Tag: security

The Risk of Not Having Cloud Backup

It is always better to be safe than sorry. And given the fact that files can disappear or be corrupted in an instant, small businesses need robust data backup systems in place. Without one, you could very well lose lots of money and have your hard-earned reputation irrevocably damaged.

How should you go about choosing a cloud backup provider? Let’s take a look:

Learn more about their storage capacity

Before partnering with a cloud backup provider, ask them where they store their data. Many providers use cloud servers over which they have little control, which could be hazardous as it makes it harder to monitor activity and respond to anomalies. To avoid this fate, choose a backup service that operates their own cloud-based servers.

Next, you will have to determine whether your business assets can be backed up, since some cloud storage providers do not have the capacity to save bigger files like videos or other multimedia files. By asking these questions, you can find a cloud backup service that fits your business needs, and more importantly, can take care of all your files.

Get details on their security

It will be important for the cloud backup provider to explain in no uncertain terms how they will store your files. They should be encrypted and stored on multiple servers because redundant storage ensures your data has multiple copies saved online and can be retrieved at will. Even if an uncontrollable disaster befalls your company or the backup provider’s system, you’ll still be safe.

Compare your budget and backup costs

Before considering any cloud backup provider, you need to know how much the service is worth to you. How much money would you lose if your server crashed and all the data it stored was irretrievable? Compare that amount with the cost of a provider’s service, which could be charged by storage tiers, per gigabyte, or on a flat-fee unlimited plan.

When asking about the price of cloud backups, make sure to clarify any service limitations or restrictions. For example, how quickly can your storage capacity be upgraded? Is it possible to run out of storage? These are not things you want to discover in the middle of hurricane season.

Clarify data recovery timelines

Although storage availability is important, how quickly backups can be created and restored is also an essential factor. Ask providers how often backups will be created (e.g., hourly, daily, weekly), and how long it will take to restore them (e.g., hours, days, etc.). If those timelines are too long, it may be time to look for a better provider.

The most important thing is to know your needs before meeting with a potential provider. Let them know your business needs, budget, and recovery timelines. Our solutions and pricing are flexible and customized to your needs so you’re not stuck in a cookie-cutter plan.

Give us a call to find out more about cloud backup service and other dynamic ways to protect your data.

Published with permission from TechAdvisory.org. Source.

Office 365: New security updates

Microsoft recently rolled out security updates to Office 365 for business and home users. These enhancements aim to increase safety when sending or receiving an email in Outlook, sharing links in OneDrive, and alerting users of possible malware infection.

Files Restore in OneDrive

Previously available only to Office 365 business users, Files Restore allows users to conveniently recover files in OneDrive within the last 30 days. Home and personal users can now easily retrieve and restore all their files at a specific point in time, which is useful in instances where files are accidentally deleted, corrupted, or compromised by ransomware or other malware.

Ransomware detection notification for Office 365

You receive notifications and alerts for a variety of things on your PC or mobile devices, but rarely for something as immensely important as a ransomware attack. Office 365’s ransomware detection and recovery feature sends desktop notifications, email alerts, and mobile alerts in case of any possible ransomware attack on your system so you can act fast.

Aside from being notified about a detected ransomware, you’ll also be guided on how to recover your files before they were infected, based on the timestamp recorded by Files Restore.

Password-protected link sharing in OneDrive

Whenever you share a link — whether to a file or folder — in OneDrive, there’s no guarantee that it won’t be shared to unauthorized users. A password-protected feature solves this dilemma by giving you an option to set and require a password for every file or folder you share.

Email encryption in Outlook

Intercepting email has become many cybercriminals’ preferred method of stealing critical information, so it’s more crucial than ever to ensure email safety. With Outlook’s end-to-end encryption, users can rest easy knowing that the email they send won’t be easily intercepted after all.

Email encryption works by requiring non-Outlook email recipients to choose between receiving a single-use passcode or re-authentication to open an email from an Outlook email sender. On the other hand, an Outlook-to-Outlook email exchange — whether Outlook on desktop, mobile (iOS and Android), or Windows Mail app — doesn’t require any further action for the email to be opened.

Prevent Forwarding

This function restricts email recipients (both Outlook and non-Outlook users) from forwarding or copying email. It also provides an option to prevent certain recipients from opening an attachment from a forwarded email, which will come in handy when a person needs to send an email to more than one recipient, but wants to restrict access to an attachment to just a few recipients.

These new capabilities greatly reduce the effort to secure your files and communications, and Microsoft is sure to roll out a few more soon. If you want to optimize these Office 365 security features or explore other productivity tools’ security features, call us today.

Published with permission from TechAdvisory.org. Source.

Beware of watering hole attacks!

Hackers have plenty of ways to breach your systems. They can use complex programs to exploit software bugs, send emails to dupe you into downloading malware, or insert a malware-infected USB drive directly into your computer. However, another increasingly popular hacking method is a watering hole attack.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

3 Surprising applications of blockchain

Most people associate blockchain technology with Bitcoin, the infamous digital currency that rose to fame in 2017. But blockchain technology is not tied to financial transactions, and it’s creating all sorts of exciting opportunities for faster, more secure information exchange — see for yourself!

What is blockchain?

Blockchain, like the cloud, is more of a concept than a specific piece of software or hardware. It’s the idea that if you store a spreadsheet or ledger on a hundred different computers — each of which receive automatic and encrypted updates — it’s nearly impossible to create a fraudulent entry. If someone adds a line of false information to one spreadsheet, 99 others can confirm it is not in their copy and is therefore inaccurate.

In the Bitcoin ledger, each line represents the transfer of funds from one account to another. So if John wants to transfer money to Jane, he sends a request to Bitcoin’s blockchain and thousands of computers confirm his account information is correct and he has sufficient funds. The money is transferred, both account balances are updated, and the whole process takes less than an hour with almost no human interaction. Much faster than the 5-7 business days of most banks.

There are countless applications for decentralized, real-time record keeping beyond financial transactions, though. And very soon, blockchain won’t be synonymous with Bitcoin.

Blockchain’s potential

Although this technology has been around since the ’90s, it lacked the popularity and computing power necessary to become a mainstream solution…until now. With the rise of cryptocurrencies in 2017, blockchain started seeping into other industries, such as:

  • Law – “Smart contracts” create agreements that automatically execute when their terms are met. For example, an attorney could agree to pay a courier $100 after the delivery of documents to the defendant in a case. The contract and the payment sit in the blockchain until the courier uploads a GPS-tagged photo of services rendered, at which point the money is transferred and the contract archived.
  • Agriculture – Supply chain blockchains can track every ingredient throughout the production process. If several people get sick from the same food item, ingredients could be traced back to their source and products that share the same ingredients could be recalled preemptively.
  • Real estate – Blockchain is being used to automate escrow account transactions, property title transfers, and insurance claims, so they aren’t reliant on slow and error-prone humans. Buying a home could eventually be as easy as finding the one you want, signing a contract, transferring your down payment, and receiving the title — no middleman necessary.

Most blockchain-based solutions are too new to trust with sensitive information. But you can do a few things to get out in front of your competitors. You can work with us to invest in business intelligence software that helps you collect more data, and start experimenting with risk-free blockchain solutions.

As long as you have certified technicians like ours at your disposal, you’ll be sure to see gains in no time — give us a call today!

Published with permission from TechAdvisory.org. Source.

Ready for tax season phishing scams?

As tax season looms, so do phishing scams. For cybercriminals, this is the ideal time of year to deceive unsuspecting individuals into releasing sensitive private or company information. Businesses must therefore take extra precautions between now and April 17th to avoid hackers from selling your confidential data in the dark web.

Phishing baits to watch out for

Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they’re from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all…

Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.

Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.

Standard protection protocols

Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.

Taking security a step further

Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.

But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.

Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Send us a message right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.

Published with permission from TechAdvisory.org. Source.

Endure tech disasters with external support

Three decades ago, the notion of hiring specialists in information technology was virtually unheard of. Nowadays, the majority of businesses are digitally operated, which means technology specialists are a must, especially given the huge increase in different types of security breaches. Determine how external support can back you up in times of technical distress.

Access to new technologies and industry experts

Managed Services Providers (MSPs) are equipped with resources most small businesses can’t afford. They employ teams of experts in fields ranging from cybersecurity to data management to networking — all available for you on an outsourced basis. For example, an MSP provides advanced security software and applications that can help your business avoid the risks of cyberthreat.

