Everyday Habits that Leave You Vulnerable Online

  1. You use the same password for multiple accounts

You already know that your passwords should be strong, duh. But besides using long combinations of random numbers, letters, and symbols, you should also make each password you use unique to that account. If you use the same password for multiple accounts, a hacker who gains access to one account also has access to your other accounts. So keep separate passwords and change them every few months. Sound like too much to remember? Some great options include LastPass or Dashlane.

 

  1. You overshare on social media

It’s easier than ever to share details of your life, but all that social media sharing can leave you vulnerable to identity thieves, who can piece together information you share to crack your passwords and answers to security questions. Disable location sharing, don’t reveal your birthday or the first concert you attended, and give a second thought to telling the world you’re on vacation. It’s always better to post after you’ve returned! There’s nothing worse than advertising that your home is unattended from this date to that date.

 

  1. You regularly connect to public Wi-Fi

Although you may enjoy setting up a makeshift office in a coffee shop equipped with Wi-Fi, tread very carefully. Public Wi-Fi networks make it easy for hackers to see everything you do while you use the connection. If you must use public Wi-Fi, never log into banks or social media accounts, and consider using a virtual private network (VPN) to protect your sensitive data. VPNs act like a tunnel around your information so potential thieves cannot see all your data.

 

  1. You immediately open unfamiliar email

If you don’t think twice before opening an email (or attachment) from an unfamiliar sender, you put yourself at serious risk of phishing. Phishers are scammers who send emails containing links or attachments that, once you click on them, can trick you into revealing your login information or infect your computer with malware or ransomware.

Be mindful before opening any unusual emails, and pause before clicking on links or attachments that seem suspect. Before you click on a link that appears to be from your bank, for example, go directly to your bank’s website or call your bank to determine if the email is legitimate.

Or, if you’re using a desktop computer, hover your pointer over the link and see where it really redirects to.

 

  1. You accept invitations to connect from strangers

Although online platforms offer legitimate professional networking opportunities, be wary of impulsively accepting invitations and requests from strangers. Cyberstalkers can use social networks to gain information on potential victims and send unwanted messages. Before you add a stranger to your social networks, take a good look at his or her profile and consider the risk. It can be easy to assume you’ve simply forgotten that person from a brief interaction at a networking event, but that’s why looking closely at their profile will help you weed out the scammers from the real people.

 

  1. You rely on autofill

When you’re logging in to an account or doing online shopping, autofill and autocomplete features can save a ton of time. But storing your data makes it seriously vulnerable to cybercriminals. Make sure you disable autofill on your browser, and take the extra time to manually type in your credit card number each time you buy something. It may seem like a hassle now, but it’s a breeze compared to dealing with identity theft. Trust us.

 

  1. You overlook your old accounts

Whether you have to create a username and password to read a random article or try a yoga class at a new studio, it’s easy to rack up a large number of online accounts. But having your personal information stored on multiple unused accounts can put your data at risk. Keep track of every new online account you open, and delete any accounts you no longer use. Doing so will ensure that only the companies and platforms that you’re active on will have access to your data.

 

  1. You leave your computer unattended

Some criminals are more low-tech. If you regularly leave your computer, phone, or tablet unattended, you put your information at risk. Even leaving your devices unattended while you go to the restroom or get coffee can leave you vulnerable. The United States Computer Emergency Readiness Team (US-CERT) recommends you lock your computer any time you’re away from it. Protect your devices with a password that you must enter each time, and close your laptop’s lid (or put it to sleep) when you step away from it.

 

The internet can be a very dangerous place. Contact us today to learn more about keeping your personal and professional online presence secure.

5 Ways to Keep Your Staff Mobile and Secure

These days, work doesn’t just happen from nine to five. With smartphones and other devices, business happens 24/7. As a boss, it’s important to foster mobility—but, at the same time, boundaries should be established to keep your data as secure as possible.

 

Even if you don’t supply your staff with company devices or require them to work from home, most employees still use their personal devices to access company information from work and on-the-go. For this reason, it’s important to take the security of these connected devices very seriously.

 

Here are a few best practices to keep your staff mobile and secure:

 

  1. Require training

Employees definitely won’t take cybersecurity seriously unless they truly understand the damage it can have on the company they work for. Require regular training sessions and motivate your staff to learn the implications of unsecured devices. No one wants to be the one responsible for taking down the entire business, do they?

 

  1. Require MDM software

Mobile Device Management (MDM) software allows you to secure company data if a device is lost. Downloaded only at the agreement of the device owner, this software can wipe data remotely, reset factory settings, or completely erase a device. You never know what can happen if a lost device winds up in the wrong hangs. MDM software is your plan B and shouldn’t be a problem if your staff has the company’s best interests at heart.

 

  1. Register and update

Register all connected devices with the IT department (or with upper management if you don’t have an IT department). Registering devices gives your techs the ability to know if and when a device turns up missing, and it also gives them the ability to monitor, track, and install all required updates. If you can’t get all your employees to remember to register new devices, then refuse Wi-Fi access to all unregistered devices. We all love free Wi-Fi at work, so taking it away until they register is a very effective method.

 

  1. Create a mobile device policy

Smartphone usage puts your company at risk when precautions aren’t taken. If employees want to use their devices for work (or on the company network), then you need to establish a BYOD (bring your own device) policy.  Most employees are more than willing to sign on the dotted line and accept the terms and conditions. Just make sure they know what they are and can completely understand them.

 

  1. Don’t forget about the apps

Most companies are so concerned with who is connected to their network that they forget to think about why they’re connected. With so many cloud storage apps, sharing apps and collaboration apps, the security fears are endless. Use mobile app security tools to identify problem apps and to block network access until threats are removed.

 

 

Not sure on where to start with all of this? Contact us today and we’ll be glad to help!

4 easy steps to protect yourself from ransomware

Make sure everything is up-to-date and patched to the most recent version

 

Ransomware searches for vulnerabilities in your software and operating system to find a way in and carry out its malicious plans. The WannaCry ransomware discovered a security hole in the Windows operating system and used it to spread across networks.

 

Vulnerabilities can be found in anything, like your email client, internet browser, server, and nearly any other software that connects to the vast internet. Vendors issue patches for their software very regularly, which you should install as soon as possible, as inconvenient as it may seem. It’s better to be safe than sorry.

 

Want an example? Microsoft had issued a patch for the vulnerability a month before the WannaCry attack, but unfortunately, hundreds of the thousands of computers hadn’t installed it.

 

With an antivirus—which you should definitely have, by the way—make sure that it’s set to automatically install the latest updates.

 

If you’re using an outdated operating system that is no longer supported, seriously consider upgrading to a newer version as well.

 

Minimize your attack range

 

As long as you’re connected to that pesky internet, there’s no such thing as absolute security. Even networks and computers that aren’t connected to the internet (air-gapped systems) aren’t absolutely secure.

 

An up-to-date antivirus unfortunately can’t protect you against the thousands of unknown viruses that are created every day, and a patched system won’t stop a zero-day attack (an attack that exploits a vulnerability that isn’t publicly known).

 

Therefore, you should try to plug the holes in your network as best you can. All major operating systems usually come with easy-to-use and pretty effective firewalls. Make sure that firewall is always turned on, and only open ports that you absolutely need.

 

With that being said, turn off operating system features and software that you don’t need. That includes file-sharing services and browser plugins like Flash and Java, which are rife with security holes.

 

Another smart measure that can reduce your attack range is keeping your work on a limited account as opposed to an administrative account. By not using an administrative account, you’ll be successfully limiting the access of the malware in the unfortunate case it does strike.

 

Monitor and manage your trust

 

Attackers often use phishing to deliver ransomware. Phishing is a type of scam that involves targeting victims with legitimate-looking messages that contain malicious links or infected attachments. Since the targets think the email comes from a trustworthy source, they’ll download and open the attachment, which will then deliver the ransomware.

 

So be very careful with the emails you receive, and don’t open any attachments unless you’re absolutely certain of the source. In case there’s any doubt, use the phone or social media to verify the authenticity of the message with the sender.

 

You should be very wary of certain file formats, including Microsoft Office documents (.doc, .xls), executables (.exe, .bat), and compressed archives (.zip, .rar). Cybercriminals commonly use Word macros to perform ransomware attacks.

 

Have a solid and tested backup plan

 

You should always be prepared for the worst coming to pass. While there have been certain scenarios where ransomware encryption has been successfully reversed at no consequence, for the most part, nothing short of paying the attackers will decrypt your files. Ain’t nobody got time for that.

 

That is exactly why you should always keep solid backups of your files. For files that don’t need to be modified, such as pictures and videos, you can use old-school DVDs. For other types, you can use other removable media, such as thumb drives.

 

External drives can work well, but they’ll be useless if they’re connected to your computer when it becomes infected. Sorry.

 

Cloud backups are good too as long as you make sure they aren’t mapped to local drives. Ransomware can go through all your local drives and encrypt their content, whether they’re on your hard drive or in the cloud.

 

Lastly, be careful when storing your archives in shared folders. Certain breeds of ransomware will scan your network and find unmapped shared folders and encrypt their content too.

What it Costs to Hire an IT Professional

You’ve probably thought about hiring an IT person at some point, and for good reason. The business world is becoming so reliant on technology that any network slowness or downtime can really impact your team’s efficiency, your client satisfaction, and your overall bottom line. But since technology is so precious (and expensive), the cost of hiring your own in-house IT person is a lot more than just the agreed upon salary.

So if you’re looking to hire your own IT person, listen up!

 

Cost

It’s important to keep in mind that there are several different job titles for IT professionals, so salaries will vary depending on the level of experience required. Small and medium sized businesses who do not currently have an IT department will start by hiring an entry level Computer/Network support technician.

According to payscale.com, the national average salary for a Computer-Network Support Technician is around $42,000 a year, or $18.03 an hour. So now that you have an idea of how much the salary is, let’s talk about everything else you’ll need.

Your new IT professional is going to need a real badass computer (most likely with several monitors) that can efficiently run all of the software needed to maintain your network. Speaking of software, you will definitely need to invest in network diagnostic tools and the most up-to-date security programs.

If you have multiple locations, they will most likely need a cell phone with a data plan and most likely a vehicle expense account or a company car. We haven’t even talked about benefits and worker compensation yet.

 

Where the Managed Service Provider comes in

As you can see, hiring an IT professional isn’t cheap. One person might not even be enough if you’re a larger business or if your business runs 24 hours a day (IT guys need to sleep too). So what’s the solution?

Managed Service Providers (MSPs). Think about it. Why hire an individual person to handle all of your technology needs when you can bring on an entire IT company for the same price, if not cheaper?

Managed Service Providers will not only have the skill and talent to keep your technology safe and up-to-date, but they will also have all of the resources needed to ensure all your hardware and software is running efficiently. Whether you have multiple locations or staff that works after-hours, a Managed Service Provider will give you piece of mind, so you can focus on what’s most important, running your business.

 

If you’re interested in learning whether or not managed services is right for your business, then give us a call today to schedule a private briefing with one of our technology consultants.

Things you should never do when creating passwords

Everyone always had advice on how to create a password… but what about how not to create a password? In other words, what are the things you should never do if you want to create and maintain a solid collection of passwords? Here are a few things to keep in mind.

Don’t use a word found in the dictionary.

Don’t ever create a password that consists of one lone word that can be tracked down inside a dictionary. When a group of hackers play out a brute force attack, automated software basically throws out a bunch of guesses until they find the correct password. And typically, dictionary words are the first guesses thrown out.

Don’t reuse passwords.

This goes two ways. Never take a password you’ve used in the past and use it for a new account, and never take a password that is currently being used on one account and use it for a second account. This is because if one account gets hacked, any account relying on the same credentials could also be hacked – and it won’t even be hard. All a hacker has to do is plug-and-play, no hacking necessary.

Don’t use a common phrase.

Just like it’s easy to crack a dictionary word, it’s also pretty easy to crack a password created from a common phrase… something like “ilovelove” or “peanutbutteandjelly” or “tobeornottobe.” Password-cracking software will automatically check for combinations like these, too.

Don’t use an ordered sequence of numbers.

Everyone says to throw numbers and characters into your passwords to make them stronger, and that’s a solid tip. However, it doesn’t always help. For example, throwing a 1 or 123 onto the back or front of a password won’t do anyone any good except a hacker. To legitimately strengthen your password, shoot for random combinations of numbers (5024 versus 1234) or a random placement (pass5024word versus password5024).

Don’t use something that can be found on social media.

Sometimes hackings are targeted and closer to home. It’s not always a massive attack on a random website. Because of this, you need to be careful with the “things” you base your passwords off. For example, using your spouse’s name or your favorite football team as your password isn’t a good idea. This type of information can quickly be found on your social media profiles.

Don’t write your passwords down.

For some weird reason, people think it’s okay to write down their passwords and keep them on their desks or stored in a drawer. This is a terrible idea. Random hackers from some far-off country aren’t the only sources of hackings. A hacking could happen right in your own background and even inside your own office. Don’t leave your password laying around from someone to pick up and do what they please with.

Don’t share your passwords.

Never at any point is it okay to just give your passwords out. Even if it is a trusted friend or your brother from another mother, don’t do it. They may not do it intentionally but there’s always the possibility that your password could get loose. It’s better to play it safe and keep your passwords to yourself.

 

The Internet can be a very dangerous place, which is why it’s important to have strong passwords as your first line of defense. If you’d like to learn more about internet security and best practices, contact us today!

Four Ways Cyber-criminals use Social Engineering to Steal your Data

Social engineering is yet another tactic cybercriminals could use to steal data from an unsuspecting company. However, this tactic is slightly different than typical methods, mainly because it preys on the human element. Here are a few of the most common ways social engineering could play out in your business.

 

They could send an email.

The majority of people are most accustomed to this form of social engineering, commonly known as “Phishing.”  They receive an email with a message asking them to send over private information, download an attachment, or click on a link. Another strategy used is called “Pretexting,” in which the criminal uses personal information they already have (such as your birthday, address, or social security number) in order to get more information from the victim.

 

They could offer something.

These criminals could offer you something in return for specific information. Some of the information they could request are login credentials, credit card numbers, or client records. The hacker will typically offer a large sum of money in exchange for the info, but don’t expect a dime from them. If it’s too good to be true, then it probably isn’t.

 

They could pose as someone you know.

In most cases, a person using social engineering tactics will pretend to be someone they aren’t. The criminal could pose as your boss or a friend, and send you an email asking for a favor or to wire money to a bank account number they provide. They are also infamous for creating fake social media profiles and reeling in their victims that way. These types of attacks have increased over the years thanks to sites like Google and LinkedIn, which hackers use to find out just about anything they want about a company and its executives.

 

They could put up an advertisement

You see an online advertisement everywhere these days, and cybercriminals have caught on to the trend. They are becoming notorious for running extensive online advertising campaigns, in which they will offer a product or service, and then trick the victim into downloading ransomware onto their computer. Commonly referred to as the “Rogue” technique, you will most commonly see this as an advertisement for an anti-virus software, or as an alert from your computer stating your system has been infected.

 

Social engineering won’t be going away anytime soon, which is why it’s crucial to regularly train your staff on email and internet best practices. If you need any assistance protecting your business from these types of attacks, then give us a call today!

3 Ways to Enforce an Internet Culture at Work

It’s safe to assume that you want your staff to be more productive and efficient when at work. It may also be safe to assume that you’ve seen your employees waste a lot of time on the internet when they should be working instead. They’ll waste time on Facebook, stream movies on Netflix, order stuff off of Amazon, and they might even be on Monster.com looking for another job (on your dime).

As a matter of fact, studies show that around 64% of employees waste an average of 2-hours a day on non-work related websites every day. That’s 25% of their work day if they work the typical 8-hour shift!

So if you’re looking to get your employees back to work, follow these three simple steps:

 

Content Filtering

The easiest way to boost productivity is by enforcing content filtering, which involves placing limitations on which websites your employees are allowed to visit and when. The best part is, you probably already have the tool you need to do this! Your firewall, which is typically used to sets rules on what’s allowed to enter or leave your network, will most likely have a content filtering management tool for you to block certain websites, popular messaging and chat applications, game applications, and to set security options to disable certain online activities.

If you don’t have a firewall, you have bigger problems to worry about.

 

Implement a Computer Usage Policy

If you don’t feel comfortable blocking user internet access, another option would be to create a Computer Usage Policy, in which you would review with and have all employees sign. This should also be a part of the onboarding paperwork when you bring on a new employee.

An effective Computer Usage Policy will clearly outline which websites they can and cannot visit during business hours, what they can and cannot download, email best practices, and computer misuse policies. Even with all of this, you need to clearly outline the disciplinary action that you will take if an employee violates the policy, which needs to be strictly enforced and consistent across all departments. They need to understand that their computer and internet access is the property of the company, and should only be used for work-related purposes.

 

Passwords

The third, and probably easiest, way to limit internet access is by setting password-level controls. Think of it as setting parental controls for your children at home. This process includes assigning each employee to a specific network user group with preset rules and limitations based on their log-in passwords, which would carry over no matter which computer they use. This would be a great strategy if you have some employees that share computers in the office.

 

If you need assistance implementing an internet culture for your business, please give us a call today. We have the knowledge and expertise to get those 64% of time-wasting employees back to work!

Why It’s Important to Have a BYOD Policy

Because mobility and accessibility are crucial to your competitive edge, you don’t have the option to eliminate all those connected devices accessing your company database and sensitive client information. BYOD, or Bring Your Own Device, is a major security concern for businesses of all types.

Here are a few good tips to keep your data private but your staff mobile.

Remote Wipe

If a member of your team loses their phone or if their laptop is stolen, you need the ability to remote wipe their data. Even if someone has physical access to the device, they won’t have full access to your company’s database or the ability to view confidential documents. The only caveat here is that a remote wipe usually deletes everything from a device, including personal documents, photos, and music. So make sure your staff knows the consequences of a remote wipe before they store irreplaceable images or music on their laptop or phone. A good alternative is to suggest a cloud storage option, so even if a device gets wiped, personal data is safe on the cloud.

Detailed Policy

If you notice devices floating around your office or if you know your staff is accessing their emails and reports from home, then it might be time to draft a BYOD policy. A written policy is your chance to teach your staff right from wrong and to make sure they understand the risks associated with on-the-go work. Your BYOD policy will give you the right to remote wipe and to install anti-virus software on all connected devices.

A huge area you need to focus on within this policy is what happens when someone is fired or quits their job. How do you handle the information stored on their devices? On that same note, will you monitor the location of these devices? At all times? Will your employees be okay with this?

Mobile Device Management

You might want to consider a full-blown Mobile Device Management program like MobileIron or AirWatch. Using a program like these two will give you full control over all connected devices. Configure device settings, prevent data loss, receive unbroken visibility, and impose restrictions on downloads and Wi-Fi access. Make sure to have an open conversation with your employees before going this route, as MDM strips a lot of privacy an independence from a person.

Device Locks

Like a good password, device locks are crucial. Every device should have a password that keeps it locked when not in use or after a certain number of seconds. A device lock is the moat around your castle. It provides the first line of defense against physical intrusion. All it takes is an employee leaving their smartphone on the table at a coffee shop while they run to the restroom and someone grabbing it on the way out. With no device lock, that stranger now has full access to your network, data, client information, and everything else.

Strong Passwords

If you have a company-wide email platform, CRM, or file-sharing program, distinguish rules to enforce certain password restrictions. For instance, you are unable to use the combination “123”and you are not allowed to use your name. You have to use at least one capital letter, one number, and one special character. This way, if someone gains access to an employee’s phone or tablet, it’s considerably more difficult to hack into the company’s CRM through their personal account.

The Easiest Way to Master Dropbox

As you probably already know, Dropbox has achieved its reputation by providing a simple solution: as long as you have an internet connection, you can get almost instant access to your files on any device, anytime, anywhere.

However, even today, some people are still unaccustomed to storing their personal data in the cloud. Your precious documents and photos may seem like they’re safe on your computer, until it’s stolen or your hard drive crashes. By then, it’s probably too late. Sorry.

Having your files backed up in the event of an emergency is an obvious Dropbox advantage, but the service has evolved into much more than a digital storage box in the cloud. Here are a few tips on how to master your Dropbox service:

Make the most of the free space Dropbox provides

Every Dropbox account gets 2GB of free space, but there are several things you can do to earn more free storage without paying a monthly subscription. You can get up to 16GB of free space by inviting friends who haven’t yet signed up for Dropbox. Each successful referral gets you 500MB. To receive an additional 3GBof free space, download Dropbox’s free photo management app: Carousel. And if you link your Dropbox account with its email app (Mailbox) you’ll get an additional 1GB of space.

Enable two-step verification to protect your account

If you want to protect your files from being hacked, make sure to enable two-step verification. This means whenever you try to log into Dropbox on a new deice, a secondary code will be sent to your phone number. You’ll have to enter that code along with your main password in order to log in. Two-step verification can be a bit of a hassle, but it’s a great way to increase the security of your account and rest easy knowing your data is protected.

Use Selective Sync to control which folders sync across devices

Dropbox has a feature called Selective Sync that lets you manually choose which folders to sync. This can be helpful if you have a particular folder on your desktop that you don’t want showing up on your smart phone, or vice versa. We all need our privacy at some point, right?

Work on Microsoft Office documents

Dropbox is integrated with Microsoft Office, meaning any Word, PowerPoint, or Excel file stored in Dropbox can be edited directly in your web browser using Office Online. To begin editing, click the “Open” button while previewing a document on the web in Dropbox, and any changes that are made will be synced back to your Dropbox.

Anyone can upload files to your Dropbox (even if they don’t have an account)

Thanks to a feature called “file requests,” someone doesn’t have to be a Dropbox user to upload files to your account. This is useful if you’re someone like a teacher who initiates homework requests from students, or maybe you just need a document from a co-worker. Files can be up to 2GB in size, which makes it a more effective delivery method than email for larger files.

How to Remember to Use All Those Apps You Download

Many people see smartpho

Many people see smartphone apps as the end-all be-all of their productivity challenges.

If I download this app and that app, maybe I’ll finally get my to-do list sorted out. Maybe I’ll even look at it after I create it. Wouldn’t that be something?

But, unfortunately, most of us go about this the wrong way: downloading the wrong apps and organizing them the wrong way. So to help you be more productive, let’s address the elephant in the room.

Organizing

Finding an efficient way to organize your apps is almost as important as downloading the apps themselves. For this reason, organizing your apps should be the very first thing you consider, well before you get lost in the black hole that is the app store.

If you install a new calendar, file-sharing app, or project management tool, you need to keep these items in plain view, making you more prone to actually use them. Widgets can be effective but these slow down your phone and clog up valuable real estate on your home screen. Instead, organize your apps into folders, separating them by type—money, projects, tools, coupons, games, social, etc.

If you want your home screen free of clutter, then situate these folders on the screen immediately to the left or right of your home screen. Organizing your apps into folders will ultimately help you maneuver through apps quickly and with little effort. No more wasting time scrolling through an unorganized mess of four pages of apps.

There are other ways to separate your apps as well. For example, Yahoo offers a customizable home screen layout called Yahoo Aviate Launcher. In one swipe, your apps are auto-categorized, and with another swipe, they’re alphabetized. Swipe up to see your “Quick Contacts” and swipe left to view customizable cards and information.

Downloading

When downloading apps, you need to keep three factors in mind: usable, reasonable, and exclusive. These three factors are not meant to control your app experience but to manage it, because when we digitally walk into an app store, we’re too easily swayed by the “Ooh shiny” syndrome. This syndrome causes us to download one app after the other after the other for no other reason than just to download it. While this pattern may appear harmless, all it will really do is clog up your phone and make it harder for you to find and use the apps that can actually keep you productive and focused.

Usable: Will you use this app? For what purpose? Is this a legitimate purpose? Did you read the entire description, reviews included? Did you browse alternatives before stumbling upon this app?

Reasonable: Is it reasonable to conclude that you will actually use this app for the intended purpose? Is the app laid out in a fashion that is easy to use and aesthetically pleasing?

Exclusive: Do you already have an app that serves this same purpose? If yes, why do you need this app in particular? Is it better than the app you already have installed? Will you delete the other app if you download this one?

Keep these three factors in mind at all times when browsing and installing new apps, and your overall experience with smartphone applications should be one that is much more productive, efficient, and realistic. Just don’t forget to organize them! You don’t want all that hard work of ‘tapping to install’ to go to waste, do you?