,

Obsolete firmware poses security risks

Are you still using that old computer that is not-so gracefully aging and devaluing? Maybe you are running important programs on older machines with old operating systems since they “still work fine.” While it might still help you get the job done, there may be hidden security risks that can lead to major problems later on.

What is firmware?

Firmware is a basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

 

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, higher-level pieces of software can interact with it.

 

Why is firmware security important?

 

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

 

And the username and password example is just one of hundreds. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

 

How do I protect myself?

 

Firmware exploits are not rare occurrences. Not too long ago, a cybersecurity professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

 

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

 

Remember that routers are just one example of how firmware affects your cybersecurity posture. Hard drives, motherboards, and even mice and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

 

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

 

/by

5 proactive defenses against cyberattacks

As IT security consultants, we’re stuck between a rock and a hard place. Managed IT services providers (MSPs) such as ours want to provide clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most fundamental aspects of cybersecurity would most likely put you to sleep instead of convince you of our expertise. But if there’s one topic you need to stay awake for, it is proactive security.

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multi-pronged approach to proactive security:

  • Security awareness seminars that coach all internal stakeholders– train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness
  • Front-line defenses like intrusion prevention systems and hardware firewalls– scrutinize everything trying to sneak its way in through the borders of your network
  • Routine checkups for software updates, licenses, and patches– minimize the chance of leaving a backdoor to your network open
  • Web-filtering services– blacklist dangerous and inappropriate sites for anyone on your network
  • Updated antivirus software– protect your data and systems against the latest and most menacing malware

 

As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cybersecurity by giving us a call for a demonstration.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

 

Published with consideration from TechAdvisory.org SOURCE

/by
,

How Office 365 deals with phishing attacks

Microsoft not only builds robust productivity solutions for its customers, but it also prioritizes their security above all else. This year, the company invested a lot of money to protect Office 365 subscribers from increasingly sophisticated phishing scams. Read on to learn more about what they did.

Effective anti-phishing solutions must be able to recognize the key elements of a phishing attack, which includes spoofed (or forged) emails, compromised accounts, unsafe links, and harmful attachments. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features so it can better detect these elements and prevent a wide variety of phishing scams. These enhancements include:

  • Anti-impersonation measures –ATP will now look for potential phishing indicators in an email, including the sender’s address, name, and links, to identify whether the user is being impersonated. You can specify high-profile targets within your organization, such as managers and C-level executives, so Office 365 can protect these users from email impersonation. Office 365 also utilizes machine learning to analyze a user’s email patterns and flag suspicious contacts that have had no prior correspondence with your company.
  • Anti-spoofing technology –This feature reviews and blocks senders that disguise their true email address. You can even enable safety tips that flag certain email domains that have strange characters. For instance, if your real domain is Acme.com, a spoofed domain could be Acḿcom.
  • Email link scanning –Office 365 launched Safe Links, which scans emails for fraudulent links and redirects users to a safe page in case it does contain harmful materials. This feature also applies to email attachments, ensuring you’re protected against all types of phishing scams.

 

Due to these improvements, Office 365 had the lowest phish rate among other well-known email services between May 1 and September 16, 2018. The company has stopped over five billion phishing attempts and protected users against seven billion potentially malicious links. If you’re looking for a secure email platform, Office 365 is the best option for your business.

That said, it’s not a substitute for good security awareness. No matter how secure Office 365 is, employees still need to be adequately trained to recognize a phishing email when they see one. Hackers are constantly changing their tactics to evade Office 365’s detection systems, so it’s important that everyone is alert at all times.

If you need a well-fortified email service, we can implement and manage Office 365 for you. We even offer practical security advice to make sure your business, employees, and assets are safe and sound.  If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by

IT security policies your company needs

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow. Here are four things your IT policies should cover.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

 

Published with consideration from TechAdvisory.org SOURCE

 

/by
, ,

Beware of these social engineering tactics

The volume of malicious cyber attacks is increasing every year. Although many companies use the latest network security systems, they aren’t immune to the hackers’ favorite strategy — social engineering. Unlike malware, social engineering tricks people into volunteering sensitive data. Here’s what you should know to protect your business.

Phishing

This is the most frequently used social engineering attack, especially against small businesses. Check out these frightening statistics:

 

How is phishing carried out? Criminals make use of emails, phone calls, or text messages to steal money. Victims are directed to phony websites or hotlines and are tricked into giving away sensitive information like names, addresses, login information, social security, and credit card numbers.

To protect yourself, be wary of emails from people you don’t know that offer you a prize, come with attachments you didn’t request, direct you to suspicious sites, or urge you to act quickly. Phishing emails usually appear to come from reliable sources, but they are wolves in sheep’s clothing.

One of the most infamous and widespread examples of phishing was during the 2016 Summer Olympics in Rio, where victims received fraudulent emails for fake ticketing services that stole their personal and financial information.

Tailgating

What’s the fastest and easiest way for criminals to enter a secure office? Through the front door, of course! Tailgating happens when an employee holds the door open for strangers and unauthorized visitors, allowing them to infiltrate an organization. This simple act of kindness enables fraudsters to enter restricted areas, access computers when no one is looking, or leave behind devices for snooping.

Quid pro quo

Here, scam artists offer a free service or a prize in exchange for information. They may lure their victims with a gift, concert tickets, a T-shirt, or early access to a popular game in exchange for login credentials, account details, passwords, and other important information. Or hackers may volunteer to fix their victims’ IT problems to get what they want. In most cases, the gift is a cheap trinket or the tickets are fake, but damages from stolen information are all too real.

Pretexting

Fraudsters pretend to be someone else to steal information. They may pose as a telemarketer, tech support representative, co-worker, or police officer to fish out credit card information, bank account details, usernames, and passwords. The con artist may even convince the unsuspecting victim to apply for a loan over the phone to get more details from the victim. By gaining the person’s trust, the scammer can fool anyone into divulging company secrets.

In spite of the many security measures available today, fraudsters and their social engineering schemes continue to haunt and harm many businesses. Thus, it’s best to prepare for the worst. To protect sensitive information, educate yourself and be careful. Remember: If anything is too good to be true, it probably is!

To shield your business from social engineering attacks or to learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

 

Published with consideration from TechAdvisory.org SOURCE

/by

Cloud storage 101: OneDrive vs SharePoint

Office 365 comes with different storage and sharing options to make
business owners more productive. Two of these are OneDrive and
SharePoint, both of which have a long list of features and benefits.
Which option is best for you? Keep reading for the answer.

Looking
for a secure platform to manage your files? Where do you go for help?
Should you choose SharePoint or settle for OneDrive instead? If any of
those terms sound Greek to you, don’t worry. You don’t need a degree in
computer science to figure it out. This article will give you the
lowdown on what to expect from these services.

Both SharePoint and
OneDrive are cloud-based services from Microsoft that allow you to
store, share, and sync files across different devices. SharePoint was
released in 2001 and reportedly has over 190 million users. OneDrive, on
the other hand, was launched in 2007 and has more than 250 million
users.

SharePoint is marketed mainly as a document management and
storage system, but it can be configured to do much more than that.
OneDrive, which was previously known as SkyDrive and Windows Live
Folders, is part of the Office suite of online services.

What the two have in common
For starters, both platforms make use of Office 365 to help companies
organize information and share this with others. To keep things secure,
documents go to a cloud drive, so employees can easily track changes in a
single file that is stored in one central location. One of the main
reasons these platforms are so popular is because users can add comments
and notes using real-time collaboration. Since data can be synchronized
and is readily available, everyone sees the most up-to-date information
regardless of how they view the document.

With OneDrive, it’s personal
OneDrive makes use of a SharePoint backdrop to work. This connects the
two programs. The difference is that OneDrive is made for an individual,
and the user remains in control even if the file is shared to different
people. This means multiple teams can collaborate simultaneously as
long as the original owner shares the document via a secure link. That
person determines who can edit and view the file.

There’s more to SharePoint
With SharePoint, employees throughout the company can view and edit the
stored file. Changes are tracked and higher-ups will know who is
working on the document. This is ideal for human resource surveys or
updates that need the attention of other team members.

With
SharePoint and OneDrive, businesses can improve the way they work. If
you want to learn how online document sharing programs can improve your
company’s visibility and productivity, get in touch with us now. We’re
here for you.

To learn more about how to safeguard your business,
or if you are looking for an expert to help you find the best solutions
for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by

Google indexing: 4 tips for better results

Whether you’re a newbie or an expert in search engine optimization (SEO), the field changes so often that it can be overwhelming. That can be pretty frustrating since businesses of any size need to get people to their sites in order to really grow in our web-driven culture. Thankfully, there are a few tried-and-true methods for improving your position in Google’s index.

Make sure you’re indexed by Google

Go to Google.com and search ‘site:’ with your website domain listed after the colon (example: ‘site:acme.com’). If you don’t see any results from your page listed, that means Google hasn’t added your site to its search results yet. Although some advisers recommend filling out a request form that Google offers, there is a much faster way to get recognized by the search giant.

Google is constantly scanning web pages for updates in content to include in their search results. When they see a link to an external site on one of their already indexed pages, Google will add that link to the queue of new sites to be scanned and indexed. If you can get your domain name linked on a popular or trusted page, you’ll start seeing your page in the search results in no time.

Go out and get more links

The more links to your site from external pages, the higher you climb in the search results. Other than getting affiliate businesses to link you on their pages, consider managing a blog or RSS feed. Content generation not only promotes interest and traffic in your site, it also lets you submit yourself to blog directories or news aggregator sites like Feedly and Alltop which compile source materials and get you those external links.

Fine-tune your content

Be very careful not to change any of your core ‘permalinks’. If users have links that direct them to pages that can’t be found, it could affect your site’s ranking. Keep your pages live, and keep them named efficiently. Some website platforms, like WordPress, use default link structures that create complicated, number-based links that can be off-putting to users and confusing to administrators and search engine indexers. If possible, make sure your links use category and page title references for more appealing links and organizational structure.

