,

Businesses are still risking plenty when it comes to remote working

Many businesses still haven’t figured out secure remote working

It’s been more than two years since the pandemic forced much of the world into lockdown, with many companies thrown into a remote working environment.

But new research has shown the majority still haven’t figured out how to keep their workforce secure as they work from their kitchens, local libraries, coffee shops, and airports.

A survey of 3,000 IT staff and other employees conducted by TechRadar Pro, in partnership with Perimeter 81, shows that more than three-quarters of businesses have at lease some remote employees.

Their responses to questions around intended spending for 2022-23, however, revealed that many still do not have the necessary protections in place; 10% will look to implement some form of access management, while 9% will prioritise VPN and zero-trust solutions, respectively.

Further, just half (50%) of firms have a cloud-based cybersecurity solution in place, with an additional 15% saying they are currently exploring their options.

VPNs and firewalls reign supreme

Ever since the pandemic, the number of cyber-incidents, data breaches, business email compromise attacks, and ransomware attacks has spiked, bringing with them billions of dollars in damages.

Cybersecurity researchers argue that many employees who were forced into a remote working environment weren’t prepared, and ended up compromising their corporate networks with malware-laden home devices running no antivirus solutions, password sharing, and falling victim to phishing and other social engineering attacks.

However, now more than two years since the transition, it should be expected that businesses hold up their end of the bargain too, putting in place the necessary services to protect against threats.

The data shows that companies are performing strongly when it comes to a web security (more than two-thirds have either web or malware filtering solutions set up). Cybersecurity solutions like VPNs and firewalls have also seen relatively high levels of adoption.

But the survey data also serves to highlight the number of businesses that remain at risk, when the inevitable occurs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
, ,

Common Cybersecurity Terms That Are Often Confused

The jargon around cybersecurity is cryptic and confusing, which is exactly what criminals want. But understanding these terms can help you keep safe.

The cyberspace is filled with terms that either look the same, sound the same, or mean the same (but are not identical).

Knowing the difference between these similar terms can be tricky, especially when you’ve to keep up with all the common terminologies and principles used in the security domain. Add to it the constant innovation and change happening within cybersecurity, and you’ve got a whole set of complex terms that you need to understand and constantly learn about.

So, here are some similar security terms that are often confused and misused.

Security vs. Privacy

Online security and privacy go hand-in-hand. They are used interchangeably during discussions because they sometimes overlap in today’s connected world.

But there are some key differences between the terms when used in the cybersecurity context.

  • Security: Security refers to the protection of your personal information from malicious threats. It can include any information that can be used to determine your identity.
  • Privacy: Privacy refers to the rights or control you have on your information and the way it’s used.

While security is concerned with preventing unauthorized access to data, privacy focuses on ensuring that personal information is collected, processed, and transmitted compliantly and with the owner’s consent. In simple terms, security protects your data while privacy protects your identity.

To achieve security and privacy, organizations use tools and techniques such as firewalls, encryption protocols, network limitations, and different authentication and authorization techniques.

Authentication vs. Authorization

Authentication and authorization are similar-sounding security concepts within the scope of user identity and access management. Here’s how the two differ.

  • Authentication: User authentication is the process of verifying that users are who they claim to be. It relates to identifying users’ identity.
  • Authorization: Authorization is an act of establishing a user’s rights and privileges. It verifies what specific files, applications, and resources a user has access to.

Authentication is achieved using passwords, PINs, fingerprints, facial recognition, or other forms of biometric information. It’s visible and can be partially changed by the user.

Authorization, on the other hand, works through access management settings implemented and maintained by an organization. They aren’t visible and can’t be changed by the end user.

In a secure environment, authorization always takes place after user authentication. Once a user is verified, they can access different resources based on the permissions set by the organization.

Data Breach vs. Identity Theft

It’s easy to get confused between a data breach and identity theft, as the two are closely connected. The threat for users and the outcome is the same either way; that is, sensitive information is compromised. But there are some differences.

  • Data Breach: A data breach refers to a security incident where confidential data is accessed without authorization of the owner.
  • Identity Theft: When a cybercriminal uses your personal information, such as ID or social security number, without your permission, it constitutes an identity theft.

A data breach occurs when a cybercriminal hacks into a system you’ve entrusted with your information or a company that has your personal information anyway. Once a breach occurs, criminals can use your private information to open an account or commit financial fraud in your name.

The main difference between a data breach and theft is in terms of the damage caused by the incidents. The implications of a breach are usually far more damning compared to an identity theft. According to a report by the US Securities and Exchange Commission, 60 percent of small businesses don’t survive a breach.

However, the damages caused by identity theft can be highly consequential too. The impact of misusing identity go beyond forged checks, fake credit cards, and insurance frauds, and can even endanger national security.

Encryption vs. Encoding vs. Hashing

Encryption, encoding, and hashing are data security terms often used interchangeably and incorrectly. There’s a lot of difference between these terms and it’s important to know these differences.

  • Encryption: It’s a process used to convert readable data, also called plain text, into unreadable data, called cipher text. The data can only be decrypted back to plain text using the appropriate encryption key.
  • Encoding: Encoding is a process in which data is changed from one format to another using an algorithm. The aim is to transform data into a form that is readable by most of the systems.
  • Hashing: Hashing is an irreversible cryptographic process used to convert input data of any length into a fixed size string of text using a mathematical function.

This means that any text can be converted into an array of letters and numbers through an algorithm. The data to be hashed is called input, the algorithm used in the process is called a hash function, and the result is a hash value.

Encryption, encoding, and hashing differ in terms of functionality and purpose. While encryption is meant to ensure confidentiality, encoding focuses on data usability. Hashing, on the other hand, ensures authenticity by verifying that a piece of data hasn’t been altered.

VPN vs. Proxy

VPNs and proxies are both used to change your online location and stay private. They have some overlap, but the differences are quite apparent.

  • VPN: A VPN, short for Virtual Private Network, is a discrete program that changes your geo-location and reroutes your entire internet traffic through servers run by the VPN provider.
  • Proxy: A proxy server is a browser extension that changes your IP address to unblock geo-restricted web pages, but doesn’t offer the extra protection of a VPN.

The main difference between a proxy and VPN is that a proxy server only changes your IP address and doesn’t encrypt your web activities. Secondly, unlike a VPN, a proxy only redirects traffic within the browser. Data from other applications connected to the internet won’t be routed through the proxy.

Spam vs. Phishing vs. Spoofing

Spam, phishing, and spoofing are social engineering tactics used to lure users into revealing personal information.

  • Spam: Spam is any unwanted junk emails, instant messages, or social media messages sent out to a wholesale recipient list. Spam is usually sent for commercial purposes and can be damaging if you open or respond to it.
  • Phishing: Phishing is an unsolicited email designed to harm users by obtaining personal information like usernames, passwords, and even bank details. A phishing email looks like it comes from a legitimate source, but is intended to trick users into clicking on a link containing malware.
  • Spoofing: Spoofing is a subset of phishing attacks in which the attacker impersonates an individual or organization with the intent to gain personal and business information.

Phishing aims to gain personal information by convincing users to provide it directly while spoofing disguises an identity to steal information. The two are closely paired as both involve a level of misrepresentation and masquerading.

Better Understanding, Better Protection

Cybersecurity terminologies and concepts evolve almost as rapidly as memes on the internet. A lot of these terms sound similar but mean something different when you dig a little deeper.

Learning the key terms and their differences will help you better understand and effectively communicate your cybersecurity needs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from makeuseof.com SOURCE

/by
,

Is Remote Work More Efficient Than In-Person?

Remote work is becoming the new standard. Even employees who initially missed being in the office are loving working from home. It gives them a break from noisy open floor plan office spaces and offers much more personal freedom. This begs the question: is remote work more efficient than physically being in an office?

According to the studies cited below, remote work is a more productive environment for employees and could improve productivity of an organization in other ways too. For example, it gives organizations access to a wider pool of talent, allowing them to utilize experts from all over the world.

