Contrary to popular belief, Macs do get hacked. Although it doesn’t happen as frequently as it does on Windows PCs, Macs have been infected by worms, Trojan horses, and other forms of malware in the past decade. Recently, security researchers discovered a new spyware that has flown under the radar for several years.

Fruitfly spyware
The spyware, known as Fruitfly, was first discovered in January 2017, but Synack chief security expert, Patrick Wardle, discovered a more cunning variant last month.

Along with being able to track the victims’ names and locations, the spyware reportedly gives the hacker control over webcams, mice, microphones, keyboards, and notifies hackers any time the computer is in use. This enables hackers to take non-consensual photos, capture screenshots, track keystrokes, and record audio.

What’s surprising is this type of spyware is not built for financial gain or designed to steal government secrets. It’s used to spy on regular people. According to experts, the hacker developed the spyware for voyeuristic reasons. Collecting private data from users also suggests that hackers planned to set up more targeted social engineering scams.

So far, there have been only 400 confirmed Fruitfly infections, but considering how it has remained hidden for nearly decade, that number could be much larger.

While experts are still not sure who created the malware and how it is delivered, it’s best to follow security best practices like avoiding pop-up ads, banners and suspicious file attachments, using extreme caution when downloading free software, and update applications frequently.

Users should also install anti-malware software with spyware detection capabilities and perform full system scans as often as possible. New security patches have been released to detect and block Fruitfly variants, so you should keep your security software up to date at all times, too.

Surge in Mac Malware
Windows PCs are targeted more frequently, but a recent threat intelligence report by McAfee found that the Mac malware incidents have grown by 53% over the first quarter of 2017.

Hackers will likely uncover new vulnerabilities in the future, which means Mac users can no longer afford to think that their device doesn’t need strong security software and support from managed services providers.

If you’re worried about the security of your Mac, talk to us today. We offer comprehensive solutions that can defend against the new Fruitfly strain and a host of other cyberattacks.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Although ransomware has stolen the limelight recently, there’s another type of cyberattack targeting your bank account. Thanks to some horrifying ingenuity, being infected by OSX.Dok can result in victims directly handing their bank account information to hackers. Take a minute to find out how it works so you can avoid making a costly mistake.
OSX.Dok isn’t new, but it has been improved

Originally, this Mac-based malware looked very different. When OSX.Dok was first reported several months ago, it could infect only older versions of the Apple operating system. Besides being relegated to OS X, it didn’t do much more than simply spy on the internet history of its victims. More recently, however, OSX.Dok was updated to target the newer macOS and to steal banking information.
How does it work?

Like so many malware programs today, this particular threat is distributed via phishing emails. Because the end goal is to acquire private financial information, these emails pretend to have pressing information about taxes or bank statements stored in attachments that actually contain malicious software.

Once any of these attachments are opened, OSX.Dok secretly broadcasts information about the computer and its location to the malware’s authors. Based on that information, hackers can redirect victims that visit banking websites to copycat URLs tailored to their language and location. Almost everything on the copycat sites looks exactly the same, but when you submit your user ID and password, they go straight to hackers.

Worst of all, the latest version of this malware seems to be incredibly advanced. It actively changes the way it hides itself and even modifies system settings to keep the computer from checking for operating system and security updates.
What can I do?

Security experts are still working on a way to combat OSX.Dok, but believe that it will remain a problem for some time to come. For now there are a few things you can do:

Never open attachments from people you don’t know personally, and even then be wary of anything you weren’t expecting.

Pay attention to little details. For example, copyright dates at the bottom of fake banking sites only went to 2013.

Look closely at the lock to the left of URLs in your address bar. Fake websites may have security certificates with names slightly different from those of the sites they mimic.

The best way to stay ahead of threats like OSX.Dok is by partnering with a capable IT provider. That way you can be sure that you have all the latest software and hardware to keep you safe. Even if something managed to slip through, regular audits are sure to find infections sooner than an overburdened in-house team would. Call us today to find out how we can protect you!

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

What is phishing?
Email Phishing scams are carried out online by tech-savvy con artists and identity theft criminals. They use spam, fake websites constructed to look identical to real sites, email and instant messages to trick you into divulging sensitive information, like bank account passwords and credit card numbers. Once you take the phisher’s bait, they can use the information to create fake accounts in your name, ruin your credit, and steal your money or even your identity.
How do phishing scams find me?
This style of identity theft is extremely widespread because of the ease with which unsuspecting people share personal information. Phishing scams often lure you with spam email and instant messages requesting you to “verify your account” or “confirm your billing address” through what is actually a malicious Web site. Be very cautious. Phishers can only find you if you respond.
What can email phishing scams do to me?
After you’ve responded to a phishing scam, the attacker can:

  • Hijack your usernames and passwords
  • Steal your money and open credit card and bank accounts in your name
  • Request new account Personal Identification Numbers (PINs) or additional credit cards
  • Make purchases
  • Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
  • Obtain cash advances
  • Use and abuse your Social Security number
  • Sell your information to other parties who will use it for illicit or illegal purposes

How will I know?
Phishers often pretend to be legitimate companies. Their messages may sound genuine and their sites can look remarkably like the real thing. It can be hard to tell the difference, but you may be dealing with a phishing scam if you see the following:

  • Requests for confidential information via email or instant message
  • Emotional language using scare tactics or urgent requests to respond
  • Misspelled URLs, spelling mistakes or the use of sub-domains
  • Links within the body of a message
  • Lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, user name or password.

How can I get phishing protection?
When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to phishing scam tactics. Take these steps to fortify your computer security and get better phishing protection right away:

  • Do not provide personal information to any unsolicited requests for information
  • Only provide personal information on sites that have “https” in the web address or have a lock icon at bottom of the browser
  • If you suspect you’ve received phishing bait, contact the company that is the subject of the email by phone to check that the message is legitimate
  • Type in a trusted URL for a company’s site into the address bar of your browser to bypass the link in a suspected phishing message
  • Use varied and complex passwords for all your accounts
  • Continually check the accuracy of personal accounts and deal with any discrepancies right away
  • Avoid questionable Web sites
  • Practice safe email protocol:
    • Don’t open messages from unknown senders
    • Immediately delete messages you suspect to be spam

Make sure that you have the best security software products installed on your PC for better phishing protection:
Use antivirus protection and a firewall
Get antispyware software protection
An unprotected computer is like an open door for email phishing scams. For a more potent form of protection, use a spam filter or gateway to scan inbound messages. Products like Webroot Spy Sweeper® and Webroot Internet Security Essentials thwart dangerous malware before it can enter your PC, stand guard at every possible entrance of your computer and fend off any spyware or viruses that try to enter, even the most damaging and devious strains. While free anti-spyware and antivirus downloads are available, they just can’t keep up with the continuous onslaught of new spyware strains. Previously undetected forms of spyware can often do the most damage, so it’s critical to have up-to-the-minute, guaranteed protection.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from Webroot SOURCE

 

As technology consultants, we’re stuck between a rock and a hard place. We want to provide our clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most foundational aspects of our cyber-security would most likely put you to sleep before convincing you of our expertise. But if you really want to know, here are a few summaries of how we focus on proactive strategies rather than reactive ones.

Understand the threats you’re facing
Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting
Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection
By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

Finalize a plan
All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

  • Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
  • “Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
  • Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
  • Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
  • Antivirus software that specializes in the threats most common to your industry.

 

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security by giving us a call for a demonstration.

The field of cyber security is overwhelming — even for seasoned IT professionals. But not for us. We spend our days researching and experimenting to craft the best security solutions on the market. If you’re interested in one of our cutting-edge cyber-security plans, call us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Well… What is Ransomware?

Ransomware is a type of malicious software that encrypts files on your computer so that cyber criminals can hold those files on your computer for ransom. Essentially, demanding payment from you within a certain timeframe to get them decrypted. In some cases, the encrypted files can essentially be considered damaged beyond repair.

There are plenty of ways ransomware can get onto a person’s computer, but as always, those tactics all generally come down to certain social engineering techniques or using software vulnerabilities to silently install itself on a victim’s computer.

Unfortunately, the threat of ransomware is very real, and is becoming an increasingly popular way in 2017 for malware authors to extort money from businesses and consumers alike. We’ll give you some great advice to have you properly prepare your computer, servers, and networks. Here are a few tips that will help you keep your data protected and prevent ransomware from hijacking your files this year and years to come:

1. First & Foremost, Back Up Your Files Regularly…

…and keep a recent backup off-site. If you don’t already have backups of your data, this is the most critical action step that will help you defeat ransomware. Be certain that you have a regularly updated backup and have tested that you are able to restore those files. Ideally, you’ll have the backup located on multiple drives.

2. Do NOT Download Email Attachments or Enable Macros

You may already received these types of emails … claiming to be an invoice or some purchase order of some sort. Be extremely careful about opening email attachments from anyone outside of your organization. Simply deleted any malicious emails without opening them. Also, consider installing Microsoft Office viewers that allow read-only access and don’t enable macros.

3. Don’t Have More Access Privileges Than You Need

Simply, the minimum effective dose here… if you don’t need administrator rights for your day-to-day tasks, then create a separate account with limited access. When you do login as an admin, don’t stay logged in any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator… that’s what your limited access account is now for.

4. Update, Patch, Uninstall

Malware that doesn’t try to install itself by a Microsoft Office file macro will often rely on outdated software and applications that have bugs in them. Be sure to apply the latest security patches available, which will limit the attacker’s options for infecting your computer with ransomware.

5. Train Your Employees in Your Business in Good Practices

Strong passwords. Not sharing user logins. Logging out at the end of the day. Train your employees who have access to computers and their systems to have good practices. They can be the weakest link in the company’s computer systems if you don’t have a training program in place that will teach them how to avoid spam email attachments, unsolicited documents, and malicious software.

6. Segment the Company Network

If you have clients or customers that need access to the internet while visiting the company, be sure to have a separate access point that only allows use of the internet and prevents access to the company network.

7. Show Hidden File-Extensions

By default, known file extensions like .EXE are hidden and that’s one way that ransomware frequently disguises itself is by having the extension “.PDF.EXE”, counting on Window’s default behavior of hiding known file-extensions so that it will seem like it’s just a PDF. We suggest that you re-enable the ability to see the show file-extensions so it will be more obvious to detect suspicious files.

8. (Did We Say 7? Here’s An Extra!) Disable RDP

One way the Cryptolocker/Filecoder malware often accesses victim’s machines is by using Remote Desktop Protocol (RDP). This is a Windows utility that allows others to access your desktop remotely. Such as those who fake that they’re an IT support person and will help you speed up your computer. If you do not require the use of RDP, you should disable it to protect your computer from malware that exploits this.

Ransomware can certainly be frightening, but there are many steps to take that can help you be prepared in any situation that would put your data at risk. That is why it has always, and will always be, the single most important best practice to protect your company against data loss with regular scheduled backups. That way, no matter what happens, you will be able to restore your data quickly. I can only hope that if anything positive can be taken away from the increased threat of ransomware, it is a clear indication of the importance of regularly scheduled, frequent backups to protect your valuable data.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from NovaStor SOURCE

One of the core principles of virtualized technology is the ability to quarantine cyber security threats easily. For the most part, vendors have been winning this security tug-of-war with hackers, but that may change with the resurrection of a long-dormant piece of malware that targets virtualized desktops. If your business employs any form of virtualization, learning more about this updated virus is critically important to the health of your technology.

What is it?

Back in 2012, a brand new virus called “Shamoon” was unleashed onto computers attached to the networks of oil and gas companies. Like something out of a Hollywood film, Shamoon locked down computers and displayed a burning American flag on the display while totally erasing anything stored on the local hard disk. The cybersecurity industry quickly got the virus under control, but not before it destroyed data on nearly 30,000 machines.

For years, Shamoon remained completely inactive — until a few months ago. During a period of rising popularity, virtualization vendors coded doorways into their software specifically designed to thwart Shamoon and similar viruses. But a recent announcement from Palo Alto Networks revealed that someone refurbished Shamoon to include a set of keys that allow it to bypass these doorways. With those safeguards overcome, the virus is free to cause the same damage it was designed to do four years ago.