They also work with industry tech leaders who provide insights into upcoming hardware and software products in the market. This ensures you receive updated recommendations on the latest technologies so you can use them in your business, and they often come with deals and discounts that you wouldn’t normally have access to.

Knowledge from past breaches

External IT support providers have been helping businesses recover from all kinds of tech disasters since the dawn of hackers. They now have enough knowledge to prepare Data Backup and Disaster Recovery plans for you. This way, you and your team would still be up and running after suffering from an IT emergency without disrupting much of your business operations.

External support providers’ experience with data protection will ensure your systems are monitored around the clock so your security systems are always functioning properly to keep cybercriminals at bay.

Run your business with ease

You don’t specialize in technology, so you don’t have the skill or the experience in dealing with digital felons. You also know how vulnerable your business is online and won’t dare do anything to jeopardize it. That’s why external support is such a great asset — you’ll be able to manage your business without any worries because your external IT provider will keep it protected.

In the end, you also have to be cautious in your search for an external support provider. Conduct your research thoroughly, read through all their testimonial pages, and verify whether their business objectives coincide with yours. To put your mind at ease and to make sure that your business’s technology is in good hands, you can always send us a message and we’ll provide you all the references you need.

Published with permission from TechAdvisory.org. Source.

More leaks from Equifax breach

The Equifax breach in 2017 exposed the personal information of 145.5 million people in the US and some parts of the UK and Canada, but the number of victims keeps increasing. In the beginning of March, the credit-reporting company revealed that more personal information was leaked. Read on to find out more about this latest development.

What happened?
On March 1, Equifax reported that the names and driver’s license numbers of approximately 2.4 million Americans were stolen. According to the company, sensitive information like home addresses, home states, or the license issue and expiration dates were not leaked. Equifax said these breaches were discovered only recently because their forensic investigations primarily focused on stolen Social Security numbers.

In response, the company said that anyone affected would be notified directly. They’re also now offering a security program designed to prevent identity theft and credit tampering. However, given the company’s poor track record, not many are willing to enroll.

When the company first announced the breach in September last year, the tool used to check whether an account had been hacked didn’t work and came up with false positives. Fortunately, there are other things you can do to protect yourself.

Monitor your credit
Consider looking through your credit reports for any suspicious spending. If you spot any new accounts, loans, and other payments you don’t recognize, contact your credit card company to report fraudulent transactions.

Check the dark web
Compromised data is often sold to the highest bidder on the dark web, so most Equifax data can probably be found there. To see whether your personal information has indeed been compromised, sign up for dark web monitoring services. Then consult with a security professional to discuss your options.

Place a credit freeze
One way you can prevent hackers from opening credit cards and making payments in your name is to freeze your credit. When you implement this, anyone masquerading as you will be required to provide a PIN to unfreeze your account. Contact the credit bureaus (Equifax, Experian, TransUnion) to activate this service.

Set fraud alerts
When you set a fraud alert, credit card companies and businesses must verify your identity before opening an account or making any payments. Together with a credit freeze, alerts will make it extremely difficult for hackers to steal your identity.

Learn to identify phishing scams
Because Equifax is notifying data breach victims directly through email, hackers could take this opportunity to send fake messages that direct users to dangerous websites. As such, knowing how to identify phishing scams (suspicious URL links, attachments, and spelling errors) is vital.

Dealing with data breaches is a long and frustrating process, especially for businesses that just want to focus on growing their operations. So if you have any security concerns, call us today. We have the cybersecurity expertise to protect you.

Published with permission from TechAdvisory.org. Source.

Government agency finds way to unlock iPhones

Cellebrite, an Israel-based vendor that works with the U.S. government, has revealed that they’ve found a way to unlock practically every iPhone available on the market. It appears to be a significant milestone for law enforcement and forensic specialists, yet it’s also a potential privacy issue for Apple customers.

iPhone vulnerabilities leaked, is it true?

A couple years ago, Apple had a showdown with the FBI regarding data privacy, and this prompted them to develop exceptionally secure mobile devices. But Cellebrite has crashed the party, developing several methods to access iPhone operating systems, including the most recent version.

The engineers are now promoting their methods to private forensics and law enforcement professionals around the world who would benefit from this new service. In fact, in November 2017, the Department of Homeland Security successfully raided data from the iPhone X, most likely through the use of Cellebrite technology.

Secure your business at all costs

To protect you from this potential security issue, here are a couple suggestions from tech experts:

  1. Patching mobile devices is a crucial step for both businesses and consumers. For devices that cannot be patched, you must retire it to prevent risks.
  2. Adopting a disaster recovery plan is vital. This way, you can limit how much damage a breached gadget can cause.

Only time will tell whether Apple’s reputation and the iPhone’s security really has been weakened. Still, it doesn’t mean that you should hold off on protecting your business. Use this news to give your technology an overhaul, improve your business processes, and update your employees’ security training.

Even with all the ingenious ways to hack into systems nowadays, you felt you could count on Apple to be one step ahead of everyone — but that might not be the case anymore. Ensure that your privacy is secure and your files are still safe by strengthening your usual security practices. But if that’s too technical for you, just give us a call and we’ll take care of it!

Published with permission from TechAdvisory.org. Source.

Windows 10 Home, Pro, or 10 S?

When buying new hardware, you have to choose which operating system (OS) to install. And if you go with Windows, you’ll have to make even more decisions, as there’re Windows 10 Home, Pro, and 10 S. Although they contain many similar features, there are significant differences between them. Here’s a quick rundown of each OS version.

Windows 10 Home
This version, as you may have guessed, is designed for home and personal use. It comes bundled with key Windows 10 features, including Microsoft Edge, Office 2016, smart pen support, and the Cortana voice assistant. Since Microsoft is pushing their cloud services, Home also provides 5GB of cloud storage in OneDrive for individual users.

In terms of security, Home has fairly basic protections. It has Windows Defender Antivirus software, Windows Hello biometric logins that use face or fingerprint authentication, and rudimentary device encryption to minimize data breaches. Those with multiple Windows devices will also love the mobile device management app, which allows them to track and control app usage for connected smartphones and tablets.

To explore new apps, Home users can sign up for the Windows Insider program, but since this version is light on features, there is usually a limited selection of early release apps to play with.

Windows 10 Pro
If you plan to use your computer for work, the Pro version is the right OS for you. One of its most notable features is Hyper-V, which allows you to create virtual machines (VMs) on Windows 10. These VMs can be used to deliver computing resources from a powerful computer to other machines connected to the network, making resource provisioning a breeze.

Considering that businesses are usually targeted by cybercriminals, Pro offers more robust security than Home. In addition to Windows Defender, this version comes with whole disk encryption, Enterprise Data Protection, and Azure Active Directory — an identity management service used to set up and enforce access policies for apps and devices.

Rolling out updates for all computers is also incredibly easy with Pro’s Windows Update for Business service. From a central console, you can manage how and when Windows 10 devices are updated while making sure that the bandwidth used doesn’t disrupt day-to-day operations.

Windows 10 S
Released in 2017, Windows 10 S is focused on simplicity, security, and speed. Feature-wise, it’s about the same as Home, offering Office productivity apps and Cortana. But it comes with Pro functions such as virtual machines and increased security, too.

While it doesn’t possess as many features as Pro, Microsoft reported that 10 S-powered computers boot 15 seconds faster than Pro machines. Its relatively low hardware requirements also make it perfect for startups and schools that tend to purchase low-cost PCs. And if you want more features, 10 S allows you to upgrade to Pro at an affordable price.

The big difference between 10 S and the other Windows 10 versions is that it can only run applications available on the Windows Store. Although this restriction means you don’t get to enjoy third-party apps, it actually protects users from downloading dangerous apps and helps Microsoft easily root out malware.

So far, only a few devices — including the Surface Laptop, Lenovo V330, and HP Stream 14 Pro — are capable of running 10 S, but it’s only a matter of time before other devices are compatible.

Still not sure about which Windows 10 version you should purchase? Contact our experts today to get more advice. We’ll even install and maintain Windows for you so you can focus on being productive!

Published with permission from TechAdvisory.org. Source.