How Encryption Works

The remarkable growth of the Internet has thrilled businesses and consumers alike with its promise of changing the way we live and work. It’s easy to buy and sell goods all over the world from a desktop, laptop or mobile device. But privacy and security are major concerns on the Internet, especially when you’re using it to send sensitive information between parties.

There’s a whole lot of information that we don’t want other people to see, such as:

  • Credit-card information
  • Social Security numbers
  • Private correspondence
  • Personal details
  • Sensitive company information
  • Bank-account information ­

Information security is provided on computers and over the Internet by a variety of methods. But the most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it.

Recent history

The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally.

Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s.

The Rijndael encryption algorithm was adopted by the US Government as standard symmetric-key encryption, or Advanced Encryption Standard (AES). AES was announced by National Institute of Standards and Technology (NIST) on November 26, 2001 after a 5-year standardization process.

Many encryption algorithms exist but the two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.

How Encryption Secures Communication on the Web

For many years, the SSL (Secure Sockets Layer) protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.

Here’s a simple explanation of the process:

  1. It begins when the browser requests a secure page (usually https://)
  2. The web server then sends its public key with its certificate.
  3. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid, and that the certificate is related to the site contacted.
  4. The browser then uses the public key to encrypt a random symmetric encryption key, and sends it to the server with the encrypted URL required. as well as other encrypted http data.
  5. The web server decrypts the symmetric encryption key using its private key, and uses the browser’s symmetric key to decrypt its URL and http data.
  6. The web server sends back the requested html document and http data encrypted with the browser’s symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.

Security and privacy will always be a concern for those of us who utilize the Internet, because there will always be a battle between developers who are engaged in improving security and privacy, and hackers who are seeking to undermine it.

Is cyber security a concern for your business? Then give us a call today to schedule some time with one of our security experts.

How Businesses can use Social Media Effectively

Social Media Is considered to be the future of digital marketing, but how to plug in to this massive new movement is a genuine business concern. A lot of businesses still struggle with understanding how to use social media effectively.

As a business owner, it can be tempting to want to jump right in and establish profiles on sites like Facebook, Twitter, Instagram, and Snapchat. After all, social media can be a great way to attract and convert new customers.

But in order to be successful on social media, you have to do more than merely participate. You have to effectively engage your followers and create a relationship with them.  And like any relationship, you need to show them that you care about them and share their concerns. Only then will you be able to get any sort of ROI from the time, energy, and money that you put into social media.

Here are some ways to humanize your social media marketing efforts:

  1. Treat Your Followers like People, not Numbers

In the recent past, businesses relied on personal relationships to make sales and retain customers. They built genuine trust and established real relationships with their customers.

Try to create the same experience for your social media followers. Instead of relying on metrics or page views, pay attention to engagement. Engagement essentially refers to the number of authentic, real (as in not spam) comments and shares you receive from your online community.

  1. The 5-3-2 Rule

The people who follow you on social media may not be customers yet, but they are potential ones. Don’t overwhelm with them with promotional ads, discounts, pop-ups, etc. Savvy social media users ignore these and look for companies that treat them respectfully as individuals.

How can you tell if you’ve gone overboard with promotional messages? The 5-3-2 rule is a good way to keep things in check. Developed by TA McCann of Gist, it involves posting in a ratio of:

  • Five social media posts based on information from others that’s relevant to your audience.
  • Three non-sales related posts based on your information that’s relevant to your audience.
  • Two personal posts that aren’t business-related and help humanize you and your brand.
  1. Take Your Time

Social media is all about the long sell. Your goal isn’t necessarily to generate sales with every promotional tweet or status update you run (although it’s great when that happens from time to time). Instead, look at every new interaction as an opportunity to build engagement with your followers. With each message, their understanding, trust and appreciation of your brand grows, as does their willingness to buy from you in the future.

  1. Be a Good Listener

One of the best things you can do to boost ROI is simply to be a good listener. Encourage your followers to give you feedback on your products, services and brand. Let them know that you’re listening and that you value their feedback.

Learn when your followers are active and how they prefer to be engaged, and what types of content or information they value most. From there, you can make changes that are intended to strengthen the relationship you have with the people you’re ultimately trying to convert.

There’s nothing wrong with wanting your social media marketing efforts to result in a positive ROI for your investment of time and money, but you can’t force it. To be successful with social media, focus less on sales and more on people, taking the time needed to develop solid, long-term relationships.

 

The 5 basic requirements of a culture of security

Securing your network and data isn’t just about a strong antivirus solution.  It’s a lot more than that.

It’s about employees.  It’s about leadership.  It’s about thought processes.  It’s about how all of these things tie into each other to create, support, and encourage a culture of security.  When you integrate these elements into your cyber-security strategy successfully, your business will be better off, and you’ll have a legitimate chance to fight off cyber-threats.

So then the question naturally becomes: Does your preexisting security solution take into consideration the human element or does it begin and end with software?

In other words, have you created a culture of security or are you just doing the bare minimum and hoping for the best?

Building an effective culture of security within your organization is not an easy thing to do.  It’s not a one-time thing.  And it’s definitely not something that can be accomplished within a month (or even a year – heck, who knows how long it takes).  It’s a process that never stops evolving and will never go away.

But when it comes to the most basic requirements for a culture of security, these things never change.  If you go about them the right way, they can be simple to achieve and accomplished in a far shorter timeframe.  Here are the five most basic requirements of a culture of security.

Everyone has buy-in.

If you’re struggling to build a holistic security culture, this might be the reason you’re struggling.  Everyone on your team has to offer up their ‘buy-in’ – or their unwavering support of the process as a whole.  If not, then what you’ll be greeted with is indifference and half-hearted attempts at maintaining standard security protocols.  Not a strong security culture.

Everyone knows the basics.

When it comes to online security, things can quickly get… complex.  But, nonetheless, everyone should (and can) be familiar with the basics – like phishing, corrupt ads, patching, viruses, and passwords.  If they don’t understand how these things work, then why would they ever worry about protecting themselves (and your data) against them?  Train your staff on the basics and make sure everyone in your organization understands what they are.

Everyone gets the why.

The ‘why’ of everything is incredibly important.  If people can’t wrap their head around the fallout of a successful phishing attack or if they just don’t get the point of patching outdated software, then, again, why would they worry about any of it?  Don’t be ashamed to reassert over and over again why security is important.  Explain what happens when cyber-threats are successful and what they can ultimately cost the business.

Everyone stays suspicious.

Suspicion is everyone’s greatest ally.  The more suspicious your employees are, the more likely it is that your business can sidestep potentially fatal cyber-attacks.  If your employee opens an email and thinks, “I don’t know who this is, so why would they be sending me an attachment?” then you’ve done your job.  But this ties into everything else – they won’t be suspicious if they don’t know the basics, and if they don’t understand the basics, then they won’t understand the repercussions.

Everyone follows the rules.

Obviously, if you’re going to have a legitimate culture of security, then everyone needs to follow the rules.  It’s simple really.  You establish basic protocols, and they follow these protocols.  And you probably know what comes next – none of this will be possible if your employees don’t have buy-in, they don’t understand why all of it is important, and they don’t know how to adopt a suspicious mindset.  Make sure you take the steps to lay out a solid foundation for a strong culture of security.  One missed requirement can mean the death of your network, your business, and your future.

Reusing a password is dangerous, but most everyone does it.

91% of people understand the risk of reusing a password.  Yet, 61% of people still use the same password or a similar password from one account to the next.

Why is this?

Well, according to LastPass, you can blame Cognitive Dissonance for that.  “You know it’s bad for you, but you do it anyways.”  Maybe you rationalize this behavior because you believe that no one would ever want to hack your accounts.  You’re nothing special…  Or maybe you rationalize this behavior because you think you’re way too organized to ever be the target of an attack.  No one could ever get past you…   

But nonetheless, a breach is a breach is a breach.  And if you’re reusing a password, you’re in for a world of hacking.

You get it.

LastPass asserts that 59% of people know how important a good password is, 91% of people know reusing passwords is risky, and 75% of people know what a strong password looks like.  So… you get it.  You know passwords are important, and you know what it takes to make your passwords secure.

We get it.

But even despite these rather positive statistics, you aren’t doing what you know to be right.  41% of people choose a password because it’s easy to remember, 61% of people reuse passwords, and the majority of people use personal information to create passwords.

But, still… we get it.

You have a million and one accounts… each with a desperate need for a new password.  If you create a new password for each account, you’ll have a million and one passwords floating around your head.  And even if all these passwords you create are “easy to remember,” they’ll still be difficult to recall just due to the sheer number of how many logins you’re required to remember.

Everyone can get it.

But at the end of the day, things really don’t have to be so difficult and all over the place.  You just have to be smart about things.

If you aren’t comfortable with a password manager (a solution that will remember all your passwords for you, like LastPass), then you need to find a simple way to create secure passwords.  This can be anything really, and if your strategy is reliable enough, you can streamline it across all your accounts.

For example, you can use the name of the website, a standard phrase, and a uniform string of numbers and characters. Here’s what that could potentially look like:

Netflix: PizzaisgreatNetflix930!

Hulu: PizzaisgreatHulu930!

Facebook: PizzaisgreatFacebook930!

Amazon: PizzaisgreatAmazon930!

This strategic password is easy to remember and would be incredibly difficult to crack.  It can work for each account you have, and it has everything a password needs to be secure and hard-to-crack.

Another option you have is to use Two-Factor Authentication.  Most major sites offer 2FA, and it provides an extra layer of security for your accounts.  Since 2FA usually requires a user to verify another source (through avenues such as text messaging or emailing), hacking an account with 2FA would be pretty difficult.  It would involve a skilled a hacker and a lot of time.

 

Whatever it is you decide to do, make sure you’re smart about it.  Don’t fall back on simple, insecure passwords just because you feel you’re not worthy of being hacked or because you think you can prevent a hack before it gets to you.  Keep your passwords strong, unique, and strategic.

It’s time you start thinking like a smooth criminal.

Let’s get one thing straight here right off the bat. Annie’s not ok.

She’s worried about the security of her data.

With the threat of hackers looming over her head, she’s concerned about keeping her client information safe and her business financials secure. So she invests the time in creating a business continuity plan and implements safety precautions to safeguard her existing technologies. Things are going great until a higher level executive steals an external hard drive containing confidential client information from the accounting office.

What went wrong? How did this internal threat slip by?

Annie was so concerned about outside threats, that she completely disregarded the possibility of internal data breaches. She didn’t protect the one area that most wrong-doers would consider first.

It’s simple really.

Annie wasn’t thinking like a criminal.

Are you?

If you think your business is protected just because you have a security policy in place to deal with hackers, you’re sadly mistaken. In order to be truly secure when it comes to your business, you have to have policies in place to deal with both internal and external threats, which includes physical theft.

A great example of this is the Lowe’s case a few years ago.

In an elaborate scam, three men reportedly stole more than $80,000 worth of merchandise from Lowe’s Home Improvement stores. Every day over the course of three months, the men would drive for hours going from Lowe’s store to Lowe’s store, stealing high dollar tool sets. One man would walk in, buy an expensive tool set, leave the store and hand his receipt to one of his cohorts. The second accomplice would walk in, get another package of the same tool set and leave the store with the package and the receipt, appearing to have legitimately made a purchase. After doing this at a couple of different stores, the men would then go to another Lowe’s, return the merchandise and pocket the cash.

Being the large-scale hardware chain that it is, I’m certain Lowe’s has some kind of security feature in place to deal with things like data hackers or breaches, but when it comes to physical security, these stores were clearly lacking. Perhaps if they had some way of marking the receipts to indicate that the item had been returned, a crime spree like this one wouldn’t have occurred so easily.

