Many of us look forward to January 1 as a fresh start. But as we hit that refresh button, it’s a good idea to look back too. No, we’re not saying you need to go sit by a waterfall and meditate on your IT infrastructure, but there are benefits to doing a new year tech review. What is a tech review?
In a tech review, you can accomplish several key things. First, you can gain a clear picture of what the IT infrastructure looks like. After all, technology is always evolving. You can determine what assets you have and how employees are using them. You’ll also revisit your tech spending and whether it's achieving business outcomes. A tech review also gives IT staff a chance to clarify roles and responsibilities, as well as mission. You may be setting your budget for the new year. With a tech review in hand, you can make sure you spend money on technology that will make a real impact. A tech review, done at any time of year, also offers you the ability to:
Steps for your tech review There are many steps to take in an effective annual review of your technology. Read the main ones here. Perform an IT inventory Make sure you know all your tech assets and where they are in their lifecycle. This is a good time to identify current hardware and software in need of upgrade or replacement. Then, you can plan ahead and avoid security risks or unplanned downtime. Review your IT outcomes You should be spending on IT to achieve certain business goals. Now’s the time to consider whether your technology is doing what you wanted it to do. A Harvard Business Review study found that 77% of respondents see an IT strategy–implementation gap. So, at least you’re not alone in needing to ensure your tech initiative aligns with business outcomes. Update tech guidelines You probably have policies in place governing how your IT is used. Revisit these annually to ensure you are keeping up with the way your tech is evolving. For example, if your people are remote more often, make sure your guidelines match those tech deployments. Survey employees Ask the people who are using your technology not only about what they are using but also how they are using it. This can help you identify areas to improve, upgrade, or automate. Or you might find out people are using software that IT didn’t vet first! Good questions to ask include:
Explore cybersecurity You can ask employees whether they have experienced a cybersecurity threat this year. But you’ll also want to review your data to see if there are any indications of cyberattacks. Also, examine and revise your firewall settings to make sure they are as current as can be. Review your findings and prioritize new technology Drawing on the input you’ve received and the data you’ve gathered, decide what actions to take. You might want to replace redundant software or some with poor user experience. Or you may need to invest in hardware such as computers or servers. You could also find opportunities to automate manual tasks to boost your productivity. Even if you have the budget for it, avoid making all your changes at once; it can be too overwhelming. Don’t expect your team to automate a process while also transitioning to new hardware. Bring your decision-makers together to decide on priorities and plan purchases and rollouts. We review for you! Don’t have the resources or know-how to do a year-end technology evaluation? Our experts can investigate your IT infrastructure for you. Call today to secure your spot for a Technology Review and start the New Year off on the right foot. 262-515-9499 The new year has just begun and it’s a time of renewal as we plan for the possibilities to come in 2023. It’s also a time when you need to plan for resiliency in the face of ever-present cyberattacks. Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse. They have a good reason. Attacks continue to get more sophisticated. They are also often perpetrated by large criminal organizations. These criminal groups treat these attacks like a business. In 2021, the average number of global cyberattacks increased by 15.1%.