Who is at risk?

As of the Palo Alto Networks announcement, only networks using Huawei’s virtual desktop infrastructure management software are exposed. If your business uses one of those services, get in touch with your IT provider as soon as possible to address how you will protect yourself from Shamoon.

On a broader scale, this attack shows how virtualization’s popularity makes it vulnerable. Cyber attackers rarely write malware programs that go after unpopular or underutilized technology. The amount of effort just isn’t worth the pay off.

Headlines decrying the danger of Shamoon will be a siren call to hackers all over the globe to get in on the ground floor of this profitable trend. It happened for ransomware last year, and virtual machine viruses could very well turn out to be the top security threat of 2017.

How can I protect my data?

There are several things you need to do to ensure the safety of your virtual desktops. Firstly, update your passwords frequently and make sure they’re sufficiently complex. Shamoon’s most recent attempt to infect workstations was made possible by default login credentials that had not been updated.

Secondly, install monitoring software to scan and analyze network activity for unusual behavior. Even if legitimate credentials are used across the board, accessing uncommon parts of the network at odd hours will sound an alarm and give administrators precious time to take a closer look at exactly what is happening.

Ultimately, businesses need virtualization experts on hand to protect and preserve desktop infrastructures. Thankfully, you have already found all the help you need. With our vast experience in all forms of virtualized computing, a quick phone call is the only thing between you and getting started. To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

You don’t have to be a big corporation to catch a cybercriminal’s attention. In this article you’ll learn about the risks that business email compromise, ransomware, and a new breed of malicious Microsoft Office files pose to your small business.

Did Your Boss Really Email That?

The next time you receive an email from your manager or from the head of the company urgently requesting sensitive information or banking details, check again.

Scammers are going beyond spear phishing and using a scheme called business email compromise (BEC) to trick employees into sending them money. And it’s not just large companies that fall for the email wire fraud scam. In April, the FBI warned that small companies and non-profits—any business where wire transfers are a normal part of conducting business—are desirable targets.
“The schemers go to great lengths to spoof company email or to use social engineering to assume the identity of the CEO, a company attorney, or a trusted vendor,” stated the FBI in its security alert. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”
The losses are real and potentially devastating to small businesses. BEC scams have affected companies in every state of U.S. and 79 countries, according to the FBI. In Arizona alone, the average victim loses between $25,000 and $75,000.
Law enforcement received BEC reports from more than 17,000 victims from October 2013 through February of this year, the agency said. In total, they were scammed out of more than $2.3 billion, said the FBI. One unidentified American company was hit for nearly $100 million and another, Ubiquiti Networks lost $39.1 million last year.
If you get an urgent, email-only request for a wire transfer, it’s time to raise your guard. The FBI suggests something as simple as picking up the phone and verifying that everything is on the up-and-up.

Data Held Hostage

By now, the threat of ransomware has been well publicized. This particularly wicked form of malware encrypts victims’ files, rendering them useless until they pay—you guessed it—a ransom. Even forking over the funds doesn’t guarantee that cybercriminals will uphold their end of the bargain.
According to a recent report (PDF) from Symantec, the average ransom demand—$294 at the end of 2015—has climbed to $679 today. Sure, it may a small price to pay to regain access to critical data, but the total cost can quickly climb in small office environments.
“While the home user may be faced with a $500 ransom demand for one infected computer, the ransom demand for multiple infections at an organization could quickly rack up to tens of thousands of dollars,” cautioned the report.
And the threat’s growing larger. Trend Micro observed that the number of new ransomware families out in the wild climbed to more than 20 during the first half of 2016, a 172 percent increase over all of 2015. Worse, they are getting more insidious.
“JIGSAW [a ransomeware variant] deletes encrypted files whenever victims fail to pay the ransom on the given deadline. Similarly, SURPRISE increases the ransom every time victims miss a deadline,” stated Trend Micro in a recent report. “Our findings also revealed how some ransomware families were designed to target specific business-related files. SURPRISE and POWERWARE, for example, encrypt tax return files.”

