Author: David Littrell Page 1 of 3

From the beginning of his career in the Special Forces as an intelligence sergeant to his current position as CSO of Cosaint, David has become highly proficient in the complexities of network infrastructures, security, voice, and data management. His certifications are so numerous that he often truthfully notes that he has more letters behind his name than there are in the English alphabet. David is the author of “Unsecured: How to Avoid Being a Sitting Duck in the Age of Pandemic Cybercrime.” He commands a deep understanding of the challenges that Senior Living organizations face as they proactively defend against the quickly evolving cyber-threat landscape.

Top 5 Senior Living Cybersecurity Mistakes

60% of small and mid-sized Senior Living communities that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.

You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that Senior Living communities and their employees make.

The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Is your organization making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?

Here are several of the most common missteps when it comes to basic IT security best practices.

Not Implementing Muti-Factor Authentication (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security. Login credentials hold the key to multiple types of attacks on community networks.

Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves communities at a much higher risk of falling victim to a breach.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%.

Ignoring the Use of Shadow IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

  • Data may be used in a non-secure application
  • Data isn’t included in company backup strategies
  • If the employee leaves, the data could be lost
  • The app being used might not meet company compliance requirements

Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.

Thinking You’re Fine With Only an Antivirus Application

No matter how small your community is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.

You need to have a multi-layered strategy in place that includes things like:

  • Next-gen anti-malware (uses AI and machine learning)
  • Next-gen firewall
  • Email filtering
  • DNS filtering
  • Automated application and cloud security policies
  • Cloud access monitoring

Not Having Device Management In Place

A majority of companies around the world have had at least some employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.

If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.

If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365.

Not Providing Adequate Training to Employees

An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity.

Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.

Some ways to infuse cybersecurity training into your community culture include:

  • Short training videos
  • IT security posters
  • Webinars
  • Team training sessions
  • Cybersecurity tips in community newsletters

When Did You Last Have a
Cybersecurity Checkup?

Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit to uncover vulnerabilities so they can be fortified to reduce your risk.

Cyber, Attack, Encryption, Smartphone, Mobile, Finger

What You Need to Know About the Rise in Supply Chain Cyberattacks

Any cyberattack is dangerous, but the particularly devastating ones are those on supply chain companies. These can be any supplier – digital or non-digital – of goods and services.

We’ve seen several attacks on the supply chain occur in 2021 that had wide-reaching consequences. These are “one-to-many” attacks where victims can go far beyond the company that was initially breached.

Some recent high-profile examples of supply chain attacks include:

  • Colonial Pipeline: A ransomware attack caused this major gas pipeline to be shut down for nearly a week.
  • JBS: The world’s largest supplier of beef and pork products was hit with ransomware that caused plants in at least three countries to shut down for several days.
  • Kaseya: This software company had its code infected with ransomware, which quickly spread to IT businesses that used its products and to roughly 1,500 of their small business customers. 

Why do you need to be worried about supply chain attacks even more so than in the past? Because they’ve been growing and are expected to continue this trajectory.

Supply chain attacks rose by 42% during the first quarter of 2021. A surprising 97% of companies have been impacted by a breach in their supply chain, and 93% suffered a direct breach as a result of a supply chain security vulnerability.

If you’re not properly prepared, then you can be impacted by a breach of software you use or have a vital service or goods supplier go down for several days due to a cyberattack. 

As part of any good business continuity and disaster recovery strategy, you should look at supply chain risks in light of the current increase in attacks and formulate a plan.

How Can You Mitigate Your Risk of Losses Due to an Attack on Your Supply Chain?

Identify Your Supplier Risk

You can’t fix what you don’t know is wrong. So, you need to begin by shedding some light on your risk should one of your vendors get hit with ransomware (the current attack of choice on the supply chain) or another type of breach.

Make a list of all your vendors and suppliers, both for goods and services. This includes everything from the cloud services you use to the company that supplies your office products or any raw materials you may use in a product you sell.

Review these vendors to identify their cybersecurity risks. This is something you may need some help with from your IT partner. We can work with you to review vendor security or send them a survey to find out where they stand as to their cybersecurity, and then determine how much that may leave you at risk as one of their customers.

Create Minimum Security Requirements for Digital Vendors

Come up with some minimum security requirements that you can use as a benchmark with your vendors. One way to make this easier is to use an existing data privacy standard as your requirement. 

For example, if a vendor is GDPR compliant, then you know they’ve adopted several important cybersecurity standards that protect their business, and yours, from an attack.

Do an IT Security Assessment to Learn Where You’re Vulnerable

If the software you use had a vulnerability that was exploited by hackers to take over a system, how much does that leave your systems at risk? Do you have a regular patch application strategy in place to ensure any software updates are applied right away?

You should have an IT security assessment done if you haven’t done one in over a year. This will help you identify how strong your systems would be at preventing a breach or ransomware infection that was coming from a digital supply chain vendor.

Put Backup Vendors in Place Where Possible

If you sell widgets and have a single supplier for one specific part needed for that widget, you’re at a much higher risk of downtime than if you had two suppliers of that part.

If a key vendor of yours is attacked and can’t fill orders or provide services for a week or more, how will that impact your business? This is what you want to consider when setting up backup vendors.

For example, most companies would consider themselves down and not able to operate without their internet. Having a backup internet service provider can help you avoid lengthy downtime should your main ISP go down.

Look at putting this type of safety net in place for all vendors that you can.

Ensure All Data Kept in Cloud Services is Backed Up in a 3rd Party Tool

Microsoft recommends in its Services Agreement that customers back up their cloud data that is kept in its services (such as Microsoft 365). The policy states, “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

You should have a backup (in a separate platform) of all data that you store in cloud services, so you’ll be protected in case of a ransomware infection or other data loss or service loss incident.

Schedule A Supply Chain Security Assessment

Don’t be in the dark about your risk. Schedule a supply chain security assessment to learn where you could be impacted in the case of a cyberattack on a supplier.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

iphone screen with icons on screen

Microsoft Teams Plan Comparison: Free vs M365 Business vs Teams Essentials

The shift to remote work over the last two years has caused companies to realign their digital tools. Now, many meetings default to being via video conference rather than in person, and working from home has become commonplace.

Seventy-seven percent of remote workers say they’re more productive working from home (a big reason is fewer distractions). Plus 85% of surveyed managers expect that having teams with remote workers will be the new normal.

But for remote working to work without employees feeling disconnected and customers feeling you’re hard to reach, you need to use cloud communication tools. One of the most popular, which has skyrocketed in popularity, is Microsoft Teams.

Between April 2020 and April 2021, the Microsoft Teams daily active users count rose from 75 million to 145 million

Teams is an all-in-one communication platform, providing more than just video conferencing or chat. It combines several capabilities into an online work hub for collaboration and communication. 

Some of the key features of MS Teams include:

  • Video and audio calls
  • Webinar registration & attendance reporting
  • Channeled team chat
  • File storage and sharing
  • In-app collaboration in Word, Excel, PPT, and more
  • In-app collaboration in 3rd party applications
  • Tabs that allow teams to link apps and websites inside a channel
  • Status notification and alerts
  • Use on all devices

MS Teams Evolution

Originally, Microsoft Teams was available only through a Microsoft 365 Business subscription. Then, to improve the popularity of Teams and compete with video conferencing platforms like Zoom, Microsoft brought out a free version with fewer features in 2018.

This helped the service increase its user base, however, there was a wide gap between the capabilities of the paid version with a Microsoft 365 subscription and the free version. Such as much less support, fewer features, etc.

Microsoft noted that it was missing a vital audience, the small business. Small business owners had a more difficult time fitting into either the free model, with very limited group meeting timing, or the paid model, which required a full M365 subscription.

So, in December of 2021, it brought out the third plan for MS Teams that it is hoping is “just right” for smaller companies that need the same collaboration and communication tools as everyone else. This plan is called Teams Essentials, and you don’t need to sign up for Microsoft 365 to get it.

Comparison of Teams Essentials vs Teams Free vs Teams with an M365 Business Plan

Next, we’ll go through the differences between these three MS Teams plans so you can identify the one that may make the most sense for your company.

Microsoft Teams Free Version

The free version of MS Teams was really brought out to reach the residential and home user crowd. An audience that had been completely missing from the Teams userbase up to that point.

This plan has the following capabilities:

  • Unlimited group meetings for up to 60 minutes
  • Up to 100 participants per meeting
  • 5GB of cloud storage per user
  • Unlimited chat
  • File sharing, tasks, and polling
  • Data encryption for calls, files, meetings, chats
  • Co-authoring capabilities
  • Ability to add tabs inside group channels

The biggest drawback of using the free version for your business is the 60-minute limit on group video meetings. The 5GB cloud storage also can be limiting for business use of Teams.

Microsoft Teams Essentials

Teams Essentials is $4/user/month and was designed specifically for small businesses that may not want to subscribe to M365, but still need a good cloud collaboration tool to keep their team connected and productive.

This plan has the following capabilities:

  • Everything in the free version, plus:
  • Unlimited group meetings for up to 30 hours
  • Up to 300 participants per meeting
  • 10GB of cloud storage per user
  • Anytime phone and web support

The additional group meeting time (up to 30 hours) is more than enough to fill any type of meeting need, even those that go on all day. Additionally, users get double the cloud storage space, and the phone and web support ensure your staff has help using the app when needed.

Teams with Microsoft 365

The version of Teams with Microsoft 365 is available with any business plan. The lowest cost plan is $6.00/user/month ($2 more than Essentials). However, the Basic package does not come with downloadable Office apps (Word, Excel, etc.), only the web versions.

The next step up would be M365 Business Standard at $12.50/user/month, which is quite a bit more than the price for Teams Essentials. This one does include the downloadable Office apps.

These plans have the following capabilities:

  • Everything in the Essentials version, plus:
  • Office applications (either web or web & downloadable)
  • All the many M365 cloud apps (OneDrive, Forms, SharePoint, OneNote, and many others)
  • 1TB of cloud storage per user
  • Webinar hosting
  • Customer appointment management
  • Premium security features

If you are planning to use Microsoft Office software and other applications, then it makes sense to get Teams along with an M365 subscription. However, if your business already owns the offline version of the Office suite or does not need it, then Teams Essentials offers a lot of capabilities with a lower price tag.

Need Help Getting MS Teams or Other Cloud Tools Set Up?

Today’s hybrid offices and remote teams need robust collaboration tools to compete. Contact us if you need help getting started with MS Teams or another cloud tool. We’ll be happy to facilitate a custom setup to ensure your staff can hit the ground running.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

person using laptop

5 Things You Should Never Do on a Work Computer

Whether you work remotely or in an office, the line between personal and work tasks can become blurred when working on your company computer. If you’re in front of a computer for most of your time during work, then it’s not unusual to get attached to your desktop PC.

Over time, this can lead to doing personal things on a work computer. At first, it might just be checking personal email while on a lunch break. But as the line continues to get crossed, it can end up with someone using their work computer just as much for personal reasons as work tasks.

In a survey of over 900 employees, it was found that only 30% said they never used their work PC for personal activities. The other 70% admitted to using their work computer for various personal reasons.

Some of the non-work-related things that people do on a work computer include:

  • Reading and sending personal email
  • Scanning news headlines
  • Shopping online
  • Online banking
  • Checking social media
  • Streaming music
  • Streaming videos/movies

It’s a bad idea to mix work and personal, no matter how much more convenient it is to use your work PC for a personal task during the day. You can end up getting reprimanded, causing a data breach at your company, or possibly losing your job.

Here are several things you should never do on your work PC.

1. Save Your Personal Passwords in the Browser

Many people manage their passwords by allowing their browser to save and then auto-fill them. This can be convenient, but it’s not very secure should you lose access to that PC.

When the computer you use isn’t yours, it can be taken away at any time for a number of reasons, such as an upgrade, repair, or during an unexpected termination.

If someone else accesses that device and you never signed out of the browser, that means they can leverage your passwords to access your cloud accounts.

Not all older PCs are stored in a storeroom somewhere or destroyed. Some companies will donate them to worthy causes, which could leave your passwords in the hands of a stranger if the PC hasn’t been wiped properly.

2. Store Personal Data

It’s easy to get in the habit of storing personal data on your work computer, especially if your home PC doesn’t have a lot of storage space. But this is a bad habit and leaves you wide open to a couple of major problems:

  • Loss of your files: If you lose access to the PC for any reason, your files can be lost forever
  • Your personal files being company-accessible: Many companies have backups of employee devices to protect against data loss. So, those beach photos stored on your work PC that you’d rather not have anyone else see could be accessible company-wide because they’re captured in a backup process.

3. Visit Sketchy Websites

You should assume that any activity you are doing on a work device is being monitored and is accessible by your boss. Companies often have cybersecurity measures in place like DNS filtering that is designed to protect against phishing websites.

This same type of software can also send an alert should an employee be frequenting a sketchy website deemed dangerous to security (which many sketchy websites are).

You should never visit any website on your work computer that you wouldn’t be comfortable visiting with your boss looking over your shoulder.

4. Allow Friends or Family to Use It

When you work remotely and your work computer is a permanent fixture in your home, it can be tempting to allow a friend or family member to use it if asked. Often, work PCs are more powerful than a typical home computer and may even have company-supplied software that someone wouldn’t purchase on their own.

But allowing anyone else to use your work computer could constitute a compliance breach of data protection regulations that your company needs to adhere to.

Just the fact that the personal data of your customers or other employees could be accessed by someone not authorized to do so, can mean a stiff penalty.

Additionally, a child or friend not well-versed in cybersecurity could end up visiting a phishing site and infecting your work device, which in turn infects your company cloud storage, leaving you responsible for a breach.

At least 20% of companies have experienced a data breach during the pandemic due to a remote worker.

5. Turn off Company-Installed Apps like Backups and Antivirus

If you’re trying to get work done and a backup kicks in and slows your PC down to a crawl, it can be tempting to turn off the backup process. But this can leave the data on your computer unprotected and unrecoverable in the case of a hard drive crash or ransomware infection.

Company-installed apps are there for a reason and it’s usually for cybersecurity and business continuity. These should not be turned off unless given express permission by your supervisor or company’s IT team

How Secure Is the Device You Use to Work from Home?

Whether you’re working remotely and worried about causing a data breach or are a business owner with multiple remote team members to secure, device protection is important. Schedule a device security checkup today.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

person using black laptop computer

These Google Search Tips Will Save You Tons of Time!

Over 2.4 million searches happen every minute on Google. It’s often the first stop people make when they go online.

We search daily for both personal and work needs, and often searching out the right information can take a lot of time if you have to sift through several irrelevant results.

One study by consulting firm, McKinsey, found that employees spend an average of 1.8 hours daily, or 9.3 hours each week, searching and gathering information. This can be a productivity sinkhole as more web results keep getting added to the internet every day.

One way you can save time on your personal and work-related searches is to learn some “secret” Google search tips. These help you narrow down your search results and improve productivity by helping you find the information you need faster.

Search a Specific Website Using “site:”

Sometimes you need to find information on a specific website. For example, you might need to locate a government statistic that you know is out there but can’t seem to bring up on a general search.

You can use Google to search keywords on a specific website by using the “site” function.

In the search bar use the following:  site:(site url) (keyword)

This will bring up search results only for that one specific URL.

Find Flight Information Without Leaving Google

When you need to access flight information, you’re often on the go. Either getting ready to head to the airport or waiting for someone to arrive. Having to load multiple site pages in your browser can take valuable time. Instead, get your flight results directly from Google.

Just type in the flight number and the name of the airlines, and you’ll get a listing of flight information without having to click to another page. You can even tab to choose flight info for that same flight on different days.

Look for Document Types Using “filetype:”

If you’ve just been tasked with coming up with a presentation on sustainable energy, it can be helpful to see what other people have done on the same subject.

Searching websites can give you a lot of details to sift through but searching for another PowerPoint presentation can provide you with even more insight into how others have distilled that information down into a presentation.

Google has a search function that allows you to search on a file type, so instead of webpages showing up in your results, files of the file type you searched will appear.

To use this function, type in the following: filetype:(type) (keyword)

In the case of wanting to find a PowerPoint on sustainable energy, you could use the following in the search bar: filetype:ppt sustainable energy.

All the results will be PPT presentations.

You can also use this function for other file types, such as:

  • DOC
  • PDF
  • XLS or XLSX
  • SVG
  • and more

Narrow Down Timeframe Using the “Tools” Link

One frustration is when you’re looking up something like a population or cybersecurity statistic and you end up with results that are too old to be relevant. You can spend valuable time paging through the search results, or you can tell Google what time frame you’d like to search.

To narrow your search results by a specific timeframe, do the following:

  • Enter your keyword and click to search.
  • Under the search bar, click the “Tools” link.
  • Click the “Any time” link.
  • Choose your timeframe.

You can choose from preset timeframes, like past hour or past year, or you can set a custom date range for your results.

Locate Similar Sites Using “related:”

When you’re researching a topic online, it’s often helpful to find similar websites to the one you are viewing. Seeing related sites can also be used if you’re trying to find a specific product or service online and want to do some comparison shopping.