To protect your business in the coming year, it’s important to watch the attack trends. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you better update your IT security to mitigate the risk of a data breach or malware infection. We’ve pulled out the security crystal ball for the upcoming year. And we've researched what cybersecurity experts are expecting. Here are the attack trends that you need to watch out for. Attacks on 5G Devices The world has been buzzing about 5G for a few years. It is finally beginning to fulfill the promise of lightning-fast internet. As providers build out the infrastructure, you can expect this to be a high-attack area. Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Anytime you have a new technology like this, it’s bound to have some code vulnerabilities. This is exactly what hackers are looking to exploit. You can prepare by being aware of the firmware security in the devices you buy. This is especially true for those enabled for 5G. Some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices. One-time Password (OTP) Bypass This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is well-known as very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password. There are a few different ways that hackers try to bypass MFA. These include:
Attacks Surrounding World Events During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters are lucrative. They launch phishing campaigns for world events. Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams. This is because they are often distracted by the crisis. People need to be especially mindful of scams surrounding events like these. They will often use social engineering tactics, such as sad photos, to play on the emotions. Smishing & Mobile Device Attacks Mobile devices go with us just about everywhere these days. This direct connection to a potential victim is not lost on cybercriminals. Look for more mobile device-based attacks, including SMS-based phishing (“smishing”). Many people aren’t expecting to receive fake messages to their personal numbers. But cell numbers are no longer as private as they once were. Hackers can buy lists of them online. They then craft convincing fake texts that look like shipping notices or receipts. One wrong click is all it takes for an account or data breach. Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500%. It’s important to ensure that you have good mobile anti-malware. As well as other protections on your devices, such as a DNS filter. Elevated Phishing Using AI & Machine Learning These days, phishing emails are not so easy to spot. It used to be that they nearly always had spelling errors or grainy images. While some still do, most don’t. Criminal groups elevate today's phishing using AI and machine learning. Not only will it look identical to a real brand’s emails, but it will also come personalized. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past. Schedule a Cybersecurity Check-Up Today! Is your business prepared for the cyber threats coming in 2022? Don’t wait to find out the hard way! Give us a call and schedule a cybersecurity check-up to stay one step ahead of the digital criminals. 262-515-9499 Article used with permission from The Technology Press. The holidays are busy. We’re trying to get work done to have some fun, and we’re hosting family and friends. Plus, parents that have the holiday Elf tradition must remember to move the doll every night. It’s a lot, and it can make us more likely to fall for scams that can lead to data theft. Hackers like to take the path of least resistance. Why work harder than they have to for their ill-gotten gains? Instead, they’ll use social engineering to get you to give them your data or download their malware. Look out for these top holiday scams.
Parcel delivery scamsMore people are expecting packages this time of year. Bad actors take advantage of this with what’s called a smishing scam. It’s a particular type of scam using text/SMS messaging. You get a message from a known service telling you a delivery needs rescheduling, or that there’s an outstanding fee that needs to be paid. Recipients, who are already expecting a package, are quick to fall for the request. Clicking on the message link, they enter personal information or download malicious software. Tip: Go to the source of the package you’re expecting and see what they’re saying about your package delivery. E-card scamsAnother common holiday season scam takes advantage of our enthusiasm for money. Scammers send e-cards to your email. When you click on the link, you’ll download a virus or other malware (e.g. ransomware). Tip: Check the credibility of any e-card sender before downloading the “gift.” Christmas hamper scamsEveryone wants to be a winner, but don’t fall for the scammer calling or emailing to say you’ve won a Christmas hamper. They’ll claim to be from a legit organization and have some of your personal information already. That helps them make it all seem genuine. Then, they’ll ask for you to provide more personal details to collect your prize or gift. They may ask only for your full name, address, and phone number (if the request was emailed). They’ll be collecting this information for a more focused attack in the future. Tip: Use strong passwords and be careful about what personal details you put on social media. Fake websitesMany people shop sites that are unfamiliar to them at this time of year. Grandparents (even parents) know nothing about that latest trendy shop! Bad actors will set up fake sites offering gifts and services. They're looking to get your personal details and money. Tip: Prefer secure website addresses starting with “https” and displaying a locked padlock. Shopping scamsEvery season has its in-demand items. Scammers take advantage of this and set up ads for amazing deals on those items. Desperate to get this year’s toy for your toddler, you might be hooked. Or they’ll ensure people click on their ads by offering ridiculous deals. If you do get the item purchased via these ads, it’s likely to be a sub-par counterfeit. Tip: Shop with retailers you know and trust. Bank scamsThis scam operates year-round, but bad actors have an edge in the holiday season, when people spend more. Fraudsters typically call, text, or email as your bank having noticed suspicious activity. They get you feeling anxious and then urge you to take action (e.g. click a link or share personal details) to address the issue. Tip: Remember that banks never use unsolicited calls to ask for personal details, pressure you to give information, or tell you to move your money to a safe account. Protecting yourself this seasonThe tips shared throughout this article will help. At the same time, setting up password managers and antivirus software can also be useful. We can help you secure your online activity year-round. Tip: Contact our I.T experts today! 262-515-9499 You’ve thought it before: “that won’t happen to me.” It’s how humans get through most of their days without crippling fear. But when it comes to your business and its cybersecurity, this kind of blithe naïveté can prove costly. It’s estimated that 46% of users lose data each year. Yet businesses may not invest in proactive data backup. They think data loss won’t impact them or don’t know how to back up in the first place.