A New Twist to Malicious Microsoft Office Documents

Microsoft Word, Excel, and PowerPoint files are among the most widely emailed among employees, and cybercriminals bank on that fact to spread malware and collect user credentials.
It’s not exactly news, but Sophos has noted that malware coders are switching up their tactics. If you’re expecting attackers to flood your inbox with Word documents that harbor the malicious macros of old, keep reading.
Word Intruder, a popular exploit kit, now targets an expanded set of Microsoft Office vulnerabilities and stages complex attacks that may slip through your defenses if your systems aren’t properly patched.
Sophos, a security software company, recently revealed in a blog post that the latest version of “Microsoft Word Intruder now includes the ability to deploy a decoy document, as well as new payload files that are relocated to the end of the exploit block.” The tactic, according to Sophos security researchers, enables attackers to cover their tracks while the exploit does its damage.
The best defense against this type of threat is to train employees to stop opening attachments from unsolicited emails and to keep your anti-virus software up to date.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from Small Business Computing SOURCE

November 30th — is National Computer Security Day, an annual event observed since 1988 to help raise awareness worldwide of computer-related security issues. It should also serve as a reminder to small business owners to protect their computer networks from hackers, fraudsters and identity thieves.

Computer security is sometimes referred to as cybersecurity or IT (information technology) security. It applies to the protection of computer-based equipment, the information stored on and services related to it from unauthorized and unintended access, change or destruction, including unplanned events and natural disasters.

Recently, the public opinion research company Ipsos Reid released the findings of a survey of U.S. small businesses revealing that many of them do not fully comprehend the impact a data breach can have on them. As a result, they take a passive approach to safeguarding sensitive information that leaves them vulnerable not only to a breach but potentially devastating financial and reputational damage as well.

The survey also found that:

  • Sixty-nine percent of small business owners are not aware or don’t believe that lost or stolen data would result in financial impact and harm to their businesses credibility.
  • Forty percent have no protocols in place for securing data.
    More than one-third of the respondents report that they never train staff on information security procedures.
  • Forty-eight percent have no one directly responsible for management of data security.
  • Just 18 percent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.

Computer Security Day is an excellent time to ensure that your company is following best practices to protect yourself from data breach and identity theft. They include:

  • Analyzing possible security gaps in your organization and within your supply chain.
  • Implementing ongoing risk analysis processes and creating a security policy specifically designed to limit exposure to fraud and data breaches.
  • Regularly training employees in proper document management and encouraging their adoption of security best practices.
  • Implementing a “shred-all” policy for unneeded documents and keeping sensitive materials under lock and key until they are destroyed.
  • Paying particular attention to hard drives on computers or photocopiers. The only way to destroy data stored on hard drives is physical destruction.
  • Installing and using effective computer network protection such as anti-virus software and a firewall.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TransFirst SOURCE

One of the biggest myths that I hear from our customers is that small businesses aren’t as susceptible to security breaches as large enterprises. The truth is, just because you’re small doesn’t mean you aren’t vulnerable. In fact, by 2019, the cost of cybercrime is expect to soar to $2 trillion.

Small businesses haven’t historically been the target of cybercrime, but that is changing: In the U.K. alone, nearly 75 percent of small businesses reported a security breach in 2015, an increase over the preceding two years. Why the change? Hackers prey on small businesses as opposed to larger ones because small businesses tend to have lower security defenses, which includes working on outdated software, often due to lack of financial and human resources.

This shift underscores how critical security is to businesses today. However, that small businesses aren’t at risk for security breaches is only one of the misconceptions I hear from our customers today.

Myth: The cloud isn’t secure

Chances are, if you’re a small business, you don’t have an in-house IT department. You might work with an external consultant, or you might just be doing it all yourself as many small business owners do. For this reason, many small businesses are moving their physical technology infrastructure to the cloud because of the many security benefits it provides. Cloud solutions give businesses peace of mind that their data is secure by providing automatic updates to ensure they are always benefiting from the latest security advances. And because business owners can rest easy knowing that they are always on the latest technology, they can spend their time doing what really matters – growing their business, acquiring new customers, etc.