Measure and track your ranking

Just because you believe your site has achieved a desirable ranking on Google doesn’t mean it will stay there. Stay proactive and never let yourself get lazy with your content production, site management, and SEO monitoring — it could mean the difference between moving up the search page, and disappearing from it altogether. Online tools like Cyfe and Google Analytics give you a more in-depth look at your site traffic and external links so you’re always ahead of the competition.

Optimizing your Google page indexing can be daunting. For more information on how to get your site moving up the ladder. Contact us today.

Published with consideration from TechAdvisory.org SOURCE

/by
,

Malware threats for Android phones

Smartphones are like palm-sized computers, and they deserve the same
protection as desktops and laptops. While you don’t need to install
bulky security software to protect against cyberthreats, there are steps
you can take to keep cybercriminals at bay.

Mobile malware MO

Mobile
malware can be as harmful to a business’s network as infected desktops
and laptops. Potential problems include overcharges on phone bills,
stolen data, intercepting messages, tricking users with phishing
attacks, and sending fake notifications to one’s contact list.

Most
malware comes from applications downloaded from third-party app stores
and give hackers access to passwords, user account information, and
other sensitive personal data. Since many business users link their
Android devices to each other, malware could transfer from one device to
the next.

Who is responsible?

The burden
doesn’t fall solely on smartphone users. App stores such as Google Play
Store are responsible, too, such as in the case of the malware-ridden
banking and weather apps that were downloaded from the Google Play
Store. In these cases, the companies that were affected were urged to
provide updates regarding the malicious apps so they could be removed
from the store.

How to avoid being victimized by malware

The
Google Play Store isn’t 100% secure, but downloading from established
app stores — and not from little-known and less secure ones — reduces
the probability of downloading malicious apps. In cases when an infected
app makes its way to the store and starts getting lots of downloads,
Google will be quick to remove it from the store and make everyone aware
of it.

Despite app stores’ best efforts, it’s nearly impossible
to prevent mobile malware from getting through to the store. That’s why
it pays to read user reviews where infected users post detailed
warnings. Also, regularly updating your mobile device’s operating system
and security software helps prevent infection as the latest versions of
those are patched against the latest known threats in app stores and
elsewhere online.

Malware doesn’t discriminate, so regardless of
your computer or mobile device of choice, it will find a way to infect
you if your software isn’t up to date. To find out whether your business
devices are safe and fully protected, consult our cybersecurity experts
today.

To learn more about how to safeguard your business, or if
you are looking for an expert to help you find the best solutions for
your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

/by

4 Ways SMBs benefit from hybrid clouds

The cloud allows businesses to take a more hands-off approach to managing their IT resources. And the hybrid cloud is rapidly becoming the most popular option in this category, especially for small- and medium-sized businesses (SMBs).

Hybrid clouds are a combination of private and public clouds. In the former, data and applications that require tighter controls are hosted either internally or privately in an offsite facility. Public clouds are managed externally by third-party providers with the express purpose of reducing a company’s IT infrastructure.

A recent study indicates that 75% of companies have adopted hybrid cloud solutions, mainly because of their numerous benefits. Here are the four most significant advantages of moving to a hybrid cloud environment.

Adaptability

Having the ability to choose between on-site/privately-hosted cloud servers and public ones let you pair the right IT solution with the right job. For example, you can use the private cloud to store sensitive files, while utilizing more robust computing resources from the public cloud to run resource-intensive applications.

Scalability

The hybrid cloud allows you to “scale up” or “scale down” computing resources on an as-needed basis. So if there are last-minute computing demands that your hardware can’t support, or if you’re planning for future expansion, hybrid cloud solutions allow for on-demand increases or decreases in capacity.

Cost efficiency

Does your business struggle to meet seasonal demands? With a hybrid cloud solution, you’ll be able to easily handle spikes in demand by migrating data from insufficient on-premise servers to scalable, pay-as-you-go cloud servers whenever needed, without incurring extra hardware and maintenance costs.

Security

Last but not least are the security advantages of a hybrid cloud solution. You can host sensitive data such as an e-commerce details or an HR platform within the private cloud, where it will be protected by your security systems and kept under close watch. Meanwhile, routine forms and documents can be stored in the public cloud and protected by a trusted third-party.

Here’s how SMBs can set up a hybrid cloud model based on their requirements and the providers available to them:

  1. By employing one specialized cloud provider who offers comprehensive hybrid solutions
  2. By integrating the services of a private cloud provider with those of a separate public cloud provider
  3. By hosting a private cloud themselves and then incorporating a public cloud service into their infrastructure

Our experts can help you transition to a hybrid cloud solution without interruption and without the huge costs. Contact us today to learn more about the benefits that a hybrid cloud can bring to your business.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

/by
,

Watch out for this persuasive phishing email

Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s a new phishing scam making the rounds and the digital bait is almost impossible to distinguish from the real thing. Here are the three things to watch out for in Office 365 scams.

Step 1 – Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 – Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.

 

Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 – Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site’s URL before entering your password. A zero can look very similar to the letter ‘o’ (e.g. 0ffice.com/signin).

 

Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today for information about our unlimited support plans for Microsoft products.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

/by