Breaking Bad Habits

4 Ways Your Employees Are Putting Your Business At Risk Of Cyber-Attack

A couple years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

Your employees are instrumental when it comes to protecting your business from cyberthreats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are four ways your employees might be endangering your business and themselves — and what you can do about it.

1. They’re Not Practicing Safe And Secure Web Browsing. One of the most basic rules of the Internet is to not click on anything that looks suspicious. These days, however, it can be harder to tell what’s safe and what isn’t.

A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “http” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.

Another way to practice safe web browsing is to avoid clicking on ads or by using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.

2. They’re Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Or, worse yet, all of the above.

Cybercriminals love it when people get lazy with their passwords. If you use the same password over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!

To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords. It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it. One more thing: the “tedious” argument really doesn’t hold much water either, thanks to password managers like 1Password and LastPass that make it easy to create new passwords and manage them across all apps and accounts.

3. They’re Not Using Secure Connections. This is especially relevant for remote workers, but it’s something every employee should be aware of. You can find WiFi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.

And unless your employee is using company-issued hardware, you have no idea what their endpoint security situation is. It’s one risk after another, and it’s all unnecessary. The best policy is to prohibit employees from connecting to unsecured networks (like public WiFi) with company property.

Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! You want to put up as many gates between your business interests and the outside digital world as you can.

4. They’re Not Aware Of Current Threats. How educated is your team about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.

If an employee opens an e-mail they shouldn’t or clicks a “bad” link, it can compromise your entire business. You could end up the victim of data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens every day to businesses around the world – and hackers are relentless. They will use your own employees against you, if given the chance.

Your best move is to get your team trained up and educated about current threats facing your business. Working with a managed service provider or partnering with an IT services firm is an excellent way to accomplish this and to avoid everything we’ve talked about in this article. Education is a powerful tool and, when used right, it can protect your business and your employees.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

cloud data protection

Data breaches are a common occurrence in today’s business environment. While many businesses have turned to cloud applications for better productivity, scalability, and savings, some business owners worry that the cloud is more vulnerable to data breaches than an on-premises data center. The truth is that any computing environment is vulnerable if you don’t take steps to prevent a data security breach. Here are simple steps to protect your data in the cloud.

Know your cloud apps:

Get a comprehensive view of the specific threats that business apps pose. Ask questions like: Which ones render you more or less prone to a breach? Does an app encrypt data stored on the service? Does it separate your data from that of others to limit exposure when another tenant has a breach?

Migrate users to high-quality apps:

Cloud-switching costs are low, which means that you can always switch to another application that best suits your needs. Take the time to consult with your vendor before switching to another app to make sure the new app is secure and compatible with your systems. Now more than ever, you have choices.

Find out where your data is going:

Take a look at your data in the cloud. Review uploads, downloads, and data at rest in apps to determine whether you have potential personally identifiable information (PII), or whether you simply have unencrypted confidential data. If you do have PII stored in the cloud, you need to make sure there are additional layers of security measures in place such as encryption. This is to avoid violating compliance regulations and paying hefty fines.

Look at user activities:

It’s important to understand not only what apps you use but also how these apps use your data. Determine what apps employees are using to share content and whether such apps have a sharing functionality. Knowing who’s sharing what and with whom will help you understand what policies to best employ.

Mitigate risk through granular policy:

Start with your business-critical apps and enforce policies that matter to your organization in the context of a breach. For example, block the upload of information covered by certain privacy acts, block the download of PII from HR apps, or temporarily block access to vulnerable apps.

The key to preventing a data security breach in the cloud lies in careful attention to your cloud applications and user activity. Analyzing your apps and looking into user activities might be time-consuming, but minimizing cloud and data security breaches makes this task worthwhile. Looking to learn more about today’s security? Contact us and let us manage and minimize your risks.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Businesses rely heavily on data for their daily operations. They use it for everything, from building client relationships to developing marketing strategies and so much more. But without data backups, businesses risk losing data in case of a disaster. Every business owner must develop a robust backup plan for their business, which includes implementing any or all of the following solutions.

USB flash drives

USB flash drives are data storage devices that include flash memory with an integrated USB interface. These devices are not just inexpensive and portable, but they can also be used to back up data from several computers.

However, USB flash drives are easy to misplace, which is why they’re not suitable for long-term data storage. They are better used as intermediate backups.