 

There’s no reason to be struck by a smooth criminal. It all starts by protecting your business both externally AND internally. Need a hand? Then give us a call today to speak to schedule a private briefing with one of our security experts. We’re here to help!

Three Reasons Technology Changes are Good for Business

There are very few things that can positively affect multiple facets of your business at once. Usually, the impact of changes made to your business is segregated by department, function, position, or service. In other words, these changes don’t have what it takes to influence other areas of your business. However, this isn’t always the case with technology.

With simple changes to your technology, you have the potential to make a large impact – an impact that will affect more than just one department, one person, or one function. A change as minimal as new software and something as unexciting as regular hardware maintenance can easily keep your business well-oiled and your staff thriving, paving the way to a steady future.

Here are just a few of the benefits that stem from a technology infrastructure that isn’t afraid to change.

You will attract better employees and retain them for longer.

Believe it or not, the status of your technology affects the relationship your entire staff has with your business. If you’re working with outdated or uncooperative technology, your employees will struggle to perform as expected. And if they’re struggling to perform as expected, how are they ever going to exceed expectations within their given position?  Your employees will likely feel overwhelmed and unsatisfied.

You will experience better customer service results. 

Updated, modern technology is really good at doing one thing – working exactly like it’s supposed to work. When you have technology that does what it should when it should, then your employees will have a legitimate shot at providing quality customer service on a consistent basis. And that’s all any customer really wants – consistency.

You will stand out from the competition and look more sophisticated.

The funny thing about technology is that it can make any style, brand, or size of business look more sophisticated than it might actually be. With the right IT solutions in place, your business will look like a well-oiled machine that knows what they’re doing at all times. Even if your competition is overflowing with talented, knowledgeable individuals, if their technology is poorly maintained and half-heartedly implemented, they’ll look sloppy in comparison.

 

Is your business in need of a technology upgrade? Well, you’ve come to the right place. We’ve helped local businesses build their competitive edge through modern technology, and we can do the same for your business. Give us a call today to learn more!

Want to protect the data on your mobile devices? Remember these 4 tips.

Data is a valuable thing for any business. Within it, is the past, present, and future of what your business is, what it does, and who it does it with. And there are pieces of this story that should never be shared with others. But unfortunately, sharing is just way too easy these day – especially when you consider that your business data can go anywhere, with anyone, on any device.

Just one of the many perks of modern mobility.

So for the sake of privacy and for hopes of avoiding data breaches, hackers, and snoops, here are a few quick tips to help keep your data private when it’s on-the-go and mobile.

Public Wi-Fi

Public Wi-Fi is great, but it’s not always friendly. There is such a thing as a malicious Wi-Fi hotspot, and if you connect to something like this, any number of things can occur. For one, the creator of this hotspot can potentially track everything you type and everywhere you go within that mobile device of yours. Or, they can just throw some nasty viruses in your direction. Either way, both situations are not pleasant.

If you must connect to public Wi-Fi, do so with caution. Make sure everything looks as it should and always stay away from private, sensitive data when you’re connected.

Locked Devices

One major issue with data being on mobile devices is that it can be lost or stolen with no hacking necessary. In other words, you lose the device, you lose the data. Someone steals your device, someone also steals your data. Because of this, you need to take a handful of proactive measures to ensure this data isn’t easily accessible when it is lost or stolen.

And the very first step you should take is locking your screen. Never leave your device wide-open to threats by keeping it unlocked. Whether it’s a pin-code, password, or fingerprint, something is always better than nothing.

Gadget-Finding Apps

While we’re on the subject of proactive measures, another one you can take is with a gadget-finding, device-turning-on, data-wiping app. These apps are great to have at your side for a variety of reasons – they can help you track down a lost device, lock your gadgets remotely, and even turn the camera on for you. However, when it comes to your data, things get even better.

Some of these gadget-finding apps are capable of remotely retrieving data for you, as well as wiping your device of all its data. So in other words, if your phone or laptop is stolen, all you have to do is tell the app to wipe the device and remove all its data. Sure, you’re device will still be stolen, and sure, you’ll be down a whole lot of data. But at the end of the day, this still beats some stranger creeping on your private data.

Some well-known gadget-finding apps are Prey, Avast Anti-Theft, Lookout, and Cerberus.

Saving Passwords

Hypothetically, say your phone or laptop is stolen and the person who steals your device does manage to get through the lock screen. If this happens, you don’t want this person to get into your accounts – for example, to log into any sensitive apps you’ve downloaded or hop onto any websites you have an account with.

To avoid a situation like this, you’ll need to make sure you always log out of your online accounts. Unfortunately, this means you shouldn’t allow websites or apps to remember your login credentials – even if it is convenient. Because remember… the website doesn’t remember the password for you… it remembers the password for the device – whether it’s in your hands or not.

 

Do you have employees that work from home or out of the office? Are you taking the necessary precautions to ensure the security of your company’s data?

You don’t need to sacrifice security for mobility! Give us a call today to learn how you can keep your business mobile and protected.

Three Areas You Should Include in Your Cyber-Security Strategy

It’s no secret… most small to medium-sized business don’t have a very elaborate cyber-security strategy. They might have a few areas covered, maybe a handful of items listed in the very back of the employee handbook, and probably a decent anti-virus solution installed to protect their workstations. But that’s where things end, and considering things didn’t go very far, that’s not a good sign.

So if you’re going to make strides to improve your cyber-security strategy this year (which you probably should), here are three critical areas you should consider.

Training

The human element… this will always be your greatest security weakness. And this is because humans aren’t perfect. We mess up. We make mistakes. We do things we shouldn’t. That’s just how the cookie crumbles. However, with just a little training, the majority of these mistakes can be avoided or, at the very least, minimized.

Your employees should be trained on social engineering. They should be educated on prevalent cyber-threats. And they should know the ins and outs of things like password creation, phishing, and malicious ads. With minimal training in these areas, your business can avoid most security threats.

Passwords

If you want to keep your network and all the accounts that fall inside it secure, then you need to have good, strong credentials to back them up. But you can’t just expect this to happen naturally – because it won’t. It’s just way too easy to create bad passwords… so unless there’s something set in place that tells people how to create their passwords, people will more than likely create passwords that are easy-to-crack.

To make sure this doesn’t happen, you must create, implement, and follow a solid password policy. This policy should cover topics like when to create new credentials, how long your passwords should be, and whether or not they should incorporate capital letters, symbols, and numbers.

Mobile Devices

Modern companies are mobile-friendly companies. Employees work on-the-go using the devices they’re most comfortable with – like laptops, tablets, and smartphones. While this behavior can improve productivity and maximize opportunities, it can also increase your odds of suffering from a data breach.

Unfortunately, though, it can be hard to enforce a policy that says, “You are not allowed to lose your mobile devices.” So because of this, you need to incorporate features like remote wiping, phone-finding software, and mandatory security patching into your Bring Your Own Device (BYOD) policy. And you should encourage people not to connect to public Wi-Fi, to never share devices, and to keep their devices locked with a strong passcode.

 

Do you have a plan in place for upgrading your security strategy? If you’re not sure where to start, then give us a call. Our team of security experts have kept local businesses safe from both internal and external security threats, and would love the opportunity to do the same for your business.

Keep your Technology Advanced but Reliable with these Tips

Businesses everywhere are realizing just how much of an influence technology can have on their ability to be successful. They don’t just need an advanced infrastructure but a reliable one, as well – which can be difficult to achieve.

The more advanced your technology becomes, the more difficult it can be to keep it reliable, working, and secure.

To combat this conundrum, here are a few ways to ensure that the technology you and your staff rely remains in prime working condition.

Train your staff.

If you want your technology to last, then you need to train your employees on how to properly handle and care for it. This isn’t a simple task and certainly isn’t a one-time-done kind of ordeal.  Provide routine meetings and trainings on security issues like social engineering, password creation, and phishing, and provide documentation on the best ways to keep your technology clean, your data alive, and all the connected pieces updated.

Partner with IT professionals.

Maintaining the status quo of your technology means you actually have to maintain it, and many people are not capable of doing this on their own – either they don’t have the knowledge and expertise to do it or they simple don’t have the time in their already jammed-packed schedule.  Partner with an IT company who knows your industry, your needs, and your aspirations, and let them manage all the stuff under the hood.

Update, update, update.

One of the quickest ways to a broken down infrastructure is through outdated equipment.  Whether it’s your software, security solution, or hardware, every piece of your IT should be fully updated at all times.  Always be on the lookout for updates and confirm with your IT provider to ensure all facets of your infrastructure are operating as they should.

Protect it no matter what. 

Technology is expensive and important.  Thieves, hackers, and spilled liquids are always looking for another way to take it, hack it, and destroy it.  Because of this, it’s crucial that you always protect your technology – from your network down to each and every connected device.  Invest in a high-quality security solution, employee training, and physical device protection.

 

Technology has the ability to either make or break your business, so it’s pretty important to make sure you have the right technology in the right places.

Not sure where to start? Need a second opinion to assess your current infrastructure? Then give us a call today! We’d be glad to answer any questions you may have.

Common Misconceptions about Phishing Attacks

The sending and receiving of malicious emails is a cyber-threat that all businesses should be on the lookout for. But, unfortunately, what most professionals know to be true about phishing attacks, isn’t always the most accurate information out there.

Here are four things that might happen within a phishing attack that most people don’t realize to be true.

 

Internal processes might be known.

When it comes to phishing, the attack can play out in a variety of ways, and if you’re lucky, it won’t involve your internal processes. When this happens, it’s very difficult to determine the legitimacy of an email (if that thought even crosses your mind to being with). As soon as content references your specific processes and policies, it’s hard to say that the email is fake.

Because of this, it’s important to remember that even if an email mentions your company’s internal procedures, there’s still a chance the email might be malicious. You must take additional steps to determine the legitimacy of the content, especially if it asks you for any sensitive data.

 

A coworker might be used.

Hackers and cybercriminals do their homework. They’ll research your company and get familiar with your processes, as well as your coworkers. In other words, they’ll figure out who works for your company, what position they have, and where they rank on the totem pole. Then, they’ll use this information and bounce it off your internal processes – which is where things really start to get scary.

To avoid being duped by someone pretending to be your coworker, you need to slow down and read over everything carefully. This means you need to make sure the request makes sense to the person – Would this person normally ask you to do something of this nature?

If the answer to this question is ‘yes,’ then next, you should make sure the address the email originates from is accurate. There isn’t much difference between XYZTech@xyztech.com and XYZTech@xytech.com. But again, to catch this difference, you’ll need to read things over carefully.

 

Grammatically, the email might be perfect.

Online users have always been told that phishing emails are going to be grammatically incorrect. It’ll read like it came from another country, and it’ll be littered with misspellings and forgotten commas. However, this isn’t always the case. In fact, this is far from the case.

More oft than not, a phishing email will look rather perfect. It won’t have grammatical errors, and it’ll appear completely normal. In other words, don’t bank your whole process of verifying emails based off grammar. It won’t work.

You won’t always be asked to download something.

Phishing attacks aren’t always about corrupt links and malicious downloads. Sometimes, they’ll just ask for something, like financial data, personal records, or login credentials. Or they might even ask you to do something – send over a document, adjust client records, or change company data.

Again, you need to slow down at this point and analyze what it is you’re being asked to do. Don’t rush into an action just because you can. Verify the request and the sender before you ever do anything.

 

Cybercriminals are much smarter than most people think, and with so much information available on sites like Google and LinkedIn on just about any company, their tactics to infiltrate your network are becoming much more precise and strategic.

If words like cybersecurity and data breach keep you up at night, then give us a call today! Let’s schedule a private briefing with one of our expert security consultants to discuss your network.