Posts

To keep cyberthreats at bay, you need proactive cybersecurity solutions in your arsenal. They identify and contain threats before they wreak havoc on your systems and cause significant productivity and financial losses. Here’s all you need to know about proactive cybersecurity and how to implement it.

What is proactive cybersecurity?

Traditional cybersecurity is reactive — your IT team or managed IT services provider (MSP) will be alerted of a cyberattack after it has happened, leaving them to alleviate the impacts. In contrast, proactive cybersecurity is preventative — it takes into account all potential threats and seeks to identify vulnerabilities so that they can be addressed before they lead to larger, downtime-causing issues.

Many organizations have adopted proactive cybersecurity measures along with reactive ones and are now reaping the benefits, including the ability to stay one step ahead of cyberthreats and improved data compliance.

How to implement proactive cybersecurity

In adopting a proactive approach to cybersecurity in your organization, you must follow these steps:

  1. Understand the threats you’re facing
    Before you can work toward preventing cyberattacks, you must know exactly what you’re up against. Seek the help of your in-house IT staff or MSP in identifying the types of attacks that are most common in your industry.
  2. Reevaluate what it is you’re protecting
    Once you have a list of the biggest threats to your organization, you need to take stock of how each can damage the various components of your network. Map out every company device that connects to the internet, what type of data they have access to (regulated, mission-critical, low-importance, etc.), and what services are currently protecting those devices.
  3. Choose proactive cybersecurity measures to put in place
    Depending on the risks and assets uncovered in steps 1 and 2, your IT team or MSP may recommend any of the following measures:
Proactive measure What it entails
Security awareness seminars for all internal stakeholders Train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness.
Updated anti-malware software or cloud-based service Protect your data and systems against the latest and most menacing malware.
Routine software patches and upgrades Minimize the chances of leaving a backdoor to your network open.
Web filtering services Blacklist dangerous and inappropriate sites for anyone on your network.
Perimeter defenses (e.g., intrusion prevention systems and hardware firewalls) Scrutinize everything trying to sneak its way in through the borders of your network.
Policy of least privilege Limit users’ access only to the data they need to fulfill their tasks.
Data segmentation Rank data according to sensitivity and build micro-perimeters around high-value datasets.
Full-disk encryption Make data stored in computers and portable devices unreadable so that if these machines are stolen, the files they have inside remain secure.
Virtual private networks Make data transmitted across unsecured connections unreadable so that intercepting it would become futile.
Strict access controls Prevent unauthorized access to accounts by using strong passwords, multifactor authentication, and auto screen locks and logouts for idle users.
AI-powered network monitoring Identify suspicious user and software behaviors such as employees accessing files outside their departments.

If you’re looking to implement a proactive cybersecurity strategy to protect your business’s critical systems, give our professionals a call today. We’ll assess your needs and recommend the best, most effective solutions to address them.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Businesses today are aware of the importance of regularly updating the different software they use to keep these running optimally and protected against cyberthreats. However, they often overlook the firmware of their computers and other devices. At best, firmware is only updated if there’s an issue with the hardware. But it’s actually a good idea to always keep firmware updated, and here’s why.

What is firmware?

Firmware is a basic type of software that is embedded into every hardware component in computers, computer peripherals (e.g., keyboards, mice), printers, mobile devices, and Internet of Things devices. It’s also found in some household appliances and gadgets such as TV remote controls, as well as everyday objects like traffic lights.

Essentially, firmware controls the device it’s installed on, sending instructions for how the device communicates with its different hardware components. It is only compatible with the make and model of the particular hardware it is installed on, and it cannot be uninstalled or deleted.

Why is updating firmware important?

According to Microsoft’s 2021 Security Signals report, firmware attacks are on the rise. These attacks involve injecting malware into computer systems to tamper with the firmware on motherboards or hardware drivers. From there, cybercriminals can do any number of things to the infected computers, including remotely controlling the devices, disabling the antivirus software, exfiltrating data, and blocking access to the devices and the data they contain.

Experts recommend installing firmware updates as soon as these become available to effectively protect against firmware attacks and other threats to your business’s cybersecurity. Users will also enjoy increased speed and enhanced performance with a firmware update.

How to install firmware updates

The method for updating firmware differs from device to device. For instance, you can simply download and install firmware updates on both iOS and Android devices. However, for devices such as routers, you will have to apply firmware updates from the manufacturer’s website or administrative console.

Keep in mind, however, that updating firmware can be tedious and time-consuming. In some cases, a firmware update can reset your devices and restore factory settings, causing you to lose custom configurations on your computers, routers, and the like. And if you fail to follow the manufacturer’s instructions to the letter, you risk damaging your systems.

It’s therefore best to leave the installation of firmware updates to the experts. For more information about firmware security and how to safely install firmware updates, or for any questions related to business IT, give our specialists a call today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Do IT security terms like “phishing” and “intrusion protection” sound extremely foreign to you? If so, it’s time you familiarize yourself with these and other common cybersecurity terms. By learning these basic concepts, you’ll be more aware of the depth and scope of online dangers and, hopefully, be better prepared to deal with them.

Malware

For a long time, the phrase “computer virus” was misused to refer to every type of attack that intended to harm or hurt computers and networks. The more appropriate term for these harmful programs and files would be “malicious software” or “malware.” Whereas a virus is a specific type of malware that is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as malware.

Ransomware

Don’t let all other cyberthreats ending in -ware confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is “ransomware,” which is malware that encrypts valuable data until a ransom is paid.

Intrusion prevention system (IPS)

There are several ways to safeguard your network from malware, but an IPS is quickly becoming one of the nonnegotiables. An IPS sits inside your company’s firewall and looks for suspicious and malicious activity that can be halted before it can exploit or take advantage of a known vulnerability.

Social engineering

Not all types of malware rely solely on fancy computer programming. Experts agree that the majority of attacks require some form of “social engineering” to succeed. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or protected information. For cybercriminals, complicated software is totally unnecessary if they can just convince potential victims that they’re a security professional who needs the victims’ password to secure their account.

Phishing

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of defrauding people using an app or a website that impersonates a trustworthy or often well-known business in an attempt to obtain confidential information. Just because you received an email that says it’s from the IRS doesn’t mean that it is. Don’t take such emails at face value — always verify the source, especially if the emails are requesting your sensitive data.

Antivirus

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well-known malware variants.

Zero-day attacks

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to fix the gap in security. However, if cyberattackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

Patch

When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest malware.

Redundant data

When antivirus software, patches, and intrusion prevention fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.

Our cybersecurity professionals are always available to impart more in-depth knowledge of the many different kinds of cyberthreats. Get in touch with us today and find out how we can help you with your IT security woes.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Decryptors

There are several ransomware decryptors now, thanks to communities of white hat hackers concerned about increasing ransomware attacks worldwide. While some of these decryptors do come with a price, the rest are free or for a minimum donation.

The state of ransomware in 2021 so far

Businesses need to deal with ransomware both from outside and within. On one hand, there are more cybercriminals trying to infiltrate your network. On the other hand, careless and unknowing staff can easily let ransomware enter your network. For instance, employees may be tricked into providing their access credentials in phishing sites, or they may click links to websites that upload ransomware downloaders onto their machines.

The statistics are sobering. Ransomware cost businesses more than $75 billion per year. Over the past two years, ransomware attacks have increased by over 97%. And compared to the first two months of 2017, ransomware campaigns that were initiated from phishing emails increased by 109% in the same span of time this year.
According to studies, there will be a ransomware attack targeting a business every 11 seconds in 2021. That is up from every 14 seconds in 2019, and every 40 seconds in 2016. And the trend is that the rate will continue to increase over the years.

Zombie ransomware is easy to defeat

Not every type of infection is targeted to individual organizations. Some infections may result from self-propagating ransomware strains, while others may come from cyberattackers who are hoping targets become so scared that they pay up before doing any research on how dated the strain is and how to remove it.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Prevention

But even when you can get your data back for free, getting hit with ransomware is no walk in the park. There are essentially three basic approaches to prevent ransomware:

  • First, train your employees about what they should and shouldn’t open when browsing the web and checking email.
  • Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.
  • Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above. In reality, most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. And even if you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting a never-ending stream of cyberattacks — hand it over to us and be done with it. Call us today to find out more.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Although a majority of ransomware attacks usually target Windows PCs, this doesn’t mean Mac users are completely safe. Ransomware attacks for Macs have occurred before, and are growing more widespread over time. So how can you prevent ransomware from infecting your Mac? We’ve compiled some helpful security tips for you.

What is Mac ransomware?

Ransomware is a type of malicious software that holds computer systems hostage until a ransom is paid in gift cards, or cryptocurrency like Bitcoin or Ethereum. It’s typically distributed using phishing emails, but it can also spread via unsecured networks.

When Macs are infected by ransomware, users won’t be able to access their data since it’s encrypted. Ransomware messages may also threaten to release the information to the public or destroy sensitive data if victims don’t pay within a certain deadline. Healthcare and finance organizations, in particular, are more likely to pay the ransom because these organizations tend to have a lot of valuable assets, including money, and can’t afford to lose access to their critical data.

Types of Mac ransomware

In 2016, the KeRanger ransomware was distributed through the popular BitTorrent app Transmission. KeRanger was signed with an authorized security certificate, allowing it to evade macOS’s built-in security measures and infect more than 7,000 Mac computers.

Patcher was another strain of Mac ransomware that was discovered in 2017. This type of ransomware disguised itself as a patching app for programs like Microsoft Office. When launched, Patcher would encrypt files in user directories and ask for a ransom paid in Bitcoin. But the ransomware was poorly built, so there was no way to retrieve the decryption key once the ransom was paid.

In 2019, the EvilQuest ransomware encrypted files and tried to trick users into paying a Bitcoin ransom. Much like Patcher, however, there was no feature to decrypt files after paying, leaving those who paid the ransom with nothing.

Ransomware attacks like these can make a resurgence at any time, which is why you need to be prepared in case of an attack.

An ounce of prevention goes a long way

Preventive measures are the best way to keep your Macs safe from ransomware. This involves updating your software regularly to defend against the latest threats and only installing programs from the official App Store.

Since ransomware initially infects computers using phishing emails, make sure to avoid suspicious links and email attachments. Always be on alert even if the email appears to come from a legitimate company or someone you know.

You must also maintain offline backups and have a disaster recovery plan to keep your business running in the off chance that ransomware successfully infiltrates your systems.

Responding to ransomware

If your Mac is infected with ransomware, do not pay the ransom fee, as there’s no guarantee that hackers will provide a decryption key and release your data even if you give in to their demands.

Instead, use an up-to-date anti-malware program to remove ransomware from your computer. Cybersecurity experts may also release free ransomware decryptor tools to remove the infection, so keep an eye out for these on the internet. If these programs and tools don’t work, contain the spread of the ransomware by disconnecting from the network and run data recovery procedures, provided you’ve backed up your data in an external hard drive or the cloud.

Mac ransomware attacks may not be common, but they still pose a great threat to your business. If you need more guidance, contact our team of security experts today. We stay abreast of the latest Mac security threats and know just how to keep your business safe.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Seafest Web Browser

The internet is a Wild West of sorts. One can never know what kind of cyberthreat they’ll come across. This is why businesses should use secure web browsers to keep threats at bay. But how safe are the popular browsers of today? Let’s find out.

Microsoft Edge

Microsoft Edge, Windows 10’s current default browser, is an improvement over its predecessor Internet Explorer (IE). Edge is based on the open source Chromium browser, resulting in a powerful and efficient browser that supports Progressive Web Apps and Google Chrome extensions.

Edge’s main advantage is that it is Windows 10 computers’ native browser, which means it should integrate more seamlessly with the Windows OS ecosystem in terms of power usage and data security. It uses Windows Defender SmartScreen to protect users from phishing and malware attacks. And it has a three-level defense against third-party trackers, allowing users to choose between Basic, Balanced, and Strict levels of blocking trackers from collecting personal data and monitoring browsing behavior.

Safari

Safari is a graphical web browser developed by Apple for iOS, iPad OS, and macOS. The current iteration is Safari 14, released September in 2020 alongside macOS Big Sur, and it’s also compatible with Catalina and Mojave.

Safari has long been using a system called Intelligent Tracking Prevention (ITP) that identifies and prohibits trackers from accessing a user’s personal data. Safari 14’s Privacy Report feature shows all the trackers ITP has blocked. Safari also has secure password monitoring, which notifies users if any of their saved passwords in iCloud shows up in a data breach. The browser, however, is only available on Apple devices, with full capabilities found only on MacBooks and Macs.

Mozilla Firefox

Mozilla Firefox is a free and open-source web browser developed by the Mozilla Foundation. It is widely available across platforms, even on Unix and Unix-like operating systems such as FreeBSD, OpenBSD, illumos, and Solaris Unix.

Because of Firefox’s open-source development platform, it can be quite unsecure to use on public computers. For personal and single-user business devices, however, Firefox is relatively safe, especially once all security features are activated and tweaked to your needs. Some key features include a password manager called Firefox Lockwise, a third-party tracker protection system, Private Browsing, and Firefox Monitor, which checks if your email address has been compromised in a data breach.

Mozilla also has a Bug Bounty program, which offers a financial reward to anyone who can identify gaps and holes in Firefox code, so the browser can be patched and improved as urgently as possible. Mozilla also promises no legal action against anyone who complies in good faith under its Bug Bounty program, including any claim under the DMCA for circumventing technological measures.

Google Chrome

Google Chrome is a cross-platform web browser developed by Google. It is the default browser for Google’s line of laptops and third-party Chromebooks. Chrome utilizes a process allocation model to sandbox tabs. Sandboxing is a security mechanism for separating running programs to keep software vulnerabilities from spreading.

Chrome also regularly updates two sets of blacklists, one for phishing and one for malware, which it uses to warn users of potentially harmful sites. It also touts site isolation and predictive phishing protection features that receive regular and critical updates every six weeks and within 24 hours of a threat being discovered, respectively.

Being aware of how your web browser stacks up against the competition is only half the battle. Ransomware like WannaCry can spread to uninfected systems through a gap in the Windows security framework, and most other malware infections prey on human error. What your business needs is a comprehensive security audit. For more information, call us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org  SOURCE

Managed IT Services

Today’s companies need technology to function. Without it, businesses cannot compete and succeed. But with technology comes the ever-constant threat of hackers and cybercriminals. That’s why small- and mid-sized businesses need to protect themselves with robust cybersecurity solutions managed by IT professionals.

The numbers

According to the Ponemon Institute’s 2019 State of Cybersecurity in Small and Medium-Sized Businesses (SMBs) survey, cyberattacks have increased dramatically. Here in the United States, 76% of companies were attacked in 2019, a significant leap from 55% in 2016. Sixty-nine percent of US businesses reported data breaches in 2019, up from 50% in 2016.

The financial consequences have also increased considerably. The average cost spent by companies because of damage to or theft of IT assets and infrastructure increased from $1.03 million in 2017 to $1.2 million in 2019. Costs due to disruption to normal operations increased from an average of $1.21 million in 2017 to an average of $1.9 million in 2019.

The attacks

Globally, the most common forms of attack on SMBs are those that rely on deception: phishing (57%), stolen or compromised devices (33%), and credential theft (30%). Worse, cybercriminals are targeting SMBs more, with reported attacks having increased from 60% in 2017 to 69% in 2019.

Why managed services?

Partnering with MSPs is the most effective way to prevent attacks and protect your business from malicious threats. MSPs offer a full range of proactive IT support that focuses on advanced security, such as around-the-clock monitoring, data encryption and backup, real-time threat prevention and elimination, network and firewall protection, security awareness training, and more.

And because managed services are designed to identify and fix weak spots in your IT infrastructure, you’ll optimize the digital backbone of your business processes. You’ll have faster network performance, a solid business continuity and disaster recovery strategy, and minimal downtime. One of the best things about managed services is that you get a dedicated team of IT professionals ready to assist you for any technology problems you may encounter. This is much more effective and budget-friendly than having in-house personnel handling all your IT issues.

Being proactive when it comes to cybersecurity is the only way to protect what you’ve worked hard to build. If you’d like to know more about how managed services can benefit your business, just give us a call — we’re sure to help.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from smallbiztechnology.com  SOURCE

Cybersecurity

It is good to have an IT team and/or a third-party partner like a managed services provider (MSP) that helps keep your company protected against cyberthreats. It is even better to have all stakeholders be involved in preventing data breaches. Here’s how everyone can be proactive when it comes to cybersecurity.

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would spearhead this review a few times a year.

Reevaluate what it is you’re protecting

Once you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what type of data they have access to (regulated, mission-critical, low-importance, etc.), and what services are currently protecting those devices.

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multipronged approach to proactive security.

Proactive measure What it entails
Security awareness seminars for all internal stakeholders Train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness.
Updated anti-malware software or cloud-based service Protect your data and systems against the latest and most menacing malware.
Routine software patches and upgrades Minimize the chances of leaving a backdoor to your network open.
Web filtering services Blacklist dangerous and inappropriate sites for anyone on your network.
Perimeter defenses (e.g., intrusion prevention systems and hardware firewalls) Scrutinize everything trying to sneak its way in through the borders of your network.
Policy of least privilege Limit users’ access only to the data they need to fulfill their tasks.
Data segmentation Rank data according to sensitivity and build micro-perimeters around high-value datasets.
Full-disk encryption Make data stored in computers and portable devices unreadable so that if these machines are stolen, the files they have inside remain secure.
Virtual private networks Make data transmitted across unsecured connections unreadable so that intercepting it would become futile.
Strict access controls Prevent unauthorized access to accounts by using strong passwords, multifactor authentication, and auto screen locks and logouts for idle users.
AI-powered network monitoring Identify suspicious user and software behaviors such as employees accessing files outside their departments.

As soon as you focus on preventing downtime events instead of reacting to them, the productivity and efficiency of your IT infrastructure will increase to levels you’ve never dreamed of. Start your journey to enhanced cybersecurity by giving us a call for a demonstration.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from smallbiztechnology.com  SOURCE

365 Phishing Scams

Microsoft is a known provider of top-tier business productivity software — and its commitment to its subscribers’ cybersecurity is integral to that reputation. To fight phishing, one of today’s most prevalent cyberthreats, the tech titan has equipped Microsoft 365 with powerful features.

Among the many business solutions that Microsoft offers is email hosting through Outlook. This service is protected by Microsoft Defender for Office 365. Defender has many key features:

1. Anti-phishing

The most dangerous types of phishing scams masquerade as emails from a party the victims know, such as their boss, colleague, business partner, or bank. A phisher may use crafty impersonation tactics, such as referring to the victims by their nickname, making it harder to immediately identify the scam as fraud. A cybercriminal may even take over actual email accounts and use these to completely fool their victims.

Using machine learning, Defender creates a contact graph of contacts that users normally exchange communications with. It then employs an array of tools, including standard anti-malware solutions, to differentiate good from suspicious behaviors.

2. Anti-spam

Generalized phishing campaigns utilize spam emails, which are sent to a large list of email addresses, to catch random victims. Stopping spam is, therefore, a great start to protecting your company from a phishing attack.

Microsoft 365’s anti-spam technology addresses the issue by examining both an email’s source and its contents. If an email is determined to have come from an untrustworthy source or has suspicious contents, then it is automatically routed to your spam folder. What’s more, this feature checks the activity of people in your company to ensure that none of them sends out spam emails.

3. Anti-malware

Malware, such as ransomware and spyware, can spread via phishing emails. Ransomware locks data and programs from users until a ransom is paid. Spyware, on the other hand, steals data by recording keystrokes, copying clipboards, and taking screenshots, among other methods.

Microsoft 365 employs a multilayered defense against both known and unknown types of malware. This covers the different stages of email transmission, including filtering potentially harmful attachment formats, and real-time threat response. Microsoft also regularly deploys malware definitions to keep its defenses updated.

4. Safe Attachments

Some phishing emails contain file attachments that infect your computer with malware. Any email attachment should be handled with caution, but it’s not uncommon for some users to accidentally click on one, especially as they rush through the messages in their inbox.

Defender resolves this issue by opening all attachments in a sandbox first. This sandbox is an isolated environment, so even if the attachment contains malware, it would not affect your system. While in the sandbox, the attachment is meticulously scanned. If it’s clean, Microsoft 365 will allow you to open it as normal. If it contains a threat, the service will notify you of the issue. Microsoft uses some of the information collected by Safe Attachments to further improve the feature’s capabilities.

5. Safe Links

Instead of attachments, some phishing emails contain URLs that lead to websites — often spoofed versions of legitimate websites — that require victims to provide their personal information such as their account credentials. Some of these URLs lead to download pages that infect your computer with malware.

In a process called URL detonation, the Safe Links feature protects users by scanning the links in their emails and checking for malicious behavior, such as the transmission of malware. If the link leads to a malicious website, Defender will warn users not to visit it. Otherwise, users can proceed to click and go to the destination URL without a hitch. But even so, the service will rescan the link in the succeeding days and report any suspicious changes.

What’s great about Safe Links is that it doesn’t just scan links from unfamiliar sources. It also scans links in emails from people within your company and works on files uploaded to Microsoft Teams and SharePoint.

6. User Submissions

Microsoft 365 allows you to set a specific mailbox to send emails you deem a threat. The User Submissions feature lets you set criteria for both malicious and safe email and identify mailboxes besides your spam folder to keep these messages in. This feature gives your administrators greater control over which emails to flag and which to report to Microsoft.

7. Enhanced Filtering

If your company uses third-party services to route emails before they are sent to Microsoft 365, you will benefit from Enhanced Filtering for Connectors. Microsoft 365 uses inbound connectors to determine the trustworthiness of email sources. The more complex your routing scenario is, the more likely that an email’s inbound connectors will not reflect its real source.

Enhanced Filtering preserves authentication signals that may have been lost over the course of routing emails. This maximizes the effectiveness of Microsoft 365’s overall filtering capabilities, helping it detect spam and phishing emails.

If you need an email service that promotes efficiency while protecting your business, we can implement and manage Microsoft 365 for you. Just call us today to get started.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

COVID-19 has forced companies large and small to rapidly retool the way they do business, with even the smallest businesses making remote work arrangements for employees. But while the pandemic has inspired an unprecedented surge of cyber attacks, including a heap of new security challenges for business, many small companies aren’t rewriting cyber security policies or implementing new security measures at the same rate as larger companies, and it seems the smaller the company, the fewer the changes.

With the economy beginning to contract, many small businesses may be struggling to find the funds or staff to address evolving cybersecurity concerns. Small businesses already make up 43 percent of cyber crime targets in the U.S., and in 2019, data breaches cost small businesses an average of $200,000, with 60 percent of those attacked going out of business within six months.

Improving cyber security might cost some money, but it’ll surely be worth keeping your business afloat — and it might even be cheaper than the cost of a data breach. Protecting yourself is often as simple as implementing a few smart policies, and using the right security tools.

Update Your Policies to Address the Realities of Remote Work

If you have employees working remotely during the crisis, you need to implement some policies that acknowledge the unique security risks of working from home. First of all, employees won’t be behind a company firewall, and might not have company security software running on their systems.

Require that employees access company data over a private network — anyone who doesn’t have access to a home network should be required to work onsite, where they can access a secure connection. Public connections, like those in coffee shops or libraries, might not be available anyway, and if they are, they’re not safe — hackers can jump on them to access your data. Clarify that employees shouldn’t save company data to their personal devices, including storage like flash drives, personal cloud storage, or personal email. All of these are insecure places to store data.

Use the Right Tools

Software solutions are available to give you and your employees the tools you need to stay secure while working in a challenging situation. Employees can use a Virtual Private Network (VPN) to access your company’s internal network and even use a virtual desktop there, which provides both storage solutions and an extra layer of security.

Employees will also need endpoint security, including anti-malware protection and firewall protection. Advanced threat protection will include security for endpoints and other network devices and email, as well as malware protection. The best advanced threat protection offers real-time monitoring to catch breaches and other attacks before they do too much damage.

Train Your Employees

Of course, employees will need regular security check-ins to make sure their security features are optimized. However, they’ll also need additional training in cybersecurity, especially as everyone is on-edge and stressed-out at the moment — in other words, employees are more likely than ever before to be in the perfect state of mind to fall for a phishing email or other social engineering tactic. Regular training, even if it’s just videos and online quizzes, will help keep employees on their toes, and will maybe help you single out individuals who need further attention.

Supply Devices

If you can, it’s safest to supply your employees the devices they need to work from home. It’s more fair to the employees, who may otherwise have to use old or underpowered equipment, or scramble to come up with what they need on their own. But it’s not just about fairness — you have much more control over what happens on company devices, and you can, at least in theory, keep employees from using them for personal stuff. This can help keep hackers from compromising your company data, since you don’t know what emails your employees are answering in their downtime, or which questionable websites they might be visiting. Their personal devices could already be compromised.

The COVID-19 pandemic has been dangerous in all kinds of ways, some more predictable than others. Make sure your company is aware of the dangers COVID-19 poses for your cyber security, so you protect yourself on every front.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from smallbiztechnology.com  SOURCE