The volume of malicious cyber attacks is increasing every year. Although many companies use the latest network security systems, they aren’t immune to the hackers’ favorite strategy — social engineering. Unlike malware, social engineering tricks people into volunteering sensitive data. Here’s what you should know to protect your business.

Phishing

This is the most frequently used social engineering attack, especially against small businesses. Check out these frightening statistics:

 

How is phishing carried out? Criminals make use of emails, phone calls, or text messages to steal money. Victims are directed to phony websites or hotlines and are tricked into giving away sensitive information like names, addresses, login information, social security, and credit card numbers.

To protect yourself, be wary of emails from people you don’t know that offer you a prize, come with attachments you didn’t request, direct you to suspicious sites, or urge you to act quickly. Phishing emails usually appear to come from reliable sources, but they are wolves in sheep’s clothing.

One of the most infamous and widespread examples of phishing was during the 2016 Summer Olympics in Rio, where victims received fraudulent emails for fake ticketing services that stole their personal and financial information.

Tailgating

What’s the fastest and easiest way for criminals to enter a secure office? Through the front door, of course! Tailgating happens when an employee holds the door open for strangers and unauthorized visitors, allowing them to infiltrate an organization. This simple act of kindness enables fraudsters to enter restricted areas, access computers when no one is looking, or leave behind devices for snooping.

Quid pro quo

Here, scam artists offer a free service or a prize in exchange for information. They may lure their victims with a gift, concert tickets, a T-shirt, or early access to a popular game in exchange for login credentials, account details, passwords, and other important information. Or hackers may volunteer to fix their victims’ IT problems to get what they want. In most cases, the gift is a cheap trinket or the tickets are fake, but damages from stolen information are all too real.

Pretexting

Fraudsters pretend to be someone else to steal information. They may pose as a telemarketer, tech support representative, co-worker, or police officer to fish out credit card information, bank account details, usernames, and passwords. The con artist may even convince the unsuspecting victim to apply for a loan over the phone to get more details from the victim. By gaining the person’s trust, the scammer can fool anyone into divulging company secrets.

In spite of the many security measures available today, fraudsters and their social engineering schemes continue to haunt and harm many businesses. Thus, it’s best to prepare for the worst. To protect sensitive information, educate yourself and be careful. Remember: If anything is too good to be true, it probably is!

To shield your business from social engineering attacks or to learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

 

Published with consideration from TechAdvisory.org SOURCE

Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s a new phishing scam making the rounds and the digital bait is almost impossible to distinguish from the real thing. Here are the three things to watch out for in Office 365 scams.

Step 1 – Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 – Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.

 

Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 – Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site’s URL before entering your password. A zero can look very similar to the letter ‘o’ (e.g. 0ffice.com/signin).

 

Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today for information about our unlimited support plans for Microsoft products.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Technology is there to make things easier, not harder. That’s why you need an IT partner that can support your technology while you focus on your business. Law firms are no different. Successful firms know that their time is best served helping their clients. With the average bill rate of $300+ per hour for lawyers in the New York Metro area, firms without an engaged IT partner that handle IT issues expeditiously are severely hurting their business.

Why Lawyer’s Need Managed Services

Client Confidentiality

Client information is extremely important in the legal industry. You are handling very personal data for your clients. You have phone records, birth certificates, tax records, and so much more. Your clients trust that you will keep their records safe as you handle their case. GCInfotech can help! We can encrypt your data and your emails so everything stays secured.

Attorney on the Go

Just like real estate agents, attorneys are always working on the go. Having the right equipment that can help you stay connected can go a long way. We can help set you up with a secured tablet so you can answer emails and review documents no matter where you are. We can also help set up a system at your home so you don’t have to worry there either. An attorney should always be available to his or her clients, and we can help ensure you always are!

Case Management

It goes without saying that technology has made it easier for every industry to function. How terrible would it be if you had to wait for someone to submit physical documents in person before continuing a case? The transfer of information online has helped the legal industry advance tremendously. This is why we can help establish your office online network so you can always access or send the files need no matter where you are.

Office Connectivity

This ties in to the topic above. Having your team always connected ensures every case is handled appropriately at all times. If you need to send something to a colleague you can do so without any troubles. We ensure your team has the right tools to connect to everyone else so you can work more effectively together.

Legal Apps

Have you heard the saying “There’s an app for that”? Did you know there’s an app where you can get documents notarized without having to drive anywhere or have anyone come to you? These are the types of apps that attorneys and their clients should be using! What about an app called FastCase that has the entire American law library in its archives? Our team can help find these apps for you. We can see which ones can benefit your office and can help set your team up so they are better prepared when they are not working at the office.

Like we mentioned at the beginning, technology is there to make things easier. That’s why we are always keeping up with the best technology for your legal firm. Wouldn’t it be great to eliminate all your IT issues and get your law office setup for success? Call or visit us today to schedule a free technology assessment to get that process started.

If you’re getting targeted with surprisingly relevant ads, there’s a chance your internet activity is being tracked and analyzed by market researchers. While this doesn’t bother most people, private browsing mode can offer you some protection against online marketers and would-be data thieves.

What is private browsing?
Your web browser — whether it be Chrome, Edge, Firefox, Safari, or Opera — remembers the URLs of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded.

This can be convenient if you frequently visit certain pages, can’t remember your login details, or if you’re trying to recall a website you visited a few days ago. But if someone else uses or gains access to your computer, your most private (and embarrassing) internet activities are exposed for anyone to see.

With private browsing — also called Incognito Mode in Chrome and InPrivate Browsing in Edge — all the information listed above does not get recorded. In fact, all the websites and information you accessed in the private browsing session is immediately discarded without a trace as soon as you close the browser. This can come in handy when you’re using a public computer because you’re instantly logged out of all the accounts after closing the window.

Your cookies also won’t be tracked. In a normal browsing session, sites like Facebook will inundate you with highly targeted ads based on the sites and pages you’ve visited. But in private browsing mode, your internet activity won’t be used against you by marketing companies.

Another benefit of private browsing is you can use it to log in to several accounts on the same site, which is useful if you need to log into two different Google accounts at the same time.

Limitations of private browsing
Although private browsing does prevent your web browser from storing your data, it doesn’t stop anyone from snooping on your current activities. If your computer is connected to the company network, system administrators can still keep track of what you’re browsing even if you’re in Incognito Mode. Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online. Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy.

Your computers must be equipped with Virtual Private Networks that encrypt your internet connection and prevent anyone from intercepting your data. And don’t forget to scan your computer for viruses with a strong anti-malware program to keep spyware and other malicious web monitoring software at bay.

If you want to know where you can get these solutions or learn more about web browser security, call us today. We have the tools and expert advice you need to prevent anyone from snooping on your internet browsing.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment
Published with consideration from TechAdvisory.org SOURCE

Cybercriminals are fairly experienced at avoiding detection. By the time you notice they’ve infected your computer with malware or hijacked your account, serious damage has most likely already been done. To make matters worse, they have another way to hide their illegal activities, and it involves sending thousands of spam emails.

Understanding DSD
Distributed Spam Distraction (DSD) is designed to inundate your inbox with thousands of nonsense emails. There are no dangerous links, ads, or attachments involved, just random excerpts of text stolen from books and websites. What’s more, the email and IP addresses used are all different so victims can’t simply block a specific sender.

These attacks last anywhere from 12 to 24 hours and can flood inboxes with as many as 60,000 messages. While they may seem like harmless annoyances, the true purpose of DSD is to draw victims’ attention away from what hackers are doing behind the scenes.
And what they’re doing is exploiting your personally identifiable information (PII) to make unauthorized purchases or pilfer cash directly from your accounts. The DSD acts as a sort of smokescreen to hide payment confirmation messages behind a deluge of spam messages.

New tactics
Over the years, hackers have developed new tactics involving DSD. Several reports have shown that, instead of nonsensical emails, hackers are using automated software to have their targets sign up for thousands of free accounts and newsletters to distract them with authentic messages. This allows DSD blasts to slip past spam filters that have been designed to weed out malicious code and gibberish text used by traditional DSD attacks.

What’s even more worrying is that any ill-intentioned individual can go to the dark web and pay for DSD services. They just have to provide a hacker with their target’s name, email address, and credit card numbers — all of which can also be purchased in the dark web — and pay as little as $40 to send 20,000 spam messages.

How to stop it
DSD is a clear sign that one of your accounts has been hijacked, so whenever you receive dozens of emails in quick succession, contact your financial institutions to cancel any unfamiliar transactions and change your login credentials as soon as possible. It’s also important to update your anti-spam software (or get one if you don’t have one already) to protect your inbox from future DSD attacks.

Hackers only initiate DSD attacks after they’ve obtained their target’s email address and personal information, so make sure your accounts and identity are well protected. This means you should regularly change your passwords and pins, enable multi-factor authentication, set up text alerts for whenever online purchases are made in your name, and be careful about sharing personal information.
For more tips on how to deal with DSDs or other cyberattacks, call us today. We offer powerful tools and expert advice that will ensure your business’s safety.
To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Top 10 Things Every Business Owner Must Know About Hiring an Honest, Competent, Responsive and Fairly Priced IT Company

Choosing a computer support company isn’t easy. There are no shortages of horror stories about incompetent computer repair “gurus” bungling jobs and causing MORE problems as a result of their lack of knowledge. I’m sure if you talk to your own friends and colleagues you will get an ear-full of the unfortunate experiences they have encountered in this area.

Why is this? Because it is not regulated like many other professional service industries, which means ANYONE can claim they are a “computer repair expert.” In fact, a lot of the businesses in this industry started because the owner was fired or laid off from their job and couldn’t find work anywhere else, or they hire people who are not properly trained to support a business.

Unfortunately, they will try to take advantage of trusting business owners who simply do not have the ability to determine whether or not they know what they are doing. From misleading information, unqualified technicians, poor management and terrible customer service, we’ve seen it all.

This is why it’s so important for you to arm yourself with the information below:
Here is my list of the Top 10 things you should look for (or look out for!) when hiring an IT company…

10. They own all the IT problems.
When something goes wrong with your Internet service, phone systems, printers or other IT services, a good IT company should own the problem for its clients (versus saying “that’s not our problem to fix”). As a business owner, you shouldn’t have to try and resolve any of these issues on your own – that’s just plain old good service and something many computer guys won’t do.

9. They conduct periodic test restores of your backups.
The worst time to “test” a backup is when you desperately need it. A proactive IT company will insist on performing regular “fire drills” and perform a test restore from backup to make sure your data can be recovered in the event of an emergency.

8. They offer a TRULY all-inclusive support plan.
Many IT companies say they offer all-inclusive plans, but they are saddled with “gotchas” hidden in the fine print. An authentic all-inclusive managed services plan is just that – all inclusive.

7. They provide you with a monthly report of your network.
A good IT company should provide you with a detailed report each month that shows an overall health score of your network that includes all updates, security patches, and status of every machine in your network so your know FOR SURE that your systems have been secured and updated.

6. They monitor your network 24-7-365.
Your IT company should continuously watch over your network to look for developing problems, security issues and other problems to address them BEFORE they turn into bigger problems.

5. They consistently (and proactively) offer new ways to improve your network’s performance instead of waiting until you have a problem to make recommendations.
A great IT company will invest in their people with training and education to understand the latest offerings that will fit into their client’s businesses. They will also conduct monthly on-site visits with their clients to look for new ways to help improve their operations, lower costs, increase efficiencies and resolve any problems that may be arising.

4. They avoid “geek-speak.”
A competent IT company should take the time to explain what they are doing and answer your questions in terms you can understand. You should never be made to feel stupid for asking questions. And they should meet with you on a regular basis to make sure you are using technology to grow your business.

3. They have a written, guaranteed response time to your calls.
Your IT company should have a technician working on your problem within 60 minutes or less of your call. A great IT company will have this written into their service agreements.

2. They answer their phone live.
When you have a computer problem that is keeping you from your work, it is especially frustrating to have to leave a voicemail and wait for a call back. A responsive IT company knows this and will answer your call live, every time 24/7.

1. They will offer to complete a FREE audit of your network.
A truly competent IT company will offer to come out to your office and conduct a complementary assessment of your entire network to help you look for any potential issues you are facing, or to at least verify that your current IT company has all your bases covered.

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead. . Contact us today to learn more.

Published with consideration Joanna Sobran from HuffingtonPost.com. SOURCE

If you’re disturbed by advertisements and “helpful” suggestions that are based on your internet browsing habits, recent research has found yet another source of online tracking. It’s a sneaky tactic that also comes with serious security concerns. Let’s take a look at what you can do to stop it from targeting you.

Why auto-fill passwords are so dangerous
In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.
Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.
The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users
Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.
Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today
Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.
• If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
• If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
• If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Mobile devices can’t accomplish everything that desktops and laptops can, but that doesn’t mean they’re not important to businesses. More and more employees are using smartphones and tablets to increase productivity and enhance collaboration. But before you adopt a mobile device policy, you must keep them safe from cyber criminals. Cyber criminals now have more entry points to steal your data, but there are simple ways to keep your company’s mobile devices safe.
Ensure mobile OS is up-to-date
Apple and Android’s operating system updates improve overall user experience, but their most important function is to fix security vulnerabilities. You can reduce your business’s exposure to threats by installing updates for ALL devices as soon as they become available. Some people wait for a few weeks or months to update their device’s OS. This gives hackers ample time to exploit vulnerabilities on devices that run on outdated operating systems.
Install business applications only
Downloading apps seems harmless, but lenient mobile devices policies on what should and shouldn’t be downloaded on company devices could lead to staff downloading and installing non-business-related apps from third-party stores, most of which are notorious for malicious advertising codes and other threats.
Be careful with public Wi-Fi networks
Emergency situations might compel you to use password-free Wi-Fi networks in hotels, airport, cafes, or any public place. Connecting to an open network could expose your confidential information and sensitive company data to hackers connected to the same network.

You can avoid this by providing a practical internet data plan, preferably one that includes roaming services, for remote workers. And if you really have to connect to an open Wi-Fi, don’t use the connection for transferring sensitive data.
Enable phone tracking tools
Losing a company-issued mobile device is a scenario many would rather not contemplate, but it happens. Devices can be misplaced or stolen, and enabling a useful app such as ‘Find my iPhone’ for iOS devices, ‘GPS Phone Tracker’ for Android, or any other device-tracking app in Apple’s App or Android’s Google Play stores helps users locate lost phones, or otherwise delete data in stolen devices. Downloading and setting up the app takes just a few minutes, and it will give you peace of mind knowing that even if your phone is lost or stolen, its contents will not be compromised.
Screen SMS carefully
SMS messaging may not be as effective as email phishing, but SMS phishing can also be used to trick users into clicking malicious links. Hackers send messages purporting to be from someone you know or a legitimate source that asks you to urgently send confidential data. You can either delete these messages, block unknown senders, or alert your IT department in case you encounter a possible scammer.

Mobile devices are becoming more critical to operations. And with more devices open to attack, businesses must bolster their cybersecurity efforts. Hackers will exploit every possible vulnerability, and that includes those in unsecured smartphones and tablets. Get in touch with us if you need comprehensive security solutions for your business.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

As a business owner, you want nothing more than to see your business succeed. But when faced with stiff competition and sophisticated cybercriminals, it’s hard to shake off the feeling of uncertainty. The future might be unpredictable, but the security of your Mac devices doesn’t have to be. So lock things down with these helpful tips:

The basics
Let’s start with the basics and head over to the Security & Privacy pane in System Preferences. Here, you’ll find four tabs — General, FileVault, Firewall, and Privacy — that control various aspects of security. To change your security settings, click on the padlock on the bottom of the screen and type in your username and password.

Firewall
Enabling the firewall will block unwanted incoming network connections. Many think it is enabled by default, but often it’s not. All you need to do is click the Firewall tab in the System Preferences > Security & Privacy pane, click the padlock icon on the bottom left, enter your username and password, and click the ‘Turn On Firewall’ button. Don’t forget to enable Stealth Mode by clicking the Firewall Options button and then clicking Enable Stealth Mode in the dialog box — this makes your computer invisible on public networks.

Passwords
Make sure to set strong passwords for your user accounts if you don’t already have one. To do this, go back to the ‘General’ section of the Security & Privacy settings. In this section, you should also consider setting the Require Password field to ‘immediately.’ This makes it so that you’ll need to re-enter your login credentials to unlock your Mac when it goes to sleep or when a screen saver begins.

Automatic login
It’s best to disable this function, especially if you are using a mobile Mac. If your Mac gets stolen, you don’t want to give thieves a free pass to your private data.

Applications
At the bottom of the General Settings tab, there are three options that authorize which apps can run on your Mac. The safest option is to allow only apps from the App Store to run, and the least secure option is to allow apps from anywhere. Get the best of both worlds by choosing the option of running apps from the App Store and from developers known to Apple.

FileVault
The FileVault tab enables you to encrypt all the files in your user account. To decrypt them, you must enter either your account password or the recovery key you created when you switched FileVault on. It might be tedious to type in a password every time to access a file, but it helps keep your vital data under lock and key.

In this digital age, ensuring the protection of all your devices is crucial to your business’s success. Because all it takes is a tiny leak to sink your ship. Feel free to give us a call and we’ll help prepare your business for choppy waters.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

If you are seeking out a way to improve your business’s cyber security, both for your business itself as well as for your customers, you are likely looking at your authentication process. Two-step and two-factor authentication are two of the most commonly used options in cyber security. And in current cyber security, many businesses use the terms two-step and two-factor authentication interchangeably.

There are, however, subtle differences between the two. A two-step authentication process requires a single-factor login (such as a memorized password or biometric reading) as well as another of the same type of login that is essentially sent to the user. For example, you may have a memorized password for your first step and then receive a one-time-use code on your cell phone as the second step.

Two-step authentication does function to add an extra step in the authentication process, making it more secure than a single-step authentication (i.e. just the password). However, if a person or business is hacked, it will do only a little to stop hackers from getting a hold of whatever they are looking for.

On the other hand, there is two-factor authentication (sometimes referred to as multi-factor authentication), which is significantly more secure. This type of authentication requires two different types of information to authenticate. For example, it could be a combination of a fingerprint or retinal scan as well as a password or passcode. Because the types of information are different, it would require a hacker a great deal more effort to obtain both forms of authentication.

In essence, every two-factor authentication is a two-step authentication process, but the opposite is not true. With this information in mind, you can be certain that you are using the right type of authentication in your business to keep your business and customer information as secure as possible.

Your network needs the best security technology has to offer. What type of authentication that results in is just one of hundreds of choices that must be made to achieve that end. To take the stress out of securing and protecting your network, call us today for all the help you could ever ask for.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory. SOURCE