporation using high-security apps. Many people wouldn’t think a pharmacy app from a well-known company could be dangerous. Nonetheless, hackers breached highly sensitive information victimizing paying customers. On that note, it’s important to be aware that anyone can fall victim to a data breach if security measures aren’t closely examined.

Hackers have targeted major apps like Instagram, Tinder, Tik Tok, and Snapchat recently. How many of you have at least one of these apps installed on your phone or other mobile devices? While most of us know not to use Tinder on a work phone, you may have some of these apps on your devices. Even if you only use these apps on your personal time, they can lead to major consequences with your private business data. What is fun for you may compromise the security of your customers.

Create A Solution That Works 

Let’s say you personally avoid all these pitfalls and have never had any issues with apps on your phone or other mobile devices. If you have an organization with multiple people, there’s a very good chance that somebody is going to download an app that may have damaging security implications in the future. While these people may have good intentions and never mean to do any harm, we all know that life can change in an instant in this modern world.

By creating and implementing a plan among your employees, you can help control security breaches. Increase your security measures by not allowing devices to download random, potentially dangerous apps. It’s important to have security policies and other measures in place. Maintain mobile device management, effective policy, and as many security protocols available.

If you want to make sure your organization is as safe as possible from unexpected risks, contact us today. We’ll set up your organization’s devices to keep them safe while still allowing your employees to do their job effectively.

ssl-security-concerns

SSL & Security Concerns for 2021

Anyone with a computer is well aware of security concerns on the Internet. As time goes on, security and internet safety becomes more and more of an issue. It’s clear that hackers are becoming more advanced and will continue to find ways to steal our data. With a large part of our lives spent online, it’s just a matter of time before hackers affect you. If you own a business, the sheer amount of valuable information you are responsible for is something to be concerned about. Moving into 2021, data safety will continue to be a growing issue. In this blog, we will discuss SSL and security concerns for your company’s website and the types of sites you may be visiting. 

What’s an SSL? 

SSL stands for Secure Sockets Layer, also known as Transport Layer Security. This may sound like nerdy talk that doesn’t matter much, but the fact is that you interact with SSLs every day.  They are specific technology designed to keep your Internet connection safe, especially when secure data is involved. SSLs run a protocol of data encryption to make sure third parties can’t see what either party is viewing or sending. 

This includes sensitive and non-sensitive information, such as passwords, names, banking information, and more. This setup uses a handshaking procedure that both the parties involved agree to use. The data transaction creates a cipher so information can be sent from one to the other in an encrypted format. Theoretically, even if a third party were to intercept your data, it would be gibberish since they don’t have the means to decipher it. 

This is essential for safe Internet communication these days. You and your company likely send highly-sensitive information back and forth online all day long. What used to be something kept safe in a drawer can now become public information because of a malicious hacker. This layer of safety is so standard we don’t even notice it. Sites that have an “HTTPS” in front of their address use some form of SSL or TLS.  

Managing a TLS/SSL 

Not only do you want to keep your company’s information private, but you need to make sure that customer information stays private as well. Unfortunately, SSLs and TLSs are not a one-and-done procedure. Like any other security protocol, SSLs change over the years. Make sure that any certificate your company’s website uses is up to date and effective. You can do this by installing updates as they are released. 

Think of the SSL protocol like a deadbolt. Having a deadbolt on your door is much safer than a locking doorknob. Yes, there are always people who know how to compromise it, but it is still much safer. Over the years, deadbolt technology has improved and evolved as people learn to bypass obsolete technology. Sometimes, however, it takes working with an experienced locksmith to have it installed correctly. 

SSLs/TLSs are certainly much better options than nothing at all. However, these protocols, particularly older versions, are still prone to many vulnerabilities. There are numerous common attacks that hackers use to break this encryption. And some of these threats have very colorful names. For example, POODLE, BEAST, CRIME, BREACH, and HEARTBLEED are commonly used attacks, and they are highly successful. 

Keep Yourself and Your Customers Safe 

Having your company’s private information exposed to the highest bidder can have devastating effects on your operations. Stolen customer information due to a lack of care in your communications could result in lawsuits and legal trouble. Customers have well-deserved expectations: when they share information with you, it needs to be kept confidential and secure. 

This can be especially true in organizations that deal with sensitive information regularly, such as financial institutions and medical centers. In the hacking community, there is a highly lucrative market for personal information. The dark web is flooded with people selling private information databases to the highest bidder — and there is always “a highest” bidder.  

If you want to avoid liability, make sure your security protocols are up to date. It is also critical that you maintain them professionally. A relatively small investment in this area of security can end up saving large amounts of money and possibly your business itself. 

We regularly report on attacks that businesses like yours face daily. But we don’t always mention that many of these attacks are successful because the victim has a lax security protocol. The last thing we would want is for you to be another statistic. If your SSL/TLS certificates are getting old and dusty, or (even worse) you don’t have any at all, now would be the best time to contact us. As 2021 quickly approaches, these threats are only going to be more significant and more challenging to handle.  

Our team of security professionals is one of the most experienced in the business. The web can be a scary place, and the last thing you want is to be caught unprepared! By making sure your SSL/TLS certificates are in perfect order, you can rest a little bit easier at night. 

Working from home

The Shrieks and Chills of Working from Home

This year has been…interesting, to say the least. One minute businesses were running normally. Seemingly overnight, many of us got the work-from-home position we always wanted. Within and beyond the pandemic, many companies have been transitioning portions of their workforce to work remotely. As technology marches forward, the image of the modern office changes with it.

That being said, cybersecurity is completely different working from home versus an office with dedicated IT support to set up and maintain all computer systems. Cyber thieves are all too aware of this and have acted quickly to take advantage of these new vulnerabilities.

This final Cyber Security Month article discusses protecting yourself and your business from the new threats lurking at home.

Security Dangers Working From Home

When working from home, we generally can’t use the same equipment we enjoyed in the office. Many businesses told their people to use their personal computers when they scrambled to send them home in March. Even if they’re using traditional security techniques, working online makes them more vulnerable to attacks.

For example, maybe they’re relying on the standard Windows firewall. There’s a reason Microsoft constantly pushes security updates to cover the holes in the OS exposed by hackers. This firewall is simply not secure. Perhaps they are extra responsible and installed a computer grade antivirus program. That’s fine against some automated threats, though not for active hackers trying to get access to the system.

Additionally, with many kids learning at home, that same computer may now have additional programs that create vulnerabilities. Many school districts are using software that has had breaches in recent months.

Finally, there’s the latest trend for remote work: VPNs. While some people swear by it for security, last week’s article focused on all the reasons VPN security isn’t all it’s cracked up to be.

Options to Create a Secure Environment Working From Home

When possible, it’s best to provide the computers and other devices that your employees need when working from home. That way you have complete control of the programs they use and how you set up and maintain their systems. This is often, however, too costly and complex to supply and control systems used in the office and remote.

You could also deploy a relatively new option: a virtual office (or hosted desktop solution). Essentially, this creates a secure place online for employees to log in and do their work from home or any other remote location. This is different from a VPN because a VPN protects only the connection itself, whereas a virtual office gives you a safer harbor, of sorts, to do all your work and store files. This can be extra effective as you know who you’re dealing with from beginning to end and if any sorts of problems arise, they can be fixed from a single source.

Who You Gonna Call?

If the idea of supplying your employees with company-owned devices or the setup and maintenance of a virtual office seem overwhelming, don’t worry! Even many large corporations find this to be too difficult or time-consuming to do on their own. In fact, a recent study showed that more than half of all of the companies surveyed use external services to help with their IT needs, and that number goes up significantly with a larger percentage of their workforce working remotely.

This is complicated stuff and no one expects someone from a nonrelated field to be a pro, which is exactly why we work so hard to make sure these processes and services are as seamless as possible for our clients. We’re a managed service provider — this is what we do. We make sure that when some specter hangs overhead and requires your company to have your employees work remotely (even on a moment’s notice), we can be there to make the transition as smooth as possible. Even if you currently have some sort of remote work arrangement in place currently, we can assess your current setup and make sure that you are optimized for what the business world may throw at you today or in the future!

VPN Security

VPN Security: Trick or Treat?

If you’ve been on the internet lately, you’ve probably seen pretty aggressive advertising for VPN services. On paper, they seem like something that can give you anything you would want in your online browsing in terms of security and access.

Continuing our Cyber Security Month series of articles, we’ll be covering this apparent modern miracle of internet browsing. As businesses increasingly move to a digital work environment, web security is more important than ever. With that in mind, is VPN security a true treat…or just a trick?

VPNs: As Sweet as Free Candy

Before we get into the benefits of VPNs, we should probably explain what they are. VPN stands for Virtual Private Network. They essentially create a tunnel for your web browsing by giving you a (usually) local server to log into. This then provides access and  directs your web traffic. Not only is the information to and from the server encrypted, it appears as though the server is browsing the sites, not you.

This can be beneficial for you as a browser. Even if someone were spying on your personal connection, they would only see you connecting to a single server, not the specific pages you visit. You can also make it appear like you’re browsing from another location by changing the IP address. Because of this, you can view sites like Netflix and see content not available in your own country. Additionally, you can avoid internet censorship in countries that tend to have more restrictive regulations, like China.

These services are generally low in cost, especially if you purchase longer subscriptions. Actually, there are several options that offer basic services for free and only charge for premium options. Wow! This all sounds great! So, is there any catch?

VPN Security: A Razor in Your Apple

Everyone wants digital security, but just like with anti-virus software, a single program will never keep you fully safe.  Many users  don’t understand the natural limitations of VPNs, putting too much faith in them, particularly free versions.

For starters, no matter what the ads tell you, VPNs do not give you 100% security on the web. While someone spying on your network may not be able to see what you’re doing, the websites you visit sure do! If the site uses cookies, they attach themselves to your computer, not your IP address, so they can still affect you. Also, you don’t know what sort of security protocols the sites you visit have. In fact, VPNs can give you a dangerous sense of security when you should always be vigilant. For example, if you visit a nefarious site and give them your credit card information, your VPN can’t help. Even if you send your information to a legitimate site, your VPN is  powerless if that site gets hacked.

Another issue is VPNs increase the size of a hacker’s target. In the past few years, hackers have put more energy into breaking into larger targets to increase the payoff. Why steal the fish when you can steal the fish market, so to speak? VPN services provide a juicy target since access to those servers means having the browsing information of many users. This exact scenario took place in 2019 when NordVPN servers were hacked, leaving any and all traffic accessible for a period of a few months! If that happened to one of the biggest names in the game, think about how safe you could be!

Stay Safe at Home

While VPNs are far from a perfect solution, the idea behind them has some merit, namely in that by hiding and encrypting your connection, it makes it that much more difficult to have your data compromised. There are still ways to improve on this technology, though.

One of the best ways is to use a virtual office. This entails a complete virtual desktop provided to anyone with the credentials to log in. This can include everything from productivity software (such as MS Office) to actual data storage. This is a much more secure option for a variety of reasons. First of all, you log into one specific, secure system versus going from website to website. Also, this is a dedicated solution, allowing you to login with full confidence knowing who is handling your connection and data. Lastly, virtual offices are often administered by actual human beings, not just software, allowing any and all threats to be addressed in real-time.

While VPNs make your internet browsing safer, that’s like saying eating five pieces of candy instead of six prevents diabetes. If your business plans on doing any sort of remote or virtual connection, take a look at a virtual office. Don’t leave the setup and administration to just anyone. Contact us today to see just how quickly and safely you can get your employees connected without relying solely on tricky VPN security.

Password Security

Password Security: Don’t let your Password Haunt You

October is National Cybersecurity Month and password security is a big part of that! Cybersecurity is so important and appropriate to discuss considering how scary it is out there! As we regularly cover, hackers are getting more advanced by the day, despite security measures improving by leaps and bounds. Of course, no monster is all-powerful and there are ways to protect yourself against these dangers.

In this article, we’ll be discussing a feature that we all use (and abuse) every day: passwords. How insecure can this security feature be and what can you do to protect yourself and your business?

A Necessary Evil

We don’t think that there’s anyone out there that actually enjoys creating and using passwords. After all, they’re just another barrier between you and your data. However, that barrier is exactly what’s going to protect that data from the outside world.

Password Security Struggles

Since many of us struggle to remember passwords, we end up making a lot of common mistakes. These include:

  • Making the password as short as possible
  • Reusing passwords for multiple accounts
  • Not regularly changing the password
  • Using a word that’s easy for us to remember.

We’ve all been told that we should avoid these mistakes ad nauseum, but why?

A Real Monster

When you think of a scary beast like Frankenstein’s monster, what gives us the chills? The sheer physical strength that can break down any door you hide behind. There are software programs that work pretty much the same way, using Brute Force Attacks.

These attacks are codes/programs that test possible password after possible password using random combinations of letters and numbers until something works. Dictionary Attacks operate along the same lines, using all the words in the dictionary instead of just random letters and numbers. Passwords that are too short or too simple feed the success of Brute Force Attacks.

One recent program could crack any 8-character password in less than six hours! Once a hacker cracks that password, they then have access to anything that shares that password. If you use that password for business purposes, the payload is even bigger.

Is Your Password Worth It?

Although cyber pirates still buy large lists of passwords and other stolen data off of the Dark Web for quick hits, they’ve shifted in the past few years focusing on more time and effort on fewer but larger targets. These attacks may take up more of the hacker’s valuable time, but it brings in massive returns.

Naturally, there’s only so much you can milk from a single victim, but a company or organization has much deeper pockets and a lot more to lose. Think about the amount of cash in your personal bank account versus what your company may have at any given time. On top of that, think of all the resources your company has at its disposal that may be vulnerable in the event of an attack.

Fixing the Problem: The Password Security Silver Bullet

We’d be lying if we said there is a cure-all solution to the problem of password hacks because there isn’t any. However, that doesn’t mean that you’re completely vulnerable either. Below are a few ways to keep your password as safe as possible:

  1. Change your passwords regularly — In theory, a hacker could get your password correct eventually. If you keep changing it on a regular basis, you’ll keep them guessing, even if they got the old one correct. On average, we recommend changing passwords every 1-3 months.
  2. Get creative — The best defense for a dictionary attack is not to use words in the dictionary. Either create nonsensical strings of characters or use a combination of words that wouldn’t appear in any standard dictionary. Also, consider using upper and lowercase letters as well as numbers and special characters. As a general rule, the more difficult a password is to remember, the longer it would take for a software program to guess.
  3. Don’t reuse passwords — Having to remember multiple passwords can be a pain. For some of us, we have to use over a dozen passwords before we finish our first coffee! This recommendation keeps as much information as safe as possible if one of your passwords is compromised. Think of a ship or submarine with multiple compartments — if one springs a leak and fills up, close a door to mitigate the damage. If all of your passwords are the same, one lucky guess could bring your digital world crumbling.

Bring in a Champion

As hard as you might try, there’s only so much you can do to protect yourself and your company from threats to your password and overall security. Plus, keeping your system safe can be a full-time job in this world, and you already have one of those.

Instead of trying to fight this monster single-handed, consider bringing in the help of a professional monster killer! Our experienced team is more than happy to swoop in and assist your company with the strongest cyber protection on the market, including password management. Even if your walls have already been breached, we can help in the cleanup and future protection.