Small- and medium-sized businesses don’t have the time to maintain IT infrastructure, let alone assess whether it’s still driving value for the company. However, if you want to ensure everything runs smoothly, it’s important to be proactive and conduct technology business reviews when you can. What is a technology business review? A technology business review Learn More “The benefits of technology business reviews”
If you’re a Mac user, data privacy and security should be your #1 priority. Without the right security measures, you’re inviting cybercriminals to steal your critical data. Are you willing to take the risk? Secure your computer and fortify your defenses with these six tips. The basics First, let’s start with the basics and head Learn More “Secure your Mac computer in 6 easy ways”
When it comes to cyberattacks, most business owners get hung up on the technical and logistical details, forgetting another important aspect: motive. Why are hackers attacking people and organizations? And whom are they targeting? By answering these questions, you’ll have a better understanding of which of your business’s resources need the most protection. Script Kiddies Learn More “4 types of hackers that may target SMBs”
In today’s business world, computers are an essential investment. Considering the tight budgets of small- and medium-sized businesses (SMB), one can’t afford to invest in the wrong hardware. Which is the smartest investment, especially for startups? Laptops or Desktops? Portability Laptops allow you to keep working when you don’t have an electrical outlet. However, this Learn More “Best for SMBs: Laptop or desktop?”
Windows 10 is developed as a service, and regularly receives patches and bug fixes. It also gets feature updates at least twice a year, and 2018 is no different. This October, Microsoft unveiled the October 2018 update, also known as Redstone 5, which comes with some amazing new features. Your Phone Windows 10 is getting Learn More “Cool new Windows 10 features are coming!”
Phishing scams disguise malicious links and emails as messages from trusted sources. The most recent scam to watch out for almost perfectly imitates a trusted invitation to collaborate through Microsoft SharePoint. It’s a three-step attack that’s easy to avoid if you know how it works. Step 1 – Invitation to collaborate email The first thing Learn More “New Office 365 cyberattack on the loose”
When one cyberattack is stopped, another more powerful variant almost always takes its place. It happens all the time with ransomware, computer viruses, and Trojan horses. Recently, this has become the case with Spectre attacks, which exploit a fundamental flaw in modern computer chips. Here’s everything you need to know.
Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails. Malicious code running on a computer or web browser could be used to exploit this vulnerability, but ever since Spectre was discovered, Microsoft, AMD, Intel, and other tech companies released a series of updates to fix it.
What is NetSpectre?
To perform Spectre attacks, malware would have to run on a targeted machine to extract sensitive data. But in late July, Austrian security researchers found a way to launch Spectre-style attacks remotely without locally installed malware. The new attack is called NetSpectre and it can be conducted over a local area network or via the cloud.
So far, it’s impractical for average hackers to use this method to steal data. In tests, researchers were able to steal data at a rate of between 15 to 60 bits per hour, which means it would take days to gather corporate secrets and passwords. As such, NetSpectre will probably be used by hackers who want to target specific individuals but don’t want to resort to obvious methods like phishing scams or spyware.
Experts also warn that while NetSpectre may be impractical now, hackers may develop faster and more powerful variants in the future.
How should you protect your business?
NetSpectre attacks exploit the same vulnerabilities as the original Spectre so it’s important to install the latest firmware and security updates. You should also secure your networks with advanced firewalls and intrusion prevention systems to detect potential NetSpectre attacks.
Last but not least, working with a reputable managed services provider that offers proactive network monitoring and security consulting services can go a long way in protecting your business from a slew of cyberthreats.
If you’re looking for a leading managed security services provider, why not talk to us? We provide cutting-edge security software and comprehensive, 24/7 support. Call us today for more information.
Making the decision to migrate from an on-site system to a cloud-based Office 365 is easy, but the migration process itself presents numerous security challenges. By covering these essentials, you’ll minimize security breaches and ensure you can enjoy the benefits of Office 365.
Identify your company’s sensitive data…
Most files housed within your servers contain sensitive commercial and personal data that must be properly identified and protected. Do this by conducting a security audit before you undertake your migration.
Your audit should identify the types of data stored in the various parts of your company network, including which specific information needs extra safeguarding. Be sure to consider everything from trade secrets and contract details to the personal information of your clients.
…and then restrict access to it
Once you’ve worked out where your most precious data lies, you can check who currently has access to it and whether their access is appropriate. After all, it’s not necessary for everyone to be able to get at all the data your company owns.
Ensure that each of your employees has access only to the data that’s necessary for them to perform their duties. The great thing about Office 365 is it lets you conveniently set different levels of permissions based on user roles.
Watch out for insider threats
It’s wise to consider everyone in your organization when it comes to auditing data access permissions – and that includes system administrators who may have master access to every element of your network infrastructure.
A rogue administrator is the stuff of nightmares, since their elevated position gives them much greater leeway to siphon off valuable data without being noticed – or even to allow others to conduct questionable business and bypass the usual built-in security precautions. You can mitigate this risk by monitoring your administrators’ data usage and activities.
Use machine learning to foresee security breaches
Every action performed by your staff within Office 365 is automatically logged, and with relative ease you can create detailed activity reports. But the sheer number of events taking place within Office 365 in the course of your business’s normal operations means that even attempting to identify questionable behavior will be akin to finding a needle in a haystack.
That’s not to say it’s unwise to be on the lookout for anomalies in normal usage – the export of unexplainably large volumes of data, for instance, could suggest that a member of your team is leaking intelligence to a competitor, or that they’re about to jump ship and take your trade secrets with them.
To make things easier, machine learning technologies can identify potential breaches before they happen by analyzing large swathes of data in seconds. Graph API is incorporated into Office 365, and allows for the integration of machine learning tools into your security environment to achieve just that. The same tools can also help you avoid being caught unawares by hackers, by identifying system login attempts from locations that are out of the ordinary.
By following these tips, you’ll be able to enjoy the powerful collaborative features of Office 365 while ensuring the robust security your business demands. To find out more about how we can help your Office 365 migration run smoothly, just give us a call.
Employees are one of your biggest security holes. There is no foolproof prevention method for human error, which is why employee mistakes are one of the most common causes of a security breach. To reduce potential risks, we’ve suggested a few IT policies you should implement to protect your business.
In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.
Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.
We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.
Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.
We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.
Google Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign. And starting in July, Chrome will mark all HTTP sites as “not secure.” Google hopes this move will nudge users away from the unencrypted web. Read on to learn more about the forthcoming changes.
For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”
Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.
Here’s how the transition to security has progressed, so far:
HTTPS: The benefits and difference
What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.
When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.
#1 HTTPS protects a site’s integrity
HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.
Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.
#2 HTTPS protects the privacy of your users
HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.
#3 HTTPS is the future of the web
HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.
Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.
How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.