You may think that you’re not online enough to risk your safety, or that you never visit unsafe sites. However, the world wide web is a vast network where the exchange of information is often difficult to track. Here are some good reasons to “go incognito”.

With the headlines about data breaches and cyberattacks greeting you every time you go online, it seems impossible to have a surefire, foolproof way to keep your information secure. Sometimes cyber predators are relatively harmless, but oftentimes, their goal is to steal identities and financial information. Virus scanners and firewalls can definitely help, but here’s an added layer of protection when you go online.

What is private browsing?

Your web browser — whether it be Chrome, Edge, Firefox, Safari, or Opera — stores the addresses of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded.

This can be convenient if you frequently visit certain pages, can’t remember your login details, or if you’re trying to recall a website you visited a few days ago. But if someone else uses or gains access to your computer, your most private (and embarrassing) internet activities are exposed for anyone to see.

With private browsing — also called Incognito Mode in Chrome and InPrivate Browsing in Edge — all the information listed above does not get recorded. In fact, all the websites and information you accessed during a private browsing session is discarded without a trace as soon as you close the browser. This can come in handy when you’re using a public computer because you’re instantly logged out of all the accounts after closing the window.

Private browsing also prevents cookies from being stored on your computer. In a normal browsing session, sites like Facebook will inundate you with highly targeted ads based on the sites and pages you’ve visited. But in private browsing mode, your internet activity won’t be used against you by marketing companies.

Another benefit of private browsing is you can use it to log in to several accounts on the same site, which is useful if you need to log in to two different Google accounts at the same time.

Limitations of private browsing

Although private browsing does prevent your web browser from storing your data, it doesn’t keep your online activities 100% private. If your computer is connected to the company network, system administrators can still keep track of what you’re browsing, even if you’re in Incognito Mode. Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online.

A keylogger malware records every key you punched in and may send this information to a predefined email address without you knowing. This means passwords, answers to verification questions, account numbers, credit card details, or even the words you type in a chat can be emailed to someone spying on your online activities.

Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy. Your computers and mobile devices must be equipped with Virtual Private Networks that encrypt your internet connection and prevent anyone from intercepting your data. And don’t forget to scan your computer for viruses with a strong anti-malware program to keep spyware and other malicious web monitoring software at bay.

If you want to know where you can get these solutions or learn more about web browser security, call us today. We have the tools and expert advice you need to prevent anyone from snooping on your internet browsing.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

In 2003, a manager at the National Institute of Standards and Technology (NIST) authored a document on password best practices for businesses, federal agencies, and academic institutions. More recently, however, the institute has reversed its stance. Find out why and what great passwords are made of.

The problem

The issue isn’t necessarily that the NIST advised people to create passwords that are easy to crack, but it steered people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for computers to guess.

Recently, the institution admitted that this scheme can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief hacking officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to utilize multifactor authentication (MFA) in login policies.

This requires users to present two valid credentials to gain access to their data. For instance, a code texted to an employee’s smartphone can serve as an added security measure to thwart hackers.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “correcthorsebatterystaple” or “iknewweretroublewhenwalkedin5623”. These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

  • Single sign-on– allows users to securely access multiple accounts with one set of credentials
  • Account monitoring tools– recognizes suspicious activity and locks out hackers

 

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do, just give us a call.

Published with consideration from TechAdvisory.org SOURCE

Advertisements and “helpful” suggestions based on your internet browsing habits can be troubling. But what’s even more alarming is that hackers have found another way of tracking you via seemingly harmless autocomplete passwords. Here’s what you need to know.

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.

Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.
Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

  • If you’re using Chrome– Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
  • If you’re using Firefox– Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you’re using Safari– Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

 

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

Keeping your personal and professional information safe from cybercriminals is not easy. It takes constant vigilance and frequent training. There are dozens of simple tools and tips to help people with almost zero expertise stay safe online, but these five are our favorites.

1. Multi-factor authentication (MFA)

This tool earns the number one spot on our list because it can keep you safe even after a hacker has stolen one of your passwords. That’s because MFA requires more than one form of identification to grant access to an account.

The most common example is a temporary code that is sent to your mobile device. Only someone with both the password and access to your smartphone will be able to log in. Almost any online account provider offers this service, and some let you require additional types of verification, such as a fingerprint or facial scan.

2. Password managers

Every online account linked to your name should have a unique password with at least 12 characters that doesn’t contain facts about you (avoid anniversary dates, pet names, etc.). Hackers have tools to guess thousands of passwords per second based on your personal details, and the first thing they do after cracking a password is to try it on other accounts.

Password manager apps create random strings of characters and let you save them in an encrypted list. You only need one complex password to log into the manager, and you’ll have easy access to all your credentials. No more memorizing long phrases, or reusing passwords!

3. Software updates

Software developers and hackers are constantly searching for vulnerabilities that can be exploited. Sometimes, a developer will find one before hackers and release a proactive update to fix it. Other times, hackers find the vulnerability first and release malware to exploit it, forcing the developer to issue a reactive update as quickly as possible.

Either way, you must update all your applications as often as possible. If you are too busy, check the software settings for an automatic update option. The inconvenience of updating when you aren’t prepared to is nothing compared to the pain of a data breach.

4. Disable flash player

Adobe Flash Player is one of the most popular ways to stream media on the web, but it has such a poor security record that most experts recommend that users block the plugin on all their devices. Flash Player has been hacked thousands of times, and products from companies like Microsoft, Apple, and Google regularly display reminders to turn it off. Open your web browser’s settings and look for the Plugins or Content Settings menu, then disable Adobe Flash Player.

 

5. HTTPS Everywhere

Just a few years ago, most websites used unencrypted connections, which meant anything you typed into a form on that site would be sent in plain text and could be intercepted with little effort. HTTPS was created to facilitate safer connections, but many sites were slow to adopt it or didn’t make it the default option.

HTTPS Everywhere is a browser extension that ensures you use an encrypted connection whenever possible and are alerted when one isn’t available on a page that requests sensitive information. It takes less than one minute and a few clicks to install it.

If you run a business with 10 or more employees, these simple tips won’t be enough to keep you safe. You’ll need a team of certified professionals that can install and manage several security solutions that work in unison. If you don’t have access to that level of expertise, our team is available to help. Give us a call today to learn more.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

Are you still using that old computer that is not-so gracefully aging and devaluing? Maybe you are running important programs on older machines with old operating systems since they “still work fine.” While it might still help you get the job done, there may be hidden security risks that can lead to major problems later on.

What is firmware?

Firmware is a basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

 

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, higher-level pieces of software can interact with it.

 

Why is firmware security important?

 

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

 

And the username and password example is just one of hundreds. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

 

How do I protect myself?

 

Firmware exploits are not rare occurrences. Not too long ago, a cybersecurity professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

 

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

 

Remember that routers are just one example of how firmware affects your cybersecurity posture. Hard drives, motherboards, and even mice and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

 

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

 

As IT security consultants, we’re stuck between a rock and a hard place. Managed IT services providers (MSPs) such as ours want to provide clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most fundamental aspects of cybersecurity would most likely put you to sleep instead of convince you of our expertise. But if there’s one topic you need to stay awake for, it is proactive security.

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multi-pronged approach to proactive security:

  • Security awareness seminars that coach all internal stakeholders– train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness
  • Front-line defenses like intrusion prevention systems and hardware firewalls– scrutinize everything trying to sneak its way in through the borders of your network
  • Routine checkups for software updates, licenses, and patches– minimize the chance of leaving a backdoor to your network open
  • Web-filtering services– blacklist dangerous and inappropriate sites for anyone on your network
  • Updated antivirus software– protect your data and systems against the latest and most menacing malware

 

As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cybersecurity by giving us a call for a demonstration.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

 

Published with consideration from TechAdvisory.org SOURCE

Microsoft not only builds robust productivity solutions for its customers, but it also prioritizes their security above all else. This year, the company invested a lot of money to protect Office 365 subscribers from increasingly sophisticated phishing scams. Read on to learn more about what they did.

Effective anti-phishing solutions must be able to recognize the key elements of a phishing attack, which includes spoofed (or forged) emails, compromised accounts, unsafe links, and harmful attachments. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features so it can better detect these elements and prevent a wide variety of phishing scams. These enhancements include:

  • Anti-impersonation measures –ATP will now look for potential phishing indicators in an email, including the sender’s address, name, and links, to identify whether the user is being impersonated. You can specify high-profile targets within your organization, such as managers and C-level executives, so Office 365 can protect these users from email impersonation. Office 365 also utilizes machine learning to analyze a user’s email patterns and flag suspicious contacts that have had no prior correspondence with your company.
  • Anti-spoofing technology –This feature reviews and blocks senders that disguise their true email address. You can even enable safety tips that flag certain email domains that have strange characters. For instance, if your real domain is Acme.com, a spoofed domain could be Acḿcom.
  • Email link scanning –Office 365 launched Safe Links, which scans emails for fraudulent links and redirects users to a safe page in case it does contain harmful materials. This feature also applies to email attachments, ensuring you’re protected against all types of phishing scams.

 

Due to these improvements, Office 365 had the lowest phish rate among other well-known email services between May 1 and September 16, 2018. The company has stopped over five billion phishing attempts and protected users against seven billion potentially malicious links. If you’re looking for a secure email platform, Office 365 is the best option for your business.

That said, it’s not a substitute for good security awareness. No matter how secure Office 365 is, employees still need to be adequately trained to recognize a phishing email when they see one. Hackers are constantly changing their tactics to evade Office 365’s detection systems, so it’s important that everyone is alert at all times.

If you need a well-fortified email service, we can implement and manage Office 365 for you. We even offer practical security advice to make sure your business, employees, and assets are safe and sound.  If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow. Here are four things your IT policies should cover.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

 

Making the decision to migrate from an on-site system to a cloud-based Office 365 is easy, but the migration process itself presents numerous security challenges. By covering these essentials, you’ll minimize security breaches and ensure you can enjoy the benefits of Office 365.

Identify your company’s sensitive data…
Most files housed within your servers contain sensitive commercial and personal data that must be properly identified and protected. Do this by conducting a security audit before you undertake your migration.

Your audit should identify the types of data stored in the various parts of your company network, including which specific information needs extra safeguarding. Be sure to consider everything from trade secrets and contract details to the personal information of your clients.

…and then restrict access to it
Once you’ve worked out where your most precious data lies, you can check who currently has access to it and whether their access is appropriate. After all, it’s not necessary for everyone to be able to get at all the data your company owns.

Ensure that each of your employees has access only to the data that’s necessary for them to perform their duties. The great thing about Office 365 is it lets you conveniently set different levels of permissions based on user roles.

Watch out for insider threats
It’s wise to consider everyone in your organization when it comes to auditing data access permissions – and that includes system administrators who may have master access to every element of your network infrastructure.

A rogue administrator is the stuff of nightmares, since their elevated position gives them much greater leeway to siphon off valuable data without being noticed – or even to allow others to conduct questionable business and bypass the usual built-in security precautions. You can mitigate this risk by monitoring your administrators’ data usage and activities.

Use machine learning to foresee security breaches
Every action performed by your staff within Office 365 is automatically logged, and with relative ease you can create detailed activity reports. But the sheer number of events taking place within Office 365 in the course of your business’s normal operations means that even attempting to identify questionable behavior will be akin to finding a needle in a haystack.

That’s not to say it’s unwise to be on the lookout for anomalies in normal usage – the export of unexplainably large volumes of data, for instance, could suggest that a member of your team is leaking intelligence to a competitor, or that they’re about to jump ship and take your trade secrets with them.

To make things easier, machine learning technologies can identify potential breaches before they happen by analyzing large swathes of data in seconds. Graph API is incorporated into Office 365, and allows for the integration of machine learning tools into your security environment to achieve just that. The same tools can also help you avoid being caught unawares by hackers, by identifying system login attempts from locations that are out of the ordinary.

By following these tips, you’ll be able to enjoy the powerful collaborative features of Office 365 while ensuring the robust security your business demands. To find out more about how we can help your Office 365 migration run smoothly, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

Despite efforts to protect your data, some breaches are beyond your control. When an online company with your personal details gets hacked, you have no choice but to manage your risks on your own. These practical tips can help you reduce risks of identity theft and other threats.

Determine what was breached

Whether its names, addresses, email addresses, or social security numbers, it’s critical to know exactly what type of information was stolen before determining what steps to take. For example, if your email address were compromised, you’d take every precaution to strengthen your email security, which includes updating all your login credentials.

Change affected passwords immediately

Speaking of passwords, change yours immediately after any breach, even for seemingly safe accounts. Create a strong password comprised of alphanumeric and special characters, and make sure you never reuse passwords from your other accounts.

Once you’ve changed all your passwords, use a password manager to help you keep track of all your online account credentials.

If the website that breached your information offers two-factor authentication (2FA), enable it right away. 2FA requires two steps to verify security: usually a password and a verification code sent to a user’s registered mobile number.

Contact financial institutions

In cases where financial information was leaked, call your bank and credit card issuers to change your details, cancel your card, and notify them of a possible fraud risk. That way, banks can prevent fraud and monitor your account for suspicious activity.

Note that there are different rules for fraudulent transactions on debit cards and credit cards. Credit card transactions are a bit easier to dispute because they have longer grace periods. Debit card fraud, on the other hand, is more difficult to dispute, especially if the fraudulent transactions happened after you’ve notified the bank.

Place a fraud alert on your name

Hackers who have your personal information can easily commit identity fraud. To avoid becoming a victim, contact credit reporting bureaus like Equifax, Experian, or Innovis and request that a fraud alert (also called credit alert) be added to your name. This will block any attempt to open a credit account under your name and prevent unauthorized third parties from running a credit report on you.

 

Putting a credit freeze on your name might result in minor inconveniences, especially if you have an ongoing loan or credit card application. Still, doing so will greatly reduce your risks of getting defrauded.

These steps will ensure you don’t fall victim to identity theft in the event of a large-scale data breach. If you want to take a more proactive approach to protect your sensitive information against breaches, contact our cybersecurity experts today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE