Many businesses still haven’t figured out secure remote working

It’s been more than two years since the pandemic forced much of the world into lockdown, with many companies thrown into a remote working environment.

But new research has shown the majority still haven’t figured out how to keep their workforce secure as they work from their kitchens, local libraries, coffee shops, and airports.

A survey of 3,000 IT staff and other employees conducted by TechRadar Pro, in partnership with Perimeter 81, shows that more than three-quarters of businesses have at lease some remote employees.

Their responses to questions around intended spending for 2022-23, however, revealed that many still do not have the necessary protections in place; 10% will look to implement some form of access management, while 9% will prioritise VPN and zero-trust solutions, respectively.

Further, just half (50%) of firms have a cloud-based cybersecurity solution in place, with an additional 15% saying they are currently exploring their options.

VPNs and firewalls reign supreme

Ever since the pandemic, the number of cyber-incidents, data breaches, business email compromise attacks, and ransomware attacks has spiked, bringing with them billions of dollars in damages.

Cybersecurity researchers argue that many employees who were forced into a remote working environment weren’t prepared, and ended up compromising their corporate networks with malware-laden home devices running no antivirus solutions, password sharing, and falling victim to phishing and other social engineering attacks.

However, now more than two years since the transition, it should be expected that businesses hold up their end of the bargain too, putting in place the necessary services to protect against threats.

The data shows that companies are performing strongly when it comes to a web security (more than two-thirds have either web or malware filtering solutions set up). Cybersecurity solutions like VPNs and firewalls have also seen relatively high levels of adoption.

But the survey data also serves to highlight the number of businesses that remain at risk, when the inevitable occurs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

Microsoft Teams is a great tool that can help improve communication and collaboration in the workplace. However, the popular business communication platform can also be a security concern if it’s not adequately secured. In this blog, we’ll dive into some practical tips for securing Microsoft Teams and keeping your workplace safe.

Utilize built-in security features

The most dependable approach to securing Microsoft Teams is through governance restrictions. These are rules that set the parameters for how the platform will be used, who can establish Teams accounts, and what information people may provide. Appointing a Teams administrator will be critical in ensuring that Teams security policies are followed by users throughout the company.

Administrators should also set up Teams’ data loss prevention (DLP) feature to prevent accidental exposure of critical information and reduce the risk of data breaches. For instance, administrators can use sensitivity labels as a condition in DLP policies to instantly block guests or unauthorized users from accessing or sharing data in a Teams channel or a private chat.

Limit external access

Speaking of guest users, you should also use Teams’ Lobby feature when meeting with external users or teams. This feature redirects guests to a virtual lobby where they will wait before being admitted into the meeting. This can be useful when you want to talk with your team first before officially starting the meeting with a client.

Another way to control Teams access is by creating security groups. By default, a user with an Exchange Online mailbox can create a Team and become a Team owner. Creating a security group will help prevent unwanted and unverified users from creating and joining any group, extension, and Team.

Enable MFA

Multifactor authentication (MFA) is a practical way to enforce security when using Teams. In 2020, more than 99.9% of compromised Microsoft enterprise accounts didn’t use MFA. This is highly concerning because if an attacker compromises a Microsoft account and is able to get into Teams, they will gain access to valuable information the account’s owner works with through the platform as well as other integrated apps.

MFA can be used in conjunction with a password, PIN, or biometric data such as a fingerprint or an iris scan. In the case of Microsoft Teams, requiring multiple factors for authentication ensures that only authorized users will be able to access their accounts. And when someone else tries to gain access, they will be alerted of suspicious activity so they can take steps to further safeguard their accounts. This can discourage malicious actors and, more importantly, instill better security habits among users.

Following these tips can help ensure a seamless and secure collaboration environment for your workplace. Contact our IT experts today to learn more about Microsoft Teams and how to better secure it against attacks.

While the cloud offers a wide variety of benefits and solutions, choosing the service which is best for your company’s needs can be tedious. To ease this burden, we can help you find the best solutions for your business. by talking to GCInfotech about a free technology assessment. We’ll you find the best solution your business needs, ensure proper migration and implementation allowing you to focus on running your business.

Published with consideration from TechAdvisory.org SOURCE

The jargon around cybersecurity is cryptic and confusing, which is exactly what criminals want. But understanding these terms can help you keep safe.

The cyberspace is filled with terms that either look the same, sound the same, or mean the same (but are not identical).

Knowing the difference between these similar terms can be tricky, especially when you’ve to keep up with all the common terminologies and principles used in the security domain. Add to it the constant innovation and change happening within cybersecurity, and you’ve got a whole set of complex terms that you need to understand and constantly learn about.

So, here are some similar security terms that are often confused and misused.

Security vs. Privacy

Online security and privacy go hand-in-hand. They are used interchangeably during discussions because they sometimes overlap in today’s connected world.

But there are some key differences between the terms when used in the cybersecurity context.

  • Security: Security refers to the protection of your personal information from malicious threats. It can include any information that can be used to determine your identity.
  • Privacy: Privacy refers to the rights or control you have on your information and the way it’s used.

While security is concerned with preventing unauthorized access to data, privacy focuses on ensuring that personal information is collected, processed, and transmitted compliantly and with the owner’s consent. In simple terms, security protects your data while privacy protects your identity.

To achieve security and privacy, organizations use tools and techniques such as firewalls, encryption protocols, network limitations, and different authentication and authorization techniques.

Authentication vs. Authorization

Authentication and authorization are similar-sounding security concepts within the scope of user identity and access management. Here’s how the two differ.

  • Authentication: User authentication is the process of verifying that users are who they claim to be. It relates to identifying users’ identity.
  • Authorization: Authorization is an act of establishing a user’s rights and privileges. It verifies what specific files, applications, and resources a user has access to.

Authentication is achieved using passwords, PINs, fingerprints, facial recognition, or other forms of biometric information. It’s visible and can be partially changed by the user.

Authorization, on the other hand, works through access management settings implemented and maintained by an organization. They aren’t visible and can’t be changed by the end user.

In a secure environment, authorization always takes place after user authentication. Once a user is verified, they can access different resources based on the permissions set by the organization.

Data Breach vs. Identity Theft

It’s easy to get confused between a data breach and identity theft, as the two are closely connected. The threat for users and the outcome is the same either way; that is, sensitive information is compromised. But there are some differences.

  • Data Breach: A data breach refers to a security incident where confidential data is accessed without authorization of the owner.
  • Identity Theft: When a cybercriminal uses your personal information, such as ID or social security number, without your permission, it constitutes an identity theft.

A data breach occurs when a cybercriminal hacks into a system you’ve entrusted with your information or a company that has your personal information anyway. Once a breach occurs, criminals can use your private information to open an account or commit financial fraud in your name.

The main difference between a data breach and theft is in terms of the damage caused by the incidents. The implications of a breach are usually far more damning compared to an identity theft. According to a report by the US Securities and Exchange Commission, 60 percent of small businesses don’t survive a breach.

However, the damages caused by identity theft can be highly consequential too. The impact of misusing identity go beyond forged checks, fake credit cards, and insurance frauds, and can even endanger national security.

Encryption vs. Encoding vs. Hashing

Encryption, encoding, and hashing are data security terms often used interchangeably and incorrectly. There’s a lot of difference between these terms and it’s important to know these differences.

  • Encryption: It’s a process used to convert readable data, also called plain text, into unreadable data, called cipher text. The data can only be decrypted back to plain text using the appropriate encryption key.
  • Encoding: Encoding is a process in which data is changed from one format to another using an algorithm. The aim is to transform data into a form that is readable by most of the systems.
  • Hashing: Hashing is an irreversible cryptographic process used to convert input data of any length into a fixed size string of text using a mathematical function.

This means that any text can be converted into an array of letters and numbers through an algorithm. The data to be hashed is called input, the algorithm used in the process is called a hash function, and the result is a hash value.

Encryption, encoding, and hashing differ in terms of functionality and purpose. While encryption is meant to ensure confidentiality, encoding focuses on data usability. Hashing, on the other hand, ensures authenticity by verifying that a piece of data hasn’t been altered.

VPN vs. Proxy

VPNs and proxies are both used to change your online location and stay private. They have some overlap, but the differences are quite apparent.

  • VPN: A VPN, short for Virtual Private Network, is a discrete program that changes your geo-location and reroutes your entire internet traffic through servers run by the VPN provider.
  • Proxy: A proxy server is a browser extension that changes your IP address to unblock geo-restricted web pages, but doesn’t offer the extra protection of a VPN.

The main difference between a proxy and VPN is that a proxy server only changes your IP address and doesn’t encrypt your web activities. Secondly, unlike a VPN, a proxy only redirects traffic within the browser. Data from other applications connected to the internet won’t be routed through the proxy.

Spam vs. Phishing vs. Spoofing

Spam, phishing, and spoofing are social engineering tactics used to lure users into revealing personal information.