Google can provide you with a list of related websites when you use the “related” function.

In your search bar, type the following: related:https://website.com

One more way that you can leverage this search tip is to look for competitors by entering your own website URL in the search.

Get Rid of Results You Don’t Want Using “-(keyword)”

Non-relevant results are one of the main timewasters of online searching. You have to page through results that have nothing to do with what you really want to find, just because they use a related keyword.

For example, say you were searching the Ruby Slipper Cafe in New Orleans. But in your search results, you keep getting pages related to the movie the Wizard of Oz. You could eliminate those irrelevant results by using the negative keyword function.

Just type: (keyword) -(keyword)

Basically, you are just putting a minus sign in front of a keyword that you want to exclude from your search. In the example above, you would type: ruby slippers -oz.

Looking for More Ways to Boost Productivity & Save Time?

IT consultants aren’t just for large projects, we can also help you boost productivity in your everyday workflow to make your life easier.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Which Type of Hackers is Endangering Your Business Data? (And How to Protect Your Sensitive Info from Them)

Your data is pivotal to running a successful company. If you don’t have proper security measures in place, hackers can easily steal your data and take you out of business.

Cybercriminals might be the biggest threat facing your company. Besides gaining access to your money and accounts, they can also take over critical software, preventing you from collaborating with clients. 

Any organization can fall victim to hacking. However, small and medium businesses are particularly at risk. 

Why?

Too often, their owners don’t always address cybersecurity when launching their company. Sometimes, they even just hire the first IT service provider they see. They also don’t know how to shield themselves from online attackers, making them low-risk targets. 

As a result, these organizations often go under due to the loss of sensitive data. It isn’t a risk you can take. 

To help mitigate it, this article will introduce you to the various types of hackers and explain how to protect your business from them.

THE 5 TYPES OF HACKERS TO WATCH OUT FOR

Here’s a quick list of potential hackers, depending on what they’re after:

#1. HACKERS WHO ARE AFTER PERSONAL INFORMATION

Many hackers are dying to get their hands on the personal information of your clients and employees. It includes birth dates, financial data, and social security numbers. 

Social security numbers might be the most valuable asset they want to get ahold of since cybercriminals can use them for various purposes. For instance, they can perform tax fraud, open credit accounts, and make other significant identity breaches. 

In addition, financial data can be utilized for fraudulent activities and purchases, especially if it lacks robust digital security systems. 

#2. HACKERS WHO WANT TO GET INTO THE DIGITAL  INFRASTRUCTURE

Storage and data servers are expensive – and hackers know that.

In order for them to cut costs, hackers may aim to store their applications and data on your infrastructure instead. The better your infrastructure, the more likely cybercriminals are to target it. This can strain your network to the limits and have devastating effects on your business. 

Unsurprisingly, tech companies are some of the most common victims of this type of hacking. 

The common indicators that a hacker has tapped into your digital infrastructure include:

  • Running out of storage faster than usual
  • Your network suffers slowdowns 
  • You may have unknown devices on your network. 

#3. HACKERS WHO ARE AFTER CONFIDENTIAL INFORMATION

Few business aspects are as important as your intellectual property (IP). Your products and services enable you to stand out from the competition and strike a chord with the target audience. 

A huge problem arises if hackers steal the design of your upcoming product before you launch it or submit your patent. A competitor may obtain the information, allowing them to hit the market first and undercut your sales. 

#4. HACKERS WHO WANT TO GET ACCOUNT DATA

Sure, you and your IT service provider might have done enough so that hackers might not be able to obtain financial data. But are your employees’ accounts secure? 

If hackers compromise them, they may let them run scams and gain information to disrupt your operations. 

For example, losing CEO login credentials can be devastating. Besides granting hackers access to sensitive information, it also helps them impersonate the CEO. In return, they can solicit information from employees or clients and halt your operations. 

This data breach can lead to widespread confusion, tarnishing your reputation. 

#5. HACKERS WHO AIM TO HAVE NETWORK CONTROL

In some cases, hackers aren’t after data. Instead, they want to gain control of the entire network. And to make it happen, they launch ransomware attacks. 

These activities enable them to lock you out of the system and make data inaccessible until you pay a ransom. They’re typically initiated through spam, phishing emails, and online ads. 

The average ransom amount stands at approximately $30,000, but the loss caused by business disruption is much more significant. 

HOW TO PROTECT YOUR BUSINESS

Now that you know how hackers can compromise your company, let’s check out 5 effective ways to protect yourself: 

WAY #1. INVESTING IN SECURITY RESOURCES

A key factor ignored by many owners is the amount of money and time devoted to cybersecurity. Avoid this mistake by allocating enough resources to set up solid defensive measures. Make sure to invest in a reliable IT service provider to help you out.

This way, your online accounts, hardware, and network should be more secure. 

WAY #2. TRAINING YOUR TEAM

Most security systems have weaknesses. And their employees are usually the biggest ones. 

For this reason, HR managers and CEOs should ensure their staff follows optimal security measures, both in-office and at home. They must all remember that any phone or laptop they use for work can be a weak point and entryway for hackers. 

To introduce your employees to the best security practices, consider arranging security education and training for a month once a year. You can talk about different aspects of your company and the steps necessary to deter cybercriminals, for example. 

Sound education can go a long way in promoting a healthy security culture. 

WAY #3. ADDING AUTHENTICATION

There are many valuable tools you can use to fend off hackers. One of them is two-factor authentication (2FA) – a simple yet effective weapon against scammers. 

This measure requires each user to verify their identity to access your system. You could use it on all business-related accounts to reduce the chances of cybercrime. 

Furthermore, encourage your team members to activate 2FA on personal accounts. This way, they’ll be more likely to follow appropriate security practices, reducing the risk of compromised devices and data breaches. 

WAY #4. LEVERAGING SOFTWARE

Computer viruses are another go-to tool for hackers. And a great way to deal with them is to incorporate antivirus software. 

Make sure your built-in antivirus software is up to date. Also, you can consider a corporate package from trusted companies like BitDefender, Norton, McAfee, and Total AV. 

Each machine that can access work resources should rely on this software. Plus, the user should conduct weekly antivirus scans to lessen the chances of computers getting infected by a virus.

WAY #5. PERFORMING SECURITY CHECKS 

Checking your system is vital for optimal cybersecurity. Solid antivirus software is practical, but you shouldn’t disregard manual scans. It’s crucial that your IT service provider does this periodically.

More specifically, check who’s accessed your network and make sure each point of access is authorized. Any suspicious activity must be reviewed and rooted out. Otherwise, these red flags can prove fatal for the company. 

STAY ON THE SAFE SIDE 

Battling hackers may not be the most exciting part of running a business. However, neglecting cybersecurity turns your company into a sitting duck for scammers. You may lose money, data, and your reputation might suffer irreparable damage. 

While there isn’t a bulletproof solution, adopting the outlined tactics should be a strong starting point. 

Contact us today if you want to discuss your cybersecurity in greater detail and pinpoint potential risks. We can arrange a quick, non-salesy chat and figure out ways to help you. 

Article used with permission from The Technology Press.

Why Protecting Your Printers from Cybercrime Is a Must (And 8 Tips for Improving Printer Security)

Printing devices are often overlooked when it comes to security. But the reality is, cybercriminals can hack your printer to get confidential information.

Your printer is probably the last piece of computer equipment you thought needed protection from cybercriminals.

But the truth is very different.

Attackers actively try to locate the weakest links in security to gain access to and exploit valuable data. And among the weakest links is the printer.

The thing with printers nowadays is that they have access to your devices, network, and the internet. This new open-access functionality makes them an ideal target for cyberattacks.

Unfortunately, many business owners overlook the importance of securing their printers and mainly focus on computers and mobile phones.

Most people still perceive printers as internal devices that serve basic functions. For this very reason, they are an easy target for cybercriminals.

Other than performing unauthorized print jobs, hackers can access confidential information as well as all connected computers and networks all through a printer.

You may also not be aware of the amount of valuable data your printer can store about you – tax files, bank details, financial records, employee information, personal information, etc. All a hacker needs to do is get into the operating system of your printer, and they can collect this sensitive data.

If you’ve just realized the importance of securing your printer, keep reading. This article shares eight tips to help you do just that.

THE 8 TIPS

TIP #1. MAKE SURE YOUR PRINTERS ARE CONFIGURED CORRECTLY

Many things can make a printer vulnerable to cyber threats and security breaches. So, you want to get the basics right to ensure the attacks don’t happen to you. 

To start with, make sure to change the default password on your printer. Since anyone can access a printer remotely, a simple “123456” code won’t suffice. 

Second, make sure you’re using your own router to print files remotely. Never connect to “Guest” networks.

TIP #2. INSPECT PRINT TRAYS REGULARLY

This one is a no-brainer, but everyone could use it as a reminder. Make sure to check your print trays and get rid of unused pages carrying sensitive information. There’s no easier way to prevent data leaks than this.

Alternatively, you can get a shredder for your office and shred the papers you don’t want anyone to see.

TIP #3. INSTALL MALWARE AND FIRMWARE UPDATES

Invest time and effort to ensure that your malware and firmware protection are up to date and can handle all types of hacks.

The good news is that many printers come with pre-built malware protection.

HP, for example, installs the HP “SureStart” software in their printers that monitors approaching targets when the printer is on. The software can shut down the device if an attack comes its way. This is a great way to prevent attacks from spreading further within the network.

TIP #4. LIMIT ACCESS TO THE NETWORK 

Unprotected printers in a network are an extremely easy target for cybercriminals. Sure, businesses and offices require printers to access networks to perform remote prints. But if you can do the job by disabling the network access, make sure you do that.

If not, tweak the printer and network settings to only allow the device to take print jobs from the network you trust. This will help avoid outside interference and security breaches. 

TIP #5. UPDATE YOUR PRINTERS 

Updating a printer is equally as important as updating your phone to the latest software. Much in the way iOS developers look for bugs and fix them in a new update, printer manufacturers work toward known device vulnerabilities and update the software for added protection. 

Look for printer updates so you can easily overcome known threats to the printer. Ideally, update your printers every quarter to get the most out of the security benefits.

 TIP #6. INSTALL A FIREWALL 

If you run an office, chances are you already have a firewall. But in case you missed this requirement, now’s the time to do it.

Using a reliable firewall helps keep printers safe from cybercriminals.

Your computers most likely come with pre-built firewalls, and all you need to do is keep them enabled. But there are also specialized firewalls for homes and offices that offer advanced security and make it virtually impossible for anyone to break in.

TIP #7. ENCRYPT YOUR STORAGE

Printers with shared networks can perform distance printing. And when a print job is in transit and travels from a computer to a printer, hackers can intercept the data and exploit it

Is Updating From Windows 10 to 11 Worth It? Here Are the New Features in the OS (And Some Missing Ones)

Getting used to Windows 11 shouldn’t be too challenging. On the contrary, the OS comes with several intuitive features to enhance productivity.

Microsoft recently introduced Windows 11 as the company’s latest operating system. And compared to Windows 10, this OS has various features that can increase your productivity and provide a better user experience.

As soon as you start using Windows 11, you’ll see a marked improvement over its predecessors.

For example, it has refined several household features, such as video conferencing and video management. You also get enhanced note-taking, data input, and a user-friendly interface that should help you complete your duties more efficiently.

Many other features can help boost your productivity, and this article will talk about them in detail. We’ll also look at some features Microsoft didn’t include in the new version.

WINDOWS 11 – WHAT’S NEW?

FEATURE #1. NEW TASKBAR

Previous Windows versions feature an iconic taskbar, but it can sometimes get clunky. Windows 11 deals with the cruft and provides a streamlined solution.

The new taskbar is perfect for expediting work, as it can contain a list of recent cloud and local files. You can also pin various apps to improve access and utilize a search bar that allows for convenient web browsing.

Another highlight of the taskbar is clean lines and widgets that display essential information (e.g., weather, photos, and news).

This should be a tremendous upgrade from the busy display of Windows 10.

FEATURE #2. WINDOWS GROUPING AND SNAPPING

The enhanced Snap Group and Snap Layout features allow you to resize and manage windows more easily. You also get to keep essential apps grouped to maintain high productivity.

Using the feature is relatively straightforward: Just hover the mouse over the maximize button on the desired app to reveal your layout options. You can choose between several arrangements, such as four-app grids and side-by-side layouts.

And if your team needs to perform basic window management, they can still grab and pull windows to the edge of their screen.

This feature improves desktop organization, which is especially useful for people working with two or more monitors. They can reduce clutter rapidly, enabling them to focus on their tasks.

FEATURE #3. IMPROVED ACCESSIBILITY OPTIONS

Windows 11 follows in the footsteps of many smartphones to simplify setting changes and make them easily accessible. Pulling up your control panel now only requires one tap or click in the taskbar coroner, replicating Apple’s Control Centre.

Furthermore, Windows 11 apps feature aesthetic, curved corners, and your Settings incorporate more options you can tweak. For instance, blind or vision impaired users can take advantage of cutting-edge audio cues. There are also desktop themes to help reduce eye strain, which is essential if you work long hours.

On top of that, the new operating system has revamped voice typing. You can activate this with a simple keyboard shortcut. This feature supports most major languages, including English, German, Italian, French, Spanish, Simplified Chinese, and Portuguese.

Windows 11’s better accessibility means your team will no longer have to keep relying on your IT service provider to set things up for them.

FEATURE #4. BETTER APP STORE

Many apps can enhance workplace productivity, but you’ll first need to find them on your PC’s app store. Fortunately, Windows 11 came up with an organized and coherent platform to make the search easier. 

Besides universal apps, you can check out the applications compatible with your devices. The platform can also handle programs from third-party stores and manage app installation on the internet. 

FEATURE #5. SMOOTH NOTETAKING

If you’re using a touchscreen device, taking notes in Windows 11 should now be highly satisfying. This feature offers haptic feedback to generate physical sensations when drawing lines on the screen or checking boxes with your pen. 

Moreover, the Ink Workspace allows you to add preferred apps instead of using the standard snipping tool and Whiteboard. It gives you easy access to creativity tools the moment you pull out your pen.

WHICH FEATURES WERE LEFT BEHIND? 

Overall, Windows 11 should work great for your business. But bear in mind that Microsoft left out some features that were a staple in previous versions:

EXCLUDED FEATURE #1. TASKBAR CUSTOMISATION

Windows 10 users can move their taskbar from the horizontal position to the left, right, or upper part of their screen. In contrast, the Windows 11 taskbar is fixed at the bottom of the display, and you can’t customize the dimensions. 

The taskbar customization feature would have been helpful because it would let you use space more efficiently. 

Another significant change is that you can no longer move the Time and Date on your taskbar. Windows 10 didn’t have this problem since you could toggle off the Clock feature in your Settings. 

The default taskbar layout might be fine, but some users prefer higher customizability than what Windows 11 offers.

EXCLUDED FEATURE #2. DRAG-AND-DROP FEATURES

Windows 10 and some earlier versions allowed you to drag several items to change their position. For example, you could drag a Word document onto your Word icon on the taskbar to open it. 

This function is disabled in Windows 11. There’s no way to drag and drop or save any program or file onto your taskbar.

EXCLUDED FEATURE #3. CORTANA 

Cortana is a voice assistant counterpart of Siri, Alexa, and Google Assistant. Many people are used to it and may be disappointed to hear that it’s not a part of the Windows 11 system setup. You can’t even locate it in your start menu. 

The good news is that the Cortana application can still be found – it’s just hidden away. And you can enable it by visiting Settings and navigating to Apps & Features.

A WISE INVESTMENT

While Windows 11 isn’t perfect since it removed many valuable features, it’s still an excellent platform to help increase your productivity.

 Whether you need to organize your desktop more conveniently or take enjoyable notes, the OS won’t let you down. Plus, you get a revamped taskbar and powerful Voice Typing compatible with most major languages. 

Overall, Windows 11 can be a terrific asset for your business.

If you want to find out more about incorporating this new OS to boost productivity in your organization, contact us today. We can have a 10-15-minute chat to help you address key productivity issues in your company with the help of Windows 11.

Article used with permission from The Technology Press.

The Critical Importance of Virtualized Infrastructure Security (And 4 Ways to Enhance It)

A torn-down virtual infrastructure creates risks for any business. And it can have a significant impact on how quickly you can retrieve your data and resume operations following an attack.

These days, many businesses use virtualized infrastructure for more straightforward data storage. It’s because this approach is superior to physical solutions due to enhanced flexibility, straightforward provisioning, and affordable pricing. 

However, this model also requires a comprehensive approach to security. 

There’s a much greater risk of data loss, as many tools and practices for physical data protection are nearly useless in the virtual setting. Virtual threats are different, that’s why you need to think beyond traditional perimeter protection. 

So, if you’re using a virtualized infrastructure for data storage, keep reading. 

This article discusses the risks of improper virtualized infrastructure security and talks about ways you can improve it. 

DON’T LEAVE YOUR VIRTUALIZED INFRASTRUCTURE TO CHANCE

Virtualization security is crucial for every business’s security strategy. After all, we now live in a world of virtualized environments and need to apply security to all its layers.

Let’s explore three of the most common virtualization security issues.

ISSUE #1. EXTERNAL ATTACKS

These are a real threat to virtualized infrastructure.

If hackers enter your host-level or server management software, they can easily access other crucial parts of your system. They can create a new user, assign admin rights, and then use that power to extract or destroy your company’s sensitive data.

ISSUE #2. FILE SHARING AND COPY-PASTING

Host and virtual machine (VM) sharing is normally disabled. The same goes for copy-pasting elements between the remote management console and the VM. You can tweak the default settings by tweaking the ESXi host system, but this action isn’t recommended. 

Why?

Because if a hacker gains access to your management console, they’d be able to copy data outside your virtual environment or install malware into your virtual machine.

ISSUE #3. VIRUSES

Virtual machines, or VM, are prone to many attacks, with ransomware being among the most popular ones. For this reason, it’s crucial to keep regular backups of your website data and store them off-site at a place where they can’t be encrypted by hackers. 

If you fail to perform backups, you may find yourself in a situation where hackers could ask you for money to decipher your data. 

Restoring a VM is quite tricky even if you perform regular backups. Therefore, you need to educate your team members on alleviating the risk of getting ransomware and other viruses.

Optimizing Your Virtualized Infrastructure Security

Now that you’re aware of the 3 common issues a business can face if they have an unprotected virtual infrastructure, here are 4 tips on bolstering its security.

TIP #1. MANAGING VIRTUAL SPRAWL

Virtual sprawls are often associated with growing virtual environments. The concept simply means that the more you expand, the bigger the need to keep your VMs secure. However, the number of machines can outgrow your ability to do so. 

To manage your virtual sprawl, consider doing the following:

  • Create an inventory of all your machines at all times
  • Set up lookouts featuring multi-location monitoring
  • Monitor IP addresses that have access to your VMs
  • Look for table locks
  • Don’t use database grant statements to give privileges to other users
  • Keep both on- and off-site backups
  • Assess your virtual environment regularly and determine which machines you need and which ones aren’t necessary
  • Have a central log of your systems and log all hardware actions
  • Create a patch maintenance schedule for all machines to keep them up to date

<H3>TIP #2. FOCUSING ON VIRTUAL CONFIGURATION SETUP</H3>

If you use virtual servers, you risk major configuration defects. 

That’s why it’s essential to make sure initial setups are free from security risks. This includes unnecessary ports, useless services, and similar vulnerabilities. Otherwise, all your virtual machines will inherit the same problems. 

The truth is that many businesses have poor virtual network configurations. You can avoid being one of those by ensuring all virtual applications that call the host (and vice versa) have proper segmentation. This includes databases and all web services. 

It’s also worth mentioning that most virtualization platforms only offer three switch security settings: forged transmits, MAC address changes, and promiscuous mode. There’s no protection for virtual systems that connect to other network areas. 

So, make sure to investigate each virtualization platform that allows this kind of communication, including all memory leaks, copy-paste functions, and device drivers. You can also tweak the system monitoring assets to look out for these pathways. 

TIP #3. SECURING ALL PARTS OF THE INFRASTRUCTURE

It’s imperative that you properly secure all of your infrastructure’s parts. This includes its physical components (switches, hosts, physical storage, routers) and virtual and guest systems. Don’t forget about all your cloud systems as well. 

When it comes to protecting different infrastructure parts, here are some things you can do:

  • Install the latest firmware for your hosts. Virtualized infrastructure needs to have the latest security patches. So, keep all your VMware tools updated. 
  • Your active network elements such as routers, switches, and load balancers should use the latest firmware.
  • Patch all operating systems with automatic updates. Schedule patch installations outside of your work hours and include automatic reboots. 
  • All virtualized environments should have reliable anti-malware and antivirus software installed (and regularly updated). 

TIP #4. HAVING A ROBUST BACKUP PLAN

Proper disaster recovery (DR) and backup plans are crucial in ensuring your business can continue operating after an attack. It’s because both your physical and virtual components can equally suffer from damage done by hacker attacks, hurricanes, etc. 

Ideally, you want to have a DR site located at a faraway data center or in the cloud. This way, you’ll alleviate the risk of being shut for a long time if your vital data gets compromised. 

Also, make sure to back up your VMs and your physical servers. Fortunately, you can back up your physical systems that operate on Windows or Linux, as well as your VMs that run on any OS. 

Additionally, you want to make at least three copies of your data and store two of them in different virtual places. And make sure to keep one backup off-site. 

If you want to take things to another level, you can replicate your VMs to a different data center for emergencies. 

PRIORITIZE THE SECURITY OF YOUR VIRTUAL INFRASTRUCTURE 

If you never gave much importance to virtualized infrastructure security, doing so should be your priority now. Given the number of possible threats, protecting your VMs from unauthorized data sharing, viruses, and other types of attacks is crucial. 

All aspects of your physical and virtual components need to be protected to avoid issues. If this topic is all Greek to you, you’re not alone. The reality is that many business owners have struggled with the same problem. 

However, you can reach out to us for a 10-15-minute chat where we can discuss how you can bring the security of your virtualized infrastructure to the next level. 

Article used with permission from The Technology Press.

Making Your VoIP Network Bulletproof (Six Tips to Protect Your VoIP from Cyberattacks)

Hardly any phone call system in a business beats VoIP when it comes to efficiency and flexibility. However, it’s not immune to cyberattacks. Discover how you can secure your VoIP ASAP.

What kind of communication system are you using for your business?

I asked because many modern-day businesses have now switched to the Voice Over Internet Protocol (VoIP). This technology allows employees to perform voice calls using only their internet connection. 

It’s often a wise choice considering that using VoIP comes with several benefits to a business.

Among its benefits include lower operating costs, greater convenience than traditional services, increased accessibility, higher scalability, and the ability to multitask. VoIP also comes with advanced features for teams of all sizes, is completely portable, and offers superior voice quality. 

However, VoIP systems also have limitations, with cyberattacks being their number one downside. 

The good news is that it’s possible to protect a business’s VoIP system from hackers. And if you already implemented this in your business, it’s not too late to secure it.

Read on to discover the most common threats to your network and tips on preventing them.

THE NEED FOR VOIP PROTECTION

All VoIP systems require a stable internet connection to function properly. Unfortunately, their reliability on the internet makes them vulnerable to various security issues.

Some of the most frequent ones include:

SECURITY ISSUE #1. DENIAL OF SERVICE

Denial of Service (DoS) is a common threat to VoIP systems comprising attacks designed to shut down a machine or network and make it inaccessible for use. 

When this happens, legitimate users of VoIP technology may not be able to access their information systems and devices. And call centers can be affected by lower call quality, uptime, and latency.

SECURITY ISSUE #2. WAR DIALLING

War dialing is an attack that controls the company’s private branch exchange (PBX) and scans for other phone networks. This means hackers can dial numbers and connect to modems and other extensions.

SECURITY ISSUE #3. TOLL FRAUD

Toll fraud is a threat that consists of making calls to outside lines from a company’s existing system. 

For example, hackers will dial costly international numbers intending to rack up toll charges to your business.

SECURITY ISSUE #4. PHISHING

This is a common threat wherein attackers send fraudulent messages designed to trick victims into revealing sensitive information. Often, the unsuspecting victims would divulge information about passwords, internal IP networks, and similar data.

SECURITY ISSUE #5. MALWARE

It’s a threat where attackers install malicious software via email or phone. A file or code gets delivered over a network and has the goal of infecting, stealing, or exploring the information contained within a system. 

After infecting the system with malware, VoIP hackers can enter your network and access critical business information

SECURITY ISSUE #6. CALL INTERCEPTION 

The call interception attacker uses unsecured networks to intercept the Session Initiation Protocol (SIP) traffic that serves to initiate, maintain, and terminate real-time voice and video sessions. 

A victim of a call interception attack can be redirected to another line hosted by the hacker, for example

6 TIPS FOR BOOSTING VOIP SECURITY

Given the variety of threats imposed by attackers on VoIP systems, it’s necessary to optimize your VoIP security ASAP. 

Here are 6 valuable tips to get you started.

TIP #1. SET UP A FIREWALL 

Secure firewalls are necessary for all VoIP systems. It’s important to make your VoIP software and hardware firewalls scan information that goes in and out of the system and ensure it’s secure. 

If spam or a threat comes your way, the firewall will identify and gain control over it, shielding your system shielded from the attack.

Also, a good firewall will allow the data packets you send to travel unhindered.

TIP #2. USE STRONG PASSWORDs

Your VoIP system is no different from any other software or platform you use for handling sensitive information. For this reason, it needs to be protected with strong and regularly updated passwords. 

Aim for combinations of at least 12 characters, including numbers, upper- and lower-case letters, and special symbols. And for ultimate protection, go for passwords consisting of a random character series. 

It’s crucial to set a password as soon as you configure your VoIP system. Otherwise, you’re likely to forget about it later. 

Also, remember that some VoIP phones come with pre-set passwords, often available publicly. That’s why you should change yours as soon as you get a chance. 

Ideally, try to change your passwords every three months.

TIP #3. RESTRICT CALLING

Many VoIP attacks happen due to toll fraud. So, if your business runs locally, there’s no need to have the international call option enabled. This allows you to be on the safe side and avoid paying expensive bills you weren’t even responsible for making. 

You can let your VoIP service block 1-900 numbers to avoid toll fraud

TIP #4. ENCOURAGE YOUR TEAM TO REPORT SUSPICIOUS BEHAVIOUR

Many of the VoIP attacks arrive due to irresponsible behavior. To prevent this from happening, educate your team on how they can best do their job without affecting the system’s security. 

For starters, they should know how to spot unusual network activity, handle passwords, and report suspicious behavior. They should also report ghost calls and missing voicemails whenever received. Staff also shouldn’t store voicemail for too long. 

The reality is that sometimes, cybersecurity training during onboarding often isn’t enough. That’s why you should do periodical training to keep your VoIP safe at all times. 

TIP #5. DEACTIVATE WEB INTERFACE USE

Ideally, you should deactivate the web interface used for your VoIP system.

Why?

Using phones on a desktop computer opens an area of weakness to attackers. It’s enough for a single phone user falling prey to leave the whole system exposed to an external party. All your data can be stolen in text format as a result.

So, unless it’s absolutely necessary for you to use the web interface, be sure to secure it very strictly.

TIP #6. USE A VPN FOR REMOTE WORKERS

Virtual Private Networks (VPNs) are great software that encrypts traffic regardless of your employee’s location. 

You can set up such a network for your remote staff to prevent data leaks and breaches. The good news is that using this service won’t degrade the call quality. 

(RE)GAINING CONTROL OVER YOUR VOIP SECURITY

VoIP systems are a fantastic alternative to landlines. After all, they offer many more features and flexibility at a fraction of the cost. However, their reliability on the internet also makes them susceptible to cyberattacks. 

If you have just set up a VoIP system for your company or are thinking of starting one, securing it should be your number one priority. Don’t risk falling prey to toll fraud, malware, phishing, and other attacks. Take some time to secure your business by following the tips from this article. 

And if you need more help to implement these changes or would like to further discuss securing your business’s VoIP system, reach out to us and we can set up a 10-15-minute chat.

Article used with permission from The Technology Press.

Page 1 of 3

Cosaint Technologies ©2022