Still, backup is more affordable and accessible than data recovery after the fact. Any business in any industry is at risk of a data breach. It can come from an unintentional human error on the inside. Maybe someone means to send a sensitive spreadsheet to a colleague and sends it “reply all.” Oh no! Members of the press and the public were on that email thread! Then, there are cybercriminals working diligently to attack vulnerable organizations. Sometimes they do it to obtain data they can sell, or they might install ransomware to charge you money to regain access to your data. They could also hack you to try to get to a bigger target in your supply chain. Bad guys’ motivation aside, a data breach will hurt your business. Suffering a data breach can lead to:
In short, it’s not worth the risk of paying for data recovery, data breaches or ransomware. You can invest a lot less upfront to protect your data. Prevent the Worst from HappeningKeeping your business safe from cyber scams and other risks is essential. Do it in advance. Take preventative measures to avoid the larger cost of cleaning up a cyber mess after it happens. Invest in a solution that will manage all your software and system updates. Keep your system up to date with patch management to close weaknesses criminals might exploit. You’ll also want to install a firewall to block any brute-force attacks made on your network. Secure any endpoints connecting to your network from outside the firewall, as well. If employees connect remotely using mobile devices, tablets, and laptops, this means you. Also, invest in data backup. Having your data backed up can help you avoid serious downtime and give you more control in a ransomware situation. Staying current on all the ways to protect your business from cybercrime can be overwhelming, but don't deny the problem. Yes, a data breach could happen to you, and it costs so much more to deal with after the fact. Be proactive by partnering with a managed service provider (MSP). For a fixed monthly cost, an MSP can take on your patch management and ensure data backups. We can help you maintain a high level of protection against threats. Contact us today at 262-515-9499. You would need to be new to the internet to be unaware of threats to cybersecurity. With Internet World Stats reporting that 69% of the world is now online, that naïveté is increasingly unlikely. But is your business doing all it can to prevent email breaches? We know better than to use “123456” or “letmein” as passwords, but the threat remains. No matter the industry, global businesses are always at risk. Scammers send emails and set up spoof domains to get employees to enter access credentials online. Or criminals simply buy leaked emails and passwords from a previous data breach.
Once they’ve gained access, they can easily hide their activity. Setting up a simple “forward all email” rule gives them access to business communications. They can also see what services you use from the emails you receive. For example, they can identify which payroll software your business uses. Then, they go to that site and say they “forgot the password.” The reset instructions go to the email they can already access. So, they follow the steps, delete the email, and take control of the account. Criminals will also impersonate you and send invoices to your vendors or customers. They might send an invoice that looks like your genuine ones, but they end up paying the crooks. These attacks are working for cybercriminals. So, don’t expect email breach attacks to go away any time soon. Instead, take action to reduce the risk of compromise. How to protect your businessEducating your employees is an important first step. You can take all the steps we outline next, but humans will remain your weakest link. You'll want to:
Put a password manager application in place so employees set more complicated passwords. Enable multi-factor authentication on all email accounts. This makes it so that having the stolen credentials isn’t enough. A bad actor may have the username and password, but they also need the user’s authenticating device. That’s less likely. Another important move is to limit access to functions and features online. Take a least-privilege access approach. This means users can perform assigned roles but can't access other applications. This can curtail the damage if one user’s credentials are exposed. Ongoing monitoring of technology for signs of suspicious activity is also key. Set up alerts, and track activity logs. Your business wants to be able to react quickly rather than finding out weeks later about a hack. Keep online attackers at bayCreate a business environment that prioritizes prevention and detection. Email scams aren’t going to slow soon. Instead, your business needs to take action to shore up its defenses. We can help! Contact our IT experts today at 262-515-9499. In many areas of our lives there are myths that we accept as fact. Some of these are actually quite dangerous: believing that lightning never strikes in the same place twice could be fatal. Similarly, there are cybersecurity myths that demand debunking to keep your business safe. #1 “I’m too small to attack.”Any size of business, in any industry, can be the target of a cyberattack. In fact, hackers often hit smaller businesses because they lack the necessary protection. Also, a small business is more likely to pay a ransom, because it can’t recover otherwise.