  • Spam: Spam is any unwanted junk emails, instant messages, or social media messages sent out to a wholesale recipient list. Spam is usually sent for commercial purposes and can be damaging if you open or respond to it.
  • Phishing: Phishing is an unsolicited email designed to harm users by obtaining personal information like usernames, passwords, and even bank details. A phishing email looks like it comes from a legitimate source, but is intended to trick users into clicking on a link containing malware.
  • Spoofing: Spoofing is a subset of phishing attacks in which the attacker impersonates an individual or organization with the intent to gain personal and business information.

Phishing aims to gain personal information by convincing users to provide it directly while spoofing disguises an identity to steal information. The two are closely paired as both involve a level of misrepresentation and masquerading.

Better Understanding, Better Protection

Cybersecurity terminologies and concepts evolve almost as rapidly as memes on the internet. A lot of these terms sound similar but mean something different when you dig a little deeper.

Learning the key terms and their differences will help you better understand and effectively communicate your cybersecurity needs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from makeuseof.com SOURCE

Remote work is becoming the new standard. Even employees who initially missed being in the office are loving working from home. It gives them a break from noisy open floor plan office spaces and offers much more personal freedom. This begs the question: is remote work more efficient than physically being in an office?

According to the studies cited below, remote work is a more productive environment for employees and could improve productivity of an organization in other ways too. For example, it gives organizations access to a wider pool of talent, allowing them to utilize experts from all over the world.

Why is Remote Work More Efficient?

In the past, employees had to get up in the morning an hour and a half before going to work. Now, they can simply get out of bed, have breakfast, and still make it in time for the morning kick-off virtual meeting. Cutting two hours of prep and traffic time per day improves the mood and happiness of workers.

With a 45-minute commute one way, the hours spent in traffic alone add up to more than 25 hours of saved time per month.

The second thing that lowers productivity aside from distractions is an overbearing or intimidating boss. According to Stress.org, 35% of the workers reported that the biggest stress factor in an office environment is communicating with a boss or a leadership figure. Meeting on web-based video conferencing platforms has the effect of leveling the playing field. Plus, it can reduce the stress over an in-person meeting. None of the power dynamics are available to the boss, like standing while you sit. Or potentially the office furniture layout puts you at a disadvantage. In fact, by giving the boss the same challenges with microphones, cameras, and other technology, everyone in the conversation has more equal standing.

Remote Work Requires Organization

A common pushback on remote work often comes from micromanagers who feel more confident if they can closely oversee employees. And to be sure, some employees do not perform well in self-directed circumstances. Smart organizations will focus on helping employees be more productive without direct supervision, or by improving online supervision techniques by utilizing new technologies for secure video conferencing and always-on meeting tools. Because the alternative of bringing them back to an office is likely to become harder as time passes and remote work becomes more entrenched.

For more effective strategies working from home, you need more personal organization. In an office, there are structural elements that help organize your day and your workspace. At home, things that are common in an office are just not there.

Organizations that can identify those who are not as well suited to remote work, and help them with structure and clear expectations, will be more effective than those who ignore the problem.

Remote Employees Are Happier

While some companies are trying to drive people back into the office because ‘it’s always been done this way,’ others are trying to make an educated decision.

study by Tracking Happiness concluded that working remotely or hybrid increases employee satisfaction and happiness by more than 20%. The survey was taken by more than 13,000 participants from Asia, North America, and Europe.

According to the surveyed people:

  • Having an office-based work environment will make them less happy
  • They want hybrid or remote work to be the norm
  • Commute time plays a big role in dissatisfaction with office work
  • Having to spend lunch breaks at or near the office is a negative
  • Millennials prefer to work only from home

Remote Work Has a Better ROI

Not only are people more productive at home, but with them working off-site, companies have lower office expenses. This has led to a paradigm shift in how companies think about employee training and collaboration. In the past, companies planned off-site training and sent their on-site employees to a local hotel, conference center, or specialized collaboration space to ‘get away’ from the office distractions for important training or planning sessions.

What if most of your employees are already off-site remote workers? What do you do with your office space that is underutilized now? You can turn your off-site meetings into on-site meetings at your office and eliminate the expense of third-party meeting spaces. Utilize the space you have with periodic on-site collaboration and training sessions for your remote workers.

There is still a need for office space, but how it will be utilized in the future is still unclear. In the next few years, as building leases begin to expire, the full impact of this reduced office expense will be known.

Final Words

Remote work is more productive and efficient. Plus, it leads to a happier lifestyle for employees. The ROI of hybrid workers is much higher than office workers since it comes with lower costs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from SmallBiz Technology SOURCE