External hard drives

External hard drives are portable hard drives that can be connected to a computer through a USB port. These devices have the lowest cost per gigabyte compared to other backup devices and boast quick transfer rates, allowing users to back up a large amount of data within seconds.

One of the drawbacks of using external hard drives is that you’ll need to update your backups regularly to include new files. There’s also the risk of the device being misused or stolen. For example, an employee might use the drive for storing personal files or take it with them when they quit.

Network-attached storage (NAS)

NAS is a dedicated server for storing data, and it can also be used as an email server. It has its own IP address and can operate either wired or wirelessly. NAS also offers data redundancyㅡ it generates a backup of your backups, ensuring that your files are fully protected.

On the downside, NAS can’t be scaled beyond system limits. This means that you have to purchase additional hard drive bays if you need more capacity. NAS is also vulnerable to malware, and you have to configure it a certain way to keep it protected.

Cloud storage

Cloud storage is becoming increasingly popular among businesses because of its many benefits. For one, it allows users to access their data from anywhere using any internet-connected device. It also enables businesses to pay for only the resources they use. Lastly, cloud service providers (CSPs) handle the installation, management, and maintenance processes themselves, allowing you to focus on more important business matters.

However, some CSPs don’t implement sufficient security measures on their systems, potentially exposing data to cyberthreats. This makes cloud storage an unsuitable solution for medical practices, law firms, and other organizations that handle sensitive data. To use the cloud, businesses in these sectors must find a service provider that implements top-of-the-line cybersecurity protocols and specializes in data regulations compliance.

Choosing the best backup solution has far-reaching impacts on your business. Each method or device has trade-offs, which is why you need to select the one best suited to your business’s needs. Enlist the help of our experts to ensure you make the right choice.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

As businesses have become more reliant on technology, they’ve also become a prime target of cybercriminals. If you want to protect your organization from cyberattacks, make sure your cybersecurity system doesn’t have the following flaws.

Open wireless networks

With just one main internet line and a couple of wireless routers, an entire office can get online. A wireless internet connection saves money, but there’s a risk that it might be unsecure.

It’s not enough to plug in a wireless router and create a basic network to secure your wireless network. If you have an open network, anyone within range can connect. With simple tools and technical know-how, cybercriminals can capture incoming and outgoing data, and even attack the network and any device connected to it.

Ensure that all wireless networks in the office are secured with strong passwords. Some service providers that install hardware when setting up networks will often just use an easy-to-guess password for the router. Change this password immediately to minimize the risk of unauthorized users gaining access to your network.

Unsecure email

Most companies that have implemented a new email system in the past couple of years are most likely secure. This is especially true if they use cloud-based platforms or well-known email systems like Exchange, which offer enhanced security and scanning.

The businesses that are at risk are those using older systems like Post Office Protocol, or systems that don’t encrypt passwords (also known as “clear passwords”). If your system doesn’t support encryption, anyone with the right tools can compromise your systems and data.

Unsecure mobile devices

Mobile devices help you stay connected and productive while out of the office. However, if you use your tablet or smartphone to connect to office systems without proper security measures in place, you run the risk of compromising your networks.

Imagine you have linked your work email to your smartphone but don’t have a password enabled. If the device goes missing, anyone who picks it up can have access to your email and your sensitive information. The same applies if you install a malicious mobile app. If you use this same device to connect to your company’s network, the malware will spread across your systems and disrupt your business operations.

Ensure that employee devices have adequate security, such as passcodes, and your company has sufficient security policies in place to regulate their use. Lastly, implement mobile device management solutions to prevent employee devices from being a security risk to your network.

Anti-malware software that isn’t properly maintained

Anti-malware software needs to be properly installed and maintained if they are going to stand a chance of keeping your systems secure.

If your anti-malware scans are scheduled during business hours, some employees may just turn the scanner off because it slows down their computers. This makes your systems vulnerable to malware.

The same goes for not updating your anti-malware software regularly. Updates are important for anti-malware applications because they implement new databases that contain recently discovered threats and fixes.

Lack of firewalls

A firewall is a security tool that filters network traffic and protects data from being accessed from outside the network. While many modems or routers include firewalls, they are often not powerful enough for business use.

Get a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like a managed IT services provider for them to be most effective.

How do I ensure proper business security?

The best way to secure business systems and networks is to work with an IT partner like us. Our managed services can help you set up cybersecurity measures and ensure that they are managed properly. Tech peace of mind means you can focus on growing your business. Contact us today to learn more.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Windows 10 backup

Business owners are becoming more aware of the damaging effects of data loss. Companies now realize that without safe and reliable data backup, important business information can fall into the wrong hands or be lost forever. Fortunately, Windows 10 offers easy-to-use tools like File History and OneDrive.

File History in Windows 10

Serving as the main backup utility, File History enables users to regularly schedule backing up of files on their PC and store them on an external drive. That means you can connect your PC to a network or USB drive and make backups as needed.

However, be sure to regularly connect the external drive if you intend to use File History for backups. Otherwise, Windows will prompt you that your files have not been backed up every day. You can ignore this warning at your own risk. If you back up to a mapped network that is unavailable, File History will commence backup in the local disk until the network drive becomes available.

Setting up File History

Anyone can set up File History. After all, it was designed to make data backup and recovery easy for users. By default, File History backs up the main file folders, but you may also pick which folders you want to back up and bring in folders from other parts of the PC to do this.

From the Start menu, click on Settings > Update & Security > Backup.

Once in Backup, you can connect to an external drive. Click on Add a drive to see a list of external hard drives hooked up to your PC and choose one.

When you return to the Backup section, you will see that the Add a drive option has changed to Automatically back up my files (by default). This allows backups to be created at periodic intervals, which you can set to anywhere from every 10 minutes to once a day (the default option is once every hour). You may also set how long to keep the backups.

Restoring files that have already been backed up is just as easy as setting up backups. Simply type “File History” in the search bar. Then, you will see the “Restore your files with File History” folder. Selecting this opens a new window showing the folders backed up onto your external drives.

Setting up OneDrive backup option

If you have access to a network drive or the cloud, back up to it instead of locally. One such cloud option is OneDrive. You can prompt OneDrive to automatically back up your files. Just click on the cloud icon in the Windows notification area, then select More > Settings > Backup > Manage backup.

Not only will selected folders sync in OneDrive, but new and existing files will also be backed up to OneDrive, so they can be accessed using other devices in case something happens to your PC.

Making system image backups

A system image is an exact replica of your entire operating system, along with all the programs, settings, and files. If you created a system image backup using the Windows 7 Backup and Restore tool in Windows 7, it will still work in Windows 10.

To use this feature, access the Backup and Restore (Windows 7) option from the Control Panel. Click on Create a system image, choose where to store the backup (i.e., an external hard drive, network drive, or DVD), and which drives or files to back up. You will then be asked to make a system repair disc, which you can use to start a PC and restore the image backup.

Never worry about losing files in Windows 10. For more tips on how to successfully back up and restore data, contact us today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Cybersecurity

It is good to have an IT team and/or a third-party partner like a managed services provider (MSP) that helps keep your company protected against cyberthreats. It is even better to have all stakeholders be involved in preventing data breaches. Here’s how everyone can be proactive when it comes to cybersecurity.

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would spearhead this review a few times a year.

Reevaluate what it is you’re protecting

Once you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what type of data they have access to (regulated, mission-critical, low-importance, etc.), and what services are currently protecting those devices.

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multipronged approach to proactive security.

Proactive measure What it entails
Security awareness seminars for all internal stakeholders Train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness.
Updated anti-malware software or cloud-based service Protect your data and systems against the latest and most menacing malware.
Routine software patches and upgrades Minimize the chances of leaving a backdoor to your network open.
Web filtering services Blacklist dangerous and inappropriate sites for anyone on your network.
Perimeter defenses (e.g., intrusion prevention systems and hardware firewalls) Scrutinize everything trying to sneak its way in through the borders of your network.
Policy of least privilege Limit users’ access only to the data they need to fulfill their tasks.
Data segmentation Rank data according to sensitivity and build micro-perimeters around high-value datasets.
Full-disk encryption Make data stored in computers and portable devices unreadable so that if these machines are stolen, the files they have inside remain secure.
Virtual private networks Make data transmitted across unsecured connections unreadable so that intercepting it would become futile.
Strict access controls Prevent unauthorized access to accounts by using strong passwords, multifactor authentication, and auto screen locks and logouts for idle users.
AI-powered network monitoring Identify suspicious user and software behaviors such as employees accessing files outside their departments.

As soon as you focus on preventing downtime events instead of reacting to them, the productivity and efficiency of your IT infrastructure will increase to levels you’ve never dreamed of. Start your journey to enhanced cybersecurity by giving us a call for a demonstration.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from smallbiztechnology.com  SOURCE

If you think your email is safe from hackers, think again. A lack of sufficient email security protocols can lead to data theft, unauthorized access to sensitive information, and successful malware attacks. Here are some tips to secure your email account from unwanted intruders and the many troubles that come with them.

Use separate email accounts

Most people use a single email account for all their needs. As a result, information from websites, newsletters, shopping deals, and messages from work gets sent to one inbox. But what happens when someone breaks into it? There’s a good chance they could gain access to all the stored information and use them in fraudulent dealings.
Having at least two separate email accounts will not only boost your security, but it will also increase your productivity. You can have a personal account to communicate with your friends and family, and a professional email account solely for work-related tasks.

Set strong passwords

Some email users often overlook the importance of having strong email account passwords. You might be surprised to learn that email passwords like “123456,” “qwerty,” and “password” are still the most common around. For the sake of security, set longer passwords or passphrases that contain a good mix of upper- and lowercase letters, numbers, and special characters. Make sure these passwords are unique to that account to keep all your other password-protected accounts safe.
You should also consider enabling multifactor authentication (MFA). This creates an extra layer of security by requesting for another method to verify your identity, like a fingerprint scan or a temporary activation code sent to your mobile phone.

Beware of email scams

When you see a link in an email, don’t click on it unless you’ve assessed its authenticity. You never know where those links might lead you. Sometimes they are safe, but other times they can infect your computer with malware or send you to a compromised website.
It’s always good to know who the email message is coming from. If you’re expecting a file from your friend or family, then go ahead and open the attachment. However, emails coming from unknown sources or those that have strange account names such as “@amazon6753.com” are most likely to be email scams.
These types of attacks are known as phishing, and they can be remarkably clever. For example, cybercriminals may masquerade as high-profile companies like Amazon, Facebook, or Bank of America to catch their victims off guard. They create emails with a sense of urgency by claiming that there’s an issue with your account and that you should send them information or click on a link to “confirm” your personal details. This link will either install malware on your device or lead you to a fraudulent site.
Even if there was a genuine issue with your account, legitimate companies would never ask something so suspicious over email. If you get these messages, contact the company directly through a verified website or phone number — not the contact details on the email.

Monitor account activity

Periodically watch over your account activity. Make sure to limit access privileges to apps if you want to ensure maximum privacy and security. Also, check for any suspicious activities in your logs, such as unusual devices and IP addresses that have accessed your account. This indicates that hackers may have successfully broken into your account. If this is the case, sign out of all web sessions and change your password as soon as possible.

Encrypt emails and update your software

Email encryption ensures that any message you send won’t be intercepted and viewed by unauthorized users. Meanwhile, installing the latest updates for your anti-malware, firewalls, and email security software filters potential email scams and fixes any vulnerabilities hackers can exploit.
Protecting your email accounts from various threats can be a daunting process, but with the right support, it should be effortless. Talk to us today for all your cybersecurity needs.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from smallbiztechnology.com  SOURCE

The hacker’s message is urgent and aimed directly at you. We’ll teach you how to keep from getting duped.

Everyone has access to something a hacker wants. To get it, hackers might aim a targeted attack right at you. The goal might be stealing customer data that’s useful for identity theft, your company’s intellectual property or even your personal income data. The latter could help hackers steal your tax refund or file for unemployment benefits in your name.

Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. That’s what happened at Twitter in July, where the company says hackers targeted employees on their phones. Spear-phishing attacks also often take place over email. Hackers usually send targets an “urgent” message and include credible-sounding information specific to you, like something that could have come from your own tax return, social media account or credit card bill. These scams aim to override any red flags you might notice about the email with details that make the sender sound legitimate.

Despite corporate training and stern warnings to be careful who you give your password to, people do fall for these tricks. In addition to the Twitter fiasco, there was the release of Hillary Clinton campaign chair John Podesta’s emails, including his technique for making risotto (hint: keep stirring!). Podesta reportedly entered his personal username and password into a fake form designed by hackers specifically to capture his credentials.

