October 27th, 2015

164_B_SecHow secure is your business’s network? If your organization lost access to all data for 48 hours due to a cyber attack, could you still operate? Today, small and medium-sized businesses are increasingly targeted by hackers. If your security isn’t up to par, you could suffer a drop in profits and a damaged reputation, and could even potentially go out of business. To prevent this from happening, here are a handful of rules to keep in mind when securing your SMB.

Recognize where your most critical data lies

Is it in the cloud? Hard drives? Backup disks? Mobile devices? Whether or not you have the budget and resources to adequately secure all of your data, the critical data that your business relies on must be sufficiently secure. If you’re unsure of what that is, ask yourself which data you would need to access within 24 hours of your business suffering a major disaster, in order to ensure your operations remained up and running. Once you’ve answered this question, talk with your IT managers to determine the security measures that need to be implemented to protect your most vital data.

Learn the basics

After you’ve bulletproofed your critical data, it’s time to arm your network with the basics. If you haven’t already done so, ensure that you have anti-malware protection on servers and endpoints, and firewalls for both wireless and wired access points.

If you have the budget, it’s worth seeking outside counsel from an IT expert fluent in today’s security best practices. They’ll ensure your business is protected from the latest cyber threats. However, if you don’t have the budget, then it’s time to take matters into your own hands. Read up on security trends, join technology networking groups, and ask your fellow business owners about their own IT security policies.

Cash a reality check

Bad things happen to nice people. Tornadoes, fires, thieves, and faulty technology couldn’t care less about how your business donates to local charities and supports your community’s youth sports clubs. What’s more, hundreds of small businesses across the country suffer severe data loss each year. Ignorance and turning a blind eye will not protect you, so make a wise decision and automate your data to be backed up daily. This allows your business to remain in operation if you’re hit by a security breach.

Dispose of old technology properly

Whether it’s a computer, server or tablet, any device that stores data on it must be properly disposed of when it conks out. Specifically, the hard disk must be destroyed completely. And remember, proper data disposal is not only limited to technology, as critical information is also revealed on paper files. So if you’re migrating the content of physical documents to the cloud, make sure to shred the paper versions too.

Mind your mobiles

The mobile age is here, and along with it come employees who may access your business’s critical information via their smartphones, tablets and other mobile devices. Recognize that many of these devices have different operating systems that require varying security measures. You and your IT manager should be aware of this, which leads to our last point...

Think policy

Have a policy for all your company’s devices. If you don’t inform your employees they shouldn’t access company information via their phones or tablets, then they’ll likely assume it’s okay to do so. But thinking policy doesn’t pertain only to mobiles. You should also determine acceptable online behavior for your employees, as well as how data should be shared and restricted. Put this in writing, and then have your employees read and sign it.

Of course, it’s not always wise to be overly restrictive. Rather the point is to have policies in place and make everyone in your organization aware of them because if you don’t each staff member will make up their own rules.

Are you concerned your business’s security isn’t up to par? Need the guidance of a seasoned IT provider who specializes in security? Talk to us today.

Published with permission from Source.

Topic Security
October 8th, 2015

Security_Oct2_BPopular mobile instant messaging app WhatsApp was at the center of a recent security breach which saw the information of as many as 200 million users potentially exposed to the mercy of hackers and malware. The threat, which affected the recently launched web-based version of WhatsApp, was detected by an IT security firm in Israel and patched up before news of it became public. Yet it serves as a reminder to remain vigilant when using web and mobile apps, whether for business or pleasure. Here’s what you need to know.

The web-based version of the WhatsApp app was only launched a few months back, initially for WhatsApp accounts on Android and Windows Phone devices and later for those on iPhones, but has already grown in popularity. The recent security vulnerability related to vCards, electronic business cards shared by WhatsApp users, and effectively amounted to a kind of phishing.

An error in the WhatsApp web client meant that less-than-innocuous vCard business cards created by hackers were not properly filtered out by the app. As a result, these phishing-style cards made it through to users who, if they clicked them, were at risk of the cards converting themselves to more harmful executable scripts once downloaded - and potentially accessing and playing foul with users’ personal data. There are even reports of a ransomware approach being taken by hackers in this case, with attempts being made to extort cash from WhatsApp users in exchange for restored access to their infected devices and hijacked data.

WhatsApp put a fix in place, by releasing an updated version of the app, prior to making public news of the security vulnerability. It’s worth making sure you have the latest version of WhatsApp installed on your phone, if you haven’t checked recently - WhatsApp’s phone and web versions are linked to one another, so ensuring you are up-to-date on your phone is the way to ensure you’re safe when using the web client too. The patch is also available directly through the web client, though this won’t update your phone’s version of the app at the same time.

The whole affair also serves as a timely reminder that it pays to be vigilant when it comes to using WhatsApp and other instant messaging platforms - including email. Avoid opening links or downloading files that you’re not expecting to receive, and proceed with caution even if you were anticipating them. It’s better to double check with the sender that they’re consciously passing a file to you, and that they’re fully aware of its contents, than to wait until your device has been infected and damage has potentially been inflicted on your vital data.

Want to learn how to keep your devices safe from phishing attempts and other potential security vulnerabilities? Give us a call and let us equip you with tamperproof solutions.

Published with permission from Source.

Topic Security
September 1st, 2015

The Ashley Madison hack is simply the latest case of a big time company having valuable data stolen. It’s a trend that shows no signs of subsiding, so you would be foolish to not pay attention to it. Want to know what your business should learn about security from this scandal? Here are three important takeaways from the Ashley Madison hack that your company should take note of.

1. Make sure your company’s security data is actually secure

You probably tell clients their information is secure, but just about every company makes that claim. One of the biggest mistakes made by Ashley Madison was the failure to know if its data was truly secure. The company publically lauded its security, but it now seems like those claims were rather hollow. In fact, it appears as if no one at Ashley Madison knew a whole lot about its security practices until it was too late.

Don’t simply pass off your business’s security to the IT department. Being involved will allow you to see how it works. You don’t need to be a tech expert to understand how your data is being secured. Your security provider, whether it be in-house or via a managed services provider, should be able to explain security practices in layman’s terms. This will allow you to ask questions and be proactive because chances are if you see a weakness, others will notice it as well.

2. Beware of your employees and their email and Internet activities

Another takeaway from this scandal was the fact many employees, both from private companies and government offices, were using business email accounts to sign-up for Ashley Madison and office Internet connections to access the site. Putting the ethical questions aside for a moment, public sentiment is undoubtedly negative and companies with employees who used Ashley Madison at work have been exposed to the scandal’s backlash.

By placing the appropriate email and Internet security solutions in place at your business, you can reduce the amount of risk your company is exposed to by employees. No one really wants to put restrictions on their employees’ Internet and email access, but it is important to be smart. Being connected to scandals like this can bring unwanted publicity to your business. Worst of all, your employees might not even realize they are putting your company in harm’s way when they access this type of content at work.

3. Be prepared for data loss

As the Ashley Madison case has shown us, massive data theft or loss can be the end of your business. When clients trust your business with their data, they are confident in your ability to protect it. Of course, things do happen and if your data does go missing, it’s important to have a plan of action ready. While it’s unlikely your company’s data breach is unlikely to garner the attention of Ashley Madison, it means a whole lot more to you, your company and your employees. Just because your company isn’t big doesn’t mean it’s invincible.

A disaster recovery plan can help your company ensure it has backups and even backups of your backups. If you believe your data has been stolen by hackers, it is important to act immediately. You’ll need to quickly assess what information has been stolen and inform the appropriate parties so they can take the necessary steps to protect themselves. From there, you will want to re-secure your company closing any security loopholes that have been found. Finally, access your backups and make sure your business continues to operate as close to normal during the crisis.

Worried about your security? We can show you how to protect yourself. Contact us today for more information on how to keep your company safe.

Published with permission from Source.

Topic Security
July 23rd, 2015

164_Sec_BSince many of us out there have been using the internet for decades, it’s likely that most of us have had our systems infected by malware at one point or another. But how many of us actually know what the differences are between malware, viruses, trojans, and other online threats? For those without a clue, here’s a description of four of the most common ones and the security measures you can take to keep your business protected.


Malware is the short version of the word malicious software. And this is a general term that encompasses many types of online threats including spyware, viruses, worms, trojans, adware, ransomware and more. Though you likely already know this, the purpose of malware is to specifically infect and harm your computer and potentially steal your information.

But how do the different types of malware differ from one another? How can you protect your business from them? Let’s take a look at four of the most common forms of malware below.

Virus - like a virus that can infect a person, a computer virus is a contagious piece of code that infects software and then spreads from file to file on a system. When infected software or files are shared between computers, the virus then spreads to the new host.

The best way to protect yourself from viruses is with a reliable antivirus program that is kept updated. Additionally, you should be wary of any executable files you receive because viruses often come packaged in this form. For example, if you’re sent a video file, be aware that if the name includes an “exe” extension like .mov.exe, you’re almost certainly dealing with a virus.

Spyware - just like a spy, a hacker uses spyware to track your internet activities and steal your information without you being aware of it. What kind of information is likely to be stolen by Spyware? Credit card numbers and passwords are two common targets.

And if stealing your information isn’t bad enough, Spyware is also known to cause PC slowdown, especially when there is more than one program running on your system - which is usually the case with a system that’s infected.

A common mistake many people make is they assume their antivirus software automatically protects them from Spyware. This is not always true as some antivirus isn’t designed to catch spyware. If you’re unsure if your antivirus prevents Spyware, get verification from your vendor. And for those that are already suffering from Spyware infestation, two programs that work wonders to clean it out are Malwarebytes and SuperAntiSpyware.

Worms - similar to viruses, worms also replicate themselves and spread when they infect a computer. The difference, however, between a worm and a virus is that a worm doesn’t require the help of a human or host program to spread. Instead, they self-replicate and spread across networks without the guidance of a hacker or a file/program to latch onto.

In addition to a reliable antivirus software, to prevent worms from infecting your system you should ensure your firewall is activated and working properly.

Trojan - like the trojan horse from ancient greek mythology, this type of malware is disguised as a safe program designed to fool users, so that they unwittingly install it on their own system, and later are sabotaged by it. Generally, the hacker uses a trojan to steal both financial and personal information. It can do this by creating a “backdoor” to your computer that allows the hacker to remotely control it.

Similar to the other malware mentioned above, antivirus software is a dependable way to protect yourself against trojans. For further safety, it’s wise to not open up suspicious attachments, and also ensure that your staff members aren't downloading any programs or applications illegally at the office - as this is a favorite place hackers like to hide trojans.

Curious to learn about other common malware that can cause trouble for business owners? Want to upgrade your existing network security system? Give us a call today, we’re sure we can help.

Published with permission from Source.

Topic Security
July 9th, 2015

164_Sec_BA picture is worth a thousand words - and now a selfie may even be worth more. Later this year, MasterCard plans to jump into the facial recognition-based trend of online security with an app that allows users to verify online purchases with a selfie. But is this technology secure? Will it replace traditional passwords for good? Here’s what you need to know.

At the beginning of this autumn, MasterCard will acquire the help of 500 customers to test out a new application that enables people to verify their identity and authenticate online transactions with a facial scan. What does this mean? Instead of using a traditional password at the online checkout, MasterCard wants to give you the option to snap a selfie instead. According to the credit card giant, they’ve partnered with every smartphone company in the business to make this mode of identity verification possible.

Why is this happening?

A quote from Ajay Bhalla, security expert at MasterCard, suggests this is an attempt by the credit card giant to appeal to a younger crowd of digital natives. "The new generation, which is into selfies...I think they'll find it cool. They'll embrace it," Bhalla recently said.

That said, the “cool” appeal to youth is likely not the only reason for this change. The firm is likely attempting to make online purchases both more secure and more convenient.

How it works

To use this technology, users will have to download a dedicated app, which they can then use to take a photo of themselves at checkout. But how does MasterCard prevent a thief from using a photo of you to fake your verification? Simple - the app requires you to blink to prove that you’re a living, breathing human being.

However, it’s been noted by critics that, in today’s technological world, even a blink can be animated on a static photo. This leaves those of us with security concerns wondering whether MasterCard will make this app more secure before it’s released.

Note as well, though, that MasterCard is not getting rid of traditional passwords completely. Users will still have the option of the more conventional method of verification, as well as the choice of fingerprint scanning to check your identity.

Is this where the future of online security is headed?

With the release due later this year of a similar Windows 10 security application to identify users using biometrics, it appears that this is where the future of online security is headed. And with ever more applications and online services requiring a password, it is becoming increasingly difficult for the average web user to create one that is both unique and secure for each individual service. So whether it’s facial recognition, a fingerprint scan or some other technology that’s yet to be perfected, it seems as though some sort of more advanced security solution is inevitable.

Want more of the latest security news? Looking to implement new security to protect your IT infrastructure from cyber threats? Get in touch today.

Published with permission from Source.

Topic Security
June 2nd, 2015

Security_May27_BData breaches are all too common and, without adequate protection, every business is at risk of external attack. In fact, it’s never been more important to ensure your organization’s policies and procedures are foolproof, and that you have contingency plans in place should something go wrong. Google just made that easier for Drive for Work users, by adding physical Security Keys to its safeguarding toolbox. Here’s what you need to know.

Google already offers security precautions like two-step authentication, which provides additional protection by requiring you to enter not only your password but also a one-time code received by SMS or similar. This is a crucial weapon in the fight against hackers, since weak usernames and passwords are still be the primary reason for accounts being breached. Security Keys now take things one step further, strengthening your Google Drive account’s coat of armor to an even greater extent.

The Security Key is a physical USB device that is plugged into your computer, and which sends an encrypted signature, instead of a password or other code, to verify your identity and permit you access to your Google account. Crucially, Security Keys are inexpensive - starting from around $6 per unit - and require no additional software for deployment, use or management. Administrators have the ability to track when and where each key is used, as well as being able to disable them if lost and issue backup codes to allow staff uninterrupted access even if they do misplace their key.

Simplifying the login process is also a key part of what Google has tried to achieve with Security Keys. To that end, the first time you use your key to access your Google account on a particular computer, you can opt for Google to remember that device. On subsequent occasions you can quickly sign in using only your password, and without requiring either your key or a two-step authentication code. You can still sign in using your key on other machines, and if a hacker tries to access your account without your key they will also be prompted for a two-step verification code (which, unless they have access to your cell phone, they shouldn’t be able to provide).

Security Keys aren’t an entirely perfect solution, though - there are some significant limitations to the technology. For one, you can’t use them on mobile devices, since they require a USB port to work, and they only allow you to access your Google account through the Chrome browser. Windows, Mac OS, ChromeOS and Linux operating systems are all supported, but if you’re working from your phone or on a browser other than Chrome then you’ll need to continue using two-step authentication. Google says you can mix and match different methods of verification, opting to use Security Keys where they are supported and two-step verification otherwise (or if you don’t have your key with you).

What’s more, only Google Drive currently supports Security Keys - it’s not yet possible to use them with Google Apps, for example. But, while the technology is primarily targeted at Google Drive for Work users, it’s possible to link a single key to multiple accounts, meaning you can use it to access both your work and personal Google accounts. Some users have also queried how much of a safeguard the technology really provides in the absence of an additional PIN code or fingerprint authentication being required for activation, suggesting that a stolen Security Key could be used to access a computer that a user has previously asked Google to remember. But Security Keys do appear to offer at least some additional protection, which will be of comfort to businesses handling sensitive data.

Give us a call to find out how to employ Security Keys and other technology solutions to bolster your protection against network intrusion and data breaches.

Published with permission from Source.

Topic Security
May 14th, 2015

164_Security_BIf you’re considering transitioning your business to the cloud, have you considered the security of the platform? While providers would like us to believe that the friendly fluffy cloud image used to market the service means it is automatically secure, the truth is that the reality is far different. Just ask one of the nearly seven million Dropbox users who had their accounts hacked. This is not meant to scare you, but only to make you aware that cloud security needs to be taken seriously - especially if you’re a business owner. To help you take the correct precautionary measures as you transition to the cloud, we’ve put together a list of actions you can take to ensure cloud security.

The cloud is playing more and more of a significant role in business. Yet, as more companies jump on the bandwagon, very few of them seem to be taking cloud security seriously. According to a recent survey, the "Security of Cloud Computing Users Study" , only 50 percent of those surveyed had investigated the security of the cloud services they used.

To ensure you put in place proper security measures when beginning your cloud venture, here are five actions every small business owner should take.

Ask your IT provider what cloud security policies they have in place - this is probably the single most important security measure you can take. Find a trusted IT provider and have a candid conversation with them about their cloud security policies.

Ask where the location of the physical cloud servers are - when you have “the conversation”, don’t forget to ask about this. Believe it or not, some cloud servers may not even be stored in your own country. Wherever they are, it’s wise to make sure they’re located in a safe data center area with proper security afforded to them.

Create unique usernames and passwords - your login credentials represent one of the cloud’s main security vulnerabilities. Take the time to come up with a better password than “12345” or “football.”

Use industry standard encryption and authentication protocols - IPsec (Internet Protocol Security) is a reliable technology choice.

Encrypt data before it’s uploaded to the cloud - whether you do it yourself or your cloud computing provider does it for you, this is a must to ensure security.

When it comes to trusting the security of a cloud service provider, transparency is key. The provider should take security seriously, be able to explain their security policies clearly, and be willing to answer any questions. If they can’t do one of these, it’s a clear sign of a red flag.

Are you ready to talk cloud security and transition your business into the cloud? Call us today. We’re happy to answer all your questions.

Published with permission from Source.

Topic Security
April 30th, 2015

Security_Apr29_BThere have been many security breaches to big-name companies over the past few years - eBay, Adobe, Home Depot, and Sony Pictures to name a few. While large enterprises are primary targets for hackers, small and medium-sized businesses are also vulnerable, and therefore need to arm themselves against data security threats. More often than not it is impossible to undo the damage caused by hackers, but you can take certain steps to prevent it. Applying these simple security tips can help protect your company’s data.

Get rid of passwords

We are all accustomed to setting passwords to our online accounts, and the tip is always the same - set strong passwords, and change them regularly. But according to Verizon, a global communications and technology leader, a quarter of data breaches analyzed in this year’s report could’ve been stopped if the victimized company had applied more than a password in its defenses. The problem is that passwords can be used with any computer, which is why companies like Facebook and Google have replaced passwords with USB tokens. Tokens, when plugged into a company’s computer, act as a verification device and an extra layer of security.

Encrypt all data

Encryption is a great obstruction to hackers, since it scrambles and descrambles data each time someone tries to read it. Encryption also causes compatibility issues if the data is not being accessed via the company’s own network systems. While applying encryption can be costly, it is certainly well worth the money if it can protect your business data from leaking into the wrong hands.

Keep systems up-to-date

The technology world is moving at a fast pace. Hackers are always upgrading their tools to take advantage of outdated security systems, and so companies should do likewise to protect their valuable resources. Yet many companies who use software don’t install updates immediately. If the update intends to close security loopholes, delaying an update exposes you to external attacks. So install software updates as soon as they come out in order to give hackers no reason to penetrate your systems.

Back up frequently

Although you’ve implemented several security layers to your data, sometimes hackers can find their way in. This is why you need to back up data frequently, whether it’s on-site, off-site or by way of cloud backups. In the worst-case scenario if your systems do get infiltrated, you can restore lost data from those backups and quickly strengthen security.

Monitor connectivity

Many businesses have no idea how many computers they have, so it’s very hard to keep track of which computers are online. Sometimes a company’s computers and servers are online when they don’t need to be, making them a tempting target for attackers. With that in mind, it’s advisable to configure business servers properly, ensuring that only necessary machines are online and that they’re well-protected.

It’s much more expensive to fix a data breach than to prevent one. If you’re looking to check your business IT systems for potential threats, contact us today and we can help.

Published with permission from Source.

Topic Security
April 16th, 2015

164_B_SecWe all know that computers can get infected with viruses, but did you know that your phone or tablet can as well? Yes, it is in fact true. And just because you have a new fancy Android device, doesn’t mean you’re immune. So if your phone or tablet starts acting funny and you suspect a virus is responsible, it’s time to take action with these six steps.

The lowdown on Android viruses

First off, let’s just put some things out there and clear the air. One, getting a virus on your Android product is actually incredibly rare. Two, when you see pop-up ads prompting you to buy a virus removal app, don’t freak out. This doesn’t automatically mean your device is infected. In fact, buying one of these apps could actually get you a virus! This is because all Android viruses are contracted via apps you install on the device. Which means the safest way to avoid getting one is to only install apps from the Google Play app store. If you must buy one outside of this, it’s wise to do your research first.

Before we get to what we think is the best solution, there are alternative ways to remove a virus that should be noted:

  • Use antivirus apps from Google Play - a lot of these are free and will detect and remove malicious apps, but some have a tendency to report apps as infected when they’re actually completely fine.
  • Perform a factory reset - if there’s a virus on your phone, this is a surefire way to remove it. However, in doing so you return your phone to its original factory settings. That means you’ll lose everything you’ve added since then that isn’t backed up.
Now that that’s out of the way, let’s get to the recommended option below.

How to remove the virus

  1. Turn safe mode on: To do this, access the power-off options by pressing the power button, then press and hold Power Off. This gives you the option to restart in safe mode. However, this doesn’t work with all models of the Android phone or tablet. If it doesn’t work with your device, a quick Google will pull up model-specific instructions. And what’s the point of turning on safe mode in the first place? Simple - it prevents any malware from running.
  2. Search for the infected app: Do this by opening Settings and then Apps. Once you’ve done this, be sure you’re looking at the Download tab (since the virus can only be something you’ve downloaded), and then start searching for the suspected app. If you don’t know the virus’s name, it’s likely something that looks out of place.
  3. Uninstall the app: Yes, it’s really that simple. Just click on the suspected app and uninstall it. Then you’re done. But if the name of the app is grayed out and you can’t even tap it, it means the virus has given itself Device Administration Status. In this case, follow the next three steps below.
  4. Remove Administrator Status: Do this by tapping on Settings and Security, then Device Administrators. Simply uncheck the infected app and hit Deactivate on the next screen.
  5. Uninstall the app: Now when you return to the Apps menu, the infected app will no longer be grayed out. Simply uninstall it.
  6. Restart your device: This takes it out of safe mode. Now your phone will be virus-free.
Want more ideas for Android and IT security? Don’t hesitate to give us a call today.
Published with permission from Source.

Topic Security
April 2nd, 2015

Security_Apr1_BEmail is one of the best things the internet has made possible. We use email to signup for websites, apply for jobs, make payments, and much more. But when we put more sensitive information into our emails, we also are exposing ourselves to the risk of data theft. What's more, you stand to lose more than just an email account if hackers get their hands on your vital information. So, here are some tips to strengthen your email security.

Use separate email accounts

Most people use a single email account for all their personal needs. As a result, information from websites, newsletters, shopping deals, and messages from work get sent to this one inbox. But what happens when someone breaks into it? There’s a good chance they would be able to gain access to everything else.

Having multiple email accounts will not only boost your security, but also increases your productivity. You can have a personal account to communicate with your friends and family, another solely for receiving emails from work, and one recreational account for various website registrations and getting newsletters. Wise email users never put all their eggs in one basket!

Set strong passwords

Too many email accounts have predictable passwords. You might be surprised to learn that email passwords like ‘123456’, ‘qwerty’, and ‘password’ itself are still the most common around. For the sake of security, be a little more selective with your passwords. Spending a few moments on coming up with a good password will be beneficial in the long run. Mix upper and lower case letters, numbers, and special characters to form a unique password that makes sense and is memorable to you, but no-one else. Also, never use the same password for all your email accounts. This way, if someone hacks one of your accounts, all of the others are still safe.

Beware of links and attachments

When you see a link in an email, don’t click on it unless you’re expecting the link from a known source, such as from your friend or a confirmation link for your game account registration. The truth is that you never know where those links might lead you. Sometimes they can be safe, but other times they can infest your computer with viruses and malware.

Similarly, if you’re expecting a file from your friend or family, then go ahead and open the attachment. It’s always good to know the person sending the file. But be wary of attachments in emails from strangers. Even if the file name looks like a JPEG image, you should never open it. File names can be spoofed, and innocent files may be a clever virus in disguise, ready to latch itself onto your computer the moment you click on it.

Beware of email phishing

Phishing is a type of online scam when malicious users send you an email, saying that they’re representatives from high-profile websites like eBay, Facebook or Amazon. They claim that there’s a problem with your account, and that you should send them your username and password for verification. The fact is that, even if there was a genuine issue with your account, these companies would never ask for your password. You should ignore these phishing emails and sweep them into your spam box.

It all comes down to common sense when you’re dealing with email security issues. If you’re looking to secure your business emails, give us a call today and see how we can help.

Published with permission from Source.

Topic Security