MSPNetworks Blog

We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.

That is, when you get any kind of email or text message with a link you weren’t expecting, whether it’s from someone you know or from your bank, just don’t click it. Instead, log into the account in question the way you normally would, and verify the information there, or confirm with the sender through some other means to make sure what they are sending is valid. While this is still a good practice, sometimes you need to click on a link. Here are a few tools you can use to check if a link is safe, before you click.

Why Would a Link Be Dangerous?

First of all, why wouldn’t you want to trust a link that someone you trust sends you?

There are a lot of reasons. Even if it looks like a video message from your dear sweet Nana, or a virtual Christmas card from your youngest niece, there is a chance that the sender has been compromised and is trying to spoof their contacts. 

You want to know when it’s probably not a scam or a threat? When your dear sweet Nana or your niece calls you up on the phone and asks you to look at it.

That simple two-step confirmation makes all the difference in the world. Otherwise, you should consider the risks that maybe, just maybe, the sender was compromised and that the link you are being sent is malicious.

The same goes for the business end of things. 

Your coworker, business partner, vendor, or client might have no reason to do anything malevolent to you. If they fall for a trick themselves, though, a part of that trick might include spreading to all of their contacts.

A malicious link could contain malware that infects your computer, tries to steal your data or access your online accounts, and also spreads itself as quickly as possible to anyone in your contacts list. Not only will you be the victim, but your friends, family, and colleagues will be YOUR victim, and so-forth.

How to Safely Identify and Copy a Link

Before we get into the tools, let’s quickly run through what we mean by a link.

Basically, any text or graphic that is clickable and takes you to another page in your browser is a link. Sometimes, that link will be written out, with the https:// and the full URL. 

For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29 

Links could also just be text that is clickable. So instead of writing out the URL, the link might be something like this: Get Started with PayPal

Now here’s the thing. If you’ve been paying attention, we’ve already proven to you just how easy it is to trick a user into thinking they are going to one website, and taking them somewhere totally different. Both of the links above don’t actually go to PayPal. We assure you that they are safe, but they are taking you to goofy fake mustache glasses on Amazon.

Sometimes, links are graphics, like buttons, icons, pictures, or virtually anything else. If you can click or tap it and have it take you somewhere, it’s a link, and any links can be spoofed very easily.

If you want to tell where a link is going to take you, you need to copy the actual link:

 On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”

Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)

On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”

Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.

Safely Check a Link Before You Click it with These Tools

You can use the following tools to check the safety and legitimacy of a link. Keep in mind, this won’t protect you from one hundred percent of all scams, as these tools can only check for known threats. It’s also a good idea to use multiple tools to cross reference, in case some of the tools just haven’t been made aware of the link you received.

Use Norton Safe Web to Check a Link
Norton Safe Web is a free online tool that lets you paste a link to check to see if it’s safe.

It will give you a quick rating on the link. If the link is untested in Norton, it’s a good idea to try a few of the other tools. If Norton states the link is dangerous, it’s a pretty safe bet you should avoid it.

https://safeweb.norton.com/

Check the Link With PhishTank
The cleverly named PhishTank site will tell you if a link you received has been reported as a phishing scam. Phishing links tend to look pretty similar to legitimate web pages. For instance, a phishing link for PayPal might look almost exactly like the regular login page for PayPal. The problem is that it won’t log you into PayPal, but it will send your PayPal credentials to someone else.

https://www.phishtank.com/

Google’s Transparency Report Might Tell You If a Link is Unsafe
Google’s search engine works by crawling the Internet and indexing everything it finds. Sometimes, it might run across dangerous content such as malware or phishing risks. Google’s Transparency Report tool will tell you if a link you’ve been sent is found in their massive database of unsafe content.

https://transparencyreport.google.com/safe-browsing/search

Scan the Link with VirusTotal
Finally, there’s VirusTotal. This tool takes a little longer to give you an answer, but it can be a little more thorough than the others. This is a good last-ditch effort if you aren’t happy with the results from the other tools. 

https://www.virustotal.com/gui/home/url

It’s important to keep in mind that a phishing scam or malware attack could still sneak through these tools, especially if the URL was just generated and you are among the first people to get it. These tools are designed to spot known phishing attacks and malware that has already been reported. With that in mind, it’s still a good idea to err on the side of caution.

If you feel like you’ve received a suspicious email, text message, or other correspondence, and you would like us to take a look for you, don’t hesitate to reach out to us at (516) 403-9001.

How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.

The biggest problem with phishing emails is one that you might not expect. It’s certainly problematic enough that phishing scams are increasingly more common, and it’s definitely a challenge to ensure that your infrastructure stays secure under such circumstances. However, you’ll find that the major challenge that cybersecurity professionals face in regard to phishing scams is that hackers are just too crafty with how they continuously adjust their tactics.

Phishing attacks can come in several different manners and tactics, each of them focusing on the fact that the weakest points of your security infrastructure have to do with the human elements of your cybersecurity strategy. They might come in the form of an unsolicited email, or they could come from a phone call asking for sensitive information. No matter what, though, they are going to find ways to circumvent your security protections somehow simply because hackers realize that their best chance of getting through to your organization is through your employees.

And this is not even taking into account the scam emails that are so convincing that even the spam filters cannot capture these potentially dangerous messages. If a hacker takes the time to research your organization and make their message seem like an authentic message, there is a chance that it can bypass your spam filters entirely and become a very real threat to your business. These types of messages can be difficult to identify, especially if your users have not had any formal training about phishing messages.

Simply put, you absolutely cannot rely on your spam filter to keep you safe from the countless threats out there. Messages that don’t automatically get caught by the software’s filters could very well still be phishing emails that have been tailor-made to strike your organization with a social engineering attack.

We always recommend that businesses implement not only enterprise-grade spam filtering to keep the majority of threats out of your employees’ inboxes, but also to train your employees to identify potential threats. This is a type of preventative approach that all businesses should implement, and it’s one that is often overlooked. It’s easy to think that technology can solve all of your problems, and while it’s pretty likely to make improvements to your security infrastructure, it’s only as effective as the people who work for you.

It might be impossible to guarantee that your employees never see a phishing message, but you can optimize the chances that they will act appropriately if you provide them with the correct training and IT resources. MSPNetworks can help fulfill both for your business. We can equip your business with enterprise-grade solutions to keep threats off your network while also providing the training needed to inform your team’s security practices.

To learn more, reach out to us at (516) 403-9001.

Ransomware is devastating as a cyberthreat, but some industries are hurt by it more than others. One such industry is education, and universities and schools are struggling to keep up with these cyberthreats. Most even do the unthinkable in response to attacks: they pay the ransom.

Sophos reports that cybercriminals are increasingly going after the networks of universities and schools with their ransomware, seeing these targets as extremely profitable victims. If you think about it, it makes sense, as institutions of education tend to store immense amounts of personal data that could be valuable to hackers who might want to sell it on the black market. According to Chester Wisniewski, principal research scientist at Sophos, “Schools are among those being hit the hardest by ransomware. They're prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold.”

The average ransom paid by schools suffering from a ransomware attack is $1.97 million, an absolutely astounding number. The average victim from the higher education industry, however, pays on average $905,000. One can see how these types of attacks would be tempting to pull off for ransomware hackers.

The large reason behind why schools and universities are paying up in response to these ransomware attacks is because these organizations cannot function without access to their data. With school records and networks being encrypted, many of the functions involved with their operations cannot occur. For example, many schools have intranets set up where resources and services can be accessed, and if networks are locked down by ransomware, they cannot be accessed, making things like attending class or accessing services impossible.

Sophos indicates that only 61 percent of the data stolen from schools and universities is recovered after paying the ransom; so, in addition to paying the ransom, cybersecurity professionals need to spend even more time and resources recovering the rest of the data.

These kinds of ransomware attacks cannot be taken lightly. Schools and universities are not exclusively vulnerable to ransomware. All organizations, including your business, can potentially become victims of ransomware attacks.

The best way to keep ransomware from affecting your business is to take a two-pronged approach. Implementing preventative measures and training your staff can go a long way on its own, but we also recommend proactively monitoring your infrastructure for potential vulnerabilities and threats. As long as you keep tabs on what is going on with your network, you won’t have anything to fear—especially if you work with a security provider like MSPNetworks.

MSPNetworks can help your business prepare for ransomware attacks through a combination of preventative measures and proactive monitoring. With the right technology solutions on your side, you’ll have all the protections in place to ensure that there is minimal chance of ransomware affecting your operations. To learn more, reach out to us at (516) 403-9001.

Phishing attacks can be scary to deal with, especially since it is not unheard of for staff members to not even know they are looking at one. To make sure your staff can identify and respond to phishing attacks in an appropriate way, we’ve put together this short guide to help you along the way.

First, let’s go over what makes a phishing attack.

What is Phishing?

Phishing is one of the most common forms of cyberattacks used by criminals with goals ranging from stealing data to gaining access to an infrastructure. Essentially, a phishing attack is an attempt by a cybercriminal to communicate with your team members in hopes that they will give away important information or allow access to critical systems. Phishing attacks are a natural evolution of cyberattacks that rose in popularity due to the advancement of security standards; while solutions have grown stronger and more difficult to crack, the human mind remains ever-vulnerable.

Phishing emails are the most well-known type of phishing attack, but they also come in other forms, like online forms designed to harvest credentials, SMS messages with infected links, phone calls, and other means of communication. Since phishing attacks can take so many different forms, it’s important that your team knows what to look for in these attempts, as well as how to report them to your trusted IT administrator. 

Let’s go over some of the ways your team members can identify a potential phishing attack.

Signs That a Phishing Attack is Targeting You

There are plenty of warning signs you can use to identify a phishing attack. Here is a short list to consider, but if you have any concerns at all, we hope you will reach out to us at (516) 403-9001 to learn more about them:

• A tone that doesn’t match the supposed sender
• Misspellings and other discrepancies in key details, like email addresses, domain names, and links
• Out-of-the-blue messages
• Egregious spelling and grammar errors
• Unexpected or out-of-context attachments
• Excessive urgency behind, or open threats as a consequence of, not complying with the message
• Ambiguous messages that motivate the recipient to investigate
• Unusual requests, or requests for explicitly sensitive information

It’s incredibly important to know what these warning signs are so you can actively keep a lookout for them. If you don’t, who knows what could happen?

We’re Here to Help Keep Your Team Safe!

If you feel you could use some help keeping your business safe from phishing attacks, we are happy to help. To learn more, reach out to us at (516) 403-9001.

If you are a frequent reader of our blog, you know all about phishing scams. They are emails and messages sent that are designed to extort money and gain access to computers and networks for nefarious purposes. The popular IT support company Geek Squad, a subsidiary of Best Buy, is the latest company caught up in such a scam. Let’s take a look at how the scam works and how you can avoid becoming its next victim.

The Scam Overview

The scam starts benign enough: users will get an email that tells the user that their Geek Squad membership has been renewed. Typically the people that receive this email aren’t members of any recurring Geek Squad service, so they call the toll-free number listed in the email to find out what the deal is. The operator on the other end of the line then agrees to refund the money, but demands access to your online banking account to quickly refund the money. They ask for remote access to your computer to show you how to securely do this. 

Then things go completely sideways.

The technician then tells the user that something has gone wrong and tells the user that they mistakenly sent a large amount of money to their bank. Using intimidation and accusations, they get the user to then withdraw money from their bank account and send it to an address to settle up. These fake technicians (fraudsters) will then try to extort more money out of users by saying that the parcel containing the money was never received. It has cost hundreds of people hundreds of thousands of dollars over the first half of 2022 alone.

So, you don’t think you could fall for such a thing? That’s what every victim thinks until they are thousands of dollars lighter in their bank account. Last year, it was Norton Antivirus and during the height of the pandemic it was the IRS and Amazon. These scams never stop, so you should know how they operate so that you can do your best to stay secure. These scams:

• Use the name of a popular and well-established organization
• Send emails with attachments or links that, if you look past the frenetic content of the message, seem completely suspect. 
• Use urgency to stress the user out and make mistakes they normally wouldn’t.

Questions About Phishing You Need to Consider

If you think a message you’ve received could be a potential phishing attack, you should ask yourself these three questions: 

• Who Sent It? – Are there irregularities in the address it came from, are names or suffixes misspelled, or does it come from someone who has never corresponded with you before?
• What Does the Message Contain? - Are there any links shared in it, does a strange URL appear when you hover your cursor over them, are there any attachments?
• What Does the Message Actually Say? – Are there spelling and grammar issues in a professional email, is there an excessive sense of urgency or time sensitivity communicated, or is there a request to do something like share data or forward access credentials?

Phishing scams aren’t ever going to stop, so knowing how to identify and thwart attacks before you are out money or your organization deals with a data breach is extremely important. Check back soon for more great cybersecurity content.

The holiday season is a time for merriment and good cheer, but hackers have historically used it to take advantage of peoples’ online shopping tendencies. Phishing scams are always on the rise during the holiday season, so you need to take steps now to ensure that you don’t accidentally put yourself at risk—especially with voice spoofing emerging as a threat for Amazon orders.

This particular threat involves an email scam in which users are encouraged to call a number listed to confirm an order, usually one with a large price tag associated with it. This tactic is used to harvest phone numbers and credit card credentials that can be used in later attacks. Security researchers at Avanan have found that the contact number listed on the email is not Amazon’s; instead, it’s a scammer who records the phone number with Caller ID. The user is then contacted by the scammer who requests further financial information, claiming that they are to cancel the order.

Anyone familiar with Amazon and how it works will immediately be suspicious of these practices. First, most people who use the service will know how to cancel an Amazon order. All they need to do is log into their account and do it from there. Second, if you ordered something, Amazon should technically have your financial information already on record, so why would it need to be confirmed once again? It just sounds fishy. All one needs to do to avoid these threats is slow down, take a step back, and don’t go looking for problems that may not even exist.

These scams revolving around online retailers are not a new concept, but this one is notable because the emails are able to get past spam blockers and content filters. It manages this by using legitimate links within the body of the email, so your email solution might not flag it as spam or a threat.

We offer the following advice to you:

• Don’t call numbers you don’t recognize.
• Don’t click on suspicious links in your email inbox.
• Don’t give out your personal information or credit card information just because someone on the phone told you to.
• Check the sender for any message you feel is suspicious to ensure it is legitimate.
• Check your account before responding to any correspondence from the sender.
• Set up multi-factor authentication, just in case.

MSPNetworks can help your business stay safe this holiday season with advanced security solutions. To learn more, reach out to us at (516) 403-9001.

Hackers have often used email to trick users into clicking on fraudulent links or to hand over important credentials through phishing scams, but these are usually blocked by an enterprise-level spam blocker. However, hackers have learned that there is indeed a way around these spam blockers, and it’s through popular social media websites.

One of the big reasons why spam blockers are so successful is because it examines the content of the messages you receive and makes a determination about its authenticity. One way that it does so is by looking at links within the email body itself. If the link is legitimate and seems to go to a normal, recognized source, then the message can be considered “legitimate,” even if it is not necessarily safe.

Hackers are now attempting to use social media websites to subvert this weakness in spam blockers; they use the sites as a middle-man of sorts, using the social media website to write a post which includes a suspicious link, then using the social media platform’s sharing capabilities to effectively mask the suspicious link behind that of the social media platform.

This is a particularly crafty approach that should not be taken lightly, and it’s already in use at this present moment. Take, for example, a recent campaign using Facebook as the delivery mechanism for phishing threats. In this scenario, hackers send victims an email message suggesting that they have violated Facebook’s terms of service on their page. When the victim clicks on the link in the email, they are brought to a legitimate Facebook post further detailing the issues that must be addressed. The post prompts the user to click on a phishing link, and the rest is history.

The moral of the story is that you can never trust links in your email inbox from unknown users, even if they appear to be legitimate. Phishing can happen anywhere, especially where you least expect it, like on social media websites and even support forums. If the links look a little too suspicious, then you should wait to take action until you have consulted a security professional like those at MSPNetworks. Our technicians are happy to review the contents of messages and make determinations on their authenticity, particularly for situations like the above one where it’s not clear if the link is legitimate or not.

Now, if you don’t have a spam blocking solution in place, we can help you out with that, too. With a unified threat management tool, you can take full advantage of great security solutions designed to keep you protected from the majority of threats. To learn more, reach out to us at (516) 403-9001.

We don’t like it any more than you do, but if we have learned anything at all over the past several years, it’s that security absolutely needs to be a priority for all small businesses. In the face of high-profile ransomware attacks that can snuff companies out of existence, what are you doing to keep your own business secure? To put things in perspective, we’ve put together a list of some of the more common threats that all companies should be able to address.

Common Security Threats for Businesses

The following list of threats should give you an idea for how to start securing your business. You can never prepare too much for a potential security breach, so take the time now to get ready for what will inevitably come down the line.

Viruses

Some viruses are little more than an irritation, whereas others are incredibly disruptive to operations. They are basically bits of code that can harm your computer or data. Viruses are known for being able to spread from system to system to corrupt data, destroy files, and other harmful behavior. You can get viruses through downloading files, installing free software or applications, clicking on infected advertisements, clicking on the wrong links, or opening email attachments. Fortunately, modern antivirus software has gotten really good at protecting computers, provided that your software is up-to-date. For businesses, it’s best to have a centralized antivirus on your network that controls and manages all of the antivirus clients on your workstations. 

Malware

Malware is malicious software that performs a specific task. A virus can also be considered a type of malware, albeit more simplistic in nature. Malware comes in various forms according to its purpose, such as spyware for spying on infected machines and adware for displaying ads in extremely intrusive or inconvenient ways. The major takeaway here is that you don’t want to deal with malware in any capacity. It’s often installed on devices under the radar, and unless you are actively looking for it, it’s entirely possible that it can run in the background and cause all kinds of trouble without being detected. You can get malware through the same processes as viruses, and the same antivirus solutions can help you to resolve malware as well.

Phishing Attacks

Phishing attacks are mediums to spread other types of threats rather than actually being threats in and of themselves. Hackers might try to send out spam messages with links or infected attachments aiming to get the user to download them or click on them. When they do, the device is infected. Some phishing attacks are so inconspicuous that they can be hard to identify.

There are other types of phishing attacks as well, some of which try to get the user to share sensitive information or send money to the cybercriminal. Cybercriminals can spoof legitimate-sounding email addresses and use psychological hacks to convince the user to act in a certain way. It’s the most common way that hackers see results, so you should be aware of it.

Ransomware

Ransomware is so dangerous and high-profile that it is deserving of its own section. Ransomware locks down files using encryption and forces the user to pay a ransom in order to unlock them, usually in the form of cryptocurrency. Recent ransomware attacks are also threatening to release encrypted data on the Internet if the ransom is not paid, something which basically forces the user to pay up and gets around the possibility of restoring a backup.

Denial of Service (DDoS)

Denial of Service and Distributed Denial of Service attacks occur when a botnet, or a network of infected computers, repeatedly launches traffic at a server or infrastructure to the point where it just cannot handle the load, effectively disrupting operations and forcing it to shut down. Sometimes this happens with websites or services, so it’s no surprise that businesses can suffer from them, as well.

Trojans

Trojans (also called backdoors) install themselves on devices and work in the background to open up more opportunities for hackers later on. These can be used to steal data, infiltrate networks, or install other threats. Basically, if a hacker installs a backdoor on your network, they can access it whenever they want to; you are essentially at their mercy.

Zero-Day Vulnerabilities

Zero-day vulnerabilities are those that were previously unknown to developers but are currently in use by cybercriminals. These zero-day vulnerabilities are problems because when the developer discovers them and issues a patch, cybercriminals can identify the vulnerability based on the patch, and then exploit users who haven’t installed the patch yet. There is not much to be done besides keeping your software up-to-date, monitoring your networks for issues, and trusting the developers to issue patches as they discover security problems.

User Error

User error is a critical issue for many businesses. Your business is made up of people who perform tasks and work toward objectives. If one of these employees makes a mistake, it could leave your business exposed to threats. Thankfully, a combination of best practices and security solutions should be enough to minimize user error, and with some security training under their belt, your employees should have a good idea of how to handle it.

Get Started with Security Solutions

MSPNetworks can equip your business with the tools you need to be successful when protecting your organization. To learn more, reach out to us at (516) 403-9001.

There are always going to be those who want to use your hard-earned data and assets to turn a profit. One of the emergent methods for hackers to do so is through twisting the “as a service” business model into network security’s worst nightmare. This type of security issue is so serious that Microsoft has declared that Phishing-as-a-Service is a major problem.

Phishing-as-a-Service is not a new concept, and neither is the idea of adopting the “as a service” business model in the context of hacking. The difference between those items and now is that ransomware exists, and it’s one of the more dangerous threats out there to be sure. The biggest challenge that many organizations face, and what makes Phishing-as-a-Service so dangerous, is that it enables even amateur hackers to make money off of someone else’s hard work.

The service entails organizations and groups such as BulletProofLink, a Malaysian phishing service, who sell their clients products like website templates, email delivery, hosting, and credential theft. These services are provided in the form of fully unidentifiable links. The service provider hosts these resources on their servers and works to harvest credentials on behalf of their clients. While the credentials can be stolen—and yes, this is bad—they can also be sold on the Dark Web to others. These other attackers can then use them to launch even more dangerous attacks in the future.

Basically, the one who buys the credentials is not necessarily receiving credentials that are guaranteed to work. They are simply paying for the opportunity to get working credentials.

The aforementioned Phishing-as-a-Service provider, BulletProofLink, provides access to templates for login pages such as Microsoft OneDrive, Google Docs, Dropbox, LinkedIn, Adobe, and more. A different service also uses what is called “double-theft” where the provider steals credentials for one customer and sells them to another. As you can imagine, this affects the ransomware workflow, as attackers can use these credentials to infiltrate networks and encrypt systems, forcing those on the receiving end to pay up.

While the devil is certainly in the details for these threats, we hope that you at least walk away from this article realizing how dangerous and innovative hackers can be. If you underestimate the damage they can do to your business, it might be the last mistake you make.

MSPNetworks can help your business overcome the many challenges that come with cybersecurity. To learn more, reach out to us at (516) 403-9001.

Phishing attacks are some of the most common threats out there. Hackers will craft messages or web pages designed to harvest information from your employees, be it through suspicious requests for credentials via email or through false websites that look so much like the real thing that it’s no wonder they were tricked. How can you make sure that your employees don’t fall for these dirty tricks? It all starts with comprehensive phishing training.

So, what goes into a successful phishing training program? Let’s take a look.

Phishing training involves exposing your team to simulated real-world scenarios in which they might encounter a phishing scam. It’s worth mentioning here that phishing can potentially involve much more than just a simple email containing requests for sensitive information or forms on websites asking for credentials. Phishing can come in the form of phone calls, text messages, and other communication mediums. Therefore, it becomes of critical importance that your staff have the skills needed to identify these phishing scams in whichever form they take.

As for what this phishing training might look like, it depends on the context. Training might take a more passive approach with videos, but it also takes on more active approaches with interactive workshops and hands-on training exercises.

One of the best ways to get a feel for how well your employees understand phishing attacks is to test them without them knowing it using these simulated attacks to see who takes the bait and who doesn’t. In this way, you can get a sense for how they would react under normal everyday circumstances. This type of threat awareness is important to gauge where your employees are in regards to cybersecurity, and it can give you an idea of which employees need further training.

We want to emphasize that phishing training is not about calling employees out on reckless behavior; rather, it’s about corrective practices that can help your business stay as secure as possible long-term. It is better to find out which of your employees struggle with identifying phishing attacks in simulated situations than when the real deal strikes, after all.

Look, we all want to trust our employees to do the right thing and know better than to click on suspicious links in emails, but at the end of the day, wanting something and actually getting it are two entirely different things. We need to accept reality and admit that hackers can and will succeed in their phishing attempts if we don’t do anything to prevent them. The best way to keep phishing attacks from becoming a nightmare scenario for your business is to implement comprehensive training practices and consistently reinforce them with your staff.

MSPNetworks can give your employees the training they need to keep from falling victim to phishing attacks. After working with our trusted IT professionals, your employees will know how to identify phishing attacks and how to appropriately respond to them without risking your organization’s security. To learn more about our phishing training and other security services, reach out to us at (516) 403-9001.

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

According to reports from SecureList, spam and phishing trends in Q1 of 2021 relied heavily on COVID-19 and the buzz generated by it. Let’s take a look at some of the major threats that took advantage of the pandemic.

Stimulus Payment Scandals

The first couple months of 2021 saw businesses and individuals receiving payments from governments, such as economic impact payments or business bail-outs. Hackers took advantage of this opportunity to try to convince users to hand over their credentials through the use of messages that both looked and sounded professional. As is often the case with phishing messages, some users of specific banks were targeted through the use of near-identical websites designed to steal credentials and fool users. Others tried to convince users to enter information by convincing them that the latest details on the bank’s COVID-19 practices could be found on the other side of links or sensitive information forms.

The Vaccine Race

For a while, the COVID-19 vaccine was a bit tricky to get your hands on. While things have improved significantly in recent months, the initial rush to get vaccinated triggered many would-be hackers to try their hand at vaccination phishing emails that replicated the look and language of communication from health officials. Users would have to click on a link in the message, which would then redirect them to a form for plugging in personal information and, in some cases, banking credentials. Even those who already received vaccinations were not safe, as there were fake surveys circulating urging people to fill them out and claim prizes for doing so.

What You Can Do

Don’t let hackers take advantage of the cracks in your business’ defenses. Phishing attacks can come in countless forms, so it is your responsibility to protect your business from them. Here are some ways that you can make sure your organization is secured from phishing attempts.

• Filter Out Spam: A spam filter can keep the majority of threats out of your inbox, but the unfortunate fact is that most phishing emails are probably going to make it past the spam filter. Therefore, you will want to take more advanced tactics against these threats.
• Train your Employees: Training your employees on how to identify threats gives them the power to avoid threats that do manage to get past your defenses. Teach them what to look for and you’ll be giving yourself a better chance of overcoming them.
• Implement Unified Threat Management: No matter how well trained your employees are, it helps to have just a little bit of reassurance that you have done all you can to secure your business. This is what a UTM does; it’s a single security solution that can optimize your network’s protection.

MSPNetworks can help your business keep itself secure. Not only can we implement great security solutions, but we can also help to train your employees, including regular “tests” where we send out fake phishing emails to see who is and is not paying attention. To learn more about how this can help your organization, reach out to us at (516) 403-9001.

As one of the biggest cybersecurity considerations the modern business has to make, how to combat phishing has to be at the top of any business’ cybersecurity strategy. Let’s take a look at phishing and why it’s such a big problem for today’s business. 

You’ve Probably Been Phished

When trying to explain what phishing is to someone who has no idea about it, we typically start with the namesake. Phishing is the same as fishing. A hacker will bait a hook and users will bite on it. It’s that simple. Instead of worms or minnows, a phishing attempt needs some bait that will fool an unsuspecting computer user into providing information that will allow a hacker to access secured networks and steal or corrupt data. 

To say that this method is effective would be an understatement. First of all, the massive breadth of attacks—there are literally millions of these attacks per day—results in high levels (and low percentages) of successful attacks. In fact, 88 percent of organizations that were polled claimed to experience at least one phishing attack in 2019. In 2020, phishing emails were one of every 4,200 emails sent or about 73 million. The pace has actually quickened in 2021.

Successful phishing attacks result in stolen credentials, compromised networks, ransomware and other malware. They all lead to businesses losing money. 

Phishing is More Prevalent Than Ever

Phishing has been an issue for quite a while, but the COVID-19 pandemic and the corresponding jump in remote work provided the perfect opportunity for these scammers to operate. In 2020, 75 percent of worldwide organizations were targeted by phishing attacks, while 74 percent of U.S. businesses were successfully attacked in some way. This often led to massive losses, some $3.92 million on average. That’s an average and takes into account loss of productivity from downtime, data theft, deterioration of consumer confidence, and other factors.

It is therefore important that you do what you can to train your staff about how to recognize and thwart phishing attempts before they have a chance to have a negative effect on your business.

MSPNetworks can help you put together a training strategy, as well as put together tools to help you keep your network and data safe. Call us at (516) 403-9001 to learn more.

Since the beginning of the COVID-19 situation in March, creating a vaccine has been a major priority. True to form, hackers have begun targeting the very organizations responsible for the vaccine trials. There’s a lesson to be learned, today we’ll discuss it.

Cozy Bear

According to the UK’s National Cyber Security Centre, a group with the moniker “APT29” (who is also known as “Cozy Bear” or as “the Dukes”) has started to relentlessly hack organizations tabbed with creating a vaccine for COVID-19. These claims have been corroborated by both US and Canadan authorities, and present a significant roadblock to the progress of COVID-19 vaccine production. 

In fact, the National Cyber Security Centre released a report that goes on to describe APT29’s use of several exploits in conjunction with spear phishing attacks to gain access to CSC’s network and infrastructure. Once network security is breached the organization gets busy deploying malware known as WellMess or WellMail.

CSC has been working with software vendors to patch vulnerabilities. Software that has been patched doesn’t provide the exploitable pathways that often lead to problems. 

Experts believe that this is not the first time APT29 has struck and that this threat should be taken very seriously. The organization is believed to be behind the 2016 hack that broke into the Democratic National Committee’s systems. The group has also been suspected of attacks against various healthcare, energy, government and other organizations.

Spear Phishing 

We relentlessly discuss phishing in our blog, because it is one of the biggest threats to maintaining network security. Most phishing attacks are messages sent randomly, but the spear phishing attack is one that is planned and executed deliberately to target one person. Hackers look for a weak link and try to take advantage of it. 

While your organization probably won’t be targeted by major hacking collectives, it is still important that you and your staff know how to identify a phishing attack and what to do if you suspect you are being attacked. Here are a few tips:

• Always check the details. Legitimate emails are sent from legitimate email addresses. Take a look at the email address of suspect emails and you’ll likely see a potential ruse. 
• Proofread the message. Most business correspondence is proofread before it is sent. If the spelling and grammar looks as suspect as the email is, it’s likely illegitimate.
• Reach out. If there is any question, reach out to the organization/person sending the message. The more you know, the less likely you will fall for a scam. 

Identifying phishing attacks has to be a major point of emphasis for your company. Call MSPNetworks today at (516) 403-9001 for help with getting the resources you need to properly train your team. 

Phishing emails are a real problem for today’s businesses, which makes it critically important that you and your team can identify them as they come in. Let’s touch on a few reliable indicators that a message isn’t a legitimate one.

What Makes Phishing Attacks So Bad?

One of the largest threats inherent in a phishing scam is that there is a relatively low barrier for entry. There’s a tendency to romanticize hackers somewhat, picturing them in dark rooms lit only by an array of computer monitors as their fingers dance across their keyboard. While cinematic, this imagery is grossly inaccurate. In truth, hacking has trended more towards the psychological, focusing on user manipulation over fancy programming skills.

Which sounds easier to you, learning how to pick a lock, or asking someone for their keys?

Phishing attacks are not only easier on the cybercriminal, they’re also effective. It’s easy to be fooled by a legitimate-looking email or website, especially when you aren’t anticipating being scammed.

Let’s say someone poses as your bank. At first glance, there may be every indication that the email they send is legitimate. A quick look at the sender’s address may pass muster, the bank’s logo and contact information may be present, even any filters you have set up to organize your emails may work.

At a glance, all may be in order… which is exactly how many phishing emails will get you.

While phishing emails themselves aren’t usually dangerous, they contain links to risky and insecure websites or have nefarious files attached to them. Generally, these elements are where the danger lies.

Spotting a Phishing Attack

Let’s go through a step-by-step process to check any email that you may receive. The first sign of phishing can be found in its tone: if it has a too-good-to-be-true offer, is overly urgent, or is requesting information about one of your accounts unprompted, you’re right to be suspicious.

Check all links to confirm they direct to a legitimate URL. DON’T CLICK THEM. For example, if the email were from Amazon, links would most likely lead back to amazon-dot-com. However, anything added between “amazon” and “dot-com” is a sign of trouble. Furthermore, the dot-com should be immediately followed by a forward slash (/).

Let’s go through a few examples to demonstrate how important the little details of a URL can be, using PayPal as our subject.

• paypal.com - Safe
• paypal.com/activatecard - Safe
• business.paypal.com - Safe
• business.paypal.com/retail - Safe
• paypal.com.activatecard.net - Suspicious! (notice the dot immediately after PayPal’s domain name)
• paypal.com.activatecard.net/secure - Suspicious!
• paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

Check how the email address appears in the header. If you ever receive an email from Google, the address isn’t going to be “gooogle@gmail-dot-com”. If you’re unsure, throw any email addresses into a quick search for legitimacy.

Be wary of any attachments. As we mentioned above, most email-borne threats are going to be transmitted as an infected attachment, or as a link to a malicious website. If an incoming email has either a link or an attachment, exercise caution.

Don’t take password alerts at face value. Some scammers will use phishing emails to steal your credentials. Stating that your password has been stolen or some similar breach has occurred, the email will prompt you to supply your password—springing the trap.

If all this sounds like we’re telling you to wonder if any of your emails are legitimate, it’s because we are, in a way. With a healthy sense of skepticism, email and email correspondence can be very useful business tools. Many phishing attempts can also be weeded through with a reliable spam-blocker as well.

Want us to assist you with your email security? Call up our team of professionals by dialing (516) 403-9001.

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and therefore needed to be protected against.

What is Social Engineering?

Social Engineering is the act of manipulating people into providing access credentials to criminals that aren’t supposed to have access to a system. To do this, the social engineer uses his/her influence (real or not) to trick people into supplying the needed information.

The act of social engineering can be approached in multiple ways. Hackers can take advantage of user carelessness, they can come in as a helpful party, they can take advantage of an individual’s fear, and they can exploit a person’s comfort zone. Let’s take a look at each.

User Carelessness

Despite the need for information systems, companies largely depend on individual users to secure their own endpoints. Sure, they will put in place a set of tools designed to keep network resources secure, but overall, it is important for each user to maintain vigilance over their own workstation and other network-attached devices. If they aren’t, scammers can obtain access fairly easily. 

If they can’t use spam or phishing messages to gain access, they may have to try an alternate method. For example, a scammer may gain access to your workspace. If your people ignore best practices for convenience and leave credentials or correspondence out in the open, a scammer looking for things like this will be able to leverage that mishap into access most of the time. 

Perceived Helpfulness

Most people will help people that are having trouble. The impulse to be helpful can be taken advantage of if the “victim” is a hacker. People can hold the door for a cyberthief giving them access to your office. They can use information syphoned from the web to gain a person’s trust and then use the trusting nature of good people for nefarious means. Moreover, it is natural to want to help someone, so you and your staff have to be careful that they are, in fact, in need of help and not looking to steal access to company resources.

Working Within the Comfort Zone

Most workers do what they are told. If they have somewhat repetitive tasks, they may grow complacent. Social engineering tactics will take advantage of this, especially at a large company. The scammer will get into your office and if some employees are used to random people just milling around, they won’t really pay any mind. 

We typically like to think about hackers as loners that sit in the dark and slurp energy drinks while they surf the Dark Web. While this description is fun, it’s not realistic. Hackers, the ones that you should be worried about, know your company’s weakest points and will take advantage of them. If that weakest link is the complacency of your employees, that will be the way they will approach it. Unfortunately, this also technically includes insider threats.

Fear Tactics

Getting someone to do something out of fear is effective, but can be risky. The more fear someone has, the more they will look to others to help mitigate it. That’s why most fear tactics, nowadays, come in the form of phishing messages. Using email, instant messaging, SMS, or other means to get someone worried enough to react to a threat takes a believable story that could produce an impulsive reaction by a user. Fear has long been known to be a powerful motivator, so it really is no surprise that cybercriminals would resort to this means to coerce their targets into compliance. 

We Can Help 

If you would like more information about social engineering or any other cybersecurity issue, contact the IT experts at MSPNetworks at (516) 403-9001. 

With email being such a huge part of doing business, phishing has become a favorite tool of many scammers. To fight back, it is key that you know how to recognize a phishing email, so we’re dedicating this week’s tip to doing just that.

What is Phishing?

Phishing goes beyond just your email. The term actually covers any digital attempt that someone makes to trick you into revealing important information about your business or personal accounts. A ‘phisher’ would try to fool you into handing over a particular detail about yourself, like the password you use for your online banking, or your business’ client and personnel files.

Of course, a scammer doesn’t have to use email as their preferred phishing tool. With social media becoming such a big part of business and personal life, phishers will pose as people you know and message you to try and extract information. Others will just pick up the phone and call you as someone else, hoping you won’t question them and hand over the information they want.

These different methods that a scammer might use can even classify the attempt into a more precise type of phishing. Attacks that are highly customized to one particular target are called “spear” phishing attacks, while those that pose as the CEO of a company are called “whaling.”

Regardless of what kind of phishing it is, it ultimately relies on deception to work, more than any other factor.

Spotting Phishing

Fortunately, while some phishing scams are getting to be pretty elaborate, there are a few practices that can help prevent you from being fooled. Here, we’ve put them together to give you a simple guide to avoiding potential phishing attacks.

Warning Signs

There are plenty of warning signs to help you spot a phishing attack. Some are found in the body of the email itself, while others are actually based a little bit in behaviors. For instance:

Is the message filled with spelling and grammar issues? Think about it this way: does it look good for a business to send out official correspondence with these kinds of avoidable errors? Mind you, we aren’t referring to the occasional typo, rather the tone of the message as a whole. It certainly does not, which suggests that the message may not be legitimate.

Is the message written to make you panic about something? Consider how many phishing messages are framed: “Oh no, you have an immediate issue with something so we need you to confirm your access credentials so that this immediate issue can be resolved. Otherwise, there will be huge consequences.” While there are a variety of ways that people can be convinced, these types of messages hit on some major ones: striking quickly to keep people from questioning you, removing power from someone who wouldn’t listen to you, and using very definitive and final terms. Does the message do these things, suddenly alerting you to a terrible issue that only the sender can protect you from? If so, there is a good chance that it is a scam.

Is the message a typical occurrence in general? Finally, think about the average case when a message like this is received. If you were to suddenly get a message on social media from someone who you really don’t talk to, it’d be a little weird, right? The same goes for your business communications… how often would this supposed sender actually reach out for this?

Protecting Your Assets

Fortunately, there are a few simple ways to help reduce how effective these attacks can be.

• Use a spam blocking solution to help reduce the number of phishing messages your employees need to deal with. While many phishers have become more sophisticated, plenty are still keeping it simple enough to be stopped automatically.
  
  
• Make sure your employees are trained to spot and properly handle attempts that may come through. By starting with the end user, you’re taking away a lot of the power that phishing has.

At MSPNetworks, we appreciate the importance of secure workplace practices. If you’d like to learn more about phishing, and how we can help stop it from hurting your business, reach out to us at (516) 403-9001.

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are a few different methods that have been leveraged to bypass the security benefits that 2FA is supposed to provide.

On a very basic level, some phishing attacks have been successful in convincing the user to hand over their credentials and the 2FA code that is generated when a login attempt is made. According to Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing, yet fake, page to reset their Google password. In some cases, fake emails like this can look very convincing, which makes this scheme that much more effective.

As Amnesty International investigated these attacks, they discovered that the attacks were also leveraging automation to automatically launch Chrome and submit whatever the user entered on their end. This means that the 30-second time limit on 2FA credentials was of no concern.

In November 2018, an application on a third-party app store disguised as an Android battery utility tool was discovered to actually be a means of stealing funds from a user’s PayPal account. To do so, this application would alter the device’s Accessibility settings to enable the accessibility overlay feature. Once this was in place, the user’s clicks could be mimicked, allowing an attacker to send funds to their own PayPal account.

Another means of attack was actually shared publicly by Piotr Duszyński, a Polish security researcher. His method, named Modlishka, creates a reverse proxy that intercepts and records credentials as the user attempts to input them into the impersonated website. Modlishka then sends the credentials to the real website, concealing its theft of the user’s credentials. Worse, if the person leveraging Modlishka is present, they can steal 2FA credentials and quickly leverage them for themselves.

How to Protect Yourself Against 2FA Phishing

First and foremost, while it isn’t an impenetrable method, you don’t want to pass up on 2FA completely, although some methods of 2FA are becoming much more preferable than others. At the moment, the safest form of 2FA is to utilize hardware tokens with U2F protocol.

Even more importantly, you need your entire team to be able to identify the signs of a phishing attempt. While attacks like these can make it more challenging, a little bit of diligence can assist greatly in preventing them.

When all is said and done, 2FA fishing is just like regular phishing… there’s just the extra step of replicating the need for a second authentication factor. Therefore, a few general best practices for avoiding any misleading and malicious website should do.

First of  all, you need to double-check and make sure you’re actually on the website you wanted to visit. For instance, if you’re trying to access your Google account, the login url won’t be www - logintogoogle - dot com. Website spoofing is a very real way that (as evidenced above) attackers will try to fool users into handing over credentials.

There are many other signs that a website, or an email, may be an attempt to phish you. Google has actually put together a very educational online activity on one of the many websites owned by Alphabet, Inc. Put your phishing identification skills to the test by visiting https://phishingquiz.withgoogle.com/, and encourage the rest of your staff to do the same!

For more best practices, security alerts, and tips, make sure you subscribe to our blog, and if you have any other questions, feel free to reach out to our team by calling (516) 403-9001.

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

As a result, endpoint security has become a major consideration for nearly every organization. There are strategies and solutions that businesses can implement that will not only give IT administrators the resources they need to protect the company’s data and computing infrastructure, but also trains their staff in the backhanded way these hackers try and infiltrate the business’ network with their legitimate credentials. Let’s take a look at some different forms of phishing and what you should be teaching your staff to keep them from messing up, and making your business just another negative statistic.

Deceptive Phishing

As the most common type of phishing scam, deceptive phishing in a name is pretty obvious. The name of the game for this attack is to pull the wool over the eyes of an unsuspecting end user. In essence, a deceptive phishing strategy is one where an email or message is created impersonating a legitimate company or person to flat out steal personal access information. With this access, the illegitimate party has some time to pick and choose what he/she wants to take, or gain access to. By having legitimate credentials, the illegitimate party doesn’t immediately trigger any red flags.

Most deceptive phishing messages are ignored, caught by filtering technology, or disregarded when accessed; but, the one that works to fool the end user is worth the hundreds or thousands of emails they’ve sent using the same method. To ensure that your organization doesn’t have to deal with a data breach, or malware associated with that phishing attack, it’s extremely important to lay out the ways that these deceptive emails are different from legitimate emails.

Phishing emails traditionally have misspelled words and hastily thrown together construction. Typically, users will have to download some attachment. So if there is an attachment that an email prompts you to click on, be sure to check the URLs by mousing over the links to determine if the email is from a legitimate source. One thing every user should be cognizant of is that if the email is from a financial institution demanding payment, it is likely a phishing email. Email, while being a popular form of communications, is rarely used for such purposes.

Spear Phishing

These types of phishing attacks are personalized to a specific user. This can cause a lot of people to forget what they know about phishing and let their defenses down. The goal - as fraudulent as it is - the same as a traditional phishing attack, except it will be harder to decipher that it is, in fact, an attempt to trick the user into providing network access. The spear phishing email will often feature the target’s name, their title, their company, even information like their work phone number, all with the same aim: to get them to click on the malicious extension or URL sent with the email.

Users of the social media site, LinkedIn, will likely come across spear phishing if they utilize the service regularly. Since you provide certain information for networking with other like-minded industry professionals, you unwittingly provide the hackers with the information they need to build these messages. Of course, we’re not suggesting that you stop using LinkedIn, or any other social media because of the risk of hackers, but be careful what information you have shared within these profiles and ensure that any personalized email is, in fact, legitimate before you click on anything.

Pharming

With more and more people becoming savvy to these types of phishing attacks, some hackers have stopped the practice altogether. They, instead, resort to a practice called pharming, in which they target an organization’s DNS server in order to change the IP address associated with the website name. This provides them an avenue to redirect users to malicious websites that they set up.

To ward against pharming, it is important to tell your staff to make sure that they are entering their credentials into a secured site. The best way to determine if the website/webtool a person is trying to access is secure is that it will be marked with “https” and will have a small lock next to the address. Also having strong, continuously-patched antivirus on your organization’s machines is important.

With proper training and solid security solutions, your company can avoid falling for the immense amount of phishing attacks that come its way. To learn more about how to secure your business, and what tools are best to help you do just that, call the IT professionals at MSPNetworks today at (516) 403-9001.

Email is a core component to many businesses. With 124.5 billion business emails being sent and received each day, that doesn’t seem to be in danger of ending. Are the emails that are coming and going from your business secure? That may be another story, altogether. In order to keep your email security at a premium, we have outlined the following tips:

Using Filters
Filters make a lot of things easier to manage and easier to interact with, but since your employees have to stay on top of their company email, having some pretty easy-to-use solutions is important. Spam-blocking can go a long way toward reducing the amount of unimportant emails each employee sees, and a dedicated antivirus software can keep malware and other nefarious entities off of your network.

Be Smarter with Your Email
No spam filter or antivirus will do it all. In order to achieve the best results with securing your email, users have to be well-versed in the best practices of email management. The most important qualification any person can make when trying to secure their personal email from hackers is to ensure that they have the knowledge of what a phishing email might look like; and to make sure that the business’ network security is up to snuff.

Here are few tips to keep your email secure.

• Know what a legitimate email looks like. For every email sent from a vendor or partner, there are two sent that are there to trick end-users.
• If you aren’t going to take the time to encrypt your email, don’t put any potentially sensitive information within the email. This goes for heath, financial, or personal information.
• The less people who have your email address, the more secure your email is going to be. Teach your employees to not give out their email addresses if they can help it.
• The email solution needs to be secured behind solid passwords, and/or biometrics. Two-factor authentication can also be a good solution to secure an email against intrusion.

End Your Session
There are circumstances that people can’t control, so if you absolutely have to use a publicly-accessible device to access your email, you have to make certain that you log out of the email client and device you access your email on. After you log out, you’ll want to clear the cache. Many browsers and operating systems today want to save your password for user convenience. Better to use a password manager than allow the most public points of your workstation to save your credentials.

MSPNetworks can help you set up an email security policy that will work to ensure that your employees are trained, and you have the solutions you need to keep any sensitive emails away from prying eyes. Call us today at (516) 403-9001 to learn more.

What are your chances of being hacked, or targeted by some kind of cyberattack? I hate to tell you this, but they’re probably a lot higher than you might think.

For instance, despite almost 90 percent of small business owners believing they’re safe, about half of all small businesses will suffer from a catastrophic cyber-attack.

Are you at risk of being part of the unfortunate half?

Fortunately, there is a lot that you can do to help reduce the chances that a cyberattack will successfully target you. This is a really good thing - not only will a hack damage your relationships with everyone involved with your business, half of the businesses that are attacked close up shop within six months.

I’ve seen it happen far too often to businesses that just weren’t prepared.

Here, I’ve compiled a few tips to help you improve the basics of your cybersecurity, reducing your risk of a successful attack:

• Updates - We know how annoying those update notifications can be, but it is important to remember that the vast majority of them are meant to improve security in one way, shape, or form. Therefore, you should prioritize these updates whenever possible. It may prevent an attack from victimizing you.
• Involve Your Employees - The unfortunate reality is that your employees can be the biggest vulnerability your business has. Properly educating them in cybersecurity best practices and holding them to these standards will help reduce the chances that one of them will inadvertently let in a threat. Training them in various security best practices and explaining why certain requirements are in place will help to motivate them to participate for the company’s benefit.
• Limit Access - On the other side of the coin, the less an employee has access to, the fewer chances there are that one of them leaves you vulnerable in some way. The same can be said of your clients - regardless of how much someone is trusted, you shouldn’t allow them privileges beyond their role. Whether its role-specific resources, data, or other information, employees should be given individual login credentials to make assigning privileges easier. Your business Wi-Fi should also remain separate from the Wi-Fi made available to clients.
• Backup, Backup, and Backup Again - If, despite all your preparations, you are still infiltrated, you want to have an extra copy of all of your important data somewhere else, safe and sound. This backup copy would ideally be stored offsite and securely encrypted.

As it happens, MSPNetworks is able to help you out with all of these measures, and many more.

If you want some added help with these cybersecurity basics, or want to do more to protect your operations, you can always lean on us. MSPNetworks is committed to ensuring that your technology allows your business to operate better, improved security being a major part of that goal. Reach out by calling us at (516) 403-9001.