Posts

Breaking Bad Habits

4 Ways Your Employees Are Putting Your Business At Risk Of Cyber-Attack

A couple years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

Your employees are instrumental when it comes to protecting your business from cyberthreats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are four ways your employees might be endangering your business and themselves — and what you can do about it.

1. They’re Not Practicing Safe And Secure Web Browsing. One of the most basic rules of the Internet is to not click on anything that looks suspicious. These days, however, it can be harder to tell what’s safe and what isn’t.

A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “http” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.

Another way to practice safe web browsing is to avoid clicking on ads or by using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.

2. They’re Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Or, worse yet, all of the above.

Cybercriminals love it when people get lazy with their passwords. If you use the same password over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!

To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords. It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it. One more thing: the “tedious” argument really doesn’t hold much water either, thanks to password managers like 1Password and LastPass that make it easy to create new passwords and manage them across all apps and accounts.

3. They’re Not Using Secure Connections. This is especially relevant for remote workers, but it’s something every employee should be aware of. You can find WiFi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.

And unless your employee is using company-issued hardware, you have no idea what their endpoint security situation is. It’s one risk after another, and it’s all unnecessary. The best policy is to prohibit employees from connecting to unsecured networks (like public WiFi) with company property.

Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! You want to put up as many gates between your business interests and the outside digital world as you can.

4. They’re Not Aware Of Current Threats. How educated is your team about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.

If an employee opens an e-mail they shouldn’t or clicks a “bad” link, it can compromise your entire business. You could end up the victim of data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens every day to businesses around the world – and hackers are relentless. They will use your own employees against you, if given the chance.

Your best move is to get your team trained up and educated about current threats facing your business. Working with a managed service provider or partnering with an IT services firm is an excellent way to accomplish this and to avoid everything we’ve talked about in this article. Education is a powerful tool and, when used right, it can protect your business and your employees.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

A record number of businesses said goodbye to the traditional in-office work model in 2020. They embraced the remote work model as they adapted to the new COVID-19 reality. This switch to remote work was a huge shift that came with many challenges, and some of those challenges are still felt today.

One of those challenges was – and is – cyber security. Businesses wanted to get their remote workforce up and running, but there were a lot of questions about how they would keep their newly remote employees secure.

So, how can you enable remote work while keeping your business and your employees secure? How do you keep cybercriminals out? The answer is multifaceted. There is no one-size-fits-all approach to cyber security — that would make things much easier! But there are several steps you can take to help your remote team stay productive while keeping the cybercriminals out. Here are three things you need to do:

  1. Skip the public WiFi. This is Cyber Security 101. Never use unsecured, public WiFi, especially when working. For remote employees who have the option to work from anywhere, using public WiFi is tempting. It’s easy to access, but it comes with huge risks, including the potential to expose your device to intruders.Thankfully, there are plenty of options to help keep employees connected without having to worry about snoops. The most popular is the VPN, or virtual private network. VPNs allow remote workers to securely access the Internet, even through public WiFi. VPNs are ideal for remote workers who need to routinely access your network.Another option is the personal hotspot. This is a portable WiFi access point, usually paired with data service through a telecom like Verizon, AT&T or T-Mobile. these devices give remote workers flexibility to work anywhere they can get high-speed data service. Because the remote worker is the only person on the hotspot (and should be the only person), there is less worry about hackers snooping for your data.
  2. Have a strong device policy. When it comes to cost-cutting, it can be appealing to let employees use their own devices while working remotely. Avoid this, if possible. The bring-your-own-device (BYOD) approach has its benefits, including keeping costs down. We need to keep in mind the security costs could be massive, especially if an employee gets hacked or misplaces crucial data. In short, BYOD can get complicated fast, especially for businesses unfamiliar with the BYOD approach.That said, many businesses work with an IT services company to create a list of approved devices (laptops, tablets, smartphones) that employees can use. Then those devices are loaded up with malware protection, a VPN, and other security solutions. So, while employees may be using a variety of devices, they all have the same security and other necessary software in order to perform their duties.The best device policy, however, is to provide employees with work devices. This ensures that everyone is using the same hardware and software, and this makes it much easier to keep everyone up-to-date and secure. It takes a little more effort logistically, and it has a higher up-front cost, but when it comes to keeping your business secure, it’s worth it.
  3. Don’t forget about physical security. While businesses are focusing on digital security right now, they’re not putting a similar focus on physical security. They may have a team of people working remotely spread across different neighborhoods, towns, states or countries. This mobility comes with the risk of device theft or loss.
    If employees will be carrying their work devices with them, those devices should be kept nearby at all times. That means never leaving work devices in vehicles or unattended at a café or airport (or any location). Never leave a device where it has the potential to be taken.It’s important to remind employees to not only keep their doors locked, but also keep work devices out of sight. You wouldn’t want to set up a home office in a room facing the street outside while leaving the windows open and the door unlocked. Just as cybercriminals are looking for ways to break into your network, criminals are looking for opportunities to take high-value items.

The way we work is changing, so we must be prepared for whatever happens next. Implementing these three steps will give you a starting point, but they aren’t the end point. Work with an experienced MSP to get the most out of your remote work approach. Businesses may not return to an in-office model, so the more steps we take to secure our businesses and our remote teams, the better off we’ll all be.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

If you’re getting targeted with surprisingly relevant ads, there’s a chance your internet activity is being tracked and analyzed by market researchers. While this doesn’t bother most people, private browsing mode can offer you some protection against online marketers and data thieves.

What is private browsing?

Your web browser — whether it be Chrome, Edge, Firefox, Safari, or Opera — remembers the URLs of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded.

This can be convenient if you frequently visit certain pages, can’t remember your login details, or if you’re trying to recall a website you visited a few days ago. But if someone else uses or gains access to your computer, your most private (and embarrassing) internet activities are exposed for anyone to see.

With private browsing — also called Incognito Mode in Chrome and InPrivate Browsing in Edge — all the information listed above does not get recorded. In fact, all the websites and information you accessed in the private browsing session are immediately discarded without a trace as soon as you close the browser. This can come in handy when you’re using a public computer because you’re instantly logged out of all the accounts you accessed after closing the window.

Your cookies also won’t be tracked. In a normal browsing session, sites like Facebook will display highly targeted ads based on the sites and pages you’ve visited. But in private browsing mode, your internet activity can’t be tracked by marketing companies.

Another benefit of private browsing is that you can use it to log in to several accounts on the same site, which is useful if you need to log in to two different online accounts at the same time.

What are the limitations of private browsing?

Although private browsing does prevent your web browser from storing your data, it doesn’t stop anyone from snooping on your online activities in real time. If your computer is connected to the company network, system administrators can still track what you’re browsing, even if you’re in Incognito Mode.

Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online. Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy. Instead, you should use a virtual private network (VPN) when you go online. These encrypt your internet connection and prevent anyone from intercepting your data. And don’t forget to use a strong anti-malware program to scan your computer and keep spyware and other malicious web monitoring software at bay.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

In the past couple of months, just about everyone has been forced to shift priorities. If you’re like many business owners, you are intently focused on pivoting your business to accommodate today’s “new normal.” In fact, you are probably investing so much of your time in trying to retain your customers and generate new cash flow that you barely have time to even think about cyber security.

The problem is that cybercriminals and hackers know there’s no better time to strike than during a global crisis. In fact, they’re probably working overtime to craft new malware while the rest of us are trying to manage how our lives have been turned upside down. While you are so focused on your business, these cyber thugs are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.

Cybercrime is already on the rise and is expected to cause $6 trillion in damages by 2021! But, if history repeats itself, you can bet hackers are already out in full force right now. We’ve already seen how headlines are changing from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.

Here are solutions you can implement during these crazy times to help protect your business data, money and productivity:

  • Be more suspicious of incoming e-mails.

Because people have been scared, confused and not really focused for a while now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. You probably have received a bunch of COVID-19-focused emails. Always carefully inspect the e-mail and make sure you know the sender. There has already been a CDC-gov e-mail address out there that’s not legitimate and has spammed inboxes across the country.

Avoid clicking links in the e-mail unless it’s clear where they go. And you should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.

  • Ensure your work-from-home computers are secure.

Another reason to expect a rise in cyber-attacks during these times is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.

First, make sure your employees and contractors are not using their home computers or devices when working. Second, ensure your work-at home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a virtual private network (VPN). If you need help in arranging or improving your new work-from-home environment, we would be happy to get your entire team set up. Our goal is always to help your business to thrive with greater cyber security and superior technology that improves efficiency.

  • Improve your password strategy.

During crises like this one, your passwords could mean the difference between spending your time working to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.

Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!

Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security.

You, your team and your family have enough to concern yourselves with at the moment. There’s no need to invite in more problems by letting your computer and network security slide during these times.

While this coronavirus scare has negatively affected countless businesses, we are proud to say we are open and continuously servicing our customers. If you need additional security advice or would like to have a consultation to discuss how to keep your data safe or how we can help you work more effectively, simply connect with us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Remote work policies have become a necessity not just because of the current coronavirus crisis, but also for the ways they improve a company’s bottom line and efficiency. Yet despite remote work’s benefits, it leaves you and your company exposed to online scams and other cybersecurity threats. To defend your company and your remote workers, make sure to heed the following tips.

Fortify user accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers do manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all your accounts, consider password managers like LastPassDashlane, and Keeper.

To further strengthen your accounts, however, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes generated by SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily known for circumventing geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy, and mitigating the risk of hackers stealing company information.

Patch your software regularly

Although installing software updates can be a major nuisance, they cover critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and distribute the most recent updates on a company-wide scale.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll also want to implement antivirus software to detect and remove any malicious programs that do manage to find their way onto your device. Just remember to constantly update the software so it can effectively detect the newest malware.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change your router password as soon as possible because hackers can easily break into them once they know the router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have this setting, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like ransomware or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with setting up firewalls, avoiding scams, and even enabling MFA, we can provide the IT support you need in this difficult time.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE