Hackers Infiltrated Citrix Using a Password Spraying Attack

A group of hackers used a password spraying attack to compromise Citrix’s internal network. Learn what password spraying is and how to defend against it.

If you never heard of “password spraying” before, you are not alone. It is a relatively unknown term — except to cybercriminals. In fact, a group of hackers known as Iridium is extremely familiar with password spraying. It used this technique to infiltrate Citrix.

On March 6, 2019, the US Federal Bureau of Investigation (FBI) warned Citrix that an international hacking group had likely accessed the company’s internal network. Citrix found that its network had indeed been compromised. In a blog about the incident, Citrix’s chief security information officer Stan Black noted that the hackers used password spraying to gain a foothold in the network.

At this time, not much is being said about what the hackers stole, except that they might have downloaded business documents. “The specific documents that may have been accessed, however, are currently unknown,” said Black.

Password Spraying 101

So, what is password spraying? It is a different approach to cracking login credentials.

To keep hackers out, accounts are protected by login credentials, which consist of a username — usually an email address — and a password. Most cybercriminals attempt to crack credentials by trying a known email address with a plethora of possible passwords. This is often done with automated brute-force password-cracking tools.

Password spraying takes the opposite approach. Hackers assume that at least one person is using a weak password (e.g., “F00tball “), so they try to find the email address of that person. They pair weak passwords with many different accounts in many different organizations, according to Alex Simons, the director of program management in the Microsoft Identity Division. “For example, an attacker will use a commonly available toolkit like Mailsniper to enumerate all of the users in several organizations and then try “P@$$w0rd” and “Password1” against all of those accounts,” explained Simons.

How to Defend against These Types of Attacks

To defend against password spraying attacks, large organizations sometimes use real-time detection and protection systems. These systems are often out of reach for small and midsized businesses, but they are not defenseless. Password spraying attacks still rely on weak passwords being used. As a result, small and midsized businesses can protect themselves by giving employees the tools they need to create strong passwords and using multi-factor authentication.

An important line of defense for any company is having employees create strong passwords, especially if those passwords are for IT system and service accounts. Trying to memorize many strong passwords, though, can be challenging. Thus, employees might be tempted to use weak, easy-to-remember passwords or variations of the same password for multiple accounts.

To help employees avoid these temptations, businesses can take advantage of password managers. With a password manager, people can easily generate and store strong passwords. All they have to do is remember one strong password.

Another measure to take is to use two-step verification (also known as two-factor authentication) for accounts. With two-step verification, a second credential is needed to log in, such as a security code. This means that even if hackers have the credentials for an account, they would not be able to access it.

If you would like more information about password spraying attacks and how to defend against them, let us know.

How to Choose the Default Apps Windows 10 Uses for Certain Tasks

Having more than one web browser or email app on a computer is common nowadays. When more than one app can be used for a certain task, Windows decides which one to use. Discover how you can make Windows 10 use the app of your choosing.

It is common for people to have multiple apps that perform the same function on their Windows 10 computers. For instance, people might have several web browsers or email apps. Similarly, people often can open certain types of files with more than one program. For instance, they can open PDF files with a web browser such as Google Chrome or a PDF program like Adobe Acrobat.

When more than one app can be used for a certain task, Windows will decide which one to use. However, if you do not like the choice it makes, you can tell Windows the app you want to use. In other words, you can customize the app that Windows uses by default for certain functions and file types. Here is how to make these customizations in Windows 10.

Specifying Default Apps Based on Function

Changing the default app used for certain functions such as web browsing and emailing is easy. For example, in Windows 10, the Microsoft Edge web browser is opened by default when you click a link in a non-browser program, such as Microsoft Word or the Slack desktop app. (If you click a link in a web browser, the new page will open in the same browser no matter which default app is specified.) If you want to change the default to Google Chrome, Mozilla Firefox, or another browser, follow these steps:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “Apps”.
  4. Select “Default apps” in the pane on the left.
  5. Click “Web browser” in the “Default apps” section. Windows will then list the browsers currently installed on the computer as well as the option to look for an app in the Microsoft Store, as Figure 1 shows.
  6. Choose the browser you want to use. After a few seconds, it will then be displayed as the default app.
  7. Close the Settings app.

Specifying Default Apps Based on File Type

Changing the default apps used to open certain file types requires a couple more steps, but they are straightforward. For instance, in Windows 10, PDF files are opened with Edge by default, even if you have chosen a different default web browser. To open PDF files with another program, follow these steps:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “Apps”.
  4. Select “Default apps” in the pane on the left.
  5. Click the “Choose default apps by file type” link, which is located under the “Reset” button. Windows will then compile a long list of file types, which takes about half a minute.
  6. Scroll down the list of file types in the left column until you find the “.pdf” file extension, as Figure 2 shows.
  7. Click the default app listed in the right column. Windows will then list the programs on the computer that can open PDF files. It will also present the option to look for an app in the Microsoft Store.
  8. Choose the app you want to use. Shortly thereafter, it will be displayed as the default app.
  9. Close the Settings app.

In some cases, you will see the message “Choose a default” in the right column, as Figure 2 shows. Clicking that icon typically brings up a message noting that there is no installed app for that file type, accompanied by a link to the Microsoft Store.

Be sure to check out our Webinars to learn more tips and tricks on how to work smarter in Microsoft!

Debunking 4 Common Myths about Complying with Data Privacy Regulations

The General Data Protection Regulation (GDPR) protects the data privacy rights of European Union citizens, while the California Consumer Privacy Act (CCPA) gives California residents more control over their personal data. Similarly, the Health Insurance Portability and Accountability Act (HIPAA) safeguards the medical information of US citizens.

Regulations that protect people’s privacy and data rights are becoming more common — and so are the myths about complying with them. Here are four myths debunked.

As more businesses try to adhere to these comprehensive policies, more myths about complying with them keep surfacing. Here are four of those myths debunked:

  1. We’re a Small Business, So We Don’t Have to Worry about Compliance

Size does not matter when it comes to complying with most data privacy regulations. For example, regardless of their size, all US healthcare providers, healthcare clearinghouses, and health plan providers must comply with HIPAA. Not surprisingly, health plan providers include health insurance carriers, health maintenance organizations, and government agencies that pay for healthcare (e.g., Medicare). But what people might not realize is that companies in other industries are also included. Any US company that offers but does not administer a healthcare plan to 50 or more employees is considered a health plan provider and thus must comply with HIPAA.

Size does not matter with GDPR, either. All companies that process or hold the personal data of EU citizens must comply with GDPR. However, businesses with under 250 employees have fewer requirements to meet when documenting their data processing activities. This stipulation is likely leading to the misguided belief that small companies do not have to comply with GDPR.

Another factor leading to confusion is that some data privacy laws use factors other than number of employees to determine which organizations need to comply. For example, businesses must comply with CCPA if they conduct business in California and meet at least one of these criteria:

  • Earn $50 million a year in revenue
  • Sell 100,000 consumer records each year
  • Derive 50% or more of its annual revenue by selling consumers’ personal information

So, most small and mid-sized companies that do business in California do not need to comply with CCPA. However, there are exceptions. For instance, a data broker that primarily sells consumers’ personal data would need to, even if it has only a few employees.

  1. It’s Our Cloud Service Provider’s Job to Make Sure Our Data Is Being Handled Properly

Cloud computing is now the norm in companies worldwide, but there is a common misconception among them concerning data privacy laws. Many companies think that cloud service providers are responsible for making sure their data is being handled in a way that is compliant with applicable data privacy regulations. This is wishful thinking.

Company accountability is a key factor in GDPR. It is the business’s responsibility to “ensure enforcement of the privacy principles not only within its walls but also across suppliers with whom it might share the data and subcontractors that might process data on its behalf,” according to GDPR experts. Cloud service providers fall into the latter category.

Company accountability is also a key factor in HIPAA. Although cloud service providers and other types of business associates can come under fire for not properly protecting data while it is in their care, the company is ultimately held responsible for compliance, according to HIPAA experts.

  1. Personal Data Only Includes Items Like Names, Addresses, and Credit Card Numbers

If you ask people to give examples of personal data, they will likely list items such as a person’s name, address, and credit card numbers. However, personal data encompasses much more — and companies that simply assume they know what is considered personal data in a data privacy regulation could find themselves in noncompliance with it.

Unfortunately, there is no standard definition of personal data among the various data privacy laws in existence. Each regulation has its own definition.

For example, in HIPAA, the data that needs to be safeguarded is referred to as “protected health information (PHI)”. It is defined as:

“…information, including demographic data, that relates to:

  • the individual’s past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.”

So, PHI includes demographic information that can be used to identify individuals, such as their birthdates, phone numbers, email addresses, license plate numbers, and full-face photos. It also includes health-related data, such as admission and discharge dates, health records, health plan ID numbers, and billing information.

GDPR refers to the information that needs to be protected as simply “personal data”. It is defined as:

“… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

The GDPR’s definition for “personal data” is more encompassing than HIPAA’s definition for PHI, which is to be expected given that GDPR has a broader scope than HIPAA. However, GDPR’s definition is also fairly vague, so it could be construed to include many different types of data. For instance, physical factors could be interpreted as physical characteristics (e.g., height, weight), while cultural factors could be construed as religious or political preferences.

The question to answer is: Can this particular piece of data be used to identity an individual by itself or in combination with other pieces of information? If the answer is “yes” or “possibly”, it is best to err on the side of caution and take measures to protect it.

  1. It’s All about the Fines

It is true that failure to comply with data privacy regulations can result in hefty fines. For example, there are four categories of violations in HIPAA. The fine for a violation can be high as $50,000 per violation in each category, with a maximum penalty of $1.5 million per category per year. GDPR fines can also be substantial. The maximum fine is €20 million (around $22.5 million USD) or 4% of a company’s annual global turnover (whichever is greater).

While HIPAA and GDPR regulators have the authority to levy very large fines, they typically do so only for willful, serious violations. The purpose of the data privacy laws is to protect people’s privacy and data rights, not raise money.

In the case of GDPR, the regulators’ main goal is to educate and advise organizations on how to comply with the law. “We have always preferred the carrot to the stick,” according to UK Information Commissioner Elizabeth Denham.

What You Need to Know about Foldable Phones

Foldable phones have been stealing the tech spotlight recently, but are they really all they’re cracked up to be? Here is what you need to know to make up your own mind.

Thanks to new offerings from Samsung and Huawei, foldable phones have been making a comeback. These mobile devices are smartphone-tablet hybrids. Vendors are hoping that they open up a new revenue stream in an otherwise saturated mobile device market.

But are foldable phones really all they’re cracked up to be? Here is what you need to know to make up your own mind.

What All the Hype Is About

The biggest selling point of foldable phones is that they increase the amount of screen real estate yet are still small enough to tuck in a large pocket or handbag. You can use them when they are folded or unfolded.

For example, Samsung’s Galaxy Fold, which is scheduled for release on April 26, 2019, has a 4.6-inch display when the device is folded. Opening the phone like a book reveals a larger 7.3-inch screen inside.

This is by no means the standard size and design of foldable phones’ displays. Because this is the first generation of the product, anything goes. For instance, Huawei’s Mate X, which is expected to be released in summer 2019, has a 6.6-inch display on the front and a 6.38-inch one on the back when folded. When you unfold the phone, they combine to become one 8-inch screen. Equally important, although the phone opens and closes like a book, the larger display is outward facing – like the cover on a book.

Eventually, some designs might prove to be more durable or beneficial than others and become standard on all foldable phones. This might the case when it comes to the phones’ hinges. Both Samsung and Huawei designed new hinge systems for their foldable devices.

Samsung is promoting the durability of its hinges and has even posted a short video on YouTube showing the hinges being tested. For this test, the phones were folded and unfolded 200,000 times, according to Samsung. This is equivalent to folding and unfolding the devices 100 times per day for more than 5 years.

Huawei is touting the sophistication of its hinge system, which it calls the Falcon Wing. According to Huawei, the smartphone and tablet modes transition seamlessly from one to the other, thanks in large part to this hinge. When unfolded, the screen is a perfectly flat surface.

Another notable feature of foldable phones is the ability to open and work with multiple apps on the display at the same time. For example, the Galaxy Fold lets you work on three apps simultaneously, while you can have two apps open in the Mate X.

Why You Might Want to Wait a While

While foldable phones hold great promise, you might want to hold off buying one. The reasons why include:

  • You don’t know what types of issues will crop up because it is the first generation of foldable phones. For example, real-world use might reveal that the polymer screens crease from being folded. Furthermore, it’s unknown what the repair process and costs will be like if problems occur.
  • More vendors are planning to enter the market, which will give you more choices. The list includes companies such as Motorola and TCL. Even Samsung is planning to release two more foldable phones in the near future, according to a Bloomberg report.
  • 5G networks will be more prevalent in the future so you can take advantage of 5G foldable phones. This might be an important point to consider when it comes to the Mate X. Huawei is planning to offer only a 5G version of the phone. Samsung will be offering both 4G and 5G models of the Galaxy Fold. The 5G model is expected to be released later in 2019.
  • The cost of foldable phones is currently high. For example, the price for the 4G Galaxy Fold is $1,980. The cost of the 5G Mate X is €2299 euros (around $2,600 USD). The cost will likely go down over time due to competition and the fact that the foldable phone will no longer be a brand-new technology.
  • Some experts are saying that people should hold off buying foldable phones until the devices have glass displays rather than polymer screens. While flexible, polymer screens are more prone to damage such scratches compared to glass. Corning and other manufacturers are currently working on creating highly bendable glass that could work on foldable phones. Experts predict that it will be available by the time foldable phones go mainstream.

An Important Note about Huawei

Some important information about Huawei needs to be mentioned. Although this Chinese-based company is not well known in some parts of the world (e.g., the United States), it is the second largest smartphone vendor. (Samsung is No. 1.) However, some governments believe that Huawei devices include backdoors that allow the Chinese government to snoop on users, which the company denies. For this reason, Section 889 of the John S. McCain National Defense Authorization Act bans US government agencies from purchasing Huawei telecommunications products. Regardless of this issue, Huawei’s Mate X provides a good idea of what to expect with foldable phones, which is why it is discussed here. Its inclusion is not an endorsement of the product.

Are Your Employees Inadvertently Exposing Your Company’s Sensitive Data?

The ease in which employees can now share information coupled with current cultural trends is causing accidental data leaks in many businesses. Learn how to prevent employees from accidentally exposing your organization’s sensitive data.

The number is eye-opening: 83% of companies believe that employee errors have put sensitive business and customer data at risk of exposure, according to a study by Egress. More than 1,000 security professionals at US-based companies participated in this study.

The study also identified the technologies that most often involved in this type of accidental data leak. Email services provided by both on-premises systems and cloud service providers (e.g., Google Gmail) topped the list. Examples of email-based accidents include sending emails to the wrong address (which can easily occur when the auto-completion feature is enabled) and forwarding messages that contain sensitive information.

Other technologies that are commonly involved in accidental data leaks by employees include:

  • File-sharing services (e.g., Dropbox)
  • Collaboration tools (e.g., Slack)
  • Messaging apps (e.g., WhatsApp)

The common denominator among these technologies is that they all are tools for sharing information.

The Perfect Storm and Its Aftermath

The ease in which employees can now share information coupled with current cultural trends is causing “the perfect storm” for accidental data leaks, according to Mark Bower, Egress Chief Revenue Officer and NA general manager. “The explosive growth of unstructured data in email, messaging apps, and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections,” said Bower. “Combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” he said.

The damage caused by this perfect storm could be grim. For example, suppose an employee emails a sensitive file that is not protected in any way to several coworkers for review. One of the coworkers might review the document on an unsecured personal device (e.g., a smartphone), opening up the possibility that it could fall into hackers’ hands. Or, the coworker might mistakenly forward the message to another employee, not realizing that the person should not be looking at the file.

Sending sensitive documents via file-sharing services adds another risk. Some of these services offer a feature that synchronizes files put in a shared folder across all registered devices. If an employee places a sensitive file in a shared folder without knowing that folder’s members, the file might be sent to multiple people who should not be seeing it.

How to Avoid Getting Caught in the Storm

To minimize the number of accidental data leaks caused by employee errors, companies might consider taking some of the following precautions:

  • Document the company’s rules regarding the sharing of sensitive data in a new or existing policy. If sharing is allowed, be sure to specify the conditions under which it is sanctioned and create procedures on how to properly share this data.
  • Provide employee training. After documenting the rules and procedures, let employees know about them. Be sure to discuss what is considered sensitive data and how accidental leaks can occur.
  • Use encryption. Encryption is one of the most effective ways to protect sensitive data that has accidentally fallen into the wrong hands. Various encryption strategies exist to meet different needs.
  • Limit employee access to sensitive data. Employees might not realize or might forget that certain types of data are sensitive. By using access controls, you can prevent them from obtaining and sharing that data.
  • Use a solution that automatically identifies sensitive files and prevents them from being copied into emails or other tools.

Every company should document its rules regarding the sharing of sensitive data and train employees. The other precautions to take, though, will depend on your business’s data, operations, and employees. If you aren’t sure where to start, give us a call at 800-421- 7151. We can explain the different encryption strategies, types of access controls, and other types of solutions so you can make an informed choice.

Hackers Are Hunting for Bigger Game with New Version of Ransomware

Pinchy Spider and GandCrab sound like scoundrels in a super-hero comic book, but they are real-life villains in the business world. Learn how to defend your company against the Pinchy Spider hacking group’s latest tactics and its newest version of the GandCrab ransomware.

Back in January 2018, a hacking group known as Pinchy Spider launched the GandCrab ransomware. It quickly became a dangerous form of ransomware, thanks to the group continually making adaptations to it.

Pinchy Spider has not slowed down in its quest to make GandCrab more deadly. Researchers recently discovered that a new version of the ransomware is making the rounds. Just as important, they discovered signs that Pinchy Spider is trying to catch bigger prey with it.

The Growing Trend of Big Game Hunting

Big game hunting is a growing trend among cybercriminals. To quickly increase revenue, hackers are turning to more targeted attacks of bigger game. For example, instead of sending phishing emails to the masses to spread malware, cybercriminals are using reconnaissance and sophisticated delivery methods to reach specific targets that will yield more profits.

Big game hunting fits well with Pinchy Spider’s “ransomware-as-a-service” business. In other words, it lets other cybercriminals (aka “customers”) use the malware it creates to carryout cyberattacks for a share of the profit. Typically, the hacker group uses a 60-40 ratio to split the profits, where 60% goes to the customers. However, Pinchy Spider is now advertising that it is willing to negotiate up to a 70-30 split for “sophisticated” customers. This change coupled with the fact that Pinchy Spider is actively recruiting hackers with networking, Remote Desktop Protocol (RDP), and virtual network computing experience is leading security analysts to believe that Pinchy Spider is hopping onto the big game hunting bandwagon.

GandCrab Well Suited for Big Game Hunting

GandCrab is well suited for targeted attacks of bigger game. While most ransomware is distributed through phishing emails, GandCrab takes a different route to its victims. It is distributed through exploit kits. Cybercriminals use these kits to find and exploit known software vulnerabilities in order to carry out malicious activities. In this case, Pinchy Spider created several exploit kits to look for weaknesses in the Java Runtime Environment, Adobe Flash Player, Microsoft Internet Explorer, and other software. If found, the kits exploit the vulnerabilities to launch VBScript, JavaScript, and other types of code that installs GandCrab.

Once the ransomware is installed on a computer, it does not immediately start encrypting the files on it. Instead, it lays dormant while the hackers try to use RDP and credentials they stole from the compromised machine to access and install the ransomware on other computers — preferably hosts or servers — in company’s network. In one instance, the cybercriminals were able to access a business’s domain controller (DC). They then used the IT systems management application installed on the DC to deploy GandCrab throughout the network.

When the hackers have finished infecting the targeted computers, they trigger GandCrab to start encrypting files with an RSA algorithm. GandCrab then demands payment in Dash (a form of cryptocurrency) to decrypt the files. While most ransomware blackmailers demand one payment to unlock the files on all the infected machines, Pinchy Spider and its customers request payment on a per-computer basis, especially if hosts or servers have been compromised.

How to Protect Your Business against GandCrab

Taking several measures can go a long way in protecting against a GandCrab attack:

  • Patch known vulnerabilities by regularly updating all software on each computer in your company, including workstations, hosts, and servers. Patching will eliminate many of the vulnerabilities that exploit kits use to access machines.
  • Make sure the security software is being updated on each computer. Even hosts and servers should be running security software. It can help defend against known ransomware threats and other types of malware attacks.
  • Secure RDP. Hackers like to exploit RDP to access businesses’ hosts and servers, so it needs to be secured. There are several ways to do this, such as deploying an RDP gateway and limiting who can use RDP to log in to the network.
  • Use two-step verification for the service and software accounts on your hosts and servers. That way, even if a password is compromised, it cannot be used to gain access to those accounts. If using two-step verification (also known as two-factor authentication) is not possible, at least use strong account passwords and implement an account lockout policy to foil brute force password-cracking attacks.
  • Regularly back up files and systems, and make sure the backups can be successfully restored. Although having restorable backups will not prevent a GandCrab attack, you won’t have to pay the ransom if the attack is successful.

We can help you implement these measures as well as provide recommendations on how to further protect against GandCrab and other types of ransomware. Give us a call at 800-421-7151 to learn more.

Malvertising Is Likely Coming to a Browser Near You

Cybercriminals are increasingly posting malicious ads on legitimate websites to obtain data and spread malware. Discover how malvertising works and what you can do to protect your business from it.

Cybercriminals do not take holidays off — in fact, they often use them to their advantage. That’s how a group of hackers celebrated President’s Day in the United States. They launched a massive malicious advertising (malvertising) campaign that involved more than 800 million ad impressions on legitimate websites between February 16-19, 2019, according to Confiant security researchers. The ads were designed to trick users into entering personal and financial information in order forms for fake products.

A Serious Problem

Malvertising is a serious problem. Avast notes that it is one of the top five endpoint threats affecting small businesses. That’s because cybercriminals are increasingly posting malvertising on legitimate websites in order to:

  • Obtain sensitive data. Like in the President’s Day campaign, hackers use malvertising to obtain sensitive data, such as payment card or bank account information.
  • Deliver exploit kits. These kits are designed to find known vulnerabilities in systems. If a vulnerability is found, it is used to install malware or carry out other types of malicious activities.
  • Deliver malicious payloads directly. Pop-up ads, for example, can deliver malware as soon as they appear or after people click the “X” button to close them.

The Devious Ways in Which Malvertising Works

To understand how malvertising works, you need to know how web browsers render web pages. When you visit a web page, your browser automatically receives the page’s content so it can display the page. So, for example, when you visit your favorite business news website, all the articles, pictures, ads (malicious or not), and other elements on the page are automatically sent to your browser.

What the malvertising does next depends on whether it includes malicious code. For instance, suppose hackers want to deliver an exploit kit. One way they can do this is to create ads that try to lure you into clicking a link. The ad itself does not contain any malicious code. However, if you click the link, you will be sent to a server that delivers an exploit kit. If the kit finds a vulnerability, it is used to install malware on your device.

Even worse, some malicious ads deliver exploit kits without you doing anything other than going to your favorite website. In this case, the malvertising contains code that automatically redirects your browser to a server, which delivers the exploit kit. The redirection occurs behind the scenes, without you clicking a single link.

How Hackers Get Malicious Ads on Legitimate Websites

Hacking into legitimate websites and inserting malicious ads is a lot of work. That’s why cybercriminals typically pose as businesspeople to get their malvertising online. This ruse is successful because there are many different ways to get ads on websites (e.g., through advertising agencies, using advertising networks) and there is no standard vetting process. The groups involved in getting ads often do not request much information from the people submitting them. Plus, while some groups check ads before accepting them, others do not.

Even if the ads are checked, hackers find ways around the screenings. For example, sometimes they submit their ads with the malicious code disabled and then enable it after the ad is accepted and put online. In addition, hackers often remove the malicious code from their ads shortly after they are posted to make it more difficult to detect and track their attacks.

How to Protect Your Business

While the digital ad industry knows about malvertising and is taking steps to mitigate the problem, it will be awhile before these ads are no longer a threat. Thus, you need to proactively protect your business. Here are some of the measures you can take:

  • Educate employees about malvertising. Be sure to discuss the dangers of clicking links in ads, as the ads might be malicious.
  • Tell employees about the dangers of allowing pop-ups and redirects. Most modern web browsers block pop-ups and redirects by default, but this functionality can be manually disabled. Let employees know this is dangerous since malvertising sometimes uses both pop-ups and redirects. Similarly, let them know they should not enable web content that has been disabled by their web browsers or security software, as it might contain malicious ads.
  • Uninstall browser plug-ins and extensions not being used. This will reduce the computers’ attack surface. For the plug-ins and extensions being used, consider configuring web browsers so that plug-ins and extensions are automatically disabled but can be manually enabled on a case-by-case basis.
  • Update software regularly, including browser plugins and extensions. Exploit kits look for known vulnerabilities in software. Patching these vulnerabilities helps eliminate entry points into devices.
  • Install ad blockers. Ad blockers remove or modify all ad content on web pages. However, they might unintentionally block non-ad content, causing a web page to display improperly or not at all.

We can help you develop a customized strategy to protect your business’s devices from malvertising and other types of cyberattacks.

Security Hole Is Putting Many Containers in the Cloud at Risk

A serious security vulnerability dubbed Doomsday Docker has been discovered. If your business uses containers, here is what you need to know.

serious security vulnerability dubbed Doomsday Docker is putting containers at risk. Cybercriminals can exploit this hole to attack the system that hosts the container as well as all the other containers running on the host system. Most containers in the cloud are vulnerable.

The security hole lies in a command-line runtime tool called runC. Popular container platforms such as Docker and Kubernetes use this open-source tool to generate and run containers. “As far as container runtimes go, runC is used by just about every container engine out there,” according to one security expert.

To exploit this vulnerability, cybercriminals just need to place a malicious container within a container system. The vulnerability will allow that container to overwrite the host’s runC binary code, letting the hackers gain access to the host system and potentially all the other containers running on it. This is done with minimal interaction by the hackers.

Container platform providers are patching their software to fix the vulnerability. We can check to see if your provider has issued a patch and make sure it is installed.

6 Ways to Make Your Passwords Easy to Crack

Passwords are an important line of defense against cyberattacks, yet many people make it easy for hackers to crack them. Here are six mistakes that people often make when creating passwords.

Serious consequences can result from cracked passwords. Cybercriminals might use them to steal money or data from the compromised accounts. Or they might change the accounts’ passwords and use the hijacked accounts for other malicious activities such as installing malware or sending phishing emails.

While no one wants to have their passwords cracked, many people make it easy for cybercriminals to do so. Here are six mistakes that people often make when creating passwords:

  1. Using Repeating or Sequential Characters

Want a password that is extremely easy to crack? Create a password that consists of:

  • Repeating letters or numbers, such as “aaaaaa” or “111111”
  • Sequential letters or numbers, such as “abcdef” or “123456789”
  • A combination of repeating and sequential characters, such as “abc123” or “aa123456”

SplashData’s 100 worst passwords list is full of these types of passwords. In 2018, the company analyzed more than 5 million passwords leaked on the Internet to find the most predictable, easily crackable ones in use. All the examples listed above are on this list. On an average computer, it would take a cybercriminal only one second to crack each of these passwords using a brute-force password-cracking tool, with one exception. It would take 32 seconds to crack “aa123456”, which is still a very short amount of time.

  1. Relying on Memorable Dates

While using your birthday, a family member’s birthday, or another memorable date makes a password easy to remember, it also makes it easier to crack. Hackers know people do this. With a little research, they often can learn their victims’ birthdates, anniversaries, and other special dates. If they cannot find the information on social media sites like Facebook or Twitter, they can search public records.

  1. Entering Keyboard Patterns

Although “1qaz2wsx” and “!@#$%^&*” might seem like random strings of characters, hackers know they are keyboard patterns. Hackers also know that people like to use keyboard patterns as passwords, so they check for them. In fact, “1qaz2wsx”, “!@#$%^&*”, “zxcvbnm”, and “querty” are all on SplashData’s 100 worst passwords list.

  1. Creating Short Passwords

Short simple passwords are easier to remember than long complex ones, but they are also much easier to hack. For example, passwords such as “football”, “Donald”, “banana”, and “whatever” take only two seconds to crack using a brute-force password-cracking tool.

Short passwords are dangerous even if you use letter substitution, such as replacing the number “0” for the letter “o” or substituting the “@” sign for the letter “a”. It would still take only three seconds to hack the passwords “f00tball”, “D0n@ld”, “b@n@n@”, and “wh@tever”.

Longer passwords are cryptographically harder to break than shorter ones. However, the long complex passwords that you are supposed to create — that is, long passwords that include mixed-case letters, numbers, and symbols — are hard to remember. As a result, people resort to writing them down or reusing the same password. This is why the US National Institute of Standards and Technology recommends using “memorized secrets” — passphrases that are simple, long, and easy to remember.

For instance, instead of using “football”, you might use “fond of flying footballs”. This passphrase would take more than 10,000 centuries to crack. As this example shows, including spaces is a good practice to follow, assuming they are allowed. Besides making the passphrase easier to enter, spaces make the passphrase harder to hack. It would take 58 centuries to hack “fondofflyingfootballs”. Although not as good as 10,000 centuries, 58 centuries is still a very long time.

  1. Reusing Passwords

People have to remember numerous passwords for both business and personal accounts. With so many passwords to remember, people often use the same password for multiple accounts. In one survey, 60% of the 1,000 participants admitted doing so.

However, cybercriminals know people frequently reuse passwords, so they try cracked passwords on multiple accounts. For instance, they sometimes launch an automated credential stuffing attack in which distributed botnets try using compromised credentials on high-value websites. This testing is done slowly using many different IP addresses to avoid setting off alerts (e.g., three unsuccessful login attempts) that could expose the attack.

  1. Modifying Passwords

To make passwords easier to remember, some people add or delete characters from passwords they are using at other sites. For example, they might use the passwords “cheese”, “cheese001”, and “cheese002” for three different accounts. One research study found that about 20% of passwords are formed this way.

More important, the researchers were able to create an automated cross-site password-guessing tool by applying common password-transformation rules to compromised passwords. If they can create such a tool, chances are so can cybercriminals.

7 Ways to Spend Less Time Dealing with Emails

Business professionals often spend a lot of time reading and responding to emails every day. If you are one of them, here are seven ways you can reduce the amount of time you spend dealing with emails.

In many businesses, employees use emails to communicate with each other, customers, suppliers, and other business associates. And the number of messages being handled is not small. Employees send and receive an average of 126 emails per day.

Dealing that many emails takes time. One study found that business professionals spend more than 25% of their day reading and responding to messages.

Fortunately, this doesn’t need to be the case. Here are seven ways you can reduce the amount of time you spend dealing with emails:

  1. Read and Respond to Emails Only at Designated Times

When you get a notification that an email has arrived, what do you do? If you are like most people, you stop what you are doing and look at the email. However, reading and responding to emails as they arrive can wreak havoc on your productivity. Even just quickly scanning an incoming email disrupts your concentration. It takes people an average of 64 seconds to recover from the interruption and return to their normal work rate.

Instead of reading and responding to emails as they arrive, a more productive approach is setting aside a block of time once or twice a day to go through all your messages. You should also consider turning off email notifications. That way, you can avoid the temptation of taking a quick peek at incoming emails.

  1. Manage Emails with Rules

Most email apps let you set up rules to manage messages. For example, both Microsoft Outlook and Google Gmail let you configure rules to automatically flag messages or move them to designated folders based on who is sending them or keywords in the subject line. Flagging and moving messages to folders can help you prioritize and organize emails.

  1. Make Sure an Email Is Necessary Before Writing It

Before you write an email, it is a good idea to ask yourself, “Is the email needed?” You should avoid sending emails about matters that are not important to business operations. “Nice to know” information can often be provided through other communication channels, such as a company intranet site. Only sending emails about pertinent business matters will save you time since you will be writing fewer emails. Plus, it will save time for others, as they won’t have as many emails to read.

  1. Be Concise When Writing Emails

You likely have gotten them — emails that ramble on and on rather than getting to the point. Don’t be one of those senders. When writing an email, get to the point quickly and keep the message as short as possible.

When a longer email is necessary, consider using elements such as bullets and numbered lists to help organize and call attention to items. If a matter needs to be discussed in-depth or will involve a lot of back-and-forth conversation, you might consider talking to the person rather than sending an email.

  1. Send Emails to Only the People Who Need the Information

When sending a message, you should make sure that you are emailing it to only those individuals who need the information. This is especially important when sending an email to a contact group (aka distribution list). Although entering a contact group in a message’s “To” field might be easier for you, it is better to enter the names or addresses of only those people who truly need the information. It will be one less email for everyone else in the contact group to read, saving them time.

  1. Repeat Important Points in Long Conversation Threads

When replying to a long conversation thread, it is a good idea to reiterate important information relevant to the matter you are addressing. For example, suppose you want to answer one of the questions brought up in a thread about company policies. Rather than say “To answer your question, we …”, it is better to say something like “In regard to the question about whether our company needs a social media policy, we ….”. This will make it easier for the email recipients to quickly understand what you are communicating. It will also save the recipients time, as they won’t have to reread all the previous emails in the thread to find the question you are addressing.

  1. Filter Out Spam

Although email servers filter out a great deal of spam, some messages inevitably make it through to users’ Inboxes. If you often see spam in your Inbox, you might want to filter it out using the spam or junk email filtering system provided by your email app or security software.

For example, you can use Outlook’s Junk Email Filter to move spam to the Junk Email folder. You have the ability to change the filter’s level of protection from the default of “No Automatic Filtering” to a more aggressive setting (“Low”, “High”, or “Safe Lists Only”). You might also create a blocked senders list. When you add a name or email address to this list, Outlook automatically moves incoming messages from that source to the Junk Email folder.

If this was helpful and you feel you may benefit from some other tips, check out the Webinars section of our Vlog for tips on how to work smarter in Outlook! If spam is your issue, give us a call at 800-421-7151 if you need to beef up your email security.

See How Much Power Your Apps Are Consuming on Your Windows 10 Computer

Once the October 2018 Update is installed on your Windows 10 computer, you can easily find out how much power each app and process is using. Here is how to access this information.

Windows 10’s Task Manager has many useful features and capabilities that let you monitor the apps and processes running on your computer. Once the October 2018 Update is installed, it is even more useful. The update adds two new columns to Task Manager’s “Processes” tab:

  • “Power Usage”. This column lets you see how much power each app and process is currently using.
  • “Power Usage Trend”. This column tells you how much power each app and process has used in the past two minutes.

In both columns, the possible values range from “Very low” to “Very high”, letting you know an app’s or process’s power-usage level at a glance. While the values in both columns are useful, the ones in the “Power Usage Trend” column can give you a better idea of how much power an app or process typically uses. Knowing this can be helpful, for example, if your computer’s battery is running low and you won’t have access to a power outlet anytime soon. By closing apps that typically use a lot of power, you can increase your battery’s life.

In addition, the power usage columns might flag when a cryptojacking script is siphoning a computer’s processing power. In this type of attack, cybercriminals steal computers’ processing power to mine cryptocurrencies.

To see the power-usage levels for your apps and processes, follow these steps:

  1. Right-click the Windows button and select “Task Manager”.
  2. If you see the “More details” option in the lower left corner of the Task Manager window, click it.
  3. Maximize the size of the window by clicking the square box in the upper right corner.
  4. Find the “Power Usage” and “Power Usage Trend” columns. They will be to the right of the “GPU Engine” column.
  5. If you do not see these columns, right-click any other column heading. In the box that appears, check the boxes next to “Power Usage” and “Power Usage Trend”.
  6. If you want to sort the apps and processes by the amount of power they are consuming, click the “Power Usage” or “Power Usage Trend” column heading. (By default, the apps and processes are sorted by name.)

If the “Power Usage Trend” column is blank for a particular app or process, don’t worry. When an app or process is launched, its entry in this column will be blank. The entry will populate after two minutes and then keep updating every two minutes.

What Is Digital Transformation and Why Are Companies Pursuing It?

Digital transformation is a popular topic of discussion in boardrooms. Learn what digital transformation is all about and why companies are interested in digitally transforming themselves.

IDC predicts that at least 55% of organizations will be digitally transforming themselves by 2020. But what exactly is digital transformation? More important, why are companies pursuing it?

What “Digital Transformation” Means

If you search the Internet for the term “digital transformation”, you will find numerous definitions of it. The definitions vary widely, so it can be hard to quickly learn what digital transformation is all about.

To understand what is meant by the term “digital transformation”, it is helpful to know what it is not. If a company simply moves applications to the cloud, upgrades its IT infrastructure, or implements some other one-off IT project, it is not digitally transforming itself.

Digital transformation involves more than just adding new digital technologies to business operations. It requires a company’s leaders to rethink how the organization does business at a fundamental level — how they can achieve their business goals by leveraging digital technologies in processes throughout the organization. Sometimes, companies are able to effectively integrate new technologies into existing processes. More often, though, they need to design new processes.

“Digital transformation marks a radical rethinking of how an organization uses technology, people, and processes to radically change business performance,” according to George Westerman, a digital transformation expert with the MIT Initiative on the Digital Economy. “Such sweeping changes are typically undertaken in pursuit of new business models and new revenue streams, often driven by changes in customer expectations around products and services.”

Meeting customers’ expectations is not the only driver of digital transformation. Increasing competition and meeting regulatory requirements (e.g., General Data Protection Regulation requirements) are some of the other drivers. Since customer expectations, competitors’ offerings, regulations, and other business influences are constantly changing, a digital transformation is not something a company does once and then moves on. It is an ongoing process.

Why Businesses Are Pursuing It

Because of its wide-sweeping nature, digital transformation can be disruptive. Plus, it is a never-ending quest. So, why are companies increasingly embarking on the journey? The benefits reaped from a successful journey are enticing. They include:

  • Improved customer satisfaction
  • More efficient operations
  • Improved decision making
  • Increased agility and innovation
  • Happier, more productive employees

Realizing these benefits ultimately leads to better business performance overall and increased profitability.

The Types of Digital Technologies Companies Are Using

While each company’s digital transformation is unique, businesses use many of the same types of digital technologies. For example, they use Internet of Things (IoT) devices and edge computing to collect and process data locally. To respond to customers’ online requests for information, they turn to chatbots. They also use other forms of artificial intelligence (AI) to connect and communicate with customers.

In the past, only big businesses could take advantage of AI technologies because of their cost. However, many cloud-app providers have embedded AI services in their platforms, so small businesses now have access to AI technologies.

If your business is embarking on digital transformation journey, we can help you determine which technologies can help you achieve your business’s goals. Call us at 800-421-7151 to find out how WAMS can begin your transformation.

Still Using Windows 7? Here Is What You Need to Keep in Mind

Windows 7 is still being used by many companies, despite it being in its final year of life. If your business is running this software, here is what you need to consider.

Many companies have not upgraded their computers from Windows 7 to Windows 10. The reasons why vary. For example, some businesses have not moved to Windows 10 because it is incompatible with their existing business apps or processes. Others have not switched because their existing hardware will not support Windows 10. While these are legitimate reasons for not upgrading, there is a new factor that needs to be considered: Windows 7’s end is near.

On January 14, 2020, all support for Windows 7 ends. Using Windows 7 after this date can be risky because Microsoft will no longer provide free security updates or product support. If the computers in your company are still running this operating system software, here is what you need to consider.

No Free Security Updates

After January 14, 2020, Microsoft will no longer provide free updates to fix newly discovered security vulnerabilities in Windows 7. Similarly, it will no longer provide free security updates to Internet Explorer web browsers running on Windows 7 machines. According to Microsoft, Internet Explorer is a component of the Windows operating system, so it follows Windows 7’s lifecycle policy.

This means that your Windows 7 computers and the Internet Explorer browsers installed on them will not be protected against cyberattacks exploiting newly discovered security vulnerabilities. As a result, your business will be at greater risk of data breaches, ransomware, and other types of cybercrime. To make matters worse, hackers often keep track of when vendors stop supporting popular apps. They then launch new cyberattacks that target those apps once the support has ended.

There is another less-obvious risk associated with using unpatched software. Since you cannot protect your Windows 7 computers from new cyberattacks, your company might not be compliant with regulations that govern the protection of sensitive data. Noncompliance can result in penalties, higher costs, and even lost business.

No Product Support

After January 14, 2020, Microsoft will no longer support computers running Windows 7. Nor will it support Internet Explorer browsers running on Windows 7 machines. This means that Microsoft will no longer answer any technical questions or help troubleshoot any problems. The only Microsoft resources that will be available are articles, webcasts, and other free online content that the company has posted about the software in the past.

Your Options

January 14, 2020, is approaching fast. It is a good idea to start planning now instead of waiting to the last minute. Here are your main options if your business is still running Windows 7:

  • Continue to use Windows 7 without any security updates or support. Windows 7 and Internet Explorer will not suddenly stop working after January 14, 2020. The apps will still work, so you can keep using them. However, doing so leaves your business at greater risk of cyberattacks.
  • Purchase Extended Security Updates. In September 2018, Microsoft announced that it will offer Extended Security Updates for Windows 7 (which will include updates for Internet Explorer) through January 2023. The Extended Security Updates will be sold on a per-device basis, with the price increasing each year. These updates will be available for Windows 7 Professional and Windows 7 Enterprise customers that have volume licensing agreements.
  • Upgrade to Windows 10. By moving to Windows 10, you will have free security updates, feature updates, and product support. If you subscribe to Microsoft 365 Business and your computers are running Windows 7 Professional, you can upgrade at no additional cost.
  • Switch to a different operating system. If you do not want to use Windows 10, you can switch to a different operating system, such as Apple macOS.

We can help you make the best choice for your business based on its needs and help you carry out that decision.

How to Use the Clipboard’s History and Syncing Features in Windows 10

The Windows 10 October 2018 Update soups up the Windows Clipboard with new history and syncing features. Here is how to enable and use these features.

The history feature lets you copy and store multiple items (text and images) on the Clipboard. In the past, you could only store one item at a time. The syncing feature lets you store Clipboard items in the Microsoft cloud so that the items will be available for pasting on all your Windows 10 computers.

You can take advantage of just one or both of these features. Before you can use them, though, you must have the Windows 10 October 2018 Update installed. You also need to enable each feature.

How to Enable and Use the History Feature

To enable the history feature, all you need to do is press Win+V to open up the Clipboard window and select “Turn on”. If you are unfamiliar with keyboard shortcuts, Win+V indicates that you press the Windows key and the letter v on your keyboard at the same time.

Once enabled, Windows 10 will automatically place the items you copy on the Clipboard. To paste an item that you copied earlier in the day, you just need to open the Clipboard window, find the item, and click it. The most recent items you copied will be at the top of the window.

You can store up to 25 items on the Clipboard. (Text, HTML, and images are supported.) Each item can be up to 4 megabytes. If you copy numerous items throughout the day, it is important to know that older items are automatically removed. To prevent this, you can pin items, which tells Windows 10 to keep those items on the Clipboard indefinitely.

To pin an item, you simply open up the Clipboard window, find the clip you want to save, and click the icon that looks like a pushpin. (It will be on the right side of the clip.) If you are going to be shutting down your computer, you also need to pin any items that you want to save. The Clipboard history is cleared every time you restart your machine. Only those items you pinned will remain on the Clipboard.

How to Enable and Configure the Syncing Feature

The Clipboard syncing feature comes in handy if you regularly use two (or more) computers, such as a desktop machine when you are in the office and a laptop device when you are on the road. For the syncing feature to work, the Windows 10 October 2018 Update needs to be installed on both machines. Plus, you need to use the same Microsoft account to log in to the computers.

The syncing feature needs to be enabled and configured. When setting up the feature, you will be given two options:

  • “Automatically sync text that I copy”. This is the default setting. If you keep this setting, all items that you copy will be stored in the Microsoft cloud and synced across your devices.
  • “Never automatically sync text that I copy”. If you select this setting, you need to manually open the Clipboard window and select the content you want to make available across your computers. If you often copy sensitive data, this option might be the best choice.

To enable and configure the syncing feature, perform these steps on both computers:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “System”.
  4. Select “Clipboard” in the left pane.
  5. Scroll down to the “Sync across devices” section.
  6. Move the “Sync across devices” slider to “On” to enable the syncing feature.
  7. Choose either the “Automatically sync text that I copy” or “Never automatically sync text that I copy” option.

Clearing the Clipboard

At any time, you can clear items from the Clipboard. To remove individual items, open the Clipboard window, find the item you want to delete, and click the “x” icon in the upper right corner.

If you want to clear the everything except pinned items from the Clipboard, follow these steps:

  1. Click the Start menu.
  2. Select the gear icon to open the Settings app.
  3. Choose “System”.
  4. Select “Clipboard” in the left pane.
  5. Scroll down to the “Clear clipboard data” section.
  6. Click the “Clear” button.

This will clear the items from the Clipboard window and from the Microsoft cloud. If you want to clear pinned items, you will first need to unpin them.

If you have any questions about the new Clipboard features or run into issues using it, let us know.

4 Things You Might Not Have Known about Microsoft Teams

To help facilitate communication and collaboration in businesses, Microsoft offers a solution called Teams. Although it is a relatively unknown offering, its popularity is expected to grow. Here are four things it helps to know about Teams.

Teamwork is a mainstay in businesses. Although it has been in existence since November 2016, it is still a relatively unknown offering. That is expected to change, though. Experts predict that Teams will have the fastest growth of all the available business chat solutions over the next two years, according to a Spiceworks report released in December 2018.

So, it pays to learn about Teams. Here are four things you might not have known about it:

  1. Teams Is Microsoft’s Version of Slack

Like Slack, Teams is a communication and collaboration solution that offers a wide variety of services. The core services offered by Teams include:

  • Unlimited chat messaging and message searches that do not have a size limit
  • Audio and video calling (one-on-one or group calls)
  • The ability to host audio, video, and web conferences with anyone inside or outside a company
  • Built-in Microsoft Office Online apps (Word Online, Excel Online, PowerPoint Online, and OneNote)
  • Integration with more than 140 apps and services (both Microsoft and third party)
  • 10 gigabyte (GB) of storage per team for file sharing, plus 2 GB of storage for each team member
  • Screen sharing
  • Channel meetings
  1. There Is Now a Free Version

In July 2018, Microsoft launched a free version of Teams that does not require a Microsoft account. Teams is also included in some Office 365 subscriptions, such as Office 365 Business Essentials and Office 365 Business Premium.

The free version includes the core services just mentioned and a few others. The version provided with Office 365 subscriptions offers several extra features, such as administrative support, advanced security features, Microsoft Outlook, and additional file storage space.

  1. Teams Runs on Multiple Platforms

Teams runs on a variety of devices and platforms. Desktop versions are available for Windows 10, Windows 7, and Apple Mac OS X (10.10 and later). There are also mobile apps available for Google Android and Apple iOS devices. Download links for the free version of Teams can be found on the Get Microsoft Teams for Free web page.

  1. Teams Will Eventually Replace Skype for Business and StaffHub

Microsoft has announced that it plans to replace Skype for Business — a unified communications solution that is part of Office and Office 365 —  with Teams. Teams has already reached “feature parity” with Skype for Business, according to experts. Microsoft has not yet released a timeline for the retirement of Skye for Business. However, it might be coming in the not-too-distant future. On October 1, 2018, Microsoft stopped offering Skype for Business to new Office and Office 365 customers with fewer than 500 users. Instead, these customers are being set up to use Teams. Current customers with fewer than 500 users can continue to use Skype for Business. In addition, Microsoft is continuing to offer Skype for Business to existing and new Office and Office 365 customers with more than 500 users.

Although not nearly as widely used as Skype for Business, StaffHub will also be retired. Part of Office 365, StaffHub enables a manager to set work schedules for frontline employees, which they can then view. Employees can also use StaffHub to swap shifts and chat with each other. Microsoft has already incorporated StaffHub’s capabilities into Teams. The StaffHub mobile app will no longer be unavailable for download after April 1, 2019, and will stop working entirely on October 1, 2019

What Businesses Can Learn from Google’s Hefty GDPR Fine

Google was fined $57 million for not complying with the General Data Protection Regulation. Learn why Google was penalized so you can avoid the same data-privacy mistakes in your company.

Although it has only been enforced since May 25, 2018, companies are already being fined for not complying with the European Union’s General Data Protection Regulation (GDPR). In January 2019, Google was fined $57 million [USD] by France’s data protection authority, the National Data Protection Commission (CNIL). Google is the first US technology company to be penalized for GDPR noncompliance.

Learning why Google was fined can help you better understand what companies need to do to comply with data-privacy regulations. It is important for all businesses to have this basic understanding because legislation similar to GDPR is being passed in other parts of the world. For instance, in June 2018, the California State Legislature passed the California Consumer Privacy Act (CCPA). It gives California residents some of the strongest data-privacy protections in the world. CCPA will start being enforced in January 2020.

Why Google Has Been Fined

GDPR was created to provide data-privacy rights to EU citizens and protect them from data breaches. For example, EU citizens have the right to find out the types of personal data that companies are collecting about them, how the data is being used, and where it is being stored. Furthermore, businesses must ask customers for permission to collect and process their personal information. Companies must also make it easy for customers to withdraw their consent.

Two digital-rights advocacy groups made formal complaints to CNIL about Google’s data processing practices, especially when it comes to personalizing ads. Here is what CNIL found when it investigated the complaints:

Information is not easily accessible. CNIL found that is not easy for Google users to learn essential information about the types of data being collected about them, how that data is being used, and how long it is being stored. According to CNIL, the information is excessively disseminated, forcing users to access multiple documents and perform many steps to get it.

Some information is unclear and inadequate. CNIL discovered that, in some instances, Google’s explanations about how it is using the collected data are too vague, which impedes users’ ability to fully understand the purposes for processing that data. Similarly, the types of personal data being collected and processed is sometimes unclear. Plus, Google does not always specify how long it keeps the data.

There is a lack of valid consent regarding personalized ads. Although Google states that it obtains users’ consent to collect and process data for ad personalization purposes, CNIL found that it is not being validly obtained for two reasons:

  • Users are insufficiently informed about the total amount of data being collected and processed to make an informed decision. To personalize ads, Google collects data from many of its websites, apps, and services. However, Google does not tell users the specific sources from which their data is collected and how the various pieces of information are combined to provide personalized ads.
  • The consent is not specific. GDPR mandates that companies get customers’ specific, clear-cut consent to collect and use their personal data for each desired purpose. For instance, if a company wants to collect and process customers’ personal data for the purposes of displaying personalized ads and offering speech recognition services, it needs to ask customers for their consent for each purpose individually. Moreover, customers have to give their consent using a clear affirmative action, such as checking a box. (The box cannot already be preselected by the company.) According to CNIL, Google is not following these requirements. To create a Google account, users must select the boxes “I agree to Google’s Terms of Service” and “I agree to the processing of my information as described above and further explained in the Privacy Policy”. By doing so, users are giving their consent for all of Google’s various data collection and processing purposes (e.g., for ad personalization, for speech recognition services). While users can later configure their settings to stop their personal data from being collected and processed for the purpose of displaying personalized ads, this option is not easy to find. Furthermore, the option giving consent is preselected by Google.

Based on these findings, CNIL fined Google $57 million. The tech giant has already announced that it will appeal the penalty. Even if the appeal succeeds, Google will have likely spent a considerable amount of money and resources challenging the fine. For this reason and others (e.g., less prone to data breaches, increased customer satisfaction), it is a good idea for businesses to make sure they comply with GDPR if they have customers in the European Union.

 

Although Google Was the First, It Won’t Be the Last

Other well-known tech companies might be following in Google’s footsteps. Complaints have been levied against FacebookTwitter, and several streaming service providers(including Apple, Netflix, Spotify, and YouTube). Complaints and fines are not limited to large tech companies. Any business that processes or stores the personal data of EU citizens is required to comply with GDPR, regardless of its size or industry.

New Ransomware Is Masquerading as Apps and Games

Anatova has gained security experts’ attention. Besides being the first new ransomware in 2019, it poses a serious threat. Discover why it is so dangerous and how to protect your business from it.


A new form of ransomware is disguising itself as apps and games to trick people into downloading and launching it on their devices. Since January 1, 2019, cybercriminals have been using this dangerous ransomware, known as Anatova, to hold victims’ files for ransom. It has been found worldwide, with the largest number of victims in the United States.

 

How Anatova Works and Why It Is So Dangerous

Anatova typically masquerades as the icon of an app or game to trick people into downloading it. During installation, it requests administrative rights. After the ransomware makes sure it is on a legitimate computer, it encrypts the files on the machine. It also encrypts the files on any network shares connected to the device. Once all the files are encrypted, the victim is presented with a ransom note asking for 10 Dash. Dash is a type of cryptocurrency — 10 Dash is worth around $700 [USD] at the time of this writing. Victims are allowed to decrypt one JPG file for free as proof that the files can and will be decrypted if they pay the ransom.

While Anatova sounds like many other ransomware programs, security experts are warning that it is a serious threat. One reason why Anatova is so dangerous is that uses a variety of methods to prevent detection. For example, it uses dynamic calls that have been designed to not raise suspicion. Similarly, it uses techniques to deter analysis, such as memory cleaning functions.

Even more troubling is that cybercriminals can easily add new functionality to Anatova because of its modular architecture. Thus, they can quickly adapt Anatova to make it more effective. For instance, they might add new techniques to evade detection or new spreading mechanisms. The latter is of particular concern. Currently, Anatova has only been found on private peer-to-peer networks, but researchers believe it could be spread other ways in the future.

 

How to Protect Your Business

To avoid having your business become a victim of Anatova or another ransomware variant, you need to educate employees about ransomware. Topics to cover include:

  • What ransomware is and how cybercriminals commonly spread it. Besides covering how Anatova is being distributed through downloads, it is important to cover how ransomware can be spread through other methods, such as phishing emails.
  • Warn employees about the dangers of downloading and opening executables (e.g., apps, games) and files (e.g., PDF files) from peer-to-peer networks and the Internet. This is a good time to discuss your company’s policy regarding when employees are permitted to download executables and files and the sources where employees are allowed to get them.
  • Tell employees about other dangerous practices that can lead to a ransomware infection, such as clicking links and opening attachments in emails, especially if the emails are from unknown senders.
  • Stress the importance of avoiding any content flagged as a potential security threat by security software or web browsers, as it might contain malicious code.

Besides educating employees, you need to take other measures, including:

  • Making sure your security software is being updated on every computer in your business
  • Regularly updating the apps installed on your computers so that known security vulnerabilities are patched
  • Making sure you have restorable backups of your data in case a ransomware attack occurs

We can make sure that your business has covered all the bases so that it will be protected from Anatova and other ransomware variants.

Blackmail Emails Are Being Sent to the Workplace

Blackmail emails that were previously sent only to personal accounts are now being sent to business accounts. Find out what the emails are saying so you can be prepared in case you receive one.

In 2018, people were receiving emails in their personal accounts that tried to blackmail them into paying a ransom. People are now reporting that they are receiving similar emails at work.

In the emails, the blackmailers state they have evidence that the recipient has viewed a video on a pornography website because they hacked into the recipient’s computer. Specifically, they claim to have recorded what the recipient was watching and doing while viewing the video by using the device’s screen-capturing capabilities and webcam. The blackmailers then threaten to send the recording to everyone in the recipient’s email and social-media contact lists if the person does not pay the specified ransom.

 

The Blackmail Emails Are Actually Phishing Scams

The blackmail emails that people have been receiving at work and at home are actually phishing attacks being sent out by cybercriminals. The emails contain several classic signs of phishing scams:

  • Generic greeting. The emails do not include the recipients’ names in the salutation. Instead, they use a generic greeting such as “Good Morning my friend” or no greeting at all. In some cases, the recipient’s email address (or a shortened version of it) is used in the salutation.
  • Generic content. The emails do not contain any specifics about the incidents that were supposedly recorded. For example, they do not mention which websites the recipients were supposedly visiting when the recordings were made.
  • A sense of urgency and fear. To get people to fall for the scam, the emails try to create a sense of urgency and fear by first letting the recipients know that compromising recordings have been made and then telling them the recordings will be shared with their coworkers, friends, and family if the ransom is not paid.
  • Misspellings and grammatical errors. The emails contain misspellings and grammatical errors.

In some of the blackmail emails, the cybercriminals have been including a password that the recipient currently uses or has used in the past as “proof” they have hacked the person’s computer. However, email address-password pairs are often stolen in data breaches and can be easily purchased on the dark web. So, although alarming, the inclusion of a password does not prove the recipient’s computer has been compromised.

 

What to Do If You Receive This Phishing Email

If you receive a phishing email like this (or any other type of phishing email), here is what you should and shouldn’t do:

  • Do not panic or respond to the email.
  • Do not open any email attachments. In one instance, a blackmail email included an attachment. Opening an attachment could lead to spyware or another type of malware being installed on your computer.
  • Do not click any links in the email. Although the blackmail emails thus far have not included links, cybercriminals continually change their attack methods. Clicking a link could lead to malware being installed on your computer.
  • Follow company policy on how to deal with phishing emails if you receive one at work (e.g., forward it to the IT help desk, simply delete it).
  • Change your password if necessary. If the email includes a password that you currently use, change that password. If you used the password for multiple accounts, be sure to change each instance to a unique, strong password.

Scan your device for malware using your device’s security software as a precaution.

Don’t Let Your IT Policies and Procedures Fall by the Wayside

IT policies and procedures are not “set and forget” documents. Discover why they need to be reviewed regularly and learn some tips on how to do so.

Businesses sometimes create IT policies and procedures and then forget about them. Reviewing IT policies and procedures is important for several reasons, including:

  • Keeping IT systems running optimally. Companies create IT policies and procedures to help keep their IT systems running efficiently and securely. If these documents are not updated to reflect changes made to the systems, problems might arise. For instance, if a company starts collecting additional personal data from customers, it should update its privacy, data governance, and other applicable policies and procedures. Otherwise, the data might not be properly collected, cleaned, secured, used, and stored. This could lead to security vulnerabilities (e.g., improperly stored data) or data integrity issues (e.g., the new data cannot be combined with existing data because of formatting inconsistencies).
  • Complying with regulations. Regularly reviewing and updating certain types of policies is necessary for compliance to some regulations. For example, businesses that process or store the personal data of European Union (EU) citizens must comply with the General Data Protection Regulation (GDPR). One of the main requirements is that companies have privacy policies that tell EU citizens what data it is being collecting about them and how their data is being used, secured, shared, and stored. So, if a business starts collecting additional personal data from EU citizens but fails to update its privacy policy, it could be fined for noncompliance with GDPR.
  • Avoiding lawsuits. Businesses can be held liable for outdated, vague, and inconsistently enforced policies. For instance, a US jury awarded $21 million in damages to a woman who was struck by a Coca-Cola delivery driver who had been talking on her cell phone at the time of the accident. The plaintiff’s attorneys successfully argued that the company’s mobile phone policy for its drivers was vague and that Coca-Cola was aware of the dangers of distracted driving but withheld this information from its drivers. As this example illustrates, it is important for companies to periodically review their IT policies to make sure they are clear, current with the times, and consistently enforced throughout the workplace.

At least once a year, you should review your company’s existing IT policies and procedures to make sure they are up-to-date and relevant. This is also a good time to determine whether any new policies need be written. For instance, if you recently permitted employees to use their personal smartphones for work, you can use this opportunity to discuss the need for a Bring Your Own Device (BYOD) policy to govern the use of employee-owned phones in the workplace.

In addition, it is a good idea to test certain IT policies and procedures before the review process if it has not been done recently. For example, you could test the IT disaster recovery plan and procedures by holding a drill. Besides identifying problems with the plan and procedures (e.g., phone numbers that are no longer correct), the drill will allow employees to become familiar the process. This will lessen employees’ stress in the event of an actual disaster, which can lead to a faster recovery time.

If changes need to be made to an IT policy or procedure, you should:

  • Assign someone to make the changes.
  • Make sure the updated documents are reviewed and approved by the appropriate people (e.g., human resources staff, legal team).
  • Share the updated versions of those documents with employees.

Retest the policies and procedures if applicable. Need help keeping your policies moving forward? Give us a call at 800-421-7151.

5 Things to Know If You Are Considering Getting Cyber Insurance

As cyber attacks continue to increase in number and sophistication, more and more companies are purchasing cyber insurance. If you are considering getting this type of policy for your business, here are five things to keep in mind.


Discovering that a hacker just conned your business out of a large amount of money is probably one of your worst nightmares. For one organization, this nightmare came true. In December 2018, the Connecticut-based Save the Children Federation revealed that it fell victim to a business email campaign (BEC) scam the year before. The charity unwittingly transferred nearly $1 million to the hackers’ account.

Fortunately, the charity had cyber insurance, which covered most of the stolen money. The charity ended up losing only $112,000.

With BEC scams and other types of cyber attacks increasing in number and sophistication, more and more organizations are turning to cyber insurance to mitigate the risks and offset the costs of cyber attacks and other Internet- and IT-related liabilities. In the United States alone, the market is expected to grow from $2 billion to $15 billion in the next decade.

If you are considering purchasing cyber insurance for your business, here are five things to keep in mind:

  1. Cyber Insurance Is Continually Evolving

Cyber insurance is not new. Its roots are in errors and omissions (E&O) insurance policies. Around 20 years ago, add-ons were attached to tech companies’ E&O policies. These add-ons covered incidents such as a tech company’s software program bringing down another company’s network. Eventually, the add-ons evolved into separate policies that covered a lot more types of incidents (e.g., data breaches). As the kinds of coverages increased, so did the interest in these policies by companies outside the tech industry.

Nowadays, there are many different types of cyber insurance policies being purchased by many different kinds of businesses. And as the Internet, cyber crime, and IT systems evolve in the future, so too will the cyber insurance policies.

  1. Comparing Policies Can Be Challenging

Cyber insurance policies can be hard to compare because there is no set standard for underwriting this type of insurance. It is up to each insurance company to decide what it will cover and how to market that coverage. As a result, you might find that:

  • Some insurance companies simply add cyber insurance extensions to existing insurance policies. Most insurers, though, have separate cyber insurance policies. Stand-alone policies are usually more comprehensive than extensions, according to experts.
  • Some insurance companies put different types of coverages into separate policies. For instance, they might have a policy covering just data breaches and a policy covering cyber liability. In contrast, other companies offer one policy in which they include all their coverages (e.g., one policy covering both data breaches and cyber liability).
  • A few insurance companies offer different cyber insurance policies for different types of organizations. For instance, they might have separate policies for small businesses, tech companies, and public sector entities.
  • Like other types of insurance, the cost of the cyber insurance depends on many factors beyond the type of coverage provided. For instance, a business’s gross revenue, industry, and data risks are factored into the cost.
  1. Types of Expenses That Are Commonly Covered

Although there is no standard for underwriting cyber insurance policies, they cover many of the same types of expenses. Insurance companies typically cover cyber incidents caused by both internal actors (e.g., errors and omissions by employees) and external actors (e.g., cyber attacks by hackers). Examples of items usually covered include:

  • Lost revenue due to network downtime or a business interruption resulting from a cyber incident
  • Cyber extortion costs (e.g., ransomware payment)
  • The expenses incurred from a forensics investigation of a cyber attack
  • The costs incurred to restore data and systems after an attack
  • The expenses associated with notifying customers and other parties about a cyber incident
  • The cost of hiring a PR firm to minimize a cyber incident’s impact on a company’s reputation
  • Regulatory fines
  • Defense costs to handle lawsuits levied by individuals or businesses adversely affected by a cyber incident or a lawsuit imposed by a government entity (e.g., a state’s Attorney General)
  • Legal settlements from lawsuits

As this list shows, cyber insurance usually covers expenses incurred by the insured business as well as third parties adversely affected by the cyber incident. This is referred to as first-party coverage and third-party coverage, respectively.

  1. What Is Usually Not Covered

There are some costs and types of incidents that are not typically covered in cyber insurance policies. They include the loss of future revenue due to a cyber incident, costs to improve internal IT systems, bodily injury, and property damage.

In addition, it is important to know that a claim can be denied if a company misrepresents its security measures. Businesses are usually required to fill out an application that includes questions about the security measures they have in place. If a company submits a claim and the insurer can prove that the business did not have the specified security measures in place, the insurer can deny the claim.

  1. Where to Start If You Want to Get Cyber Insurance for Your Business

Before shopping for cyber insurance, experts recommend that you start by identifying the following for your business:

  • The types and sensitivity of the data used in your business
  • The kinds of cyber threats your company faces
  • How susceptible your business’s operations are to a network interruption and how much revenue you would lose every day if a cyber incident brought down your operations
  • Whether your business must adhere to any cyber-related laws or regulations (e.g., European Union’s General Data Protection Regulation, United States’ Health Insurance Portability and Accountability Act) and the cost of noncompliance
  • The contracts you have with suppliers and other business associates and what data they are able to access through joint business operations

With this information, you can get an idea of the types and amount of coverage needed. We can help you gather this information so you can get the best cyber insurance for your business.

Just Because a Mobile VPN App Is Popular Doesn’t Mean It Is Protecting Your Privacy

A study of the top free VPN apps available in Apple’s App Store and Google Play revealed that some of them might not be protecting your privacy as promised. Find out what the researchers discovered.

Using free public Wi-Fi networks at airports, hotels, and restaurants is convenient when traveling for business, but it can be risky. If you connect to an unsecured public Wi-Fi network, you run the risk of having hackers eavesdrop on your electronic conversations.

In theory, you can use a virtual private network (VPN) app to protect your privacy and data when using your mobile device within public Wi-Fi networks. In reality, that might not be the case if you are using a free mobile VPN app.

study of the top free VPN apps available in Apple’s App Store and Google Play revealed that most of them have no formal privacy policies or unacceptable ones. Plus, many of them are from obscure Chinese companies that deliberately make it difficult for people to find out anything about them. Equally concerning is that these apps often lack adequate customer support.

How the VPN Apps Were Selected

Researchers at Top10VPN.com selected the apps to study by searching for “VPN” in the App Store and Google Play for both the United States and United Kingdom sites. (Top10VPN.com is a VPN review site run by Metric Labs, an online security and privacy education company.) If a paid app appeared in the search results, the next one was selected. The top 20 VPN apps in each store at each site were listed, giving a total of 80 apps. Many of the apps appeared more than once in the list, so duplicate entries were removed. The end result was a list of the top 30 free VPN apps.

What the Study Found

For each app, the researchers investigated several elements, including the app company’s privacy policies, ownership, and customer support. One of the most concerning findings is that 86% of the apps are provided by companies that do not have any privacy policies or unacceptable ones. In regard to the latter, some of the companies have generic privacy policies that do not include any VPN-specific terms or policies that lack important details about data collection practices — both of which can give users a false sense of security. Other policies note that the companies track user activity and share it with third parties. Several policies even explicitly state that the companies collect and share users’ personal data with China.

Another troublesome finding concerns the companies providing the apps. “Our investigation uncovered that over half of the top free VPN apps [59%] either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the Internet within its borders,” said Simon Migliano, the head researcher at Top10VPN.com. Chinese legislation now forces local VPN providers to register with government authorities and obtain a license to operate. This is likely why some app privacy policies state that users’ personal data might be shared with China. For example, the privacy policies for the VPN Master, Turbo VPN, and SnapVPN apps state that “Our business may require us to transfer your Personal Data to countries outside of the European Economic Area (“EEA”), including to countries such as the People’s Republic of China or Singapore.” China’s VPN legislation coupled with the prevalence of Chinese hacking groups makes using VPNs provided by companies with links to this country risky to use.

The study also found that many of the top 30 apps have questionable user support. Specifically, 64% of the apps did not have dedicated websites for their VPN services. Several apps had no online presence whatsoever beyond their listings in the app stores.

Furthermore, 52% of the customer support email addresses specified in the app store listings were personal accounts (e.g., Gmail or Hotmail accounts). When the researchers sent emails to all the apps’ customer support email addresses requesting assistance, 83% of the emails were ignored. The emails were sent from the official top10vpn.com address and did not hide the researchers’ true identities.

You can find the details about all the apps investigated in the “Free VPN Apps: Chinese Ownership, Secretive Companies & Weak Privacy” report.

A VPN App Can Be Invaluable If You Pick the Right One

A VPN app can be invaluable if you use your mobile device within public Wi-Fi networks. It can protect your privacy and data if a network is not secured properly. However, when selecting a VPN app, it is important to do research and carefully evaluate the candidates, especially those that are free. If you need assistance selecting a safe VPN app for your mobile device, give us a call.

Reputation Jacking: Another Trick Up Hackers’ Sleeves

Reputation-jacking is on the rise. Discover what reputation-jacking is and why cyber criminals like to use it when attacking businesses.

Cyber criminals have another trick up their sleeves. Besides using phishing emails to steal money and data from businesses, some hackers are now employing an additional technique known as reputation-jacking — using popular, legitimate cloud storage services to deploy malware.

Security researchers at Menlo Labs uncovered a scam that showcases why using this technique is gaining popularity among hackers. In this scam, cyber criminals sent customized phishing emails to employees at banks and financial services companies in the United States and United Kingdom between August and December 2018. These emails used a convincing pretense to get the employees to download malicious files from the Google Cloud storage service.

Storing the files on Google Cloud likely gave the employees a false sense of security — the impression that the files were safe because they were on a popular, legitimate cloud service. Storing the files on Google Cloud also let the hackers circumvent possible security measures at the companies. If the hackers had attached the malicious files to the emails, they probably would have been caught by email security software since the files were Visual Basic Script (VBS) and Java Archive (JAR) files.

Downloading and opening the malicious VBS and JAR files initiated a process designed to infect the employees’ computers with remote access trojans. Cyber criminals use these trojans to gain control over compromised machines so that they can remotely run commands that will let them scout out companies’ networks. Hackers use what they learn to determine the best tools and techniques to deploy to accomplish their ultimate goal, which is often stealing money or data.

The security researchers who discovered the scam noted that reputation-jacking is on the rise. For this reason, it is important to discuss it when you are educating employees about phishing and business email campaign (BEC) scams. Let them know what reputation-jacking is and why hackers like to use it. Be sure to stress that anytime an email urges them to access a file, they should think twice about doing so. The file might be malicious, even if it is located on a legitimate cloud storage service. Call us at 800-421-7151 if it is time for some security training!

How to Customize the Startup Pages in Google Chrome and Microsoft Edge

If you have several websites you visit every day, you can configure your browser to automatically open those sites when you launch your browser. Here is how to customize the startup pages in Google Chrome and Microsoft Edge.

Most people have favorite websites they visit daily. If you are one of them, you can configure your web browser to automatically open those pages when you launch the browser. That way, you do not need to open each site every day, saving time and hassle.

To customize the startup pages in Google Chrome, follow these steps:

  1. Launch Google Chrome.
  2. Open the websites you want automatically opened when you start the browser.
  3. Click the icon that looks like a vertical ellipsis. It will be in the top right corner of the browser.
  4. Select “Settings” from the menu that appears. This will bring up the “Settings” web page.
  5. Scroll down to the “On startup” section at the bottom of the page.
  6. Click the “Open a specific page or set of pages” button.
  7. Select the “Use current pages” option.
  8. Close the “Settings” web page.

To customize the startup pages in Microsoft Edge, do the following:

  1. Launch Microsoft Edge.
  2. Open the websites you want automatically opened when you start the browser.
  3. Copy the sites’ addresses into a program such as Notepad or Microsoft Word.
  4. Click the icon that looks like an ellipsis. It will be in the top right corner of the browser.
  5. Select “Settings” from the menu that appears. This will bring up the “Settings” box.
  6. Find the “Open Microsoft Edge with” option.
  7. Select “A specific page or pages” from the drop-down list.
  8. Enter one of the site addresses you copied and click the save button (the button with the icon of a floppy disk).
  9. Use the “Add a new page” option to enter the other sites you want automatically opened.
  10. Click somewhere outside the “Settings” box to close it.

5 Noteworthy IT Trends That Will Affect SMBs in 2019 and Beyond

The IT industry is constantly changing. Because there are so many changes, it can be hard to discern which ones are most important. To help highlight the changes deserving attention, here are five IT trends that small and midsize businesses should know about.

Knowing the direction in which IT is headed can help companies prepare for the opportunities and challenges those changes might bring. However, many small and midsize businesses (SMBs) do not have the time or resources to keep up with IT changes since there are so many of them. Further, it can be hard to discern which ones are most important. To help highlight the changes deserving SMBs’ attention, here are five IT trends they should know about:

1. Data Privacy Regulations Will Become More Common

More data privacy regulations are likely on the horizon. The high rate of data breaches coupled with the controversial data-collection and data-sharing practices used by some companies (e.g., Facebook, Google) are prompting more people to rally around data privacy laws.

Some governing groups have already responded to people’s cries for more privacy. For example, the European Union passed the General Data Protection Regulation (GDPR), which went into effect in May 2018. A month later, the California State Legislature passed the California Consumer Privacy Act.

SMBs should keep abreast of the data privacy regulations being enacted and check to see whether they need to comply with them. The latter is not always readily apparent. For instance, companies do not have to reside in the European Union to fall under GDPR’s jurisdiction. Any organization that processes or stores the personal data of EU citizens is required to comply with GDPR, no matter it is located.

2. More SMBs Will Turn to Chatbots

To gain and retain customers, a company needs to quickly respond to their requests for information and answer any questions they might have. However, staffing a customer support desk 24 x 7 can be expensive.

One way companies are addressing this dilemma is by using chatbots, which are also known as virtual assistants or virtual agents. These software programs employ advanced technologies such as natural language processing and machine learning to simulate and automate conversations with humans. Chatbots can also help with routine tasks such as arranging meetings and collecting data.

Chatbots are becoming less expensive to purchase. Plus, companies have the option of buying prebuilt chatbots or building their own. Thus, chatbots are a practical solution for SMBs that want to be highly responsive to potential and existing customers.

3. Integrating Cloud and On-Premises Resources Will Become a Priority

With 96% of companies using at least one cloud service, it is safe to say that businesses have whole-heartedly embraced the cloud. However, companies’ cloud resources are not usually integrated with their on-premises resources. This can lead to a myriad of problems. For instance, a manager might want to break down product sales by customer age to analyze the buying habits of different generations. However, he might find that he is unable to do so because the customer data is stored in an on-premises legacy system while the product sales data is stored in the cloud, with no easy way to combine the two datasets.

In 2019, companies will begin to understand the importance of integrating on-premises and cloud resources, according to IDC experts. They predict that it will be a top IT spending priority for half of SMBs by 2021.

4. Companies That Want to Deploy Systems Using 5G Will Have to Wait

In December 2018, AT&T became the first wireless carrier to go live with a mobile 5G service in the United States. Although AT&T was the first, it won’t be the last. Other wireless carriers will likely follow suit.

Businesses are already looking forward to using this fifth generation of wireless networking technology because it is much faster, provides more bandwidth, and has lower latency than its predecessor, 4G. A survey by Gartner revealed that two-thirds of the polled organizations plan to deploy 5G by 2020. Ways they intend to use it include Internet of Things (IoT) device communications, video conferencing, and video analytics.

However, these companies will likely have to wait several more years. Gartner researchers expect that public 5G networks will not be capable enough to meet the needs of organizations by 2020 because wireless carriers will initially concentrate on providing 5G broadband services to consumers. They anticipate that an infrastructure capable of handling companies’ needs won’t be available until 2025 or later. Although companies could conceivably build their own private 5G networks in the meantime, the expense involved would not make it a viable solution for most SMBs.

5. The Proliferation of Data from IoT Devices Will Increase the Need for Edge Computing

Cisco estimates that IoT devices will generate a whopping 847 zettabytes of data by 2021. To handle the vast amounts of data generated by these devices, many companies will need to turn to edge computing.

With edge computing, the data from IoT devices is processed close to the location where it is being generated rather than being sent to a central location for processing. This allows the data to be analyzed and acted on in near real-time. Besides enabling such fast response times, edge computing helps companies significantly reduce the amount of data that needs to be sent to a central location, saving bandwidth.

Edge computing will be so crucial to handling IoT data that Gartner has ranked it as one of the top 10 strategic technology trends for 2019. And IDC researchers predict that, in key industries, a third of SMBs will be using IoT devices and edge computing to collect and evaluate data in near real-time by 2021.

7 Reasons Why IT Projects Fail

Projects frequently fail in businesses. Here are seven common reasons why IT projects fail and how you can avoid these pitfalls.

Having projects that fail is common in businesses. In one 2018 study, the Project Management Institute surveyed more than 5,500 companies and found that 15% of the projects they started failed. And these failures were costly — 9.9% of every dollar invested was wasted due to poor project performance.

Learning from other teams’ mistakes is one way to avoid failed projects. Here are seven common reasons why IT projects fail and how you can avoid making the same mistakes:

  1. Undefined Deliverables

While most project teams define the objectives for their IT projects, some teams do not define the projects’ deliverables. A common reason for this oversight is the belief that objectives and deliverables are referring to the same thing.

While objectives and deliverables are closely related, they are not synonymous. The objective describes what a team plans to accomplish with its project. Deliverables are things (e.g., reports, plans, processes, products) that the team will produce to enable the objective to be achieved. For example, suppose a project’s objective is to replace old printers with ones that will better meet the business’s needs. The deliverables might include a report detailing current and projected printer usage needs, an analysis determining whether it is best to buy or lease the printers, evaluations of at least three printer suppliers, a signed contract, installation of the printers, a training program for employees on how to use the new printers, and so on. A larger project might need separate objectives and deliverables for each phase in it.

Because deliverables often build on each other, they provide a roadmap that the team can follow to achieve the project’s objective. Deliverables also help the team more accurately estimate the time, resources, and funding needed to complete it.

  1. IT Project Too Large

Tackling IT projects that are too large in scope is a common reason why they fail. Large projects require large amounts of time, money, and resources to complete — all of which might be in short supply, especially in small and midsized businesses.

Projects with smaller scopes are typically more manageable and have a greater chance of success. So, for example, instead of undertaking a project to create a set of IT policies, it is better to narrow the scope by having the team create just the acceptable use policy. When that project is done, the team can then tackle the privacy policy, and so on.

It is important to note that an IT project might start out with a manageable scope, but then “scope creep” sets in. For instance, if a team is working on developing an intranet site for employees, having an ever-growing list of “must-have” and “nice-to-have” features might expand the project’s scope to the point where it is unmanageable. While changes to a project’s scope are sometimes necessary, they should be kept to a minimum. Significant changes might necessitate the need for the team to revise its deliverables, schedule, and budget.

  1. Unrealistic Schedules and Budgets

Sometimes, teams do not realize how much time or money will be required to complete IT projects. Other times, they are simply too optimistic.

Not taking the time to get accurate estimates of how much time and money a project will require can result in projects being late and overbudget. Even worse, it could lead to poor-quality deliverables. If a project’s schedule is unrealistic, people might rush to get things done or take shortcuts. Similarly, people might cut corners if a project’s budget is too small.

Having well-defined deliverables will help in the creation of realistic schedules and budgets. It’s important to build in a little extra time and money, though, in case any surprises pop up.

  1. Not involving the Right People

An IT project can run into trouble if the people involved do not have the necessary skills and knowledge. For example, having a technician head a project because he is knowledgeable in the project area can lead to failure if that person has no experience in managing projects or teams. Conversely, if no one on the team is knowledgeable about the latest IT technologies, the team might not consider a technology that could potentially be a good fit for the company.

It is important to make sure that each person involved in the project is capable of completing their assigned role. It is also important to make sure that at least one person on the team has sufficient IT knowledge in the project area. If no one in the company has the necessary know-how, the team should consider bringing in an outside expert.

  1. No Central Repository for Communications

For a project team to be successful, its members must be able to communicate effectively with each other and with other people inside their companies. To do so, they need good communication skills as well as effective communication tools.

Besides holding team meetings, project team members often use email to communicate with each other. While this is an effective tool, the emails are stored in the members’ inboxes, making it hard for other people (e.g., a new team member) to access the information discussed in them. Plus, if a team member forgets to copy the entire team on an email, some people might be inadvertently kept out of the loop.

A better approach is to have a central repository for project communications. This could be as simple as having project members store copies of their project-related emails in a shared folder on the company’s network. Ideally, though, teams should use collaboration software that enables them to communicate and collaborate with each other and that stores their communications and work in a central location.

  1. Not Monitoring and Tracking Progress

It is important monitor and track a project’s progress in terms of deliverables met, costs, and schedule. If a team fails to do so, a small glitch could turn into a big problem later on.

While manually monitoring and tracking a project is possible, it would be time-consuming. A better solution is to use project management software. That way, the team will always know exactly where the project stands and how much time and money has been spent on it thus far.

  1. Not Enough Testing

IT projects often include deliverables such as IT systems and IT products. Failure to thoroughly test these types of deliverables can result in their failure once they are implemented.

The team should not wait until the end of the project to conduct the tests. Testing needs to start early and be done often. This will allow small problems to be fixed before they grow into significant problems that will take much more time and money to fix.

If you have any other questions about upcoming projects you need done, give us a call at 800-421-7151. Our team will make sure your IT projects are executed successfully.

4 Misconceptions about Tech Support Scams

Despite being common, there are many misconceptions about tech support scams. Not knowing the truth can result in falling victim to this type of fraud. Here are four misconceptions set straight.

Tech support scams are common and costly. In 2017 alone, around 11,000 victims filed complaints with the Internet Crime Complaint Center (IC3). They reported losing nearly $15 million, which represents an 86% increase in losses compared to 2016.

Even though tech support scams are common, there are many misconceptions about them. Knowing the truth can help you become more adept at recognizing and avoiding this type of fraud. Toward that end, here are four misconceptions set straight:

  1. Tech Support Scammers Always Call

In the past, scammers frequently cold-called potential victims. They often identified themselves as tech support staff from a well-known tech company such as Microsoft. They then spun a tale of how they detected a problem on the person’s computer that should be fixed immediately, which they offered to do.

Nowadays, scammers are more apt to use other means to reach potential victims, including:

  • Pop-ups. When people visit a website, a message pops up that says their computers are infected with malware, have an expired software license, or have some other problem. The visitors are then urged to call a bogus hotline or go to a fake online tech support center to get the problem fixed.
  • Phishing emails. People receive emails that do not mention anything about their computers having a problem. Instead, some other pretense is used to try to get them to click a link. For example, security researchers found that some phishing emails were made to look like notifications from online retailers (e.g., Amazon) and professional social-networking sites (e.g., LinkedIn). Clicking the linking sent people to a malicious website that mimicked the legitimate one that supposedly sent the email. The site then deployed various scare tactics (e.g., pop-up messages saying there is a malware infection) to trick people into calling or visiting a phony tech support center.
  • Redirects to bogus tech support websites. In some cases, malicious ads (or links in other types of web content) redirect visitors to tech support scam sites. According to security researchers, these malicious ads are usually found in questionable websites, such as those that host illegal copies of media and software.
  1. If It’s Free, It Isn’t a Scam

The goal of many tech support scams is to make money. Scammers try to con you into paying for bogus software or services. Having someone notify you, out of the blue, that your computer has a serious problem, which they can fix — for a price — is a classic sign of a tech support scam.

However, you cannot assume the person is legitimate if they offer to fix the problem for free. Sometimes scammers have different goals. For example, they might want to change the settings on your computer so that it becomes part of a botnet. Or, they might want you to install their free software because it contains spyware.

  1. Baby Boomers Are Most Likely to Fall Victim to Tech Support Scams

A common misconception is that Baby Boomers are most likely to fall victim to tech support scams because they are less familiar with technology. However, a 2018 Microsoft study found that Gen Z’ers and Millennials are twice as likely to initially fall for a tech scam (e.g., click a link in a phishing email or call the number given in a pop-up) than Baby Boomers. And the Gen Z’ers and Millennials are five times more likely to lose money to tech support scammers (e.g., pay the digital con artists for bogus software or services).

The researchers attribute the higher vulnerability of Gen Z’ers and Millennials to several factors:

  • They engage in more risky online activities (e.g., use torrent sites, download movies, music, and videos) than the older generations.
  • They tend to be overconfident in their online abilities, causing them to be less cautious and more susceptible to scams. In the study, the Gen Z’ers and Millennials gave themselves high ratings in web and computer expertise.
  • They are more likely to believe that it is normal for reputable tech companies to make unsolicited contact than the older generations. In the study, 33% of the Millennials and 30% of the Gen Z’ers said unsolicited contact was normal compared to 18% of the Baby Boomers and 22% of the Gen X’ers.
  1. It’s Difficult to Defend against Tech Support Scams

Fortunately, the notion that it is hard to defend against tech support scams is a misconception rather than the truth. Besides understanding how tech support scams work, you can take some surprisingly simple measures to protect yourself.

For starters, you should not disable your web browser’s pop-up blocker. Most modern browsers automatically block pop-ups. For example, Google Chrome blocks not only pop-ups but also redirects by default. Manually disabling this functionality might result in you seeing more messages that try to scare you into calling or visiting a bogus tech support center.

Equally important, you should not visit questionable websites. Plus, you should heed the security warnings issued by your web browser and security software. These programs often flag or block content they know or suspect is unsafe. Resisting the urge to visit questionable sites and access flagged or blocked content can help reduce the number of tech support scam pop-ups and malicious ads in your web browser.

Another measure you can take is making sure your email app, web browser, and security software are being updated regularly. These programs are typically configured to automatically update, but it is a good idea to make sure that is the case. With the updates installed, they will be better able to identify and deal with security issues. For example, email apps usually include filtering tools that help weed out phishing emails. The more current the filtering tools, the more effective your email app will be at snagging phishing emails. Similarly, your browser and security software will be better able to identify unsafe content when they are updated.

You also might consider using ad blockers to eliminate the malicious ads that could send you to bogus tech support sites. These programs remove or alter all advertising content on web pages. Some ad blockers replace ads with content, such as news. Others simply leave holes where the ads would have been. However, there is one caveat with ad blockers. They might inadvertently block non-ad content, causing web pages to display improperly or not at all.

There are other, more-advanced measures you can take to protect yourself from tech support scams, such as using advanced email filtering solutions and configuring your DNS to block ads before they enter your network. If you would like to learn about these measures, contact us at 800-421-7151.

How to Stop Those Annoying Website Notification Boxes in Chrome Browsers

Are you tired of having websites asking you if they can send you notifications? Here is how to stop these notification boxes from popping up in Google Chrome web browsers.

If you use the Internet regularly, you have probably encountered them — those pesky boxes that pop up when you visit a website for the first time and it wants to send you notifications.

Although it is easy enough to refuse, having to do so for multiple sites can be annoying. And if you clear your browsing data, you will have to again refuse the notifications for the sites you visit often.

Fortunately, it is easy to stop these notifications from appearing if you use the Google Chrome web browser. Open your browser and follow these steps:

  1. Click the icon that looks like a vertical ellipsis. (It will be in the top right corner of the browser.)
  2. Select “Settings” from the menu that appears. This will bring up the “Settings” web page.
  3. Scroll down to the bottom of the page and click “Advanced”.
  4. Click the “Content settings” option. (You will need to scroll down a bit more to see this option.)
  5. Choose “Notifications” in the list that appears.
  6. Click the “Ask before sending (recommended)” option. The option will now read “Blocked”.
  7. Close the “Settings” web page.

If you should later want to receive notifications from websites, you can repeat these steps. The only difference is that in step 6, you will need to click the “Blocked” option. It will then toggle back to “Ask before sending (recommended)”. After you perform these steps, you will again be presented with notification boxes.

Office 2019 or Office 365: Which Is a Better Fit for Your Business?

Do you want to replace an old version of Microsoft Office on your company’s computers or add this productivity suite to some new machines? If so, you might be wondering whether it is better to use Office 2019, which Microsoft released in the fall of 2018, or Office 365. Here is what you need to know to make the best decision for your business.

The Fundamental Differences

There are a few fundamental differences between Office 2019 or Office 365:

Office 2019. Office 2019 is an on-premises product that you purchase upfront for use on a single computer. You can use this suite’s apps for as long as you want – whether it is three years or three decades. However, Microsoft will not be offering any upgrade options for Office 2019 in the future. This means that if you want to upgrade to the next major on-premises Office release (say Office 2022), you will have to buy it at full price. (Despite rumors to the contrary, Office 2019 will not be the last on-premises version of Office, according to company officials.)

Microsoft offers three Office 2019 suites available through volume licensing: Office Professional Plus 2019, Office Standard 2019, and Office Standard 2019 for Mac. If you need fewer than five licenses, you can use Office Professional 2019 or Office Home & Business 2019, both of which are licensed for business use.

All these suites (except Office Standard 2019 for Mac) need to run on Windows 10 computers. So, if you are running older Windows versions on your computers, you will not be able to use Office 2019.

If you have Mac computers, you can use either Office Standard 2019 for Mac or Office Home & Business 2019. These suites are compatible with the three most recent versions of macOS, which are 10.14, 10.13, and 10.12 at the time of this writing. The next time Apple releases a new major version of macOS (say 10.15), Microsoft will drop support for the oldest of the three versions (10.12) and support the newest version and its two predecessors (10.15, 10.14, and 10.13). The Office apps will still work on computers running the dropped version (10.12), but the apps will not receive any updates.

Office 365. Office 365 is a cloud service that you subscribe to on a per-user basis. Businesses have many subscription plans from which to choose, based how many employees need to use Office 365 and the apps, services, and other options those users will need. With most of the business subscription plans, each licensed user can install the Office apps on five desktop computers (Windows or Mac), five tablets, and five smartphones. With Office 365, you do not need to worry upgrading because users will always have the most up-to-date versions of the apps.

Office 365 is billed either monthly or annually. You pay a higher per-user fee if you choose to pay each month. When you stop paying, the users’ licenses to run the Office apps expire. The apps that are installed on users’ devices do not immediately stop working, though. They usually continue to work for 30 days thanks to a grace period.

Unlike Office 2019, Office 365 will work on computers running older versions of Windows. Office 365 is compatible with Windows 10, Windows 8.1, Windows 7 Service Pack 1, and the two most recent versions of macOS.

Functionality and Support

Not surprisingly, Office 2019 offers more functionality than its predecessor Office 2016. For example, in Office 2019, Microsoft added a text-to-speech feature to Word and funnel charts to Excel.

However, Office 2019 provides less functionality than the current Office 365 apps. The Office 2019 apps do not include many of the cloud- and artificial intelligence (AI)-based features that Microsoft has added to Office 365 apps the past few years. For instance, in Office 2019, Word does not include the Editor feature, even though it is available in the Word app provided through Office 365. This feature uses machine learning and natural language processing to make suggestions on how to improve your writing.

Further, with Office 2019, you will not get any new features delivered through updates. The updates will include only security and stability patches. In contrast, Microsoft will continue to add new features to Office 365 through updates. These updates will also include security and stability patches.

There is another difference in how Microsoft supports Office 2019 compared to Office 365. As long as you subscribe to Office 365, you will receive mainstream support. With Office 2019, Microsoft will provide only five years of mainstream support and two years of extended support.

The Bottom Line

What is best for your company will largely depend on your comfort level with cloud computing. If you are comfortable with using cloud services, subscribing to Office 365 might make more sense. It offers more features and better support than Office 2019. Plus, Office 365 apps work on older versions of Windows. However, Office 2019 is a viable alternative if using cloud services is not a good fit for your business. Contact us at 800-421-7151 if you have any questions about Office 365 or Office 2019.

Small and Midsized Businesses Continue to Be Common Targets in Ransomware Attacks

Ransomware continues to pose a significant threat to small and midsized businesses, according to a Datto survey of 2,400 managed service providers (MSPs). More than half of the MSPs reported that a least one of their clients experienced a ransomware attack in the first half of 2018. Although the average ransom was only $4,300, the attacks cost the businesses an average of $46,800 due to the downtime they caused.

How the Attacks Were Delivered

The Datto study explored how the ransomware was delivered to the small and midsized businesses. It found that the top three delivery methods were:

  1. Phishing emails. Cybercriminals often send phishing emails to employees at small and midsized businesses to spread ransomware. These emails use a convincing pretense to lure recipients into clicking a link or opening an attachment. All it takes is one employee to fall for the ruse to initiate a ransomware attack.
  2. Malicious websites or ads. To deliver ransomware, hackers build malicious websites or post malicious ads (aka malvertising) on legitimate sites. If employees visit one of these sites, code is installed on their computers without their knowledge. The code then kicks off a series of events that can ultimately lead to a companywide ransomware infection.
  3. Web pages often include clickbait — text links (“You won’t believe …”) and thumbnail image links designed to entice people to follow a link to web content on another web page. While clickbait is typically used to increase page views and generate ad revenue, cybercriminals sometimes use it to send people to malicious websites that spread ransomware.

Because all three delivery methods depend on someone performing an action (e.g., clicking a link), it is important for small and midsized businesses to teach employees about the hidden dangers associated with seemingly innocuous actions.

Key Elements to Cover When Educating Employees about Ransomware

While each company will want to customize its ransomware training program to meet the its unique needs, it is a good idea to cover the basics:

  • Let employees know what ransomware is and the methods cybercriminals commonly use to spread it (e.g., phishing emails, clickbait).
  • Discuss the elements commonly found in phishing emails, such as generic greetings, spoofed email addresses, and messages that try to create a sense of urgency (i.e., act now or pay the consequences). If employees know about these common elements, they will be better able to spot any phishing emails that make it through email filters.
  • Warn employees about the dangers of clicking links and opening attachments in emails, especially if they are from unknown senders.
  • Show employees real-world examples of clickbait and let them know the dangers that might be lurking if they are enticed into clicking the links.
  • Stress the importance of avoiding any web content flagged as a potential security threat by web browsers or security software, as it might contain malvertising or other malicious code.

Other Measures to Take

Businesses need take other measures as well, such as regularly updating their computers’ software so known vulnerabilities are patched. Equally important, they need to make sure they have restorable backups of their data in case a ransomware attack occurs.

If you need a security audit or know an area you are lacking, give us a call at 800-421-7151. We can make sure that your business has covered all the bases so that it will be protected from ransomware and other types of cyberattacks.

Why Cryptojacking Is More Dangerous Than Many Businesses Realize

 

Cryptojacking might not seem as dangerous as ransomware or data breaches since cybercriminals are stealing a computer’s processing power rather than money or data. However, companies that dismiss this threat might be putting their businesses at risk. Cryptojacking malware is becoming increasingly sophisticated, which could spell trouble for companies unprepared for it.

The Changing Face of Cryptojacking

Cryptojacking was born from people’s need for more computing power so they could mine (aka earn) cryptocurrencies such as Bitcoin and Monero. These “miners” typically used website scripts that siphoned processing power from a visitor’s computer, without that individual’s knowledge or consent. When the person left the site, the siphoning stopped.

It wasn’t long before cybercriminals started using these scripts to get computing power for their exploits. Sometimes, they added these scripts to their own malicious web pages. Other times, they hacked into legitimate sites and insert the scripts there.

Since cybercriminals have entered the scene, cryptojacking malware has become more sophisticated. In addition, the hackers are becoming more creative in ways to deliver it.

Take, for example, the cryptojacking malware known as PowerGhost. When it was first discovered in July 2018, Kaspersky Lab researchers found that cybercriminals used phishing emails to gain initial access to a computer. Once the machine was infected, the malware used credential-stealing and remote-administration tools to spread itself to other machines in the local network. To make matters worse, some newer versions of PowerGhost have the ability to disable antivirus programs such as Windows Defender.

Another sophisticated program is PyRoMine, which Fortinet researchers found in April 2018. Besides stealing processing power, it creates a backdoor account with administrator-level privileges, enables the Remote Desktop Protocol (RDP), opens the RDP port in the Windows Firewall, and makes several other system changes so that the cybercriminals can remotely access the computer at a later time. The program even configures the Windows Remote Management Service to allow the transfer of unencrypted data.

As PowerGhost and PyRoMine illustrate, cryptojacking malware can create footholds in computers that hackers can later exploit. They could, for example, use these footholds to infect the computers with a different kind of malicious program, such as ransomware.

This might already be taking place. Companies infected by cryptojacking malware were found to have a larger number of other types of malware infections compared to businesses that did not experience any cryptojacking attacks, according to Fortinet’s “Quarterly Threat Landscape Report” for Q3 2018. However, this is only circumstantial evidence that cryptojacking leads to other malware attacks, which the Fortinet researchers acknowledged. They noted, “We attempted to establish a definitive causal relationship, and while those tests showed statistically significant results, they fell short of the burden of proof needed for a guilty conviction.” The researchers are planning to further explore this relationship in future reports.

How to Guard against Cryptojacking

In the past, you just had to prevent malicious scripts from running in web browsers to guard against cryptojacking. Nowadays, a more widescale approach is needed, including:

  • Making sure that computers’ operating system software and apps are updated so that known security vulnerabilities are patched. Both PowerGhost and PyRoMine exploit unpatched security vulnerabilities in Windows operating system software to create their footholds.
  • Making sure your security software is up-to-date. This can help guard against known cryptojacking code. It can also help protect computers from other types of malware that might be installed through footholds created by cryptojacking malware.
  • Educating employees about phishing emails and unsafe web browsing habits. As PowerGhost demonstrates, phishing emails can be used to gain initial access to a computer. So, employees need to know the dangers associated with clicking links in emails and opening files attached to them. Similarly, they should be taught about unsafe browsing habits, such as clicking links without knowing where they lead and visiting questionable websites.
  • Using ad or script blockers in web browsers to prevent malicious scripts from loading. There are also third-party tools available that are designed specifically for blocking cryptojacking scripts.
  • Inspecting your website. If your business hosts a website, you might want to make sure that hackers have not placed a cryptojacking script on it.

There are also other measures you can take, such as monitoring your computer systems and network for unusual activity. We can evaluate your business and provide specific recommendations on how to defend against cryptojacking and other types of malware.

Avoid Data Loss in Office 365

Microsoft understands the value of business data and the costly repercussions of losing it. That’s why they’ve released a slew of security and compliance tools for Office 365 subscribers. But given the increasing sophistication and frequency of data breaches, these cloud security solutions aren’t enough to protect your files. You’ll need to follow these seven security tips to prevent data loss in Office 365.

Take advantage of policy alerts
Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices
Since personal smartphones and tablets are often used to access work email, calendar, contacts, and documents, securing them should be a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multi-factor authentication
Don’t rely on a single password to safeguard your Office 365 accounts. To reduce the risk of account hijacking, you must enable multi-factor authentication. This feature makes it difficult for hackers to access your account since they not only have to guess user passwords, but also provide a second authentication factor like a temporary SMS code.

Apply session timeouts
Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from opening company workstations and accessing private information.

Avoid public calendar sharing
Office 365’s calendar sharing features allow employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls
Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt emails
Encrypting classified information is your last line of defense to secure your data. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate, you must be aware of potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. If you need help securing Office 365, we can assist you, too! Contact us today for details at 800-421-7151.

Browser Security for Business Data

The internet isn’t for the naive. It’s a wild place of dangerous creatures like polymorphic viruses, ransomware, scammers, and malicious hacker organizations. As  any business owner today would know, data is everything. If you or your employees browse the net unprotected, this valuable resource is threatened by cyber criminals on the lookout for easy targets. One way to protect your business’ data is to secure your browsers. It is easy enough for every small- and medium-sized business to do.

Data stored on desktops, servers and in the cloud, doesn’t make it safe. If anything, it makes it available to anyone who has the desire and capabilities to hack into your system and cause mayhem for your business operations.

One thing you should be doing to protect your data – and your company – is to make use of privacy-protecting browser extensions. Depending on the nature of your business, both you and your employees are likely to be online at least some, if not all, of the working day. What are some of the browser extensions that can make the experience more secure?

Prevent browser tracking

If you don’t like the idea of a third party (reputable or otherwise) being able to track your browsing habits, try installing a tool for private browsing. These programs offer protection against tracking by blocking third-party cookies as well as malware. Some extensions also boast secure Wi-Fi and bandwidth optimization and can guard against tracking and data collection from social networking sites such as Twitter, Facebook or Google+.

Blocking adverts

While online ads may seem harmless, the truth is they can contain scripts and widgets that send your data back to a third party. A decent ad blocking program will block banner, rollover and pop-up ads, and also prevent you from inadvertently visiting a site that may contain malware.
Many blockers contain additional features such as the ability to disable cookies and scripts used by third-parties on a site, the option to block specific items, and even options to ‘clean up’ Facebook, and hide YouTube comments. The major blockers work with Google Chrome, Safari, and Firefox and you’ll be able to find everything from user-friendly solutions to more advanced tools that are customizable down to the tiniest degree.

Consider installing a VPN

Unfortunately, browser tracking, malware, and adware are not the only internet nasties that you need to be concerned about. but the good news is that there a number of other extensions that you can download to really get a grip on your online safety. A VPN (Virtual Private Network) is something else to consider. VPNs encrypt your internet traffic, effectively shutting out anyone who may be trying to see what you’re doing.

Commonly used in countries where the internet is heavily censored by the powers that be, a VPN allows for private browsing as well as enabling users to access blocked sites – in China’s case that’s anything from blogs criticizing the government to Facebook and Instagram. There are hundreds of VPNs on the market so do a little research and find one that suits you best.

Finally, it goes without saying that having anti-virus and anti-malware software installed on your PC, tablet, and even your smartphone is crucial if you want to ensure your online safety.

Is browsing at your workplace secure? Would you like a more comprehensive security system for your business? We can tell you all about it and help your business protect itself from online threats. Get in touch with us today at 800-421-7151.

5 Cloud Security Tips for Business Owners

Cloud computing marketing can be deceiving. When you see an image of the cloud, it’s often a happy, bubbly, white puffball floating delightfully in front of a blue sky background. Its presence is both calming and reassuring, which makes you believe that anything is possible. Security would never be an issue, right? Ask one of the nearly seven million Dropbox users who had their accounts hacked, and they’ll give you a definitive answer. Sure, not every cloud provider has had security breaches, but that doesn’t mean we can take cloud security lightly. Here’s what you can do to protect yourself as a business owner.

Ask your IT provider what cloud security policies they have in place

This is probably the single most important security measure you can take. Find a trusted IT provider and have a candid conversation with them about their cloud security policies.

Ask about Security Training

The number one point for anything security related is user training. A Smart user is 90% of the way there to protecting themselves.  You can have all the browser extensions and ad blockers you want but if the plugins are out of date or compromised it might make things worse.   The content of this document, and all the other emails and blog entries you send out are helping to Train the user.  A Smart user will understand why and how to use the technology to help protect themselves and the company.

Ask where the physical cloud servers are located

When you have “the conversation,” don’t forget to ask about this. Believe it or not, some cloud servers may not even be located in your own country. Wherever they are, it’s wise to make sure they’re located in a safe data center with proper security afforded to them. Otherwise depending on your type of business you may be out of compliance with regulations such as Sarbanes-Oxley.Create unique usernames and passwords

Your login credentials represent one of the cloud’s main security vulnerabilities. Think of a better password than “12345” or “football.”

Use industry standard encryption and authentication protocols

AES (Advanced Encryption Standard), IPsec (Internet Protocol Security) and EAP (Extensible Authentication Protocol) are reliable technologies. IPsec is primarily used for a secure VPN connection.

Encrypt data before it’s uploaded to the cloud

Encryption is a must, and can be done by you or your cloud service provider. Should hackers manage to access your data, they’ll find it useless because they can’t make heads or tails of it.

When it comes to trusting the security protocol of a cloud service provider, transparency is key. They should take security seriously, be able to explain their security policies clearly, and be willing to answer any questions. If they can’t do one of these, that’s a red flag telling you to find another vendor.

Are you ready to talk cloud security and transition your business into the cloud? Call us today at 800-421-7151. We’re happy to answer all your questions.

5 Proactive Defenses Against Cyber Attacks

As IT security consultants, we’re stuck between a rock and a hard place. Managed IT services providers (MSPs) such as ours want to provide clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most fundamental aspects of cybersecurity would most likely put you to sleep instead of convince you of our expertise. But if there’s one topic you need to stay awake for, it is proactive security.

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.). You should never spend more money than the vault of the asset or data that you are protecting.

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multi-pronged approach to proactive security:

  • Security awareness seminars that coach all internal stakeholders – train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness
  • Front-line defenses like intrusion prevention systems and hardware firewalls – scrutinize everything trying to sneak its way in through the borders of your network
  • Routine checkups for software updates, licenses, and patches – minimize the chance of leaving a backdoor to your network open
  • Web-filtering services – blacklist dangerous and inappropriate sites for anyone on your network
  • Updated antivirus software – protect your data and systems against the latest and most menacing malware
  • Physical Access – minimize your risk by restricting physical access to network critical devices such as servers and switches behind a locked server closet.

As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cybersecurity by giving us a call at 800-421-7151 for a demonstration.

Office 365 Stops Billions of Phishing Emails

Sending phishing emails is the most common method hackers use to distribute malware and steal information. In fact, there are billions of phishing emails sent every year, and millions of people keep falling for them. However, if you’re subscribed to Office 365 there’s a good chance that you won’t see harmful messages in your inbox, and here’s why.

Effective anti-phishing solutions must be able to recognize the key elements of a phishing attack, which includes spoofed (or forged) emails, compromised accounts, unsafe links, and harmful attachments. In April 2018, Microsoft upgraded Office 365’s Advanced Threat Protection (ATP) features so it can better detect these elements and prevent a wide variety of phishing scams. These enhancements include:

  • Anti-impersonation measures – ATP will now look for potential phishing indicators in an email, including the sender’s address, name, and links, to identify whether the user is being impersonated. You can specify high-profile targets within your organization, such as managers and C-level executives, so Office 365 can protect these users from email impersonation. Office 365 also utilizes machine learning to analyze a user’s email patterns and flag suspicious contacts that have had no prior correspondence with your company.
  • Anti-spoofing technology – This feature reviews and blocks senders that disguise their true email address. You can even enable safety tips that flag certain email domains that have strange characters. For instance, if your real domain is Acme.com, a spoofed domain could be Acḿe.com.
  • Email link scanning – Office 365 launched Safe Links, which scans emails for fraudulent links and redirects users to a safe page in case it does contain harmful materials. This feature also applies to email attachments, ensuring you’re protected against all types of phishing scams.

Due to these improvements, Office 365 had the lowest phish rate among other well-known email services between May 1 and September 16, 2018. The company has stopped over five billion phishing attempts and protected users against seven billion potentially malicious links. If you’re looking for a secure email platform, Office 365 is the best option for your business.

That said, it’s not a substitute for good security awareness. No matter how secure Office 365 is, employees still need to be adequately trained to recognize a phishing email when they see one. Hackers are constantly changing their tactics to evade Office 365’s detection systems, so it’s important that everyone is alert at all times.

If you need a well-fortified email service, we can implement and manage Office 365 for you, and include Mimecast for extra protection. We even offer practical security advice to make sure your business, employees, and assets are safe and sound. Contact us now at 800-421-7151.

Keep the Cloud Affordable with These Tips

Small and medium sized businesses and firms globally are adopting cloud technologies. However, there are hidden costs that some business owners might not be aware of. They might not seem like much at first, but those costs could eventually snowball. Follow these five tips to keep the cloud from breaking the bank:

No standalones

Cloud services come in various shapes and sizes, many of which are standalone platforms with rates that increase over time. Opt for a service provider that offers a suite of products that all work together. They are often less expensive than a group of standalone products. Another benefit of working with a cloud provider is that you receive a single point of contact to resolve your issues quickly and effectively.

Experience matters

If you plan on integrating a standalone cloud service into your system, make sure you hire an experienced integration consultant to facilitate a smooth transition. Integration mishaps can cause serious downtime and cost a lot of money.

Backups are important

Unnecessary or inefficient backups will waste cloud storage space. Examine your cloud storage data by asking the following questions:

  • How many versions of this data do I need to store long-term? The more versions you store, the more it costs. This is known as Recovery Point Objective or RPO which is determined by looking at the time between data backups and the amount of data that could be lost in between backups.
  • What regulatory demands do I need to meet? Some data may need to be accessible for up to three years, whereas other data can be deleted after 30 days.
  • How quickly do I need to access my backups? If it can wait for a day or two, archive that data to a less expensive service or offline at the provider’s data center. This is known as RTO, or Recovery Time Objective, which is the target time you set for the recovery of your IT and business activities after a disaster has struck.

Remove users

Many cloud service providers charge by the number of users in your system. By neglecting to manage the list of users, you could end up paying for people who no longer work for you. Implement processes that remove users when they are terminated and consider scheduling a regular audit. Ideally, this should be once every six months to a year, to ensure your cloud user list is up-to-date.

Monitor proactively

Ask your cloud provider whether they can proactively monitor your account and notify you of potential issues before they cause problems. This is especially important if you have a pay-as-you-go license that charges based on resource or storage consumption.

Utilizing the right technology resources is vital to your business’s success, and so is knowing how to prevent them from racking up an overwhelming monthly bill. If you wish to enjoy all the benefits of cloud computing without breaking the bank, give us a call at 800-421-7151 and we’ll be happy to help.

Is CRM Software Essential to your Business?

The right technology investment can lead to business success. With customer relationship management (CRM) software at the helm of your sales and marketing efforts, you can nurture long-lasting business relationships and improve your bottom line. If you need more convincing, we’ve compiled five more reasons why your business needs CRM.

Grows with your business

The ol’ Rolodex may have been useful for managing a few clients, but you’ll need a much better solution if you plan to maintain relationships with hundreds, possibly thousands, more. CRM scales with your business, meaning it can handle larger data sets and more clients as you expand your sales operation.

Organizes your data

CRM software acts as a central database for all your sales records and transactions. This means important customer information can be retrieved in just a few clicks rather than by rifling through thousands of documents, sticky notes, and disorganized cabinets. And since CRM is hosted in the cloud, sales data, customer interactions, and other actionable information are available for the entire company.

Improves customer service

Your sales team could be the most persuasive individuals in the world, but this means nothing if they can’t recall anything about their clients and their preferences. When your sales staff follows up on leads or existing customers, CRM will automatically retrieve contact history, past purchases, and customer preferences from your client database and display them on a single page during the call.

Armed with detailed customer information, sales representatives will be able to recommend products and services that meet the client’s needs. So instead of struggling through a sales call, marketing employees can focus on delivering a professional sales pitch.

Streamlines your sales funnel

CRM comes equipped with workflow management functions, supporting your sales pipeline in a number of ways. For example, you can configure your CRM to send instant follow-up emails when a lead visits a particular product page. You can even use automation to track where certain leads are in the sales pipeline and delegate the task to one of your sales closers.

Analyzes sales data

With real-time sales information, business managers can track marketing campaigns and adjust their strategy accordingly. For instance, you might notice that click-through-rates for promotional emails and company newsletters are higher during Tuesday afternoon than Friday night. Having this information can help you focus your marketing efforts and message to generate more leads.

In addition, you can use CRM to analyze customer calling activity, market demographics, lead conversion rates, and key performance indicators to influence future business decisions.

Understanding your customers can put you several steps ahead of the competition. If you need to manage contacts, eliminate time-consuming procedures, and improve your sales performance, CRM is the perfect business solution.

Contact us today to find out whether CRM is the right fit for your business.

 

What is App Virtualization?

Small- or medium-sized business (SMB) owners may be overwhelmed by their company’s IT demands. Fortunately, virtualization services are giving them a fighting chance to stay on top. Some technology vendors even recommend app virtualization services because many SMBs use it. Learn if it’s right for you by understanding the basics.

What are non-virtualized apps?

To understand app virtualization, first you need to understand how non-virtualized apps are installed.

When you install an application like Skype or Slack onto a computer, the installer program puts most of the files required for the app to run on your hard drive’s Program Files folder. This process is usually fine for personal use but may become problematic if you install similar apps on your device.

For instance, if two similar apps are installed on the same file destination, there’s a chance that they might conflict with each other and inevitably crash. Likewise, if you uninstall a program without knowing that it shares important files with another application, you run the risk of breaking the other one.

The solution to this is app virtualization.

What is app virtualization?

App virtualization involves running a program in an environment separate from the physical server, allowing you to run programs that are normally incompatible with a certain operating system (OS). In other words, virtualized apps trick your computer into working as if the application is running on a local machine, but in fact, you’re actually accessing the app from somewhere else.

Advantages of app virtualization

App virtualization offers numerous advantages for SMBs, including:

  • Quick installation times and less money spent on local installation
  • Allowing incompatible applications to run on any local machine. For instance, if your laptop is dated and can’t run the latest apps on its own, you can lighten the load on your CPU by accessing virtualized apps instead.
  • Mac users can run any Windows apps if your company’s local server runs Windows OS.
  • Applications on your computers won’t be in conflict with each other since virtual apps are installed in a separate location.
  • Upgrading is easy because your IT team won’t have to upgrade applications in individual desktops, they just have to upgrade the virtual application within the company’s local server.
  • Applications can be accessed from any machine, allowing your employees to work from home or on the go if they choose to.

Things to consider

Before you start deploying app virtualization solutions, you need to have a stable network connection so users can smoothly stream apps. Note that some apps like antivirus programs are difficult to virtualize since they need to be closely integrated with your local OS.

Virtualizing a workplace is no easy task, and that’s where we come in. If you’re convinced that your company can benefit from app virtualization, get in touch with our IT experts today.

Be Aware of these 4 Types of Hackers

Hackers come in all shapes and sizes. From kids wanting to gain notoriety on the internet to political groups trying to send a message, the motives for a cyberattack vary widely. So how can you protect yourself? It all starts with getting to know your enemy a little better. Here’s a profile of four different types of hackers.

Script Kiddies

Skill-wise, script kiddies (or skids, for short) are at the bottom of the hacker totem pole. Their name comes from the fact that they use scripts or other automated tools written by others. Most of the time, script kiddies are young people on a quest for internet notoriety. Or, more often than not, they’re simply bored and in search of a thrill. Many never become full-time hackers; in fact, many script kiddies end up using their skills for the greater good, working in the security industry.

Though lacking in hacking know-how, script kiddies shouldn’t be dismissed so easily, as they can cause businesses much damage. In May 2000, for instance, a couple of skids sent out an email with the subject line “ILOVEYOU” and ended up causing a reported $10 billion in lost productivity and digital damage.

Hacktivists

Hacktivists are primarily politically motivated, and they often hack into businesses and government systems to promote a particular political agenda or to effect social change. These so-called “hackers with a cause” steal confidential information to expose or simply disrupt their target’s operations.

If you’re a small- or medium-sized (SMB) owner, don’t think for a second that you’re immune to hacktivist attacks. This is especially true if your company is associated or partnered with organizations that are prime hacktivist targets. Or, if your business provides services that can be seen as unethical, you may targeted by hacktivists as well.

Cybercriminals

When a hacker breaks into digital systems or networks with malicious intent, they are considered a cybercriminal. Cybercriminals target everyone from individuals to SMBs to large enterprises and banks that either have a very valuable resource to steal or security that is easy to exploit, or a combination of both.

They can attack in a number of ways, including using social engineering to trick users into volunteering sensitive personal or company data, which they can then sell in underground markets in the dark web. They can also infect computers with ransomware and other malware, or use digital technology to carry out “conventional crimes” like fraud and illegal gambling.

Insiders

Perhaps the scariest type of hacker is the one that lurks within your own organization. An insider can be anyone from current and former employees to contractors to business associates. Oftentimes their mission is payback: to right a wrong they believe a company has done them, they’ll steal sensitive documents or try to disrupt the organization somehow. Edward Snowden is a prime example of an insider who hacked his own organization — the US government.

Now that you know what motivates your enemy, and you think you might be a target, it’s time to secure your business from the different types of hackers out there. Get in touch with our experts today to learn how.

Forget These Disaster Recovery Myths

Disaster recovery (DR) isn’t what it used to be. Long gone are the days when a DR solution cost over a hundred thousand dollars and relied predominantly on tape backups. Cloud computing has dramatically changed the DR landscape. Unfortunately, there are still many misconceptions about DR. Here are a few of the myths that no longer apply.

Tape Backups are the Best DR Solution
Backup tapes are physical objects that deteriorate over time. Don’t believe us? Try listening to a cassette tape from the ‘90s. Over time, tape backups become distorted and stop working. Deterioration is slow and may only affect some files in the early stages, so don’t settle for a mere cursory check. Tape backups are not the best for DR solutions, but they are an excellent price for offline storage. Super DLT Tape II can store up to 600GB of data and has a shelf life of 30 years if stored in the right environment; much longer than any backup medium.

Aside from backups in your office, another set of tape backups needs to be stored outside your premises. In case a natural disaster damages your office, not all your data will be wiped out. But if your storage space isn’t safe from the elements, this could also be a problem.

BUT,  a cloud backup solution is a much better DR solution.  The backups are always available,  online and ready when you need them for the disaster.  The right DR solution can get you back online in minutes, while the tape backups take much longer to restore data.   A Tape backup is not a good DR solution. Unlike tape backups, a cloud-based backup saves you time. Data is automatically backed up online, and you don’t need to spend time managing boxes of tapes. Your time is better spent on your assigned tasks, not IT management.

The RTO you want will be too expensive
Recovery time objectives (RTO) are essential to any DR plan. You need to get everything up and running again as quickly as possible to avoid serious losses. In the days before the cloud, a swift recovery time could cost you well into six figures. Today, cloud and virtualization solutions have made this much more affordable, and faster than ever before.

Most DR providers can back up your critical data in an hour or two. And if you ever need to recover it, most services can do so in less than a day. That’s the power of the cloud. And when it comes to DR, it truly has changed everything.

Disaster recovery is for big business, not SMBs
The cloud has made this valuable service affordable for businesses of all sizes. From dental offices to small retail operations, SMBs can now take advantage of the best DR solutions on the market. Advances in IT and the cloud have eliminated the obstacles of complexity, costs, and insufficient IT resources.

We hope that by dispelling these myths, we’ve demonstrated to you that disaster recovery is more affordable and efficient than ever. If you’d like to learn how our DR solutions can safeguard your business, send us a message at info@wamsinc.com or call us at 800-421-7151 and we’ll gladly fill you in.

Which Business Computers are Best?

We know that IT plays a big role in reaching your small- and medium-sized business (SMB) milestones. When it comes to hardware, you don’t need to be an IT expert to find the best possible solution. Here’s a concise and helpful guide to the best hardware for your firm.

Portability

Laptops allow you to keep working when you don’t have an electrical outlet. However, this ability to take your work anywhere can be counterproductive by creating more stress on employees who think they must work all the time.

Memory/Speed

Desktop computers used to have more memory and faster processors than laptops. And although high-powered laptops have caught up, they are more expensive. If work is limited to word processing and emailing, affordable less-powerful laptops should be enough. Anything more will probably require a desktop machine.

We also recommend SSD hard drives to increase speed. These offer a huge increase in performance and should be considered for desktops and laptops.  Most modern laptops will come with a SSD, but they do cost a bit more.

Security

Data security is necessary not only against data leaks but as protection from litigation, reputation damage, and loss of business. With a network security system and IT staff, vulnerabilities are easier to address for desktop computers within office premises. They’re also less likely to be stolen.

For laptops, however, mobility makes them more vulnerable. Data loss is a real risk as laptops may be connected to unsecured networks and hotspots or be lost or stolen. You should consider hard drive encryption.  This way if the laptop is stolen the thief won’t be able to access anything on the laptop without the encryption password. Given the fact that they are so much smaller and more portable, keep in mind that laptops are also much easier to steal. NEVER and we mean NEVER leave your laptop in your car. Protecting your laptops require special safeguards, and consequently more time and money.

Price

Laptops and desktops come in varying prices according to preferences. On the cheaper end of the price range spectrum, there are notebook-style laptops that are limited to word processing and web browsing capabilities. Desktops have affordable equivalents as well. The deciding factor when it comes to price is your IT service provider or hardware supplier. With the right partner, you should be able to get a good bulk deal on powerful but affordable desktops or laptops.

Longevity

Laptop computers may provide the convenience of mobility, but it’s much harder to upgrade their components as they get older. Laptops are also easier to drop or damage and more expensive to replace or repair. Being in a fixed location, desktops are less prone to this. And unlike laptops, many desktops are not always pre-assembled. Many desktops can be custom built with parts that are easily removed, replaced, or upgraded. You should also consider hard drive encryption.  This way if the laptop is stolen the thief won’t be able to access anything on the laptop without the encryption password.

Final Recommendation

A growing company really needs a combination of both types of computers. However, a desktop computer will be generally more reliable for the fledgling company owner. Laptops should be added as budget permits to provide that extra portability and convenience, especially for managers who work remotely.

If you have other questions regarding enterprise hardware, give us a call at 800-421-7151. We’d be happy to recommend the best solution according to your company’s business needs and objectives.

4 Social Engineering Scams to Watch Out For

Experts are constantly creating new security systems to protect individuals and businesses from hackers. From those who want to attend popular events like the Olympics to avoiding an angry boss, hackers are preying on gullible victims to circumvent network security systems and steal sensitive information. If you don’t want to be the next victim, read about the most common social engineering scams here.

Phishing

This is the most frequently used social engineering attack, especially against small businesses. Check out these frightening statistics:

How is phishing carried out? Criminals make use of emails, phone calls, or text messages to steal money. Victims are directed to phony websites or hotlines and are tricked into giving away sensitive information like names, addresses, login information, social security, and credit card numbers.

To protect yourself, be wary of emails from people you don’t know that offer you a prize, come with attachments you didn’t request, direct you to suspicious sites, or urge you to act quickly. Phishing emails usually appear to come from reliable sources, but they are wolves in sheep’s clothing.

One of the most infamous and widespread examples of phishing was during the 2016 Summer Olympics in Rio, where victims received fraudulent emails for fake ticketing services that stole their personal and financial information.

Be aware of Whaling as well. Whaling and Phishing are both very similar:

Phishing is more automated, hoping you go to their fake website and type a real username/password so they can access your data.

Whaling is the same thing, but a real person is behind the email making it look legitimate and harder for filters to block it. They often ask for bank transfers or something similar. They will also respond quickly if you respond to the email to start a conversation and suck you in.

Tailgating

What’s the fastest and easiest way for criminals to enter a secure office? Through the front door, of course! Tailgating happens when an employee holds the door open for strangers and unauthorized visitors, allowing them to infiltrate an organization. This simple act of kindness enables fraudsters to enter restricted areas, access computers when no one is looking, or leave behind devices for snooping.

Quid pro quo

Here, scam artists offer a free service or a prize in exchange for information. They may lure their victims with a gift, concert tickets, a T-shirt, or early access to a popular game in exchange for login credentials, account details, passwords, and other important information. Or hackers may volunteer to fix their victims’ IT problems to get what they want. In most cases, the gift is a cheap trinket or the tickets are fake, but damages from stolen information are all too real.

Pretexting

Fraudsters pretend to be someone else to steal information. They may pose as a telemarketer, tech support representative, co-worker, or police officer to fish out credit card information, bank account details, usernames, and passwords. The con artist may even convince the unsuspecting victim to apply for a loan over the phone to get more details from the victim. By gaining the person’s trust, the scammer can fool anyone into divulging company secrets.

Also, and we cannot emphasize this enough, be aware of shoulder surfing. Shoulder surfing happens when someone is standing over your shoulder and watching the keystrokes that you enter while typing your password. Often this happens fairly quickly, and you may not even notice it. We all know that if someone obtains your password, they have access to your entire online life; keep an eye out for people nearby when typing in your passwords.

In spite of the many security measures available today, fraudsters and their social engineering schemes continue to haunt and harm many businesses. Thus, it’s best to prepare for the worst. To protect sensitive information, educate yourself and be careful. Remember: If anything is too good to be true, it probably is!

To shield your business from social engineering attacks, don’t take chances! Get in touch with us today by calling 800-421-7151.

4 Questions You Should Ask Any IT “Expert” Before Letting Them Touch Your Network

As businesses have become ever more dependent on technology, IT services providers have been popping up left and right. They’ve all got different strengths, capabilities and price points to consider. Some charge you by the hour and, while available to address any concerns you may have, they are pretty hands-off. Others are working on your network around the clock but charge more in turn. Many may boast an impressive record when working with a broad range of companies, but lack the experience necessary to understand the ins and outs of your specific industry. Some cost way too much month-to-month, while others try the “bargain bin” approach, but as a result, can’t afford to field the staff needed to respond to issues in a timely fashion.

There’s certainly a lot to consider when looking for an IT services provider for your business. And if you’re not particularly knowledgeable about information technology yourself, it can sometimes feel like you’re going into the process blind.

To suss out whether an IT company will mesh with your business’s workflow and industry specific requirements, it’s important to vet them thoroughly. The key is to ask the right questions. Here are four that will allow you to zero in on any IT company’s priorities and strengths, and help you determine whether or not they are a good fit for your organization.

1.DO YOU TAKE A PROACTIVE OR ‘BREAK-FIX’ APPROACH TO IT?

When your car breaks down, you take it to the shop and you get it fixed. The mechanic charges you for the work done and for the parts, and then sends you on your way. Many business owners consider their computer network to be the same kind of deal. Why not just wait until an outage happens and then call up somebody who charges by the hour to fix it? That way, they imagine, they won’t be paying for “extra” services they think they don’t need.

But unfortunately, unlike your car, when your network is out, you’re losing dollars every single minute. The

cost of a network outage is difficult to overstate – not only will it bring your business to its knees while it’s out, but it’ll frustrate customers and employees and result in a cascading set of problems.

Instead of a “break-fix” technician on hand, you need a managed IT services provider. These experts work directly with your company to optimize your network and its security at every turn, and are available nearly any time to address your concerns. And they’re genuinely invested in providing the best service possible, since it’s in their best interest as well.

2. WHAT IS YOUR GUARANTEED RESPONSE TIME?

We’ve all needed something fixed before and had to wait for hours, days or even weeks before anyone bothered to come by and solve the problem. Don’t let that happen to your business. If a company can’t guarantee a response time, it’s probably not a company you want to be working with.

3. WHAT WILL COST ME EXTRA?

This question is particularly important if you’re looking at a managed services provider (which you should be). The last thing you need is for a crisis to strike, only to discover you need to shell out a bunch of surcharges to get your network back up and running. Make sure the costs and services included are crystal clear before you sign anything.

4. HOW MUCH EXPERIENCE DO YOU HAVE?

As scrappy as the “new kid on the block” may be, you don’t want them in charge of one of the most important aspects of your business. Make sure any IT professionals you do business with have extensive experience not only in IT, but in your particular industry as well. That way they’ll know exactly what to do to optimize processes and keep your data under lock and key.

If you feel that your IT company is not transparent about all of this, it may be time to look elsewhere. Call us at 800-421-7151 today with any questions and you will receive only the most honest answers from account managers who are more than happy to help!

A Quick Guide to Choosing a Mouse

The good ol’ two-button mouse just won’t cut it anymore. They’re unresponsive, uncomfortable, and the cord somehow ties itself up every time you put it in your bag. However, buying a new mouse can be confusing, so if you’re having difficulty picking the right one, here are some things you should keep in mind.

Cable or wireless?

Choosing between a wired or a wireless mouse is a factor you have to consider if you’re planning on purchasing a new mouse. Wireless mice are generally more comfortable since your range of movement isn’t limited by a cable and they’re usually travel friendly. However, they tend to be less responsive, which can be frustrating.

In some cases, wireless mice can also interfere with other wireless devices nearby, and most require batteries, which can create problems when they run out of juice. And, if you use the same mouse for both work and home, you run the risk of losing the tiny USB receiver for your wireless mouse when you travel.

On the other hand, wired mice are cheaper and easy to plug-and-play. The only problem you’ll have to worry about is dealing with tangled wires. So when you’re deciding on a new mouse, think about whether you’re looking for comfort or convenience. Always keep in mind that wireless mice tend to be slightly heavier due to the battery that must be included to keep it running. It may not seem like much, but it will affect the way you work with it. If you have sensitive wrists or are prone to carpal tunnel, you may want the lightest mouse possible.

Ergonomics matters

You’re going to be using the new mouse for a while, so it’s important to choose one that feels comfortable in your hands. When deciding on the right mouse, focus on the size and the grip of the device. The size of the mouse usually comes down to hand size. For example, someone with smaller hands might find larger mice quite unwieldy.

Certain mice can also accommodate different types of grips — fingertip grip, palm grip, and claw grip. Users who want high-precision control of their cursor should opt for a mouse with fingertip grip, those needing comfort should get a palm grip mouse, and if you want both control and comfort, the claw grip mouse is the way to go. Another feature to be mindful of is the side scrolling wheel; this may be beneficial if you work frequently with large excel spreadsheets and pivot tables as this makes navigating through them much easier.

DPI (dots per inch)

Higher sensitivity is necessary for precise mouse movements, especially if you’re editing images, videos, or audio files. Mice with 1200 DPI or greater guarantee finer control.

Although mouse specifications like DPI might be the last thing on your mind when it comes to buying new hardware, your comfort is important. A good mouse with the right fit can make you more efficient and reduce the risk of injury.

If you need assistance setting up the best hardware for your company, give us a call at 800-421-7151. We’re happy to help.

Master Microsoft Excel with these 3 Tips

Digital literacy is all about mastering essential computer skills like navigating search engines and word processors. But one of the most crucial you need to learn is Excel. Check out these tips to be an Excel master.

Pie and Sunburst Charts

Everyone knows that bombarding stakeholders with endless numbers and decimal points is the wrong approach. You need to compile data and develop comprehensive pie or sunburst charts to make life easier for clients and investors.

Here’s how to create a pie chart:

  1. Select your data.
  2. Click on the Recommended Charts tool to see different style chart suggestions for your data.
  3. Click on the Chart StylesChart Filters, or Chart Elements button in the upper-right corner of the chart to personalize its overall look or add chart elements, such as data labels or axis titles.

Steps to create a sunburst chart:

  1. Select all your data.
  2. Click Insert > Insert Hierarchy Chart > Sunburst.
  3. Go to the Design and Format tabs to tailor its overall look.

Pivot Tables

Pivot Tables might be one of the most powerful yet intimidating data analysis tools in Excel’s arsenal. It allows you to summarize huge chunks of data in lists or tables without using a formula. All you need to do is to:

  1. Select the data, which must only have a single-row heading without empty columns or rows.
  2. Click Insert > PivotTable.
  3. Under Choose the data that you want to analyze, click Select a table or range.
  4. In the Table/Range box, validate the cell range.
  5. Under Choose where you want the PivotTable report to be placed, click New worksheet, or Existing worksheet and enter the location where you want to place the PivotTable.

Conditional Formatting

This tool highlights essential information within your dataset. For instance, you’re presenting the latest numbers on project efficiency and you use Conditional Formatting to highlight any number lower than 80%. The highlighted data will capture the audience’s attention, allowing them to identify the bottlenecks in your projects. To customize how the data is displayed, simply:

  1. Select the cell.
  2. Click Home > Conditional Formatting.
  3. Click Format.
  4. Change your formatting preference in the Color or Font style box.

Excel is one of the most commonly used business software on the market, yet not everyone knows how to fully utilize it. If you want to learn more about other handy Excel features, give us a call today at 800-421-7151 and we’ll elevate your user status from beginner to pro with some training!

5 Simple but Effective Cybersecurity Tricks

Can you name five cybersecurity best practices? Most people can’t, and few of those who can, actually follow them. Unfortunately, cyberattacks are far too common to be lax about staying safe online. Your identity could be stolen, or even worse, you could expose private information belonging to your company’s clients. There are many ways you can protect yourself, but this list is a great starting point.

1. Multi-factor authentication (MFA)

This tool earns the number one spot on our list because it can keep you safe even after a hacker has stolen one of your passwords. That’s because MFA requires more than one form of identification to grant access to an account.

The most common example is a temporary code that is sent to your mobile device. Only someone with both the password and access to your smartphone will be able to log in. Almost any online account provider offers this service, and some let you require additional types of verification, such as a fingerprint or facial scan.

2. Password managers

Every online account linked to your name should have a unique password with at least 12 characters that doesn’t contain facts about you (avoid anniversary dates, pet names, etc.). Hackers have tools to guess thousands of passwords per second based on your personal details, and the first thing they do after cracking a password is to try it on other accounts.

Password manager apps create random strings of characters and let you save them in an encrypted list. You only need one complex password to log into the manager, and you’ll have easy access to all your credentials. No more memorizing long phrases, or reusing passwords!

3. Software updates

Software developers and hackers are constantly searching for vulnerabilities that can be exploited. Sometimes, a developer will find one before hackers and release a proactive update to fix it. Other times, hackers find the vulnerability first and release malware to exploit it, forcing the developer to issue a reactive update as quickly as possible.

Either way, you must update all your applications as often as possible. If you are too busy, check the software settings for an automatic update option. The inconvenience of updating when you aren’t prepared to is nothing compared to the pain of a data breach.

4. Disable flash player

Adobe Flash Player is one of the most popular ways to stream media on the web, but it has such a poor security record that most experts recommend that users block the plugin on all their devices. Flash Player has been hacked thousands of times, and products from companies like Microsoft, Apple, and Google regularly display reminders to turn it off. Open your web browser’s settings and look for the Plugins or Content Settings menu, then disable Adobe Flash Player.

5. HTTPS Everywhere

Just a few years ago, most websites used unencrypted connections, which meant anything you typed into a form on that site would be sent in plain text and could be intercepted with little effort. HTTPS was created to facilitate safer connections, but many sites were slow to adopt it or didn’t make it the default option.

HTTPS Everywhere is a browser extension that ensures you use an encrypted connection whenever possible and are alerted when one isn’t available on a page that requests sensitive information. It takes less than one minute and a few clicks to install it.

If you run a business with 10 or more employees, these simple tips won’t be enough to keep you safe. You’ll need a team of certified professionals that can install and manage several security solutions that work in unison. If you don’t have access to that level of expertise, our team is available to help. Give us a call today at 800-421-7151 to learn more.

Watch Out for this Persuasive Phishing Email

Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s a new phishing scam making the rounds and the digital bait is almost impossible to distinguish from the real thing. Here are the three things to watch out for in Office 365 scams.

Step 1 – Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 – Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.

Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 – Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site’s URL before entering your password. A zero can look very similar to the letter ‘o’ (e.g. 0ffice.com/signin).

Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today at 800-421-7151 to learn more!

How to Make Sure You Never Fall Victim to Ransomware

Late last March, the infrastructure of Atlanta was brought to its knees. More than a third of 424 programs used nearly every day by city officials of all types, including everyone from police officers to trash collectors to water management employees, were knocked out of commission. What’s worse, close to 30% of these programs were considered “mission critical,” according to Atlanta’s Information Management head, Daphne Rackley.

The culprit wasn’t some horrific natural disaster or mechanical collapse; it was a small package of code called SAMSAM, a virus that managed to penetrate the networks of a $371 billion city economy and wreak havoc on its systems. After the malicious software wormed its way into the network, locking hundreds of city employees out of their computers, hackers demanded a $50,000 Bitcoin ransom to release their grip on the data. While officials remain quiet about the entry point of SAMSAM or their response to the ransom, within two weeks of the attack, total recovery costs already exceeded $2.6 million, and Rackley estimates they’ll climb at least another $9.5 million over the coming year.

It’s a disturbing cautionary tale not only for other city governments, but for organizations of all sizes with assets to protect. Atlanta wasn’t the only entity to buckle under the siege of SAMSAM. According to a report from security software firm Sophos, SAMSAM has snatched almost $6 million since 2015, casting a wide net over more than 233 victims of all types. And, of course, SAMSAM is far from the only ransomware that can bring calamity to an organization.

If you’re a business owner, these numbers should serve as a wake-up call. It’s very simple: in 2018, lax, underfunded cyber security will not cut it. When hackers are ganging up on city governments like villains in an action movie, that’s your cue to batten down the hatches and protect your livelihood.

The question is, how? When ransomware is so abundant and pernicious, what’s the best way to keep it from swallowing your organization whole?

1. BACK UP YOUR STUFF
If you’ve ever talked to anyone with even the slightest bit of IT knowledge, you’ve probably heard how vital it is that you regularly back up everything in your system, but it’s true. If you don’t have a real-time or file-sync backup strategy, one that will actually allow you to roll back everything in your network to before the infection happened, then once ransomware hits and encrypts your files, you’re basically sunk. Preferably, you’ll maintain several different copies of backup files in multiple locations, on different media that malware can’t spread to
from your primary network. Then, if it breaches your defenses, you can pinpoint the malware, delete it, then restore your network to a pre-virus state, drastically minimizing the damage and totally circumventing paying out a hefty ransom.

2. GET EDUCATED
We’ve written before that the biggest security flaw to your business isn’t that free, outdated antivirus you’ve installed, but the hapless employees who sit down at their workstations each day. Ransomware can take on some extremely tricky forms to hoodwink its way into your network, but if your team can easily recognize social engineering strategies, shady clickbait links and the dangers of unvetted attachments, it will be much, much more difficult for ransomware to find a foothold. These are by far the most common ways that malware finds it way in.

3. LOCK IT DOWN
By whitelisting applications, keeping everything updated with the latest patches and restricting administrative privileges for most users, you can drastically reduce the risk and impact of ransomware. But it’s difficult to do this without an entire team on the case day by day. That’s where a managed services provider becomes essential, proactively managing your network to plug up any security holes long before hackers can sniff them out.

The bad news is that ransomware is everywhere. The good news is that with a few fairly simple steps, you can secure your business against the large majority of threats. Give us a call at 800-421-7151 for more information on how we protect you from ransomware.

How Business Continuity Plans Can Fail

Just because your IT provider has a plethora of awards and certifications under its belt doesn’t mean that you can blindly hand over your business’s future to them. Often times, there are some aspects in your business continuity plan that tend to be overlooked by your provider. We have rounded up some of these issues on your business continuity plans.

Over-optimistic testing

The initial testing attempt is usually the most important. It’s when IT service providers can pinpoint possible weak points in the recovery plan. However, what usually happens is that they test the system in full, instead of via a step-by-step process. This results in them missing out specific points, with too many factors overwhelming them all at the same time.

Insufficient remote user licenses

A remote user license is given by service providers to businesses so that when a disaster strikes, employees can log in to a remote desktop software. However, a provider may only have a limited number of licenses. In some cases, more employees will need to have access to the remote desktop software than a provider’s license can allow.

Lost digital IDs

When a disaster strikes, employees will usually need their digital IDs so they can log in to the provider’s remote system while their own system at the office is being restored. However, digital IDs are tied to an employee’s desktop, and when a desktop is being backed up, they are not automatically saved. So when an employee goes back to using their ‘ready and restored’ desktop, they are unable to access the system with their previous digital ID.

Absence of a communications strategy

IT service providers will use email to notify and communicate with business owners and their employees when a disaster happens. However, this form of communication may not always be reliable in certain cases, such as when the Internet is cut off, or there are spam intrusions. Third-party notification systems are available, but they are quite expensive, and some providers sell them as a pricey add-on service.

Backups that require labored validation

After a system has been restored, IT technicians and business owners need to check whether the restoration is thorough and complete. This validation becomes a waste of time and effort when the log reports are not easy to compare. This usually happens when IT service providers utilize backup applications that do not come with their own log modules, and have to be acquired separately.

These are just some reasons why business continuity plans fail. It is important for business owners to be involved with any process that pertains to their IT infrastructure. Just because you believe something works doesn’t necessarily mean that it works correctly or effectively. If you have questions regarding your business continuity plan, get in touch with our experts today at info@wamsinc.com and 800-421-7151.

Upgrading to a Dual Monitor System

Small businesses and firms are always searching for ways for their employees to be more effective computer users. But before you go out and buy bigger hard drives and faster processors, you should consider upgrading your desktops to a dual monitor system. Read on to find out about the advantages of using two monitors per desktop.

Enhanced productivity
Published studies conclude that by working with dual monitors, overall productivity increases by 20-50%. Computer programmers, for example, can use one screen for source coding and the other for programming; by using dual monitors, they no longer need to toggle back and forth between tabs. This reduces error and frees up time to complete more projects.

Better multitasking
Efficient multitasking requires adequate screen space to keep multiple applications simultaneously visible — a view that single monitors alone simply cannot accommodate. Workers who require computers, like customer service reps and web designers, would no longer waste time switching between tabs and resizing windows to fit the limited space; they could now focus on completing their tasks accurately and efficiently.

Easier cutting and pasting
This reason resonates with jobs that call for creating newsletters, complex documents, or PowerPoint presentations. Dual monitors would eliminate the need for alternating between tabs and scrolling up and down as you work. Also, the enhanced visibility reduces chances of making mistakes and thus losing more time fixing them.

Image and video editing
With dual monitors, the days of stacking numerous editing tools on top of the image or video you’re working on are long gone. Instead of your screen looking like a game of Mahjong, you can put the editing tools on one screen and leave the image on the other. With better visibility, you’re less likely to commit errors and more likely to be finessed, and you’re not sacrificing valuable working time in the process.

Dual monitors benefit almost every industry because of the enhanced visibility, larger screen space, and how you can briefly nap behind them without getting caught Using dual monitors can enhance even your leisure time activities as well.

Broaden your horizons by getting in touch with us at 800-421-7151 or info@wamsinc.com. We’ll answer any questions you have.

4 BYOD Security Risks You Should Prepare For

Personal computing is with us wherever we go. Thanks to the rise of the mobile industry, smartphones and tablets allow us to take work home with us. And with the bring your own device (BYOD) strategy, businesses have never been so productive. However, BYOD can pose a number of security risks if you’re not careful. Here are some BYOD security issues you should know before implementing it.

Data leakage

The biggest reason businesses are wary of implementing a BYOD strategy is because it can leave the company’s system vulnerable to data breaches. Personal devices are not part of your business’s IT infrastructure, which means that these devices are not protected by company firewalls and security systems.

Employees might also take work with them to places outside of your company premises that don’t have adequate security settings, thus leaving your system vulnerable to inherent security risks.

Lost devices

Another risk your company has to deal with is the possibility that employees will lose their personal devices. If devices with sensitive business information get lost and fall into the wrong hands, anyone can gain unauthorized access to valuable company data stored in that particular device. Therefore, you should consider countermeasures and protocols for lost devices, like remotely wiping a device of information as soon as an employee reports it missing or stolen.

Possible hacking

Personal devices tend to lack adequate data encryption to keep other people from snooping on private information. On top of this, your employees might not regularly update their devices’ software, rendering their devices and your IT infrastructure susceptible to infiltration.

Connecting to open WiFi spots in public places also makes your company vulnerable and open to hackers, because hackers may have created those hotspots to trick people into connecting. Once the device owner has connected to a malicious hotspot, attackers can see your web activity, usernames, and passwords in plain text

Vulnerability to malware

Viruses are also a big problem when implementing BYOD strategies. If your employees use their personal devices, they can access sites or download mobile apps that your business would normally restrict to protect your system.

As your employees have the freedom to choose whatever device they want to work with, the process of keeping track of vulnerabilities and updates is considerably harder. So if you’re thinking about implementing BYOD strategies, make sure your IT department is prepared for an array of potential malware attacks on different devices.

BYOD will help your business grow, but it comes with IT security risks that you should be prepared to handle.
Need help mitigating these BYOD risks? Call us today at 800-421-7151, and let’s find the best IT security solutions for your company.

Server Administration 101: Temperature

Servers are the heart of many firms and businesses.  And with the strain that most businesses put on their servers, one of the most important maintenance variables is temperature management. Understanding why keeping your servers cool is vitally important and could save you from an expensive crash, troubling data loss, or reduced hardware reliability.

How does temperature affect my servers?

High temperatures in server hardware can result in different types of damage. A server that completely crashes for any reason results in costly data loss and service interruptions, but the unbiased advisory organization Uptime Institute warns that overheating that doesn’t always result in total failure. Every 18 degrees higher than 70 degrees Fahrenheit, hardware reliability decreases by 50%. This decrease in reliability can be just as, if not more, expensive for your hardware budget in the long run.

Cooling methods can’t just be implemented and forgotten; they must be closely monitored to ensure the health of your server hardware in the short and long term. Options for temperature management range from simple low-budget solutions to expensive outsourced alternatives. Determining your server management budget will greatly depend on what types of methods you intend to implement at your SMB.

Cooling methods

Which system you use to cool your server largely depends on how much power your hardware is using. The more watts a computer needs to operate, the harder it’s working. This number will determine the scope of your temperature management needs.

For example, PCWorld says passive temperature control is adequate for any equipment operating at less than 400 watts. This includes simple solutions like positioning your server away from walls, low ceilings, cable clusters, and anything else that can block hot air from dissipating naturally.

For computers using between 400 and 2,000 watts, strategic ventilation becomes a necessity. Adding passive ventilation is viable up to 700 watts, but fan-assisted ventilation will be required above that and up to 2,000 watts. With the increased power consumption, temperatures will rise, and air movement needs to be more closely managed. At this stage, simple vent and oscillating fans will suffice.

Anything higher than 2,000 watts needs dedicated cooling solutions. This means air-cooled units to actively reduce server room temperature. Depending on the size and arrangement of the space, a simple self-contained unit may be enough to reduce temperatures to acceptable ranges. But if you’re not sure, you should schedule a consultation with a vendor to consider more drastic cooling and monitoring methods.

Keeping your servers running at ideal temperatures means smoother data operations, lower hardware budgets, and one less thing to worry about at your firm or business. As your business continues to grow and develop, keep close tabs on increasing server loads — it could save you from devastating data loss. If you need more detailed advice about server management, or have any other questions about your hardware setup, contact us today at 800-421-7151 or info@wamsinc.com.

How to Make the Most of Microsoft Word

Microsoft Word has become the go-to word processor for businesses big and small. It is used by every department and almost every type of personnel, but its constant updates and huge number of features mean there are lots of functions unknown to most users. Here, we uncover some of the most useful tricks with Word to help you get the most from it.

Edit simultaneously
You and your colleagues can now edit the same Word document at the same time. Just save yours in the cloud on OneDrive, click Share, then send the link to your colleagues. You’ll even be able to see them editing in real time.

Continue your work with Word Online
Don’t have the Word app on your computer, tablet, or smartphone? Go to word.office.com, sign in with your Microsoft account, and open Word Online, the browser version of Word. By clicking the blue Share button, your colleagues can access your document using Word Online or the Word app, which means anyone with the link and an internet connection can jump right in

Keep editorial control
With the Track Changes function, Word monitors all the edits that everyone makes to your document so you can go through the changes and accept or reject them accordingly.

To turn on Track Changes, click on the Review tab then select Track Changes. When reviewing a colleague’s edits, you have control to click on Accept or Rejectas you see fit.

Format the easy way: Write first, format later
The Style Gallery in Word makes it easy to format your document, despite the huge number of font types, sizes, colors, and effects to choose from. After finishing writing and editing your document, click the Home tab and you will see the Style Gallery prominently on top. Select the appropriate Headings in the font, size, and color that you like, and change any other text in any way you like — just make sure you don’t make any changes to the actual content that’s already been edited!

Insert photos faster, more conveniently
No need to open your browser to look for photos for your document. Just place the cursor on the area where you intend to insert the photo, click on the Insert tab, select Online pictures (type “clip art” on the search box if that’s what you need), select a photo, then click Insert.

Edit a PDF file
Click on the File menu, select Open, and choose Browse. Highlight the PDF you want to edit, then click Open. Word will convert files to the new format using text recognition, so double-check if the conversion is correct. Make the appropriate changes, then click File, then Save As, then Browse. A “Save as type:” dropdown menu will appear at which point you will choose “PDF” then click Save.

These tips may seem straightforward, but over time they can make a big difference in helping you work faster. Want to learn more Word tricks and tips? Get in touch with our Microsoft Office experts today!

New Spectre-Style Attack Discovered

Security experts are constantly discovering new potential threats, and quite recently, they’ve found a new type of Spectre-style attack more dangerous than the original. Here’s a quick rundown of the new Spectre variant.

Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails. Malicious code running on a computer or web browser could be used to exploit this vulnerability, but ever since Spectre was discovered, Microsoft, AMD, Intel, and other tech companies released a series of updates to fix it.

What is NetSpectre?
To perform Spectre attacks, malware would have to run on a targeted machine to extract sensitive data. But in late July, Austrian security researchers found a way to launch Spectre-style attacks remotely without locally installed malware. The new attack is called NetSpectre and it can be conducted over a local area network or via the cloud.

So far, it’s impractical for average hackers to use this method to steal data. In tests, researchers were able to steal data at a rate of between 15 to 60 bits per hour, which means it would take days to gather corporate secrets and passwords. As such, NetSpectre will probably be used by hackers who want to target specific individuals but don’t want to resort to obvious methods like phishing scams or spyware.

Experts also warn that while NetSpectre may be impractical now, hackers may develop faster and more powerful variants in the future.

How should you protect your business?
NetSpectre attacks exploit the same vulnerabilities as the original Spectre so it’s important to install the latest firmware and security updates. You should also secure your networks with advanced firewalls and intrusion prevention systems to detect potential NetSpectre attacks.

Last but not least, working with a reputable managed services provider that offers proactive network monitoring and security consulting services can go a long way in protecting your business from a slew of cyberthreats.

If you’re looking for a leading managed security services provider, talk to WAMS! We provide cutting-edge security software and comprehensive, 24/7 support. Call us today at 800-421-7151 for more information.

Cloud: 4 Common Myths Debunked

Overhyped reports of cloud hacks and server failures can lead some small business owners to be wary of a service that has so much to offer. So what are these common misconceptions about cloud computing? Here are a few myths people believe about the cloud.

#1. Cloud infrastructures are unsecure

Information security is a necessity for every business. And the most prevalent misconception about the cloud is the idea that cloud services lack appropriate security measures to keep data safe from intruders. Most users also think that the data stored in the cloud can be easily accessed by anyone, from anywhere, and at any time.

But the truth is it’s actually more secure for small businesses to use cloud services. Small companies usually can’t afford to hire an IT department let alone train them to deal with online security threats. Cloud providers, on the other hand, offer services such as multi-layered security systems and antivirus protection that not only specialize in keeping infrastructures safe from hackers but are available at a price that is much lower than you would pay for in-house IT staff.

Additionally, large cloud-based services such as G Suite and Office 365 are supported by an infrastructure that constantly installs updates and patches, which helps manage security breaches. This frees you from the burden of installing the updates yourself and managing the overall security of your system.

Users should understand that no company is completely safe from security threats regardless of their IT infrastructure. But data is likely to be more secure in the hands of cloud providers as they are the most prepared and qualified to protect your digital property.

#2. The cloud lacks proper encryption

Most people misunderstand how encryption is implemented to keep your data safe. For example, encryption is generally used for data in transition, where data is protected from anyone seeing it as it travels from one internet address to another. But encryption can also be applied to data at rest, where data is encrypted on a storage drive.

With this in mind, you should understand what types of encryption your business and its data require. When it comes to choosing the right cloud service, it is best to inform yourself about the security measures that a cloud infrastructure implements and look at how it can protect your company’s digital property.

#3. With the cloud you are no longer responsible for data security

While cloud security is important, protecting data ultimately rests on the users who have access to it. Misplacing unlocked mobile devices can leave your data vulnerable and compromise your entire cloud infrastructure. This is why we recommend strong verification mechanisms in place for devices that are used to access the cloud.

#4. The cloud is never faulty

Like many IT services, cloud-based services are not immune to technical difficulties. For example, some cloud businesses have suffered outages and server failures which corrupted files and may have lost data in the process.

Hacking is another reason why some cloud services fail. Using a less than optimal cloud service that is vulnerable to attacks can lead to stolen or deleted data, which would be near impossible to recover if you did not have any offline backups.

Before signing up for any type of cloud service, clarify with its provider what is guaranteed. Most cloud providers make promises about a service’s uptime or its safety from provider-related breaches.

Security is truly one of the biggest barriers to the adoption of cloud computing in a small business. But as cloud services expand and encryption technologies advance, cloud adoption is increasingly becoming the most cost-effective solution to meet the small business owner’s IT demands. Contact us today to learn how your business can take advantage of all the cloud has to offer.

5 Tips for Buying a New Computer

There are so many different types of computers out there, each with varying specifications and capabilities – how do you find the best one for your needs? Whether you’re purchasing a computer for yourself or for your family, here are a few things to keep in mind that will help you make the right decision.

Desktop or Laptop?

This depends on your working style and environment. The rule is quite simple: if you rarely work out of the office, get a desktop PC. If you need to work at home, on the go, or at client meetings, then go for a laptop. It’s worth noting that desktops are generally cheaper than laptops at similar specifications, have a longer usage life, and make for easier changing or upgrading of components. Laptops, on the other hand, are very portable due to their compact size, they consume less energy, and they offer a more flexible user experience.

Processor

If you want a computer that loads programs in a flash, completes tasks almost instantly, and runs smoothly at all times, then we recommend you invest in the strongest processors available. The performance of a processor is determined by its number of cores and speed, so the bigger the number, the better. These days, most users go for the latest octa-core processors, specifically if your tasks involve rendering high-definition images, animations, graphics, and analysis. For optimum results, get a processor with the higher number of cores.

RAM

Random Access Memory (RAM) allows your computer to perform multiple tasks at once without a hitch. Just like processors, the amount of RAM your computer has will determine how fast it will run when you work on several programs simultaneously. Nowadays, standard computers come with at least of 4GB of RAM, with 8GB being ideal for most users — to navigate smoothly between tasks such as email browsing, Internet surfing, and working on word processing documents and spreadsheets.

Hard Drive

The bigger the hard drive, the more space you have to store files. If you plan on using your computer with no peripherals, you’ll want to choose a computer that offers the biggest hard drive. But remember that you can always purchase an external hard drive to transfer or store files if your current hard drive is running out of space. Due to recent price changes making them more affordable, it is also a better option to use an SSD (Solid State Drive) as your main form of storage.

Operating Systems

Picking an operating system is a big decision when it comes to choosing a new computer. You’ll probably want to stick with an operating system you’re already familiar with, since it can take some time to adapt yourself to a new OS. Here are some of the popular options available on the market:

  • Windows 10
  • Mac OS X
  • Linux

Most people will just go for either Windows or Mac OS, because the complexity of Linux mean it is not popular among everyday users and we do not recommend them.

Want more hardware tips and tricks? Get in touch with our technology experts today at info@wamsinc.com.

IT Security Policies your Office Needs

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow. Here are four things your IT policies should cover.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call at 800-421-7151.

Regularly Evaluate Your Cybersecurity

Experts estimate that the global market for cybersecurity products this year will exceed that of last year. At first glance, an increase in spending seems necessary and shows that businesses are becoming more aware of cybersecurity issues. But a closer look may prove otherwise. Learn why your company could be investing in cybersecurity products the wrong way.

Uncover threats and vulnerabilities

Every business should evaluate the current state of its cybersecurity by running a risk assessment. Doing so is one of the easiest ways to identify, correct, and prevent security threats. After discovering potential issues, you should rate them based on probability of occurrence and potential impacts to your business.

Keep in mind that risk assessments are specific to every business and there is no one-size-fits-all approach for small business technology. It all depends on your line of business and operating environment. For instance, manufacturing companies and insurance groups have totally different applications to secure.

After tagging and ranking potential threats, you should identify which vulnerabilities need immediate attention and which ones can be addressed further down the line. For example, a web server running an unpatched operating system is probably a higher priority than a front desk computer that’s running a little slower than normal.

Tailor controls to risks

Instead of spending time and money evenly on all systems, it’s best that you focus on areas with high risk. You should address these issues immediately after an assessment, but also put plans in place to evaluate their risk profiles more often.

Assess existing products

Chances are, your organization has already spent a great deal of money on security products and their maintenance and support. By conducting risk assessments more often, you can improve the strategies you already have in place and uncover wasteful spending. You may discover that one outdated system merely needs to be upgraded and another needs to be ditched. Remember, your existing products were purchased to meet specific needs that may have changed immensely or disappeared altogether.

It’s much harder to overcome cybersecurity obstacles if you’re not regularly evaluating your IT infrastructure. Contact our experts at 800-421-7151 for help conducting a comprehensive assessment today!

The Benefits of Virtualization in 2018

The relationship between computer hardware and software can be frustrating. Both require the other to function properly, but both also require individual attention. Virtualization makes this relationship more flexible, and we’ve got a rundown on a few of the best examples.

More technology uptime
Virtualization vendors use fancy names for the features of their technology, but behind all the technobabble are some revolutionary concepts. Take “fault tolerance” for example. When you use virtualization to pool multiple servers in a way that they can be used as a single supercomputer, you can drastically increase uptime. If one of those servers goes down, the others continue working uninterrupted.

Another example of this is “live migrations,” which is just a fancy way of saying that employee computers can be worked on by technicians while users are still using them. Let’s say you’ve built a bare-bones workstation (as a virtual machine on the server), but you need to upgrade its storage capacity. Virtualization solutions of today can do that without disconnecting the user and restarting their computer.

Better disaster recovery
Data backups are much simpler in a virtualized environment. In a traditional system, you could create an “image” backup of your server — complete with operating system, applications and system settings. But it could be restored to a computer only with the exact same hardware specifications.

With virtualization, images of your servers and workstations are much more uniform and can be restored to a wider array of computer hardware setups. This is far more convenient and much faster to restore compared to more traditional backups.

More secure applications
In an effort to increase security, IT technicians usually advocate isolating software and applications from each other. If malware is able to find a way into your system through a software security gap, you want to do everything in your power to keep it from spreading.

Virtualization can put your applications into quarantined spaces that are allowed to use only minimum system resources and storage, reducing the opportunities they have to wreak havoc on other components of the system.

Longer technology lifespans
The same features that quarantine applications can also create customized virtual spaces for old software. If your business needs a piece of software that won’t work on modern operating systems, virtualization allows you to build a small-scale machine with everything the program needs to run. In that virtual space, the application will be more secure, use fewer resources, and remain quarantined from new programs.

In addition to software, virtualization also encourages longer life spans of old hardware components. With virtualization, the hardware an employee uses is little more than a window to the powerful virtual machine on the server. Employee computers need only the hardware required to run the virtualization window, and the majority of the processing takes place on the server. Hardware requirements are much lower for employees and equipment can be used for several years.

Easier cloud migrations
There are several ways virtualization and cloud technology overlap. Both help users separate processing power from local hardware and software, delivering computing power over a local network or the internet. Because of these similarities, migrating to the cloud from a virtualized environment is a much simpler task.

There is no debate about the benefits of this technology. The only thing standing between your business and more affordable, efficient computing is an IT provider that can manage it for you. For unlimited technology support, virtualization or otherwise, on a flat monthly fee — get in touch with us today at 800-421-7151!

How to Reduce Your PC Power Consumption

Every home or office has a computer. In one year, a typical desktop that’s on 24/7 releases carbon dioxide that’s equal to driving 820 miles in an average car. To save energy, you don’t need drastic changes; you can start with making small adjustments that will ultimately accumulate to significant savings.

1. Disconnect your external devices

Devices that connect to your PC like printers, sound systems, and webcams consume power, too. That’s why you should disconnect or remove these devices from your PC as soon as you’re done using them.

2. Use a smart strip, especially for computers you cannot turn off

A smart strip is a series of several electrical outlets in one strip, with circuits to monitor and maximize your gadgets’ power consumption. By connecting your PC and its peripherals (printer, speakers, scanners, etc.) to the smart strip, you don’t need to unplug your equipment when you’re not using them.

3. Adjust your computer’s energy settings

You can also consume less energy by adjusting your PC’s power settings. For example, you can make sure your hard drive and monitor go into “sleep” mode when they’re left idle for a few minutes. Lowering the screen brightness will also help you save electricity.

4. Shutdown and unplug your computer when not in use

If you are not yet using a smart strip, then it’s best to shut down the computer when you’re not using it. Also, make sure to unplug it, as leaving it plugged consumes standby power.

5. Use a charger only when charging your laptop

When we charge our laptops, it’s easy to just leave them there and forget about them. This results in the eventual degrading of the battery. Leaving the charger plugged on the wall also consumes standby power. So either use a wall outlet with a timer, or plug your charger on a smart strip instead.

6. And should you be in the market for a new PC, choose one that’s Energy Star compliant

Energy Star is the U.S. Environmental Protection Agency (EPA)’s symbol for energy efficiency. Every product that earns the Energy Star symbol is guaranteed to deliver quality performance and energy savings. Studies have shown that a single Energy Star compliant computer and monitor can save from $7 to $52 per year in electricity bills.

Saving energy is a combination of smart choices in hardware plus developing good energy-conservation habits. These tips should help you achieve that. If you need assistance in choosing the best hardware for your needs, call us and we’ll be glad to help you out.

Malware Strain Infects 200k More Devices

Yet another global malware infection has been making headlines and the story just took a turn for the worse. When the news of VPNFilter broke, experts warned that 500,000 devices were already infected, but now they believe that number is much higher. Thankfully, it’s not too late to protect yourself.

VPNFilter recap

A team of security researchers from Cisco released a report that a strain of malware had been discovered on hundreds of thousands of routers and network devices. Originally, researchers believed it affected only Linksys, MikroTik, Netgear, and TP-Link devices.

Like many malware strains, VPNFilter infects devices that use default login credentials. But it’s worse than the average cyberattack because it can destroy router hardware and cannot be removed by resetting infected devices.

As if destroying 500,000 routers wasn’t bad enough, VPNFilter lets its creators spy on networks and intercept passwords, usernames, and financial information.

What’s new

Just two weeks after VPNFilter was discovered, security experts announced that it targets 200,000 additional routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Worse yet, VPNFilter can alter data passing through infected routers. That means when you enter a username and password into a banking website, hackers could steal that information and show you an incorrect account balance to hide fraudulent deductions.

How to stop VPNFilter

Rebooting a router won’t remove the malware, you need to factory-reset the device. Usually, all this requires is holding down the Reset button on the back of the device for 10-30 seconds. If your router has no reset button or you’re unsure whether pressing it did the trick, contact a local IT provider immediately.

Cybersecurity threats have become so prevalent that even large enterprises struggle to keep their digital assets safe. Outsourcing IT support to a managed services provider like us will give you enough capacity to deal with issues like VPNFilter as soon as they arise. Call us today at 800-421-7151 to learn more.

Industries that Need Virtual Desktops

Apart from the cloud, one of today’s biggest IT trends is virtualization. And why not, it has helped countless businesses in more ways than one. An emerging model of virtualization is virtual desktop infrastructure (VDI), which involves hosting a desktop operating system and making it available on almost any device. It is most effective in the following use cases:

Legal

The legal industry is relying more and more on virtual desktops due to the mobility that they provide. Attorneys work long hours on cases and often have a home office, occasionally work from other offices, or need to access important information at a moment’s notice. With the right virtual desktop, attorneys can access the information that they need safely and under compliance. Virtual desktops are changing the way law firms are able to operate.

Healthcare

In an industry where every file is sensitive, the importance of confidentiality can’t be overstated. With VDI, rules and permissions can be customized based on the individual virtual desktop. As such, every medical professional can only view patient records relevant to them. It also allows them to log into their virtualized desktop while working across a variety of locations and devices.

Academic institutions

By leveraging VDI, a school’s IT team can create a virtual desktop — with the necessary restrictions implemented — for each student. If each classroom has a set of workstations, students’ desktop experiences will be consistent throughout their day. Even though they’ll be using different hardware every hour or two, they’ll always see the same desktop.

Companies with shift workers

In most cases, shift employees don’t really need one designated computer to fulfill their task because one computer is shared by multiple users. VDI makes it easy for companies to manage several desktop accounts on fewer devices. Workers can log into any devices, access their own virtual desktop, work as they do every day, and log off at the end of their shift.

Users with multiple computers

Depending on the nature of work, some positions require working with several computers on a regular basis. With VDI, they can integrate desktops and maintain it across two or more devices.

Field or remote staff

Employees that work remotely or in the field need access to tools and applications when on the job. A secure and reliable way to do it is through VDI. A complete VDI solution makes access to a consistent desktop experience possible anytime, anywhere, and using any device. It allows your remote or field workforce to operate effectively, no matter the circumstances.

Of course, these are just a few situations where VDI is helpful. Any business can enjoy security and productivity enhancements with a team of virtualization experts on call. Contact us today at 800-421-7151 to find out how we can help.

Tips to Reduce Risks After a Security Breach

No company is completely safe from data breaches. For proof, look no further than companies like Yahoo, AOL, and Home Depot, which compromised millions of personal customer information. That said, no business is completely helpless, either. The following steps can minimize the risks to your business in the event of a large-scale data breach.

Determine what was breached

Whether its names, addresses, email addresses, or social security numbers, it’s critical to know exactly what type of information was stolen before determining what steps to take. For example, if your email address were compromised, you’d take every precaution to strengthen your email security, which includes updating all your login credentials.

Change affected passwords immediately

Speaking of passwords, change yours immediately after any breach, even for seemingly safe accounts. Create a strong password comprised of alphanumeric and special characters, and make sure you never reuse passwords from your other accounts.

Once you’ve changed all your passwords, use a password manager to help you keep track of all your online account credentials.

If the website that breached your information offers two-factor authentication (2FA), enable it right away. 2FA requires two steps to verify security: usually a password and a verification code sent to a user’s registered mobile number.

Contact financial institutions

In cases where financial information was leaked, call your bank and credit card issuers to change your details, cancel your card, and notify them of a possible fraud risk. That way, banks can prevent fraud and monitor your account for suspicious activity.

Note that there are different rules for fraudulent transactions on debit cards and credit cards. Credit card transactions are a bit easier to dispute because they have longer grace periods. Debit card fraud, on the other hand, is more difficult to dispute, especially if the fraudulent transactions happened after you’ve notified the bank.

Place a fraud alert on your name

Hackers who have your personal information can easily commit identity fraud. To avoid becoming a victim, contact credit reporting bureaus like EquifaxExperian, or Innovis and request that a fraud alert (also called credit alert) be added to your name. This will block any attempt to open a credit account under your name and prevent unauthorized third parties from running a credit report on you.

Putting a credit freeze on your name might result in minor inconveniences, especially if you have an ongoing loan or credit card application. Still, doing so will greatly reduce your risks of getting defrauded.

These steps will ensure you don’t fall victim to identity theft in the event of a large-scale data breach. If you want to take a more proactive approach to protect your sensitive information against breaches, contact our cybersecurity experts today.

HTTPS Matters More for Chrome

HTTPS usage on the web has taken off as Chrome has evolved its security indicators. HTTPS has now become a requirement for many new browser features, and Chrome is dedicated to making it as easy as possible to set up HTTPS. Let’s take a look at how.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call WAMS today at 800-421-7151 for a quick chat with one of our experts to get started.

Should you Worry About the New IoT Malware?

A malware infection is one of the worst things that could happen to your Internet of Things (IoT) devices. But some users don’t even know there are IoT-targeted attacks that threaten computers, networks, and data. Rebooting an IoT device is a simple way to remove malware, but for those already infected with the latest strain, it’s not that simple.

What is the Hide And Seek malware?

The Hide and Seek (HNS) malware has created a “botnet” by quietly infecting thousands of devices using advanced communication methods. Without getting too technical, a botnet adds or “recruits” computers to their network to carry out malicious acts, such as overloading a network by telling every infected device in the botnet to try and connect at the same time.

The new HNS can’t be removed by resetting the infected device, which is the solution for most IoT malware strains. The new strain can also exploit a greater variety of devices and in less time than its predecessors. Experts believe it has already compromised more than 90,000 IPTC cameras and other devices.

IoT devices are easily hacked if they connect to the internet, which is home to opportunistic cybercriminals. And because businesses and consumers are expected to acquire and use more IoT devices (the market is expected to reach $1.7 trillion by 2020), it’s imperative to take cybersecurity precautions.

How can I protect my IoT devices?

Luckily, there are steps you can take to keep your devices — and ultimately your network and data — safe from HNS and other forms of malware.

  • Turn off your IoT devices when not in use to reduce their exposure to fast-spreading malware.
  • Take simple precautions to keep your WiFi networks safe, like changing your network’s default settings (including your network’s name), and using complex passwords that are changed from time to time.
  • For those who use a large number and variety of devices, install a threat management system that will block intruders and secure common threat entry points.
  • Be sure that your IoT devices are updated with the latest firmware. If the device is old and not supported, or new firmware is not being release, these devices should be replace with more reliable devices.

With HNS and other malware strains expected to increase in number and complexity, it’s more important than ever to take a multi-layered approach to security. Call us today at 800-421-7151 to learn more about which cybersecurity solutions are right for your business.

Debunking the Top 4 Virtualization Myths

Unless you work in IT, you don’t need to understand the intricacies of most business technology. Complicated explanations usually just lead to misunderstandings, which is especially true for virtualization. Many of the things you’ve heard about it are false.

Myth #1 – Virtualization is too expensive for SMBs

Many people assume that the more advanced an IT solution is, the more expensive it is to install and maintain. That’s not the case for virtualization, which is a strategy to boost hardware efficiency and cut costs.

Sure, a virtual server requires more support than a traditional one, but the capacity boost means you won’t need to purchase a second server for a long time – resulting in a net reduction of hardware and IT support expenses. Furthermore, managed virtualization services usually follow a pay-as-you-go model that costs just a few bucks per hour. It is important to also note the savings regarding power and cooling requirements; the lest physical servers you have, the less you are affected by these costs.

Myth #2 – Virtualization adds workplace complexity

Most people feel comfortable with the traditional computing model – one set of hardware equals one computer – but that doesn’t mean a new model has to be more complicated. With virtualization, one “traditional” computer can run as two or more virtual computers. The technical aspects of how that’s accomplished may be confusing, but the good thing is business owners don’t need to bother with those details.

Virtualization actually reduces complexity because it allows business owners to expand their IT systems whenever necessary without having to worry about hardware limitations.

Myth #3 – Support is hard to come by or inconvenient

You may be more familiar with The Cloud than with virtualization, but that doesn’t mean the latter is a niche technology. The value of the virtualization market in 2016 was $5.6 billion and supported by IT providers all over the country. It’s also a technology that works well with remote support, which means technicians can install upgrades or resolve issues without having to travel to your office.

When you choose to invest in the cloud, everything is virtualized. Amazon, Microsoft Azure, and Citrix are the most common vendors; any cloud service provider should steer you toward one of these.

Myth #4 – Software licensing is more difficult

There’s a misconception that if your server is running three virtual Windows 10 computers, you’ll have to jump through extra licensing hoops. In reality, virtualization follows the same licensing rules as traditional computing: one desktop, one license, which means you won’t need to rethink your software budget.

It’s natural for new technologies to cause confusion, and virtualization does require a new way of thinking about IT hardware. But as long as you have certified technicians like ours on hand, everything will run smoothly. Give us a call today at 800-421-7151 to find out how we can lower your hardware costs and simplify your IT support.

AI-Powered Advances in Customer Support

High-quality products and services can make a business successful, but exceptional customer service is what makes customers come back. This is why companies constantly try to innovate their customer service strategy — and some do it by adding artificial intelligence (AI) into the mix.

How AI capabilities enhance customer service

AI has two capabilities that enhance customer service: machine learning and natural language processing.

Machine learning studies historical customer data in your systems and equips your customer service staff with all the information they need to address concerns much faster and provide personalized product suggestions, discounts, and offers. It’s the same mechanism that enables Facebook to suggest friends and brands to add or follow, and allows Amazon to personalize product recommendations.

On the other hand, AI’s natural language processing capabilities make it possible for businesses to deploy computerized customer service systems that don’t require human support staff. AI-enabled systems can ‘talk’ to customers via software similar to that of Apple’s Siri, Google’s Alexa, and Windows’ Cortana.

Automated, accurate, and agile responses

Although well-trained employees can multitask and solve customer problems, humans make mistakes. Automated systems like chatbots provide accurate and quick responses because they can be programmed to respond rapidly and accurately, handle large volumes of queries, and be available 24/7.

For example, a restaurant chain that often receives queries about a branch’s opening hours can use a chatbot to handle questions about store hours, reservations, and other simple concerns. A retail store chatbot can also make online ordering seamless by answering questions about product sizes and/or availability.

Overall, AI-enabled chatbots can reduce or eliminate pain points commonly encountered with human customer service representatives, such as long wait times, inefficient escalation of complex concerns, and negative human emotions from irate customers, all of which affect customer satisfaction levels.

Cost-efficient support

Businesses spend thousands of dollars to hire and train customer service representatives. But based on studies, the high attrition rates in the call center industry cost them a lot of money. Some companies even let operations staff handle customer support, which then affects productivity and reduces profitability.

AI-powered platforms reduce the time and money spent on customer service because you don’t need to hire more support staff in case of business expansion. Instead, you can reprogram customer service software so that queries about new products or new business locations can be easily addressed.

Many customers still prefer to have their problems solved by humans. And for banks, hotels, hospitals, and businesses where complicated concerns require human customer service agents, an AI-powered support system can facilitate seamless issue resolutions.

Fortunately, there are plenty of technology options to make customer service and other functions more efficient. Call us today for innovative business technology solutions.

New Malware Infects SOHO Routers Worldwide

Talos recently warned that at least half a million routers have been endangered by a new form of malware called VPNFilter. After an earlier version targeted devices in Ukraine, VPNFilter has spread rapidly in around 54 countries, affecting home and small business routers.

How VPNFilter Works

Talos cited the vulnerable devices as Linksys, MikroTik, Netgear, and TP-Link networking equipment, as well as network-attached storage (NAS). Upon infecting a small office home office (SOHO) router, VPNFilter deploys in three stages.

In stage 1, the malware imposes its presence by using multiple command-and-control (C2) infrastructure to capture the IP address of the existing stage 2 deployment server. This makes VPNFilter so robust that it can deal with any unpredictable changes in C2. This stage of the malware persists through a reboot, which makes preventing reinfection tough in stage 2.

Stage 2 involves deploying modules capable of command execution, and data collection and exfiltration. According to the United States Department of Justice (DOJ), this can be used for intelligence gathering, information theft, and destructive or disruptive attacks. Moreover, stage 2 malware has a “self-destruct” feature that once activated by the hackers will overwrite a critical area of the device’s firmware so it stops functioning. This can happen on almost every infected device.

In Stage 3, a module with packet-sniffing capabilities is added to enable monitoring of internet traffic and theft of website credentials. And yet another module is installed to deploy communication support for the Tor network, which can make communicating with the C2 infrastructure harder.

Taking Action

According to Talos, the likelihood of the attack being state-sponsored is high, something the DOJ later backed up. The DOJ attributed it to a group of actors called Sofacy (also known as APT28 and Fancy Bear), the Kremlin-linked threat group believed to be responsible for hacking the Democratic National Committee computer network two years ago.

On the night of May 23, the FBI announced that they have seized a domain which is part of VPNFilter’s C2 infrastructure used to escalate the malware’s effects. This forces attackers to utilize more labor-intensive ways of reinfecting devices following a reboot. With the seizure, the government has taken a crucial step in mitigating VPNFilter’s impact.

Stopping the Malware

Researchers agree that VPNfilter is hard to prevent. While vulnerability has been established, patching routers isn’t easy, something average users might not be able to do on their own. But as with any malware, the impact of VPNFilter can be mitigated, which is done by terminating the C2 infrastructure used.

To minimize exposure, the FBI recommends all SOHO routers be rebooted, which, according to a statement from the DOJ, will help the government remediate the infection worldwide. The justice department, along with the FBI and other agencies vowed to intensify efforts in disrupting the threat and expose the perpetrators.

For their part, Talos offers the following recommendations:

  • Users of SOHO routers and/or NAS devices must reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
  • Internet service providers that provide SOHO routers to their users should reboot the routers on their customers’ behalf.
  • If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
  • ISPs will work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.

Combat the VPNFilter malware by rebooting affected devices. For more tips, contact our team.

What to Tweak when Setting Up Windows 10

There are steps that need to be taken after unboxing a new laptop. After installing Microsoft’s Windows 10, you need to unlock its full potential by tweaking some important settings. The best thing to do is get help from a technician, but there are a few things you can do without assistance.

#1 Check for updates

Your new laptop should check for updates automatically, but you can also check manually. Just click the gear icon above the Start button to go to the Settings, choose Update & Security > Windows Update and then click the Check for updates button. (Or, just type “updates” into the search box and click Check for updates.)

#2 System restore

If something goes wrong with your laptop, you can save a lot of time and hassle if you have a “restore point,” which is like a backup of your entire operating system.To set up a restore point, search for “restore” from the taskbar and click Create a restore point. You’ll be taken to the System Protection tab of the System Properties window.

From there you can choose what you want to be included in the back and then click the Configure button. Select the radio dial to Turn on system protection if it’s not already on. And then you can choose how much disk space to reserve, usually no more than 2 or 3 percent.

#3 Power plan

If you want to prolong your laptop’s battery life, one of the best things you can do is switch the Power Saver, High Performance, and Balanced power plans based on your needs. To choose a plan, right click the battery icon in the lower-right corner of your screen and click Power settings. Next, click Additional power settings to select a power plan.

#4 App installation tolerance level

To restrict which apps can be installed on your laptop, you can disallow anything that isn’t in the Windows Store. Go to Settings Apps Apps & features and you can choose whether to permit installations from only the Windows Store, any app installations (with a warning), or unrestricted app installations.

#5 Remove bloatware

Vendors package new laptops with lots of trial apps, which are mostly unnecessary and unwanted software called bloatware.

Windows 10 offers an easy way to see which apps are installed on your new laptop and a quick way to uninstall those you don’t want. Head to Settings Apps Apps & features and peruse the list. If you don’t want an app and are 100% certain your computer doesn’t need it, click the Uninstall button.

#6 Anti-ransomware

Ransomware is a form of malicious software (or malware) that makes all your data inaccessible until you pay a fee to hackers.

To combat it, type ‘Windows Defender Security Center’ into the search bar at the bottom of your screen, click it and go to Virus & threat protection > Virus & threat protection settings. Here, you’ll be able to enable a new option called Controlled folder access, which protects you against ransomware attacks. By default, the Desktop, Documents, Music, Pictures, and Videos folders are protected, but you can add others too.

Do you know what settings to change and update to optimize your laptop? This article barely scratches the surface of Window 10’s security and efficiency settings. Call us today at 800-421-7151 for a quick chat with one of our Microsoft experts about taking yours to the next level.

Protect your Facebook and Twitter from Hackers

In the wake of Facebook’s worldwide privacy scandal, it’s time to revisit some social media best practices. Your information is incredibly valuable, and you can’t rely on social media platforms to keep it safe from hackers. Heed these tips to make sure your Facebook and Twitter accounts are well secured.

Lockscreens Exist for a Reason

Make sure all your computing devices lock the moment you stop using them. This way, you are safe from the simplest hack of all: someone opening a browser on your computer that has your social media login saved. As long as your password isn’t your birthday or anniversary, you’ll be forcing hackers to work for access to your account.

Strong Passwords are Never Out of Fashion

Unlocking your phone may be limited to a six-digit passcode, but you’ll need something much more complicated for your account password. The first thing you’ll need to do is create a password that isn’t used for any other account. Because data breaches have become such a regular occurrence, hackers probably have a long list of your favorite passwords from other websites and platforms.

In this case, it is best to use a password manager like an app or online service that allows you to generate and retrieve complex passwords.

Another measure that you can take is to enable two-factor authentication, which requires you to type in a secondary code sent to your phone. Even if hackers have your password, they won’t be able to log in without your phone.

Make Use of Social Media Features

Facebook offers functions that help you keep tabs on who’s accessing your account and from where. To use this feature, click the down arrow in the upper right corner of your Newsfeed and select Settings. Then click Security and Login to get more information. If you sense an imposter, click the right-hand icon to give you the option of logging out remotely or reporting the person.

From there, turn on Get alerts about unrecognized logins to be notified via Facebook, Messenger, or email if someone is logged into your account from an unrecognized browser. Unfortunately, Twitter doesn’t have the same option (that makes the two-factor authentication extremely necessary).

While it may be difficult for a hacker to barge into your Facebook or Twitter account through a third-party service that you have given access to your profile, it’s still advisable that you check what you have approved.

  • Facebook: Go to Settings > Apps and Websites to view and manage outside service with access to your account
  • Twitter: Go to Settings and Privacy > Apps to check and edit the list

Last, be sure to check the permissions mobile apps like Facebook and Twitter have on your smartphone or tablet.

  • Android: Go to Settings > Apps > tap the icon in the upper right and then tap App permissions
  • iOS: Go to Settings > Privacy to manage which service can access which parts of your phone

Less Personal Info, Fewer Problems

These steps are just the beginning of the security that you should take advantage of. Next, you should consider limiting the personal data you input into your social media accounts. If you have to put a ton of information, then be sure you read this blog from the top… and then read it again.

With a little practical knowledge, you can prevent Facebook and Twitter hackers from doing what they do. Cybersecurity is a sprawling issue and social media privacy is such a small sliver of your online life that you need to stay on top of. For 24/7 support, call our team of experts today at 800-421-7151.

Overheating Laptop? Here’s How to Prevent It

If you own a laptop, chances are you’ve noticed how hot it can get. You might not know it, but your laptop may already be overheating, which will lead to decreased efficiency and a shorter lifespan. Here’s how to protect your laptop from further damage due to overheating.

Causes of overheating

Laptops create heat during their normal operation. That’s why they’re designed with internal fans that blow out hot air and suck in cooler air. When your laptop keeps shutting down or suffers serious slowdowns, chances are it’s overheating.

One of the most common causes of overheating is when the fan doesn’t operate normally. This may be due to dust and grime clogging up the fan, preventing it from rotating properly. It’s also possible that the air vents are being blocked, preventing air from flowing into the laptop.

Another thing to consider is the age of your laptop’s battery, which relies on lithium to store electricity. This chemical naturally decays over time, no matter how carefully you use it. The older the battery, the less efficient it is and the more heat it generates.

Software use can also contribute to overheating. Too many apps and programs running in the background can overwork your laptop.

What to do if it’s overheating

The first thing you should do is check your hardware. Turn your laptop off and inspect the vents and your fan for any dirt, grime, or other possible causes of blockage. Also check whether the fan itself is not physically dented, which can slow down its rotation.

Sometimes overheating is simply caused by bad habits. Do you use your laptops in bed or on the carpet? Do you use pillows as padding? Uneven or soft surfaces often block the air vents, leading to overheating. Always place your laptop on a hard, even surface.

Aside from the hardware, check your software. Are there a lot of apps and programs that start automatically when you switch on your laptop? If yes, then you may need to limit them.

Keeping it cool

To prevent your laptop from overheating, always make sure that there’s adequate airflow for your laptop. Better yet, invest in a cooling pad. These pads lift your laptop and add more fans to facilitate better airflow.

Limit the number of programs that run when you start your laptop. Change your settings to “power save.” And shut down your laptop whenever you’re not using it.

It’s easy to take laptops for granted because they’re billed as plug-and-play devices. However, with a little extra care and attention, your devices will last much longer. If you have any questions about your hardware, call us today at 800-421-7151.

Be Smart and Back Up Your Valuable Data

Storing copies of your business data in the cloud will help you avoid the risks associated with broken hard drives, lost or stolen devices, and human error. That’s because entrusting your data to an expert service provider means you’ll have trained professionals handling the backup of your business assets online.

How should you go about choosing a cloud backup provider? Let’s take a look:

Learn more about their storage capacity

Before partnering with a cloud backup provider, ask them where they store their data. Many providers use cloud servers over which they have little control, which could be hazardous as it makes it harder to monitor activity and respond to anomalies. To avoid this fate, choose a backup service that operates their own cloud-based servers.

Next, you will have to determine whether your business assets can be backed up, since some cloud storage providers do not have the capacity to save bigger files like videos or other multimedia files. By asking these questions, you can find a cloud backup service that fits your business needs, and more importantly, can take care of all your files.

Get details on their security

It will be important for the cloud backup provider to explain in no uncertain terms how they will store your files. They should be encrypted and stored on multiple servers because redundant storage ensures your data has multiple copies saved online and can be retrieved at will. Even if an uncontrollable disaster befalls your company or the backup provider’s system, you’ll still be safe.

Compare your budget and backup costs

Before considering any cloud backup provider, you need to know how much the service is worth to you. How much money would you lose if your server crashed and all the data it stored was irretrievable? Compare that amount with the cost of a provider’s service, which could be charged by storage tiers, per gigabyte, or on a flat-fee unlimited plan.

When asking about the price of cloud backups, make sure to clarify any service limitations or restrictions. For example, how quickly can your storage capacity be upgraded? Is it possible to run out of storage? These are not things you want to discover in the middle of hurricane season.

Clarify data recovery timelines

Although storage availability is important, how quickly backups can be created and restored is also an essential factor. Ask providers how often backups will be created (e.g., hourly, daily, weekly), and how long it will take to restore them (e.g., hours, days, etc.). If those timelines are too long, it may be time to look for a better provider.

The most important thing is to know your needs before meeting with a potential provider. Let them know your business needs, budget, and recovery timelines. Our solutions and pricing are flexible and customized to your needs so you’re not stuck in a cookie-cutter plan.

Give us a call at 800-421-7151 to find out more about backup services and other dynamic ways to protect your data.

5 Steps to Enabling Virtualization on a Local Computer

Keep in mind that virtualization is one of the most effective ways to significantly reduce IT expenses, while simultaneously increasing efficiency and flexibility. But are issues hindering you from enjoying virtualization on your PC? Here are detailed answers for you to fix these problems.

#1 Enable Virtualization in Your BIOS

In most cases, virtualization won’t work because it’s disabled in your computer’s Basic Input/Output System (BIOS). Though most modern computers support the feature, it’s often disabled by default. Thus, you should take a look to make sure it is enabled on your computer.

#2 If You Don’t See It – Update Your BIOS

If you don’t see an option for virtualization in your BIOS, there’s a chance the manufacturer has provided an update that includes it. This may not be the case for all machines, but it doesn’t hurt to check.

To find a BIOS update, you can use the manufacturer app included with your PC or manually search the internet for it.

#3 Disable Hyper-V

Professional editions of Windows include a Microsoft program called Hyper-V. This is Microsoft’s own virtualization software, like Oracle’s VirtualBox or Dell’s VMware. Unfortunately, Hyper-V can hijack your computer’s virtualization privileges, blocking you from using other virtualization apps.

You don’t need Hyper-V unless you really want to use it, so removing it from your computer will let your virtualization app of choice work properly.

#4 Confirm Your PC Supports Virtualization

If you’ve tried all the above steps and virtualization still won’t work, chances are your machine doesn’t support it. It’s worth confirming this before you give up, though.

If you have an Intel CPU, download the Intel Processor Identification Utility. It’s a handy tool that helps you know features, package, intended frequencies and actual operating frequencies of your Intel processor. Those with AMD processors should download the equivalent AMD tool instead.

#5 I’ve Enabled Virtualization, but…

Maybe you’ve gotten virtualization to work after following the advice above, but still have issues with performance or getting a virtual machine (VM) started. Here are some other things to try:

  1. Make sure you download the right version of the operating system you want to run in a VM to avoid compatibility issues.
  2. Make sure you have enough free disk space, or your host computer could run low on space. This can cause performance problems.
  3. Ensure you have enough RAM to dedicate to the VM.

At WAMS, we offer server virtualization much more to our clients due to the benefits that this strategy offers. These benefits include:

  1. Reduced Hardware Costs
  2. Faster Server Provisioning and Deployment
  3. Greatly Improved Disaster Recovery
  4. Significant Energy Cost Savings
  5. Increased Productivity

Virtualization is important, easy-to-implement technology that companies of any size can take advantage of. And if you feel overwhelmed with anything related to this topic, just call us today at 800-421-7151 for a quick chat with one of our certified virtualization technicians who might help you out.

Browser-Based Biometrics Boosts Security

Earlier this month, the World Wide Web Consortium, announced plans to begin allowing users to log into online accounts with fingerprints, facial scans, and voice recognition. This will not only boost security, but also make account management much simpler.

Authenticate Your Profile on Your Mobile Device

Chrome OS, Windows, and MacOS, Linux, and Android are all adding features to help users safely log in using biometric identification via USB, Bluetooth, and NFC devices connected to smartphones and tablets. With such convenience, users can verify their accounts on the go.

Preventing Cyber Attacks with Browser-based Biometrics

Passwords are notoriously bad at protecting users’ accounts and the information they store. Facial scans, fingerprints and voice recognition would make it exponentially harder for hackers to commit identity theft. That means you’re also less likely to be duped by an email from a hacker pretending to be your boss asking for the company credit card.

Enjoy More Secured Online Transactions

Biometric verification will also retire the need for logging in your information when shopping online, streaming video, using cloud applications, and other internet-based transactions. Windows 10 has already adopted features that offer limited account management with fingerprints and facial scans. But none of the big-name technology vendors have offered solutions to achieve this on mobile devices as of yet.

Browser-based biometrics could revolutionize and streamline the steps of verifying an online account. It promises to add more security and ease in logging in and transacting on the internet. To ensure that you are operating as securely as possible, give us a call at 800-421-7151 now.

Should You Worry About Facebook’s Security Breach?

Facebook is the most popular platform for developing brand awareness because it allows businesses to target users based on what they have posted in the past. But after the recent data breach scandal, is your data still safe? Read on to find out if you need to worry about your privacy.

Last month, news broke that a firm known as Cambridge Analytica collected private data from over 50 million Facebook users. The British company supposedly used this information in 2016 to influence voter behavior during the US presidential election and UK’s Brexit campaign.

How did they harvest the data?
In 2015, a Facebook personality quiz app called “This is Your Digital Life” was created by Cambridge psychology professor Aleksandr Kogan. Around 270,000 Facebook users signed up and gave information about themselves in exchange for humorous results.

What users didn’t know was that Kogan’s firm, Global Science Research, struck a deal with Cambridge Analytica to share the information that was gathered. Aside from collecting information about the Facebook users, the app also mined some data about the users’ friends.

Information collected was based on:

  • Data from other platforms that are also owned by Facebook, including Instagram and WhatsApp
  • Advertisers and other third-party partners
  • Apps and websites which use Facebook services
  • Your location
  • The devices you use for Facebook access
  • Payments handled by Facebook
  • Your Facebook connections and networks
  • Messages, photos and other content that other users send to you
  • The information you disclose to Facebook
  • Your activities on Facebook

What happened to the sourced information?
Cambridge Analytica analyzed the collected data to create psychological profiles and invent better political drives to influence whom people would vote for. Although there is still a huge debate about how effective this plans were, there’s no doubt that tens of thousands of users were manipulated into signing away their data without knowing it.

What can I do to keep my information safe?
Remove third-party apps that use your Facebook account. Visit your “Settings” menu and go to “Apps”. You should see the list of all the services that are using information about your Facebook profile. Check on each app, and if you don’t need it or use it anymore, delete it to revoke its access.

If you need more information on how to keep your data secure, feel free to give us a call today at 800-421-7151!

Safety Tips for Watering Hole Attacks

Bad news, internet users: Cybercriminals have developed more advanced tricks to compromise your systems. While you may be familiar with attacks involving suspicious emails, the new kid on the block known as watering hole attacks are far more nefarious and effective. Fortunately, there are a few things you can do to keep yourself safe.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, you should have a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

New Security Features on Office 365

To bolster users’ safety, Microsoft recently added security features to Office 365. These enhancements give home and business users peace of mind whenever they send an email, share a link, or forward an attachment. There’s no such thing as being too secure, so we recommend staying abreast of them now.

Files Restore in OneDrive

Previously available only to Office 365 business users, Files Restore allows users to conveniently recover files in OneDrive within the last 30 days. Home and personal users can now easily retrieve and restore all their files at a specific point in time, which is useful in instances where files are accidentally deleted, corrupted, or compromised by ransomware or other malware. It is certainly not a replacement for a backup, but it isn’t a bad supplement to have on your side.

Ransomware detection notification for Office 365

You receive notifications and alerts for a variety of things on your PC or mobile devices, but rarely for something as immensely important as a ransomware attack. Office 365’s ransomware detection and recovery feature sends desktop notifications, email alerts, and mobile alerts in case of any possible ransomware attack on your system so you can act fast.

Aside from being notified about a detected ransomware, you’ll also be guided on how to recover your files before they were infected, based on the timestamp recorded by Files Restore. This is also not as strong as a firewall, but a smart supplement being implemented by Microsoft.

Password-protected link sharing in OneDrive

Whenever you share a link — whether to a file or folder — in OneDrive, there’s no guarantee that it won’t be shared to unauthorized users. A password-protected feature solves this dilemma by giving you an option to set and require a password for every file or folder you share.

Email encryption in Outlook

Intercepting email has become many cybercriminals’ preferred method of stealing critical information, so it’s more crucial than ever to ensure email safety. With Outlook’s end-to-end encryption, users can rest easy knowing that the email they send won’t be easily intercepted after all. This is not the same as email security, but a strong secondary form of protection.

Email encryption works by requiring non-Outlook email recipients to choose between receiving a single-use passcode or re-authentication to open an email from an Outlook email sender. On the other hand, an Outlook-to-Outlook email exchange — whether Outlook on desktop, mobile (iOS and Android), or Windows Mail app — doesn’t require any further action for the email to be opened.

Prevent Forwarding

This function restricts email recipients (both Outlook and non-Outlook users) from forwarding or copying email. It also provides an option to prevent certain recipients from opening an attachment from a forwarded email, which will come in handy when a person needs to send an email to more than one recipient, but wants to restrict access to an attachment to just a few recipients.

These new capabilities greatly reduce the effort to secure your files and communications, and Microsoft is sure to roll out a few more soon. If you want to optimize these Office 365 security features or explore other security methods that your business will benefit from, call us today at 800-421-7151.

5 Tips on Keeping Mobile Workers Connected

Due to increasing connectivity and technological advances, mobile workers are increasingly becoming the norm in almost every industry. Business owners need to ensure these workers stay connected, so we’ve got some helpful tips on how to effectively apply mobile performance management.

The ability to manage the workforce out in the field requires a modern support infrastructure called mobile performance management. It includes the top five tips to keep field workers connected: optimizing traffic, applying control, measuring performance analytics, simplifying data security, and identifying the root cause of connectivity issues.

Optimize

Although the latest apps on the market can maximize productivity for the mobile workforce, these apps come with a certain risk: stability issues that could lead to the apps crashing while out in the field. If you are your company’s IT decision-maker, be cautious of untested apps, and consider blocking heavy bandwidth apps to streamline data flow when signal strength is weak. Your IT company will also advise you on which applications should and shouldn’t be trusted.

Control

Another thing you can do with mobile performance management solutions is blocking personal apps and unsafe WiFi networks. Both of these create serious security risks that could lead to costly data theft or loss.

Analyzing performance

Field workers mostly rely on GPS location data for more efficient scheduling, route-planning, and effective control of fuel consumption. This is possible only if there are reporting tools that confirm that the GPS capability is working. Performance analytics show you what mobile workers are experiencing, gaining access to robust data, network and app usage reports, inventory analysis, coverage maps and device maps as needed.

Simplify security

IT should tightly restrict access without making security complicated for mobile workers. IT administrators need to create a highly flexible and programmable secure mobile strategy. You must be able to restrict which apps can access company data and remotely wipe data from the device if it is lost or stolen.

Identifying the root cause of connection issues

Organizations need to be fully prepared for connectivity issues involving their mobile devices. Organizations of all sizes should be able to afford remote diagnostics to gather complete troubleshooting information to allow IT to identify the root cause of the problem quickly, without relying on workers, who have no idea about how to run tests and answer questions regarding these issues.

For any organization with workers in the field, the ability to implement performance management structures and policies is a must. For other tips on how to keep your employees connected, engaged, and efficient, give us a call at 800-421-7151 and we’ll be happy to advise.

Phishing Hits Businesses at Tax Time

Phishing schemes abound every season, and tax season is no exception. It’s an important time of year in the corporate world and cybercriminals are looking to take advantage of it, which is why your business must ensure that your confidential data is kept under lock and key.

Phishing baits to watch out for

Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they’re from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all…

Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.

Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.

Standard protection protocols

Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.

Taking security a step further

Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.

But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.

Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Call us at 800-421-7151 right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.