Why is Remote Work More Efficient?

In the past, employees had to get up in the morning an hour and a half before going to work. Now, they can simply get out of bed, have breakfast, and still make it in time for the morning kick-off virtual meeting. Cutting two hours of prep and traffic time per day improves the mood and happiness of workers.

With a 45-minute commute one way, the hours spent in traffic alone add up to more than 25 hours of saved time per month.

The second thing that lowers productivity aside from distractions is an overbearing or intimidating boss. According to Stress.org, 35% of the workers reported that the biggest stress factor in an office environment is communicating with a boss or a leadership figure. Meeting on web-based video conferencing platforms has the effect of leveling the playing field. Plus, it can reduce the stress over an in-person meeting. None of the power dynamics are available to the boss, like standing while you sit. Or potentially the office furniture layout puts you at a disadvantage. In fact, by giving the boss the same challenges with microphones, cameras, and other technology, everyone in the conversation has more equal standing.

Remote Work Requires Organization

A common pushback on remote work often comes from micromanagers who feel more confident if they can closely oversee employees. And to be sure, some employees do not perform well in self-directed circumstances. Smart organizations will focus on helping employees be more productive without direct supervision, or by improving online supervision techniques by utilizing new technologies for secure video conferencing and always-on meeting tools. Because the alternative of bringing them back to an office is likely to become harder as time passes and remote work becomes more entrenched.

For more effective strategies working from home, you need more personal organization. In an office, there are structural elements that help organize your day and your workspace. At home, things that are common in an office are just not there.

Organizations that can identify those who are not as well suited to remote work, and help them with structure and clear expectations, will be more effective than those who ignore the problem.

Remote Employees Are Happier

While some companies are trying to drive people back into the office because ‘it’s always been done this way,’ others are trying to make an educated decision.

study by Tracking Happiness concluded that working remotely or hybrid increases employee satisfaction and happiness by more than 20%. The survey was taken by more than 13,000 participants from Asia, North America, and Europe.

According to the surveyed people:

  • Having an office-based work environment will make them less happy
  • They want hybrid or remote work to be the norm
  • Commute time plays a big role in dissatisfaction with office work
  • Having to spend lunch breaks at or near the office is a negative
  • Millennials prefer to work only from home

Remote Work Has a Better ROI

Not only are people more productive at home, but with them working off-site, companies have lower office expenses. This has led to a paradigm shift in how companies think about employee training and collaboration. In the past, companies planned off-site training and sent their on-site employees to a local hotel, conference center, or specialized collaboration space to ‘get away’ from the office distractions for important training or planning sessions.

What if most of your employees are already off-site remote workers? What do you do with your office space that is underutilized now? You can turn your off-site meetings into on-site meetings at your office and eliminate the expense of third-party meeting spaces. Utilize the space you have with periodic on-site collaboration and training sessions for your remote workers.

There is still a need for office space, but how it will be utilized in the future is still unclear. In the next few years, as building leases begin to expire, the full impact of this reduced office expense will be known.

Final Words

Remote work is more productive and efficient. Plus, it leads to a happier lifestyle for employees. The ROI of hybrid workers is much higher than office workers since it comes with lower costs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from SmallBiz Technology SOURCE

/by
,

How to spot ‘spear phishing’, an insidious cybercrime trend

True story: At a company I once worked for, employees received an email about an unexpected bonus. In private Slack channels, we wondered whether it was a well-played phishing attempt. Turns out, the bonus was legit, but so was our inclination to question it. Phishing—when cybercriminals pose as legitimate institutions to get info or money from you—is the origin of up to 90 percent of breaches and hacking incidents, says Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security in Alabama.

These cyber bad guys have even taken it to the next level with “spear phishing,” a practice of sending emails that appear to be from someone you personally know. “This happened to me once and it was a humbling experience,” says Adam Doupé, director of the Center for Cybersecurity and Digital Forensics at Arizona State University in Tempe. Turns out, the email seemed to be coming from a colleague, and Doupé was boarding a plane when he got it so he wasn’t as careful as he would normally be. “I ended up replying with my cell phone number,” recalls Doupé. “When the phisher responded with a request to send gift cards, the alarm bells went off.”

Knowing that a cybersecurity expert got played, an average person has to be hypervigilant. But could you be missing out on legit offers and emails because you’re being too cautious? Your first line of defense: install a protection software (like Malwarebytes). This sort of protection that lives on your computer, coupled with our expert tips below, will stop phishers in their tracks.

3 Ways To Tell If It’s Phishing Or Not

Experts say there are a few things you can do if you’re unsure whether an email is a phishing attempt.

1. Check the email address carefully.

Hover your cursor over the full email—not just the sender’s name—to see if anything looks off. “For instance, instead of .com, the address may contain .ru,” says Cilluffo. (.Ru indicates that it’s from a Russian server.) Compare the address on a recent email to one that you’ve responded to previously.

2. Call or text the person you think may have sent the email.

Ever receive an email from a friend or colleague and it seems off? Maybe it’s much briefer than usual or perhaps they addressed you by your full name rather than a nickname. Trust your gut, and don’t respond or click on any links or attachments until you’ve verified the email. While it truly may just be a link to their kids’ fundraiser, it could be the work of a cyber criminal trying to get you to download malware—aka malicious software.

3. Verify through an independent news source.

Sometimes you may receive an email about an important recall notice or info about a class-action lawsuit. Search on a trustworthy news site whether the link contained in your email appears in any news articles, suggests Doupé.

Bottom line?

Cyber criminals are getting more and more creative at making their phishing attempts appear legitimate. Go with your gut, slow down to verify the validity of messages you receive and install a protection software (like Malwarebytes) to stop phishers before they start.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from yahoo.com SOURCE

/by
,

Ransomware: Don’t Become a Small Business Cybercrime Victim

Be on guard against ransomware. Small businesses can fall victim to cybercrime even though many owners don’t think they are likely targets.

A little legal practice, a 35-person manufacturing firm, and a two-person charitable organization are all examples of technology-driven businesses. As much as any brand-name financial institution or international shop, their core operations depend on operating systems, software applications, and networks. And they have all been victims of ransomware.

However, small and medium-sized businesses (SMEs) may be severely harmed, unlike large corporations, which are more likely to withstand a high-profile cyberattack.

A problem? Yes, but perhaps not as big as you think.

SMEs pay a high price for business disruption. They pay a high price for remediation and data recovery. They may lack the expertise and workforce to secure their essential IT infrastructure from cybercrime.

Enormous Ransoms for Small Businesses

According to NetDiligence’s Cyber Claims Study 2021 Report, ransomware has accounted for 40% of overall incident expenses connected to cyber claims in the last five years.

That is to say, the average ransom demand in 2020 was $247,000.

Research has estimated the cost of recovering from a cybersecurity breach affecting a small business to be roughly $352,000. These expenses do not account for the loss of client confidence due to the misuse of sensitive data.

Criminals know that small firms have weak or non-existent cybersecurity systems. As a result, they target them in large numbers, sending out repeated phishing attempts in the hopes of capturing a few victims in their automated nets.

Google has sent out 50,000 phishing or malware attack alerts as of October 2021, up 33% over the same month in 2020.

Since the Covid-19 epidemic, work-from-home and work-from-anywhere technologies have become more popular, exposing workers and small company systems to cyberattacks. According to one survey, approximately 70% of full-time workers in the United States started working from home during the Covid-19 epidemic.

Unfortunately, some small businesses infrequently take efforts to secure their remote employees. These efforts include implementing two-factor authentication (an additional login step) or encrypting computer disks. During the epidemic, millions of people lost their employment. Have they lost access to all of their email accounts and logins? Probably not.

Vulnerabilities in Small Businesses and Cybersecurity

Why are tiny firms such prey to predators? They could not have the operational know-how or staff to appropriately defend their IT systems and networks.

Meanwhile, here are a few examples of circumstances that put small companies at risk:

  • IT infrastructures are often outdated, are not regularly updated, and are poorly constructed.
  • The person in charge of IT — whether the CFO, the CEO, or a random employee — is seldom updated on the newest security risks and solutions.
  • Given the average pay of roughly $165,000, hiring a chief information security officer is often unaffordable.
  • A jumble of local hardware, networks, devices, and apps may make cyber protection difficult.
  • Employee cyber awareness training is poor or non-existent.
  • Backups may be unreliable or have not been thoroughly tested.
  • Business continuity and disaster recovery planning have not been emphasized.

Company executives may mistakenly believe that they are too tiny to be a cybercrime target, to their detriment.

Getting a Head Start On a Tough Situation

You don’t need any new gear or antivirus software to start boosting your company’s cyber security image.

Begin by taking a detailed inventory of your physical and digital assets, as well as a vulnerability assessment. It’s critical to create a “data governance” document that establishes guidelines for data management. People still record passwords on Post-it Notes on computer displays or taped on the bottom of mouse pads in small workplaces. Thus this technique is essential.

Above all, cybersecurity awareness training for employees is also necessary.

Phishing or other efforts at social engineering or getting individuals into vulnerable networks are a vital security threat vector for the ransomware outbreak. According to IBM’s 2021 X-Force Threat Intelligence Index, phishing was responsible for one-third of all cyberattacks. Ascertain that your personnel knows what to look for in these circumstances.

For example, penetration testing is another technique to go ahead with.

“Pen testing” ensures that your security measures are effective. Therefore, few small firms, in all experience, have the competence to undertake penetration testing. Therefore you may wish to hire an expert.

Finally, some experts recommend that every company establish real-time network and server monitoring. While strong passwords, two-factor authentication, encrypted data, and network firewalls are necessary and will slow down attackers, complete protection is neither cost-effective nor practicable.

Taking efforts to mitigate the potentially catastrophic effects of a cyberattack may be well worth the expense for small companies.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from smallbusinesstechnology.com SOURCE

/by

Pros and cons of monitoring employees’ online activities

When people think of monitoring employees’ online activities, they typically imagine tyrannical bosses who want to make sure their subordinates are working during their shift. However, there is much more to monitoring their activities than that — doing so can actually help increase productivity and protect the business in the process. Find out the pros and cons of monitoring your employees’ online behavior by reading this blog.

The case for monitoring

Monitoring your employees’ activities on company devices can be beneficial, as it helps:

  • Protect your organization from data theft or harm since careless or disgruntled employees may leak or steal your data.
  • Ensure members of your staff comply with policies such as not downloading illegal programs or visiting websites with illegal or hostile content.
  • Provide evidence in case of a lawsuit should an employee participate in illegal activities using your business’s computers.

Arguments against employee monitoring

Of course, you should also be aware of the potential downsides to monitoring. These include:

  • Reduced productivity, as monitoring can put a damper on employee morale and the perceived distrust may make your employees less driven to perform well.
  • Privacy or discrimination issues that may stem from you being privy to personal details about your employees that you would’ve never known about had you not monitored them. For example, you may discover their political or religious views, sexual orientation, or medical problems. This subjects your business to potential privacy or discrimination issues if you or your management team acts negatively based on any of this information.

Monitoring guidelines to follow

If you decide to monitor your employees, here are a few tips you should follow.

1. Create written policies
When you monitor your employees, ask yourself, “Am I doing this for security purposes? Is it to ensure my employees aren’t wasting time on games or social media?” Monitoring policies that are too strict could create an atmosphere of distrust.

Set guidelines for acceptable use of email and social media, web browsing, instant messaging, and downloading software and apps. Also, make sure to include how monitoring will be carried out and how data will be used, secured, and destroyed.

2. Inform your employees
It’s important to inform your employees about the scope of your monitoring policies. If they find out you’re doing it secretly, you could face legal issues.

Explain to your employees why you’re monitoring them and the risks your business faces from misuse of digital assets. Reassure them you’re not doing it to spy on their personal lives, but to create a compliant and law-abiding workplace. Because their activities will now be less private, encourage your staff to use their smartphones for personal matters. Also, provide your employees with a copy of your written policy for them to read and sign.

If implemented correctly, employee monitoring makes your business more secure and productive. For more information about security and other IT support tools, get in touch with us today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by
, ,

What’s New in Cybersecurity for the New Year?

We’re all aware of the dangers posed by cybersecurity threats. Without exception, we all want to protect ourselves. Not all of us know how.

There are those who wish to take advantage of any and every vulnerability. However, according to a recent survey of business owners and independent insurance agents in the United States, many businesses are simply not taking the necessary steps to protect themselves and their assets.

This is bad news. It should give all SMB participants nightmares. Because a breach in one company can lead to a domino effect. More companies can fall within a matter of hours.

Some also seem to be attempting to persuade themselves that they are invulnerable, even though they are aware that they should be doing more.

The news has been full of small business technology and security trends this year. Following cybersecurity industry trends, knowing how hackers infiltrate networks, and taking the necessary safeguards to keep them out are important parts of defending your organization.

The following are the top cybersecurity trends to watch in the New Year.

1. Implementation of multi-factor authentication.

Multi-factor authentication is a method in which users must authenticate their identity by using two or more different devices at the same time.

Example: When trying to log into a program, users may input their password on their computer’s browser and then get a code on their cellphone, which they must enter on the computer once more to be successful. It increases the security of logins by certifying that the user is who they claim to be in at least two locations.

Businesses may utilize a variety of third-party programs. To incorporate multi-factor authentication into their systems. If you market to clients who use applications such as Facebook, Robinhood, and Netflix, you may discover that they are already acquainted with the process. This is because prominent apps such as these already employ the method.

While many firms still consider multi-factor authentication to be optional, others are using multi-factor authentication systems as an extra layer of protection against a cyber attack.

2. Increased cyber-threats to remote employees as a result of technological business advancements.

In the opinion of cyber security experts, the transition to remote or hybrid work that has been prompted by COVID-19 has placed workers at greater risk of cybersecurity attacks.

In addition, when individuals bring their personal networks and devices into the workplace, they become more vulnerable to phishing emails and ransomware assaults. Their preparation is lacking. They don’t have the security protections that a company would put in place on its internal systems.

Your workers will benefit from having better security measures installed on their cloud-based apps, home devices, and home networks if you provide them with tools and training.

Find out more about the best practices for cybersecurity training. Consult in-house or get a professional consultant. Don’t rely on your Uncle Fred or some online website!

3. Attacks against cloud-based computing business services.

According to a survey by Northeastern University, cloud-based computing services have grown in popularity in recent years, and businesses are using them more than ever across a growing number of international employees.

They make it simple for workers to access the resources they need to be successful from any location, and they are both accessible and reasonably priced to host and maintain. The downside is that they are a great target for cyber-attacks, as well.

As a precaution, make sure that your cloud-based systems are up to date. You should also run breach and attack simulations to identify any security system flaws.

4. Simulation of a breach and an assault.

When there is illegal tampering with your technological systems, this is referred to as a cybersecurity breach.

Test your system frequently with BAS. These breach and attack simulations (BAS) are crucial. Even for the smallest business. They help you discover the most vulnerable parts of your cyberinfrastructure. Once discovered, they can be quickly strengthened.

Implementing BAS may assist you in identifying and eliminating vulnerabilities in a timely manner.

Learn more about the ramifications of a data breach on your company. Do some simulations at the beginning of the New Year.

5. Managing the use of technology and gadgets.

For the purposes of this definition, the Internet of Things (IoT) is a structure of physical things. These devices contain sensors, automation, and other software technology in order to communicate and exchange data with other devices and systems through the internet.

The term encompasses anything from linked equipment on the factory floor to smart home items and automation technologies. It’s swiftly encircling us and shows no signs of slowing down any time soon.

Begin to incorporate artificial intelligence and smart technology into your organization. Develop an enterprise-wide plan to detect and manage every connected machine.

This is critical to maintaining the security of your network and data. Don’t put off the hard work, because the payoff can be significant.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from smallbusinesstechnology.com SOURCE

/by