Another consequence of falling for a spear-phishing scam could be downloading malicious software, like ransomware. You could also be convinced to wire money to a cybercriminal’s account. So how do you avoid falling for a spear-phishing scam? By taking these security habits to heart.

Know the basic signs of phishing scams

Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your propensity to click without thinking.

Despite corporate training and stern warnings to be careful who you give your password to, people do fall for these tricks. In addition to the Twitter fiasco, there was the release of Hillary Clinton campaign chair John Podesta’s emails, including his technique for making risotto (hint: keep stirring!). Podesta reportedly entered his personal username and password into a fake form designed by hackers specifically to capture his credentials.

Another consequence of falling for a spear-phishing scam could be downloading malicious software, like ransomware. You could also be convinced to wire money to a cybercriminal’s account. So how do you avoid falling for a spear-phishing scam? By taking these security habits to heart.

Know the basic signs of phishing scams

Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your propensity to click without thinking.

Despite corporate training and stern warnings to be careful who you give your password to, people do fall for these tricks. In addition to the Twitter fiasco, there was the release of Hillary Clinton campaign chair John Podesta’s emails, including his technique for making risotto (hint: keep stirring!). Podesta reportedly entered his personal username and password into a fake form designed by hackers specifically to capture his credentials.

Another consequence of falling for a spear-phishing scam could be downloading malicious software, like ransomware. You could also be convinced to wire money to a cybercriminal’s account. So how do you avoid falling for a spear-phishing scam? By taking these security habits to heart.

Know the basic signs of phishing scams

Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your propensity to click without thinking.

Because spear-phishing scams can be so tricky, there’s an extra layer of caution you should apply before acting on a request that comes over email or the phone. The most important of these extra steps: guard your password. Never follow a link from your email to a website and then enter your account password. Never give your password to anyone over the phone.

Banks, email providers and social media platforms often make it policy to never ask for your password in an email or phone call. Instead, you can go to the company’s website in your browser and log in there. You can also dial back to the company’s call customer service department to see if the request is legit. Most financial institutions, like your bank, will send secure messages through a separate inbox you can access only after you’ve logged onto the website.

Beat phishing by calling the sender

If someone sends you something “important” to download, asks you to reset your account passwords or requests that you send a money order from company accounts, call the sender of the message — like your boss, your bank or other financial institution, or the IRS — and make sure they really sent it to you.

If the request came by phone call, you can still pause and double check. For example, if someone says they’re calling from your bank, you can tell the caller you’re going to hang up and call back on the company’s main customer service line.

A phishing message will often try to make the request seem incredibly urgent, so you might not feel inclined to add an extra step by calling the sender to double-check. For example, an email might say that your account has been compromised and you need to reset your password ASAP, or that your account will expire unless you act by the end of the day.

Because spear-phishing scams can be so tricky, there’s an extra layer of caution you should apply before acting on a request that comes over email or the phone. The most important of these extra steps: guard your password. Never follow a link from your email to a website and then enter your account password. Never give your password to anyone over the phone.

Banks, email providers and social media platforms often make it policy to never ask for your password in an email or phone call. Instead, you can go to the company’s website in your browser and log in there. You can also dial back to the company’s call customer service department to see if the request is legit. Most financial institutions, like your bank, will send secure messages through a separate inbox you can access only after you’ve logged onto the website.

Beat phishing by calling the sender

If someone sends you something “important” to download, asks you to reset your account passwords or requests that you send a money order from company accounts, call the sender of the message — like your boss, your bank or other financial institution, or the IRS — and make sure they really sent it to you.

If the request came by phone call, you can still pause and double check. For example, if someone says they’re calling from your bank, you can tell the caller you’re going to hang up and call back on the company’s main customer service line.

A phishing message will often try to make the request seem incredibly urgent, so you might not feel inclined to add an extra step by calling the sender to double-check. For example, an email might say that your account has been compromised and you need to reset your password ASAP, or that your account will expire unless you act by the end of the day.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from CNET.com  SOURCE

When it comes to cybersecurity, you probably think of protecting computers, apps, or online databases first and printers last. Precisely because they’re overlooked in, printers can be exploited by hackers and used as a gateway to infiltrate your systems. Secure your networks against intruders by following these steps.

What makes business printers vulnerable to cyberattacks?

When assessing network security threats, companies primarily focus on servers and computers not only because they are the most exposed to external threats, but also because they get the bulk of cyberattacks. Printers are often at the bottom of the list since they are not prime targets. What’s more, their functions seem to be internal at first glance, as they don’t interact with external systems.

But it’s exactly because of their primary functions, namely printing and scanning, that make print devices perfect cybercriminal targets. Businesses run important documents such as tax forms, employee information, medical records, and financial statements through print devices, and hackers would definitely love to get their hands on them.

And they can — easily.

Network printers store previous print jobs in their hard drive, sometimes including those that have been canceled. If anyone accesses the printer — even remotely — they may be able to see those documents by hacking into the printer using a specialized tool.

Files can also be intercepted during wireless transmission, as modern printers can now be connected to the web. Not only can hackers exploit printers’ open network ports to view data, but they can also take over vulnerable printers and transmit their own data through the machine.

What can you do to protect your business printers?

Business printers should not be disregarded when planning a cybersecurity strategy. Keep your print devices secure by following these best practices:

  • Monitor your network continuously and promptly install printer software updates and patches. Printer manufacturers often release software support or updates, so regularly check for those.
  • Change the default password and administrator login credentials of printers with web management capabilities.
  • Only allow company-owned devices to connect to your printers.
  • Always connect to your printers using secure connections. Conversely, avoid accessing your printers through a public internet connection.
  • Restrict printer access by using a firewall.
  • If your wireless printer has the feature that requires users to enter a PIN before they can print documents, enable it to prevent unauthorized access.
  • If you don’t use your printer for fax and email, isolate your printer from your main company network and disable out-of-network printing.
  • If you handle classified data, do not connect your printer to any network. Instead, connect it directly to your computer using data cables, or print from a thumb drive.
  • Secure your printouts by enabling manual feed. This setting requires a user to manually input paper (or any material to be printed on), so there are reduced risks of the printed document getting stolen or being left in the printing area.

Another way to secure your printers is by partnering with an IT company that can take care of your printer-related worries. From thwarting attacks to reducing management costs to keeping your printer at optimal functionality, our experts can help.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

In the past couple of months, just about everyone has been forced to shift priorities. If you’re like many business owners, you are intently focused on pivoting your business to accommodate today’s “new normal.” In fact, you are probably investing so much of your time in trying to retain your customers and generate new cash flow that you barely have time to even think about cyber security.

The problem is that cybercriminals and hackers know there’s no better time to strike than during a global crisis. In fact, they’re probably working overtime to craft new malware while the rest of us are trying to manage how our lives have been turned upside down. While you are so focused on your business, these cyber thugs are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.

Cybercrime is already on the rise and is expected to cause $6 trillion in damages by 2021! But, if history repeats itself, you can bet hackers are already out in full force right now. We’ve already seen how headlines are changing from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.

Here are solutions you can implement during these crazy times to help protect your business data, money and productivity:

  • Be more suspicious of incoming e-mails.

Because people have been scared, confused and not really focused for a while now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. You probably have received a bunch of COVID-19-focused emails. Always carefully inspect the e-mail and make sure you know the sender. There has already been a CDC-gov e-mail address out there that’s not legitimate and has spammed inboxes across the country.

Avoid clicking links in the e-mail unless it’s clear where they go. And you should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.

  • Ensure your work-from-home computers are secure.

Another reason to expect a rise in cyber-attacks during these times is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.

First, make sure your employees and contractors are not using their home computers or devices when working. Second, ensure your work-at home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a virtual private network (VPN). If you need help in arranging or improving your new work-from-home environment, we would be happy to get your entire team set up. Our goal is always to help your business to thrive with greater cyber security and superior technology that improves efficiency.

  • Improve your password strategy.

During crises like this one, your passwords could mean the difference between spending your time working to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.

Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!

Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security.

You, your team and your family have enough to concern yourselves with at the moment. There’s no need to invite in more problems by letting your computer and network security slide during these times.

While this coronavirus scare has negatively affected countless businesses, we are proud to say we are open and continuously servicing our customers. If you need additional security advice or would like to have a consultation to discuss how to keep your data safe or how we can help you work more effectively, simply connect with us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE