Safety Tips for Watering Hole Attacks

Bad news, internet users: Cybercriminals have developed more advanced tricks to compromise your systems. While you may be familiar with attacks involving suspicious emails, the new kid on the block known as watering hole attacks are far more nefarious and effective. Fortunately, there are a few things you can do to keep yourself safe.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, you should have a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

New Security Features on Office 365

To bolster users’ safety, Microsoft recently added security features to Office 365. These enhancements give home and business users peace of mind whenever they send an email, share a link, or forward an attachment. There’s no such thing as being too secure, so we recommend staying abreast of them now.

Files Restore in OneDrive

Previously available only to Office 365 business users, Files Restore allows users to conveniently recover files in OneDrive within the last 30 days. Home and personal users can now easily retrieve and restore all their files at a specific point in time, which is useful in instances where files are accidentally deleted, corrupted, or compromised by ransomware or other malware. It is certainly not a replacement for a backup, but it isn’t a bad supplement to have on your side.

Ransomware detection notification for Office 365

You receive notifications and alerts for a variety of things on your PC or mobile devices, but rarely for something as immensely important as a ransomware attack. Office 365’s ransomware detection and recovery feature sends desktop notifications, email alerts, and mobile alerts in case of any possible ransomware attack on your system so you can act fast.

Aside from being notified about a detected ransomware, you’ll also be guided on how to recover your files before they were infected, based on the timestamp recorded by Files Restore. This is also not as strong as a firewall, but a smart supplement being implemented by Microsoft.

Password-protected link sharing in OneDrive

Whenever you share a link — whether to a file or folder — in OneDrive, there’s no guarantee that it won’t be shared to unauthorized users. A password-protected feature solves this dilemma by giving you an option to set and require a password for every file or folder you share.

Email encryption in Outlook

Intercepting email has become many cybercriminals’ preferred method of stealing critical information, so it’s more crucial than ever to ensure email safety. With Outlook’s end-to-end encryption, users can rest easy knowing that the email they send won’t be easily intercepted after all. This is not the same as email security, but a strong secondary form of protection.

Email encryption works by requiring non-Outlook email recipients to choose between receiving a single-use passcode or re-authentication to open an email from an Outlook email sender. On the other hand, an Outlook-to-Outlook email exchange — whether Outlook on desktop, mobile (iOS and Android), or Windows Mail app — doesn’t require any further action for the email to be opened.

Prevent Forwarding

This function restricts email recipients (both Outlook and non-Outlook users) from forwarding or copying email. It also provides an option to prevent certain recipients from opening an attachment from a forwarded email, which will come in handy when a person needs to send an email to more than one recipient, but wants to restrict access to an attachment to just a few recipients.

These new capabilities greatly reduce the effort to secure your files and communications, and Microsoft is sure to roll out a few more soon. If you want to optimize these Office 365 security features or explore other security methods that your business will benefit from, call us today at 800-421-7151.

5 Tips on Keeping Mobile Workers Connected

Due to increasing connectivity and technological advances, mobile workers are increasingly becoming the norm in almost every industry. Business owners need to ensure these workers stay connected, so we’ve got some helpful tips on how to effectively apply mobile performance management.

The ability to manage the workforce out in the field requires a modern support infrastructure called mobile performance management. It includes the top five tips to keep field workers connected: optimizing traffic, applying control, measuring performance analytics, simplifying data security, and identifying the root cause of connectivity issues.

Optimize

Although the latest apps on the market can maximize productivity for the mobile workforce, these apps come with a certain risk: stability issues that could lead to the apps crashing while out in the field. If you are your company’s IT decision-maker, be cautious of untested apps, and consider blocking heavy bandwidth apps to streamline data flow when signal strength is weak. Your IT company will also advise you on which applications should and shouldn’t be trusted.

Control

Another thing you can do with mobile performance management solutions is blocking personal apps and unsafe WiFi networks. Both of these create serious security risks that could lead to costly data theft or loss.

Analyzing performance

Field workers mostly rely on GPS location data for more efficient scheduling, route-planning, and effective control of fuel consumption. This is possible only if there are reporting tools that confirm that the GPS capability is working. Performance analytics show you what mobile workers are experiencing, gaining access to robust data, network and app usage reports, inventory analysis, coverage maps and device maps as needed.

Simplify security

IT should tightly restrict access without making security complicated for mobile workers. IT administrators need to create a highly flexible and programmable secure mobile strategy. You must be able to restrict which apps can access company data and remotely wipe data from the device if it is lost or stolen.

Identifying the root cause of connection issues

Organizations need to be fully prepared for connectivity issues involving their mobile devices. Organizations of all sizes should be able to afford remote diagnostics to gather complete troubleshooting information to allow IT to identify the root cause of the problem quickly, without relying on workers, who have no idea about how to run tests and answer questions regarding these issues.

For any organization with workers in the field, the ability to implement performance management structures and policies is a must. For other tips on how to keep your employees connected, engaged, and efficient, give us a call at 800-421-7151 and we’ll be happy to advise.

Phishing Hits Businesses at Tax Time

Phishing schemes abound every season, and tax season is no exception. It’s an important time of year in the corporate world and cybercriminals are looking to take advantage of it, which is why your business must ensure that your confidential data is kept under lock and key.

Phishing baits to watch out for

Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they’re from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all…

Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.

Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.

Standard protection protocols

Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.

Taking security a step further

Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.

But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.

Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Call us at 800-421-7151 right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.

3 Tips to Maintain a Secure Facebook Account

In March 2018, disturbing reports circulated on the web that revealed a company named Cambridge Analytica harvested confidential details of 50 million Facebook accounts. If you’re concerned that your private details are being passed around by private companies, consider the following 3 tips to maintain a confidential Facebook profile.

Download your Facebook data

The thought of a complete stranger going through your account is pretty disturbing. Yet, you’re probably curious about the amount of information you uploaded to your social media sites over the years. Fortunately, Facebook allows you to download a copy of all your data. You simply have to log in to its web version and…

  • On the site’s main navigation, click on the down button right next to the Quick Help icon
  • A menu will pop up and you’ll find Settings right above the Log Out option
  • Click on Settings and you’ll automatically be redirected to General
  • Within the General page, press Download a copy of your Facebook Data
  • It will redirect you to a different page where you’ll need to press Start My Archive button to proceed with the download process

Once that’s done, you’ll be able to see an archive of all your Facebook activity, such as the statuses you’ve posted, messages you’ve sent, and ads you’ve clicked on.

Change your privacy settings

After going through all your data, you might realize that everything you shared is harmless. But, that doesn’t mean it won’t end up in the hands of cybercriminals who can use it against you.

We suggest going back to the Settings page and clicking on Privacy. That’s where you can modify whether you want your posts to be seen by the public or only by your friends. You can even control who’s allowed to send you friend requests, view your friends list, and most importantly, decide whether search engines are allowed to link to your profile.

Check or delete apps

You know those personality quizzes that you and your friends always had a ball answering? Apparently, Cambridge Analytica gathered all the responses from one of those app developers. Luckily, you can stop them from further accessing your profile. In Settings, click on Apps to see all the apps linked to your profile. Beside each one, you can choose Edit Settings to review its authorizations or click Remove to completely get rid of it.

Your recent love-hate relationship with Facebook has you second-guessing. If you want to take data security up a notch, we can always provide more tips and tools, and even assess your current level of security. Just give us a call at 800-421-7151 and we’ll take care of your privacy so you don’t wind up breaking up with your favorite social media site.

Keeping Cloud Costs Under Control

One of the most well known benefits of the cloud is it boosts cost efficiency. By moving to the cloud, small- and medium-sized businesses no longer have to worry about purchasing high-end equipment or maintaining full-scale data centers. However, there are quite a few costs associated with the cloud, so it’s important you know how to keep them under control.

Don’t go for standalone services
Standalone services are the biggest price trap in the cloud. Spending on a standalone cloud software may seem harmless now, but if you decide to purchase similar services, the costs can quickly pile up. Then, there’s the issue of integrating these systems together, which costs even more time and money.

The best way around this is to find a service provider that offers a suite of products that work seamlessly together. Platforms like Office 365 or G Suite are great examples, and offer you differently priced packages based on the size and requirements of your business.

Team up with integration experts
If you do need to subscribe to a standalone service, you’ll want to integrate it with the rest of your cloud platform. But if you have limited experience with integrations, mistakes are likely to happen and cause downtime, which will inevitably cost you time and money.

The more economical option is to partner with a cloud integration expert, as they can quickly configure and deploy your systems with zero mistakes.

Understand cloud backup costs
While cloud backups are great for keeping your data secure, you must know how much you’re paying for them. If you plan on storing your data for a long time, you may be charged more. At the same time, if you store more versions of your data, it will cost you more.

One way you can keep costs down is to ask yourself whether certain files even need to be stored in the cloud. Mission-critical files like customer information, legal document, and business plans should be stored in the cloud so you can retrieve them right away after a disaster, but routine documents like timesheets can probably be stored in less expensive data centers.

Remove unnecessary accounts
Most cloud service providers charge you based on the number of users per month, so if you’re not diligent about removing accounts when employees have left your company, you could be throwing your money down the drain.

To avoid this, you need to have deprovisioning procedures in place for when an employee’s contract is terminated. Create a spreadsheet of each employee in your payroll and note down their cloud subscriptions. When an employee leaves your company, you must delete all their business accounts and give the relevant manager access to all their documents.

It’s also a good idea to schedule regular audits to make sure you’re not paying for people who’ve already left your company.

Work with a trustworthy provider
Last but not least, you’ll want to partner with a cloud services provider that not only gives you the best deals on cloud solutions, but also proactively monitors your account and warns you about any issues regarding the computing resources and storage space you’re using.

If you’re looking to keep cloud costs under control, talk to us today at 800-421-7151. We’re certified and experienced with all aspects of cloud technology, and we can show you how you can truly benefit from it.