fbpx

Resources: IT Security

Cyber Aware

Be Cyber Aware: If You Connect It, Protect It

In today’s age, we all must be cyber aware. The average American today has access to more than 10 Internet Connected Devices in their household. Most have at least 2 computers and 2 smartphones. Across the world, an estimated 30 billion+ devices connect to the Internet. This connectivity generates massive potential for advancement; but in turn, creates a paradise for hackers. This is nothing new. Hacking has been on the rise since the dawn of connected technology. And here’s the problem. Most businesses have maintained the same security protocols for just as long. The theory is that what they’ve done so far has worked, so why is there any reason for change? Here are the seven reasons why technology is more dangerous than ever before:

Side Note: Why focus on cybersecurity now? October is National Cybersecurity Awareness Month. For the past 17 years, during October CISA and partners have focused on cybersecurity. Follow us on Facebook and LinkedIn for more tips and tricks throughout the month. 

Let’s Be Cyber Aware About Ransomware

The first computer virus was introduced in the 1970s. It took over systems by replicating on the hard drive until the user didn’t have system space to operate. It was actually built as an experiment and had no malicious intent/implications. Today, viruses aren’t child’s play or experiments, and the most dangerous one takes over the hard drive completely, encrypting every piece of data.

If you’re connected to a network, it can then infiltrate the servers and start encrypting there. If your data backups are also on that network, you lose all access to a clean backup.  The only way to get this data back is paying the ransom (not recommended under the vast majority of cases), or working with an IT company to revert back to a clean data/decrypt the files based on the specific ransomware in play. Either way, you’re spending a lot of money and time to get back what’s yours to begin with, your precious data.

Part of Being Cyber Aware is Knowledge of Phishing

Phishing emails at one time were super easy to spot. The Nigerian prince desperately needed to send you money if you inputted all of your personal information. Since then we have become more cyber aware, but phishing attempts have improved. Today, phishing attempts are a whole lot smoother. The perpetrator researches enough to identify your boss, then sends an email under his/her name asking you to discretely transfer money or send identifying financial information. Unless you’re looking at the exact email address it’s coming from (typically spoofed by one or two letters in the domain), all of a sudden you’ve transferred $40,000 into an unknown person’s account thinking it’s your CEO.

You won’t think anything of it until you speak with your CEO later and realize that is wasn’t really them. These honest mistakes cost companies hundreds of thousands of dollars every year with very little recourse to get the money back where it belongs. Some experts say that employee mistakes cause nearly 92% of breaches.

Insider Threats

As more people work remote, particularly with the urgency of the past six months, businesses have lost tight control on their data, increasing the threat of malicious insiders. While we want to trust every person working for us, that one disgruntled employee who decides to store a copy of the customer data before putting in his two-week notice, could wreak havoc on your business when they decide to work for your closest competitor. Virtual Office solutions can alleviate a lot of the pain this could cause and allow you to keep every piece of data exactly where it belongs.

Data Leaks and Password Practices

Malicious insiders can cause these leaks, but they’re also the password leaks from major players that you hear about frequently. You may be wondering how a LinkedIn password breach can really hurt you in the long run (after all they really just gain access to your professional resume). 53% of people admit to reusing their password on multiple accounts. Hackers rely on this. They can sell the password or utilize that password to hack much more dangerous things, like your banking institution. Our best recommendations: use complex passwords, don’t reuse passwords, use a password vault to keep track of all your passwords, and implement two-factor authentication wherever you can.

Become Cyber Aware About Cryptojacking

Cryptocurrency is a hackers’ favorite payment method. It is untraceable and extremely valuable. Beyond requiring cryptocurrency for the vast majority of ransomware attempts, some hackers infiltrate a system and use it to mine cryptocurrency without the user’s knowledge. They get in utilizing a malicious email link or through malvertising (advertising that carries nefarious code). A user may recognize slightly slower performance, but they more than likely never know that someone is using their system to mine cryptocurrency. Some codes also spread throughout networks, so that hackers can maximize their financial gain using someone else’s resources.

IoT Hacks

As we connect more devices to the Internet, particularly those items in our homes – stoves, cars, Alexa or Google – we open another target for hackers to infiltrate our lives. They may canvas homes through your connected camera system or baby monitor, install viruses on your stove or vehicle that impact performance, or begin speaking to y0u randomly from your device. IoT can be safe, but you must make sure you’re utilizing as many security precautions as humanely possible.

Hacker Advancement

The greatest advantage for hackers is they have become more sophisticated and educated overtime, and the good guys haven’t been able to keep up. If you’re relying on internal IT or an MSP without security expertise, your team is most likely behind on the threats and not implementing everything they need to keep your staff safe. They should implement things like phishing tests, employee education, dark web scanning, hosted back-up solutions, crisis planning, multi-factor authentication, and professional-grade permissions control for administrative privileges to keep you safe. If you’re unsure of your security level with your current IT solution, contact us.

Virtual Office: Can You Gain Mobility?

In our last article, we discussed the security benefits of using a virtual office. In this blog, we’ll cover how a virtual office can help to make your job easier and more enjoyable.

Let’s face it, you can have a beautiful corner office — but it’s still an office. Very few normal human beings enjoy being stuck in an office let alone commuting to one everyday. Thankfully, it seems that physical offices are becoming sparser these days for a wide variety of reasons.

Virtual Office: Why Consider Mobility?

Many of you reading this might have been skeptical about the idea of a mobile office. Back in the 1980s, mobile working meant having a giant word processor, dot matrix printer and wired car phone. Compared to what we have available today, that seems more like a nightmare than progress. Today, you may be concerned about how you can effectively manage your employees in a remote environment.

For the past decade or so, more businesses have been moving to mobile workers. This allows for flexibility, creates an always-on (or always-accessible) workforce, and eases national recruiting. Once the recent pandemic hit, much of their day to day operations continued without consequence. Those that hadn’t considered mobility were quickly forced into finding a way to send employees remote. Since we don’t know how long the current crisis will continue or what the future may present, the current COVID-19 pandemic is an excellent example of why it’s best to consider creating a virtual office.

If you can work from home or on the go, you’re free from the office and can work wherever, whenever. Have a doctor’s appointment? Keep up with your clients, so you don’t have to take personal time. Did last night’s weather make the roads unsafe? Run your reports from your home office while not putting your life at risk. It’s no secret that employees who have the option to work from anywhere are happier employees who often stay at their company longer.

Virtual Office: An Office In Your Pocket

Here’s an important question: why do you go into work all? Some people have to be at a location to do a specific task. For example, you won’t find too many jobs as a carpenter working remotely. If a particular job requires that a person be on location, there isn’t much you can change.

However, many of us come into the office every day just to sit at a computer and use commonly available software to do our job. Other than meetings (that can usually be an email) or for workplace gossip at lunch, there’s no reason you have to go to that office to sit at that computer. If a portion or all of your workforce fits into that category, why bother wasting all that money on a large workspace? Many companies find that even if a few employees have to be in the office, they can still cut down the size and location of facilities significantly. It’s not uncommon to see a company with 100+ employees using an office with less than a dozen offices or workstations.

A Real Solution

Up to this point, we’ve only talked about this concept of a mobile office in the abstract. What exactly is a mobile/virtual office?

You can log on to any system mobile, desktop, laptop or otherwise and have the same exact experience as you would have on your desktop computer. All of the apps are there, in full functionality, all with single sign-on and secure multi-factor authentication.

Besides being as secure as a bank vault, this style of a virtual office gives you the ability to work at any location on any device. Just a generation ago, no one could have dreamed of this kind of freedom or flexibility! Start your day off on your desktop, run a quick errand while connecting to your smartphone, sit on the back porch with your laptop, then end your workday lounging on your tablet—all while connected to the “office.” What happens if your device gets lost, damaged, or stolen? Nothing. Your data isn’t stored on the device itself and logging in requires multi-level authentication, which we routinely monitor.

While it’s true that other types of systems have existed in the past that allowed remote access to systems, they were rather clunky, slow and nonsecure.

Bring your operation into the 21st century! If you can move some or all of your workforce into virtual offices, now is the perfect time. Contact us today to see how we can quickly get your operation virtualized and running at peak efficiency—anytime, anywhere!

Is your Virtual Office Secure?

Many companies have found themselves forcing employees to work from home throughout the pandemic and now as we navigate hybrid learning environments. This trend has been a long time coming, but it seems like we’ve progressed more in the last six months than the previous 20 years combined.

Pandemic or not, remote working will be the future for many of us if it isn’t already the case. This month, we’ll be going over various reasons why you may want to consider making a move to a virtual office. In this article, we’ll be discussing a reason that’s near and dear to our hearts: security. 

Virtual vs Physical Office 

When some of you hear the term “virtual office,” you’re probably thinking of someone at home on their computer, all their work online. While that’s true, it’s important to understand that what we’re talking about is more specific than that.  

A proper virtual office allows someone to actually go to work in the most literal way possible without even stepping foot in a building. All the software and data that your employees would need would be available after logging into your system, often via a login on your company’s webpage. Once inside, your employees can literally do anything they need to do. They would be remote clients of every software your company uses, including accounting packages.  

A Safe Solution 

Virtual offices are one of the safest ways for your company to do business remotely. The biggest reason for this is the lack of any software on your employees’ own computers. Even if their computer gets hacked, there’s nothing on the hard drive that would belong to the company. In addition, since the employee is logging into the system, unless someone is literally behind their shoulder, there is no way for them to see what they’re doing.  

Much of the time, hackers get information based on the connection between your computer and the server you’re communicating with (the website’s hosting server). You could think of it like being wiretapped — the person listening in can get all the information you’re sharing with your friend on the other line. With a digital office, you’re basically entering a digital building, doing all your business inside, then leaving for the day.  

What a Digital Office Is Not 

Some of your smarties reading this article might be thinking, “Oh! They’re talking about a VPN.” While VPNs and virtual offices share some similarities, there are a few important differences. For one, VPNs work by encrypting your communication between you and the website you’re visiting. However, once you’re in contact with that website, you’re still vulnerable. What if the site uses cookies to track you or if their servers have been compromised? That VPN won’t do you a lick of good. 

Also, VPNs are often used on a network. It’s true that the entire network will be better protected with a VPN than without one, but if one device on the system gets infected, your entire network is defenseless. Even entire VPN services have been hacked in recent months, leaving millions of customers vulnerable. 

Let’s use the example of your child opening an infected email. If you’re using a virtual office, none of your company’s files, passwords or any other type of data will be in danger. The only way to access that information is to have the credentials to enter the entire system.  

This might make you think that gaining access is just as easy as someone stealing your password. However, entering the virtual office would require a password in addition to multi-factor authentication that would be monitored by your MSP. While any system could theoretically be breached, this form of accessing the system is about as ironclad as you can get these days.

A Smart Solution 

Of course, we’d be lying if we said that virtual offices are an impenetrable castle wall that would be 100% safe. Even with physical castle walls, it isn’t just the bricks and mortar that protect that people inside — it’s the design, workmanship and upkeep that stop the enemies from rushing in. 

Understanding how a virtual office works, best practices in its implementation and maintenance is what will decide the quality of your system in the long run. This sort of workspace can be complicated to set up and get used to, but once your company works this way for a short while, the peace of mind you have will make you wonder why you didn’t do this years ago. 

Naturally, with something this important, you’re going to want a company that knows what they’re doing from years of practical experience, not just from learning by watching a YouTube video on the topic. Especially when putting all your eggs in one basket (so to speak), you better make sure that basket is made from galvanized titanium covered in diamonds. Well, maybe not literally, but you get the point. 

Our team has been working with virtual offices (in whole or in part) for decades. We know what needs to be done and understand the very real danger of not doing it right the first time. If you’re finding your workplace become more and more sparse with your employees working remotely, don’t wait to call us today. We’d be happy to go over your specific needs and help develop a solution that will make your virtual office a secure workplace.  

The Hidden Costs of Hiring an IT Tech

If your business is at the point where you’re thinking about hiring a fulltime IT tech, congratulations! Having enough consistent needs to fill this role means you’ve worked hard and made good decisions that drove business growth. Our best advice? Don’t stop now!

Moving forward with hiring requires a lot of analysis to avoid major consequences down the line, though. One of the biggest decisions whether you’ll hire someone directly or use a third-party MSP (Managed Service Provider). In this article, we’ll get into the specifics of both scenarios.

Why Do You Need an IT Tech at All?

In the past, business people and tech people were two different breeds. Over the years, the gap has gradually shrunk to the point that many people are tech-savvy enough to get by for the little things. As your business has grown, though, you likely have needed to delegate many of your previous duties, like IT — even if you feel perfectly capable of handling them yourself. After all, when do you think was the last time Jeff Bezos packaged a shipment? Your IT needs have also likely grown much more complex.

If you don’t choose to delegate now, you fall into a major pitfall of leaving IT duties unassigned. In our current landscape, leaving an IT post open could be a death wish. Cyber attacks of all types are on the rise, and the amount of damage each one could impose is ballooning. For example, in 2016, the average ransomware attacker demanded $522. In 2020, that average sits around $84,000! Sadly, many of these attacks take place as a result of not having someone the wheel.

In addition, there’s the issue of efficiency and cost-effectiveness. Being lax over time can make your systems out of date, making it harder for everyone to get their work done at a reasonable rate. In addition, only replacing equipment when it’s broken and not when it functionally obsolete can create situations where portions of or your entire workforce will be unable to do any work at all for a time.

An In-House Solution

So, let’s say you’re on board with having one or more people make up your IT team, and you make the decision to hire them directly. One certain benefit is that you can look through a collection of qualified candidates and pick just the right person(s) that you want! But then the other shoe drops.

Just like any other employee, before you hire someone for your IT needs, you have to consider the costs. For instance, the average price of an IT professional is $60,000 per year. Alright, so you budget out $60,000 — then you’re all set, right? Far from it!

Where is this person going to work? Maybe you already have space for them, but these professionals require more expensive hardware and monitor setups. Additionally, you need to factor in the network diagnostic software plus any industry-specific software. Since they’ll generally be on call, they’ll need a phone with a good plan so you can always reach them and possibly a company car (or at least some form of vehicle reimbursement) if you have multiple locations. Don’t forget that expense account!

Besides the specific expenses mentioned above, remember that this person is still an employee, so you have all the other general costs your other employees have associated with them. This can include health/life insurance, vacation time, sick time, 401K plus any bonuses or overtime pay they may rack up.

And what do you do if they leave? The implicit and explicit costs can be truly staggering when you take the time to add it all up.

A Safer Option

In the past, the above option was the only choice most employers had available to them. Based on the high costs (both known and unknown) associated with hiring an IT professional, it’s no surprise that companies have flocked to an alternative option: MSPs.

With an MSP, you have all the benefits of a fulltime employee without the downsides.

They will be consistently available, knowledgable in your network, and focused entirely on IT rather than other day job expectations. Need assistance when it’s time for regular upgrades or maintenance? Want someone to redesign your entire IT setup? Looking for someone to completely take over your IT operations, including telephone, so you can focus 100% on your core business? These are the sorts of services you can get out of an MSP.

Even better, the price you sign in the contract is the price you know you have to pay month after month, unlike the many unknown costs of an employee. There are no HR issues to worry about and the work is on the shoulders of a company, not an individual.

If your company is at the point where you know you need dedicated IT personnel but are unsure about which direction you’d like to go, contact us ASAP. We would be more than happy to go over your needs and discuss the best options.

Surf Securely while Staying at Home

As this COVID-19 crisis drags on, we’ve noticed a few new habits amongst our clients. Some have taken this opportunity to get their business in order and prepare for a resurgence. Some are just gritting their teeth and holding on. Nearly all of them have increased their time on social media. In addition to typical surfing, we’re seeing dramatic increases in people filling out those pesky Facebook quizzes about their first loves, childhood homes, mother’s maiden names, and other little-known facts.

These quizzes seem innocent enough at first; however, they are a hacker’s dream. In fact, most of these quizzes are planted by hackers in hopes that people fill them out, innocently reveal their security question answers, and create an easy target to breach. Here are a few tips to keep safe.

  1. Just say no. We know we sound like a Debbie-Downer here, but it’s safest to just avoid Facebook quizzes altogether. Let’s paint the picture. Recently, there was a push to post your graduation photo and year “in support of 2020 graduates.” This sounds like a cute idea, but there’s a dark side. Hackers now have three pieces of information that are common security questions: where you went to high school, what year you graduated, and your high school mascot (they can easily look this up based on the information provided). Your support of graduates just opened you up to hacking. Sure, this doesn’t give up your username and password, but hackers might already have this information based on some previous phishing attempt or breach of a major database (think Target, medical records, or social media profile leaks). Now, they have the secondary layer of protection to your personal data. Alternatively, they use this information to create fake Facebook profiles that appear believable. Then, they send a bunch of friend requests to your existing friends and use it to harvest their personal data when they accept.
  2. Pretend everything you post is public. Regardless of your privacy settings, pretend that Facebook is a wall in the grungiest bathroom on your last road trip. Is this information that you would like posted on that wall? When you excitedly shared about your daughter’s first car, you revealed her security question information. You nostalgically told a story about your childhood neighborhood, there was another security question. It doesn’t matter if your profile is private or not. Hackers will find away.
  3. Give Fake Security Question information. If you just cannot refrain from taking these Facebook quizzes or posting, give fake information for your security challenge questions. For example, if the security question asks where you met your significant other, put something completely incorrect. Make sure it’s something that you will remember, but it shouldn’t be something that hackers could find published online.

Social media opens up privacy concerns that we’ve never had to consider before. We recognize that there is no turning back and becoming a recluse isn’t an option. Through this crisis and beyond, take every precaution you can to protect yourself, protect your business, and protect your identity.