Cybersecurity

It is good to have an IT team and/or a third-party partner like a managed services provider (MSP) that helps keep your company protected against cyberthreats. It is even better to have all stakeholders be involved in preventing data breaches. Here’s how everyone can be proactive when it comes to cybersecurity.

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would spearhead this review a few times a year.

Reevaluate what it is you’re protecting

Once you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what type of data they have access to (regulated, mission-critical, low-importance, etc.), and what services are currently protecting those devices.

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multipronged approach to proactive security.

Proactive measure What it entails
Security awareness seminars for all internal stakeholders Train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness.
Updated anti-malware software or cloud-based service Protect your data and systems against the latest and most menacing malware.
Routine software patches and upgrades Minimize the chances of leaving a backdoor to your network open.
Web filtering services Blacklist dangerous and inappropriate sites for anyone on your network.
Perimeter defenses (e.g., intrusion prevention systems and hardware firewalls) Scrutinize everything trying to sneak its way in through the borders of your network.
Policy of least privilege Limit users’ access only to the data they need to fulfill their tasks.
Data segmentation Rank data according to sensitivity and build micro-perimeters around high-value datasets.
Full-disk encryption Make data stored in computers and portable devices unreadable so that if these machines are stolen, the files they have inside remain secure.
Virtual private networks Make data transmitted across unsecured connections unreadable so that intercepting it would become futile.
Strict access controls Prevent unauthorized access to accounts by using strong passwords, multifactor authentication, and auto screen locks and logouts for idle users.
AI-powered network monitoring Identify suspicious user and software behaviors such as employees accessing files outside their departments.

As soon as you focus on preventing downtime events instead of reacting to them, the productivity and efficiency of your IT infrastructure will increase to levels you’ve never dreamed of. Start your journey to enhanced cybersecurity by giving us a call for a demonstration.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from smallbiztechnology.com  SOURCE

365 Phishing Scams

Microsoft is a known provider of top-tier business productivity software — and its commitment to its subscribers’ cybersecurity is integral to that reputation. To fight phishing, one of today’s most prevalent cyberthreats, the tech titan has equipped Microsoft 365 with powerful features.

Among the many business solutions that Microsoft offers is email hosting through Outlook. This service is protected by Microsoft Defender for Office 365. Defender has many key features:

1. Anti-phishing

The most dangerous types of phishing scams masquerade as emails from a party the victims know, such as their boss, colleague, business partner, or bank. A phisher may use crafty impersonation tactics, such as referring to the victims by their nickname, making it harder to immediately identify the scam as fraud. A cybercriminal may even take over actual email accounts and use these to completely fool their victims.

Using machine learning, Defender creates a contact graph of contacts that users normally exchange communications with. It then employs an array of tools, including standard anti-malware solutions, to differentiate good from suspicious behaviors.

2. Anti-spam

Generalized phishing campaigns utilize spam emails, which are sent to a large list of email addresses, to catch random victims. Stopping spam is, therefore, a great start to protecting your company from a phishing attack.

Microsoft 365’s anti-spam technology addresses the issue by examining both an email’s source and its contents. If an email is determined to have come from an untrustworthy source or has suspicious contents, then it is automatically routed to your spam folder. What’s more, this feature checks the activity of people in your company to ensure that none of them sends out spam emails.

3. Anti-malware

Malware, such as ransomware and spyware, can spread via phishing emails. Ransomware locks data and programs from users until a ransom is paid. Spyware, on the other hand, steals data by recording keystrokes, copying clipboards, and taking screenshots, among other methods.

Microsoft 365 employs a multilayered defense against both known and unknown types of malware. This covers the different stages of email transmission, including filtering potentially harmful attachment formats, and real-time threat response. Microsoft also regularly deploys malware definitions to keep its defenses updated.

4. Safe Attachments

Some phishing emails contain file attachments that infect your computer with malware. Any email attachment should be handled with caution, but it’s not uncommon for some users to accidentally click on one, especially as they rush through the messages in their inbox.