Plus, small businesses can be a first stepping stone in a supply-chain attack. After getting into your systems, they might send a faked invoice from you to the larger target. The enterprise client, trusting your credibility, opens the attacker’s malware. Or hackers can use your vendor credentials to gain access to the enterprise network. #2 “Antivirus software is all I need.”If only it were that easy. You need antivirus software, but you can’t protect all your IT infrastructure with one tool. To detect and defend, you’ll need a comprehensive cybersecurity plan. Combine employee security awareness training with physical security measures, and put in place many layers of network and device defense, too. Then, keep everything patched and updated. That makes sure you’re leveraging what experts know about the evolving threat environment. #3 “Cybersecurity is IT’s job, not mine.”You may have an internal IT department you count on to handle cybersecurity. Many businesses also contract with a managed service provider (MSP) to keep them safe. These IT teams will work to secure your infrastructure and protect your data. They will put systems in place to detect threats and identify vulnerabilities. They can ensure appropriate data backup and do disaster recovery planning. Still, IT experts (whether internal or external) are only one player in the battle. Your employees remain a weak link. They are the ones that may inadvertently download malware, fall for social engineering scams, or use easily guessed access credentials. Your business needs to educate all employees about online safety and cybersecurity threats. Then, it’s everyone’s job to be aware and work to reduce risks to your business. #4 “Too much cybersecurity will hurt our productivity”This won’t be true if you set up effective security policies and protocols. Add regular monitoring and authentication tools that provide security without adding friction for employees. In fact, enhanced cybersecurity can actually help your productivity. It frees people up to work on other important business with less worry. Avoid a false sense of securityTrusting any of these myths can leave your business vulnerable to attack. A data breach or IT downtime can be devastating. Don’t risk the worst. Instead, work with IT experts to handle your cybersecurity, backups, compliance, and more. Contact us today at 262-515-9499 Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code. The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure. Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked. Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.
What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA). Are Any of These Vulnerabilities in Your Systems?? Microsoft Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. It needs to be removed from any computers that still have it installed. You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures. Here is a rundown of these vulnerabilities and what a hacker can do: CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.
Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.
Adobe People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities.
Netgear Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.
Cisco
Patch & Update Regularly! These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here. How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network. Automate Your Cybersecurity! Patch and update management is just one way that we can automate your cybersecurity. Learn how else we can help by scheduling a consultation today 262-515-9499 Article used with permission from The Technology Press. Banks and credit card companies are making it easier for us to get money on the go. We can check account balances, pay bills, and transfer funds online. We no longer even have to go into a bank or visit an ATM to deposit checks. But are you banking online safely? In the past, all we had to do was protect our PIN number (and remember it). Now, we need a mobile account password, too. The first precaution you can take is to have a strong, unique password. Can you believe that “password,” “123456,” and “letmein” remain common access credentials? Don’t do it! Also, avoid using things that a cybercriminal might guess or be able to learn from your social media. This eliminates anniversaries and birth dates, pets, and children’s names.
Don’t reuse your banking password anywhere else. Sure, if you duplicate the password, it’s easier for you to remember, but, a bad actor could access your credentials for another site. Then, they have that same email and password combo to use to try on your banking or credit card site, too. It’s also not a good idea to write down your passwords or keep track of them on a note in your phone. If you’re worried about remembering all your passwords, consider a password manager. A high-quality password manager can be a safe way to keep your passwords secret yet available. Top password managers use secure encryption for your access credentials. Make sure you’re only banking using your own, secured devices. This means don't check your balance or whether a payment cleared while in line at the coffee shop or in the airport. Don’t risk banking using a public Wi-Fi network that a hacker could be accessing to steal sensitive data. You also want to avoid using shared computers to login to your financial data. A cybercafe or library computer could have a keylogger that tracks your login details for criminal use. Watch out for phishing emails that look like they come from your bank, credit card company, or a tax agency. Criminals send urgent emails warning of strange activity or that you’re being audited to get you to react. Don’t click on any link or download any attachments in an email that appears to be from a financial institution – they don’t send private data directly in emails these days. They will send you to a secure inbox on their site. Always type the institutions’ Web address into the address bar. Otherwise, you might go to a fake, mirrored site that looks legitimate but will rip you off. Added security for online banking Two-factor authentication can help protect your financial accounts. Various banks will set it up differently, but you should definitely take the time to set this up. You might have to identify an image you selected besides using your password. Or you might need to enter a code sent to another device (such as a text message to your phone). The second level of authentication can be an annoyance in our convenience-first society. Still, it keeps your accounts secure, even if cybercriminals access your password. You work hard for your money, and you don’t want a cybercriminal taking control of or emptying out your financial accounts. Worried about securing your online activity at home or on mobile devices? We can help. Contact us today at 262-515-9499 for expert support securing your financial data. Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business. Well, a new report by cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security. Employees at small companies saw 350% more social engineering attacks than those at larger ones.
Why Are Smaller Companies Targeted More?
Reach out today to schedule a free technology consultation. We offer affordable options for small companies. Working from home wasn’t novel when the pandemic hit, yet COVID-19 forced businesses globally to give remote work a real try. Two years later, employees have a new view of modern work. Many expect to work from home, at least part-time. If you’re “commuting” daily within your home, you’ll want to consider these easy upgrades for your home office. First, an uninterruptible power supply (UPS) can save you a lot of stress. Although common in the business environment, homeowners may not have thought about one. A UPS allows your computer to keep running in the event of a power outage. Think of the UPS as a backup battery giving you a short window of energy to protect your data. They can also regulate voltage in the event of a power surge.
With a UPS, size typically matters: the bigger the battery, the more power it will store. So, consider what technology you’ll want to keep up and running and for how long. Size can also matter with your computer monitor. Working on a laptop can be convenient, but the screen will be smaller. Setting up your home office with a wide monitor can lead to productivity gains. This is especially true for people who like to keep all their files and folders up on their desktops. You can also reduce the time spent scrolling through open windows with a second monitor. That extra monitor may also save you from printing documents and cluttering your desktop with paper. Improving work quality in the home officeThe business environment is going digital. Do the same with a document scanner that handles many pages at once. Flatbed scanners can provide quality scans, but speed and quantity may matter more. Plus, once your documents are scanned, you’ll be able to search for information using keywords. Instead of poring over pages of text, you can go pour yourself another cup of coffee. If you’re stuck at your desk once the workday starts, invest in a standing desk. There are many options that allow you to easily convert the desk from sitting to standing and back again. This can help your energy levels and reduce stress on your body from sitting in the same position all day. Speaking of reducing physical stress, an ergonomic keyboard is another good investment. Plus, you may want to get yourself a better office chair. Back when your home office was a seldom-used space, sitting at an old dining room chair wasn’t a big deal. Now, though, you’ll want to do your body the kindness of getting a comfortable, supportive chair. One more simple upgrade to consider: noise-cancelling headphones make it easier to focus on your work while dogs bark. You'll also avoid volunteering for extra work without realizing that was what your boss was saying while you were shushing a child. Need help deciding on the right technology for your home office, or want to be sure you set it up correctly and securely? Our IT experts are here to help. Contact us today at 262-515-9499 |
Tech Force BlogWe provide you with important, practical tips and insight for your technology and networks for both home and business. Archives
March 2024
Categories
All
|