This kind of always-on security is what drew Romax, one of the U.K.’s leading marketing communications businesses, to the cloud. The company moved to a combination of Microsoft Azure, Office 365 and on-premises solutions (a hybrid model) for enhanced security because it needed to be in compliance with tight information security policies regarding retaining client data. The company’s move to the cloud provided Romax owner Wesley Dowding with peace of mind knowing he could focus on his business. “I can go to sleep at night knowing that if the place went down, we’d still be able to serve our clients and our data is secured,” he said.

Myth: I’m not big enough to be susceptible to security risks

At Microsoft, our customers’ security is always top of mind. That’s why we invest more than a billion dollars per year in security-related research and development and build best-in-class security features into all of our cloud solutions that protect against security risks that small businesses may not realize they are susceptible to, such as:

  • Lost and/or stolen devices: With employees working across multiple devices from multiple locations, it’s not uncommon for devices to get lost or even stolen. Microsoft BitLocker, included in Windows 10, encrypts all data stored on the Windows operating system, ensuring that even if an employee leaves his mobile phone on the bus or has her laptop stolen from her car, the data stored on it remains secure.
  • Employee error: It takes something as simple as an employee opening the wrong mail or clicking on the wrong link to compromise your systems and data. To help thwart the risk of this kind of employee error, Microsoft Outlook comes with built-in anti-phishing detection to help prevent fraudulent email messages from even reaching your employees in the first place.
  • Outdated technology: Running outdated solutions has a significant impact on small businesses – data shows that small businesses that are running the latest technologies can increase their annual revenues 15 percentage points faster and create jobs twice as fast as businesses using outdated solutions. On top of that, a different study revealed that 91 percent of consumers said they would stop doing business with a company because of its outdated technology. With Office 365 and Windows 10, security updates happen automatically so you never have to worry about whether or not you are protected against the latest threats.
  • Weak passwords: Hackers are becoming more and more sophisticated, and if your passwords (and your employees’ passwords) aren’t becoming more sophisticated at the same time, you could be at risk for a breach. Fortunately, Windows 10 users benefit from the Windows Hello & Microsoft Passport features that enable them to replace passwords with biometric authentication such as face, iris or fingerprint identification for greater security.
  • Data backup: Backing up your files can help reduce losses in the event of a physical security breach – like a break-in at your office or stolen devices – and get you back up and running quickly. Microsoft OneDrive for Business – included in all Office 365 commercial plans – provides a secure place to store documents in the cloud so you can always access them from anywhere or any device – even when you’re offline.

Myth: If I haven’t been compromised yet, what I’m doing is probably enough

Security experts like to say that there are two kinds of businesses in the world today: Those that have been hacked and those that don’t know they have been hacked yet. Data from a recent cybercrime study proved this to be true: according to the Ponemon Institute, it takes – on average – 170 days to detect a malicious attack.

It was just such a situation Chelgrave Contracting, an Australian maintenance and labor hire company, found itself facing. The company’s General Manager, Greg Scott, discovered the company’s antivirus software had expired six weeks before without triggering an alert. The lapse prompted a minor virus attack, with only luck preventing the company’s PCs from develop a major virus outbreak, Scott says.

Chelgrave turned to Microsoft Intune, which includes endpoint protection built on Microsoft’s powerful Malware Protection Engine, enabling Scott to provide all Chelgrave PCs with real-time security updates. Remote and mobile employees now receive these updates simply by connecting to the Internet, ensuring their laptops retain the highest levels of protection.

This example underscrores the importance of not letting your security lapse – after all, security breaches can be devastating to small businesses – and making sure you are using the right technology, like Windows 10, Intune and Office 365, that protects you 24/7.

Truth: Security is vital to small business success

Security will continue to play an increasingly vital role in the success of SMBs, which are targeted by hackers now more than ever before. Taking basic steps will make your business safer, but using Microsoft technology allows a business and its employees the peace of mind that their data — their own and clients’ — is secured.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from Microsoft. SOURCE