Defender resolves this issue by opening all attachments in a sandbox first. This sandbox is an isolated environment, so even if the attachment contains malware, it would not affect your system. While in the sandbox, the attachment is meticulously scanned. If it’s clean, Microsoft 365 will allow you to open it as normal. If it contains a threat, the service will notify you of the issue. Microsoft uses some of the information collected by Safe Attachments to further improve the feature’s capabilities.

5. Safe Links

Instead of attachments, some phishing emails contain URLs that lead to websites — often spoofed versions of legitimate websites — that require victims to provide their personal information such as their account credentials. Some of these URLs lead to download pages that infect your computer with malware.

In a process called URL detonation, the Safe Links feature protects users by scanning the links in their emails and checking for malicious behavior, such as the transmission of malware. If the link leads to a malicious website, Defender will warn users not to visit it. Otherwise, users can proceed to click and go to the destination URL without a hitch. But even so, the service will rescan the link in the succeeding days and report any suspicious changes.

What’s great about Safe Links is that it doesn’t just scan links from unfamiliar sources. It also scans links in emails from people within your company and works on files uploaded to Microsoft Teams and SharePoint.

6. User Submissions

Microsoft 365 allows you to set a specific mailbox to send emails you deem a threat. The User Submissions feature lets you set criteria for both malicious and safe email and identify mailboxes besides your spam folder to keep these messages in. This feature gives your administrators greater control over which emails to flag and which to report to Microsoft.

7. Enhanced Filtering

If your company uses third-party services to route emails before they are sent to Microsoft 365, you will benefit from Enhanced Filtering for Connectors. Microsoft 365 uses inbound connectors to determine the trustworthiness of email sources. The more complex your routing scenario is, the more likely that an email’s inbound connectors will not reflect its real source.

Enhanced Filtering preserves authentication signals that may have been lost over the course of routing emails. This maximizes the effectiveness of Microsoft 365’s overall filtering capabilities, helping it detect spam and phishing emails.

If you need an email service that promotes efficiency while protecting your business, we can implement and manage Microsoft 365 for you. Just call us today to get started.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Images and SEO

When working with web platforms like WordPress, there are three letters that induce anxiety in any business owner: SEO (search engine optimization). It’s one of the most confusing aspects of running a business, and web apps that rate your SEO with no more than a red or green light don’t make it any easier. Read on to find out whether the images on your site are the cause of that annoying red light.

Do images really affect SEO?

One of the reasons images tend to be overlooked when auditing SEO is because it’s easy to forget just how many images your website has. Maybe you only had a few photos on your homepage when you first built your site. Over time, however, you probably added more visual elements to blog posts, landing pages, and About Us page — drastically increasing the impact of your images on your SEO.

Image resolution and load speed

The first thing to check is how your images affect your site’s load speed. If you’re using ultra high-resolution photos, those accessing your site on mobile devices or using satellite data connections will have trouble loading your site. Site load times affect your site’s ranking on Google, so make sure to pair your images down to a more reasonable resolution and save them as web-friendly file types.

  • Choose the JPEG format for illustrations or large photos since it provides clarity and good colors in a smaller file size.
  • Select the PNG format if you want to preserve background transparency.
  • Use the SVG format for icons and logos. Combine this with Javascript or CSS to resize SVG images without losing quality.

Keywords and image title

The days of keyword-stuffing are long gone, but that doesn’t mean you can get away with uploading images with filenames like “DSC2558.jpg”. When adding images to your website, make sure their names are relevant to their content, such as “gym-trainer-helping-lift.jpg” or “call-center-customer-service.jpg”. This makes it easier for search engines to derive information from the images on a page.

Alt text and title text

Even though Google is getting better at recognizing image content without any help from text identifiers, describing your images in your website’s back end is still important for SEO. Every image on your site should have enough text-based information without disrupting the user experience.

To see how this works in WordPress, open your site dashboard and click on Media. This will display all the uploaded images, videos, and audio. Click on any photo to access the text editing tools. Whatever you include in the Caption field will be shown below the image, so check that it corresponds with your content. If not, skip it. In this case, user experience takes priority over SEO.

The Alternative Text and Description fields will be visible to visitors only if the image doesn’t load or if they select it manually. They may not seem that important, but these should be considered nonnegotiable for SEO purposes.

Check that your site’s images are properly optimized before requesting another SEO report. If your score changes, audit your image optimizations regularly. If you’re still seeing red, there are a number of web- and cloud-based platforms that can help improve your content. Give us a call today to find out more!

Ask yourself what your website is doing for you and whether it’s aligned with your business needs and objectives. The GCInfotech professional web design team is here to help.

Published with permission from TechAdvisory.org. SOURCE

Data breaches are serious problems with business-crippling results. Some organizations are unaware of the multiple ways cybercriminals can attack and are often unprepared to combat the issues that arise when such activities occur. Others let fear of attack control their response and deploy common solutions that they presume will protect them but may later find themselves compromised because of gaps in their data protection approach.

Cybercriminals thrive on both of these scenarios–using lack of preparation or overconfidence in what was deployed to their advantage.

In this eWEEK Data Points article, Index Engines Vice-President Jim McGann offers valuable industry information about how to thwart the possibility of succumbing to a ransomware attack. Enterprises should implement the following five defensive strategies:

Data Point No. 1: Deploy a real-time malware detector.

Cybercriminals are looking for the path of least resistance when attempting to break into data centers. Whether it is a remittance of old attacks hoping to find an unsecure target or one of the many new threats created each day hoping to infiltrate a system before they’ve been identified, having one of the commercially available anti-malware software protection solutions deployed is an important first line of defense. Ensure that the software is scheduled for frequent system scans, and that updates and patches are installed automatically to minimize protection gaps.

Data Point No. 2: Deploy a backup solution that supports full-content analysis of your data.

Many backup products on the market today have some level of analytics functionality to determine whether any particular data has been corrupted. However, many of these solutions are metadata-only based, only looking at basic information about a file or database. Others use metadata analytics on the first pass and then follow up on suspicious results with content-based analytics. But this approach is flawed and can miss more sophisticated attack vectors, providing a false sense of confidence. A comprehensive content-based analytic scan deployed from the start validates the data’s integrity and delivers the high level of confidence that advanced or hidden attacks are found and neutralized.   

Data Point No. 3: Use forensic analysis that includes machine learning.

Because of the efforts of real-time malware detection providers and content-based analytic backup solutions, most cybercriminals have to consistently change approaches in their efforts to infect and attack business operations. What was once a bunch of loosely affiliated opportunists have turned into well-funded and organized syndicates using advanced technologies to re-engineer their attacks. Forensic analysis software that employs machine learning and artificial intelligence as part of its learning can detect patterns and anticipate changes that human-based intervention cannot. The cybercriminals are using ML to their advantage; so should you!

Data Point No. 4: Don’t pay a ransom.

Because of the swiftness and scale of these cybercriminal activities, it is possible that they may still find a way into your computing and storage infrastructure. Human error, falling for phishing schemes or intentional damage from a disgruntled employee can be the gaps that data thieves need to penetrate organizations that have deployed the proper security defenses. As overwhelming as it may be to find out that your data has been compromised and/or encrypted, don’t play into the hackers’ hands by paying a ransom for a return of your business-critical information. It is possible that you may still not recover your data even after paying. The security exploit that was leveraged may still be intact and cybercriminals may re-target your systems. Criminals may see you as an easy mark for having paid the ransom and have reason to come at you again, knowing that you’re willing to pay to get back up and running.

Data Point No. 5: Focus on best practices for cyber-recovery.

Not paying a ransom does not mean that you cannot get your systems back and operational. Nor does it mean that there has to be an excruciatingly long recovery period. The right protection software can turn a ransomware attack into just another disaster-recovery scenario. It can find the most recent clean backup prior to an attack and help recover any lost or infected data. In addition, the right cyber-recovery tool can launch a post-attack forensic discovery to find the breach and the malware that executed the attack in order to guide the post-attack recovery process and protect against future intrusions.

“Cybercriminals will strike any organization, no matter how big or small, if they feel like there is a good chance of collecting a ransom,” McGann said. “Taking steps to fortify your defenses and ensure fast, efficient recovery in case you do fall victim is paramount for protecting against ransomware in the first place. Criminals want the easy score. Deploying a solution like CyberSense that serves as a safety net against ransomware makes working for a win not worth the time and effort.”

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from eweek.com  SOURCE