MSPNetworks Blog

Small businesses have a lot to worry about in terms of technology, but one of the things that often gets overlooked is network security. Some small businesses feel that they are too small to be considered a viable target for hackers, but they are wrong; all businesses have data valuable for hackers in some form.

Imagine for a moment just how much sensitive data your business stores on its network. You have payroll records, including bank account numbers and routing numbers, personally identifiable information, contact information, and all of the details about your relations with your clients, as well. It doesn’t really matter what industry your business is in. All businesses should take security seriously. Here are some reasons why your organization should prioritize security.

Security is Proactive, Not Reactive

Imagine that your workday is disrupted by a security discrepancy that puts your entire infrastructure at risk, all because someone clicked on the wrong link in an email and downloaded an infected attachment. You now have to contend with the countless issues related to that threat. You can dodge these issues by protecting your business ahead of time so that they don’t affect you in the slightest. Imagine that same scenario, but with an adequate spam or phishing blocker. All of a sudden, that security solution paid for itself simply by preventing the downtime that clicking on such a link would cause.

Security Protects Your Business’ Future

If you were in the market for a new good or service, would you want to work with a company that doesn’t take your security and privacy seriously? This is one big reason why you need to protect your infrastructure; it protects the longevity of your organization. Businesses that let security fall to the wayside often lose clients because they don’t want to work with a business that is unreliable. When a business cannot obtain new clients due to word of mouth and online reviews soiling their reputation, that business is doomed to fail.

Security Keeps Your Bottom Line in Check

Businesses that fall victim to security threats or data breaches might become subject to fines as a result of exposing the wrong data to hackers. These fines, put in place by regulatory bodies, are preventative measures to encourage businesses to do the right thing and protect their infrastructures in a way that is consumer-friendly. These fines can be quite expensive, too, depending on the industry and the infraction. Cover all your bases now so you don’t have to pay up later down the road.

MSPNetworks can help your business implement security solutions that work for you. We can help you implement the strategies and tools you can use to keep your business safe both now and well into the future. To learn more, call us today at (516) 403-9001.

We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.

That is, when you get any kind of email or text message with a link you weren’t expecting, whether it’s from someone you know or from your bank, just don’t click it. Instead, log into the account in question the way you normally would, and verify the information there, or confirm with the sender through some other means to make sure what they are sending is valid. While this is still a good practice, sometimes you need to click on a link. Here are a few tools you can use to check if a link is safe, before you click.

Why Would a Link Be Dangerous?

First of all, why wouldn’t you want to trust a link that someone you trust sends you?

There are a lot of reasons. Even if it looks like a video message from your dear sweet Nana, or a virtual Christmas card from your youngest niece, there is a chance that the sender has been compromised and is trying to spoof their contacts. 

You want to know when it’s probably not a scam or a threat? When your dear sweet Nana or your niece calls you up on the phone and asks you to look at it.

That simple two-step confirmation makes all the difference in the world. Otherwise, you should consider the risks that maybe, just maybe, the sender was compromised and that the link you are being sent is malicious.

The same goes for the business end of things. 

Your coworker, business partner, vendor, or client might have no reason to do anything malevolent to you. If they fall for a trick themselves, though, a part of that trick might include spreading to all of their contacts.

A malicious link could contain malware that infects your computer, tries to steal your data or access your online accounts, and also spreads itself as quickly as possible to anyone in your contacts list. Not only will you be the victim, but your friends, family, and colleagues will be YOUR victim, and so-forth.

How to Safely Identify and Copy a Link

Before we get into the tools, let’s quickly run through what we mean by a link.

Basically, any text or graphic that is clickable and takes you to another page in your browser is a link. Sometimes, that link will be written out, with the https:// and the full URL. 

For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29 

Links could also just be text that is clickable. So instead of writing out the URL, the link might be something like this: Get Started with PayPal

Now here’s the thing. If you’ve been paying attention, we’ve already proven to you just how easy it is to trick a user into thinking they are going to one website, and taking them somewhere totally different. Both of the links above don’t actually go to PayPal. We assure you that they are safe, but they are taking you to goofy fake mustache glasses on Amazon.

Sometimes, links are graphics, like buttons, icons, pictures, or virtually anything else. If you can click or tap it and have it take you somewhere, it’s a link, and any links can be spoofed very easily.

If you want to tell where a link is going to take you, you need to copy the actual link:

 On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”

Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)

On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”

Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.

Safely Check a Link Before You Click it with These Tools

You can use the following tools to check the safety and legitimacy of a link. Keep in mind, this won’t protect you from one hundred percent of all scams, as these tools can only check for known threats. It’s also a good idea to use multiple tools to cross reference, in case some of the tools just haven’t been made aware of the link you received.

Use Norton Safe Web to Check a Link
Norton Safe Web is a free online tool that lets you paste a link to check to see if it’s safe.

It will give you a quick rating on the link. If the link is untested in Norton, it’s a good idea to try a few of the other tools. If Norton states the link is dangerous, it’s a pretty safe bet you should avoid it.

https://safeweb.norton.com/

Check the Link With PhishTank
The cleverly named PhishTank site will tell you if a link you received has been reported as a phishing scam. Phishing links tend to look pretty similar to legitimate web pages. For instance, a phishing link for PayPal might look almost exactly like the regular login page for PayPal. The problem is that it won’t log you into PayPal, but it will send your PayPal credentials to someone else.

https://www.phishtank.com/

Google’s Transparency Report Might Tell You If a Link is Unsafe
Google’s search engine works by crawling the Internet and indexing everything it finds. Sometimes, it might run across dangerous content such as malware or phishing risks. Google’s Transparency Report tool will tell you if a link you’ve been sent is found in their massive database of unsafe content.

https://transparencyreport.google.com/safe-browsing/search

Scan the Link with VirusTotal
Finally, there’s VirusTotal. This tool takes a little longer to give you an answer, but it can be a little more thorough than the others. This is a good last-ditch effort if you aren’t happy with the results from the other tools. 

https://www.virustotal.com/gui/home/url

It’s important to keep in mind that a phishing scam or malware attack could still sneak through these tools, especially if the URL was just generated and you are among the first people to get it. These tools are designed to spot known phishing attacks and malware that has already been reported. With that in mind, it’s still a good idea to err on the side of caution.

If you feel like you’ve received a suspicious email, text message, or other correspondence, and you would like us to take a look for you, don’t hesitate to reach out to us at (516) 403-9001.

For millions of people, the rubber ducky is a benign reminder of childhood. Depending on when you were a child, the rendition of Sesame Street’s Ernie singing “Rubber Duckie, you’re the one,” is ingrained in your mind every time you hear the term. Unfortunately, the Rubber Ducky we are going to tell you about today has only fond recollection for people who are looking to breach networks they aren’t authorized to access or deliver malware payloads that are designed to cause havoc. 

What is the Rubber Ducky?

The Rubber Ducky is a device that looks like a regular flash drive that you would use to transfer files from one PC to another. We’ve all used them, and with most of us moving to cloud-based platforms, they don’t seem to be as popular as they once were. Well, despite that notion, the USB flash drive industry is growing at a pretty impressive 7% year-over-year, and is currently a $7+ billion industry. That means there are a lot of USB flash drives being created every year and that means that there are millions of them just floating around. 

The Rubber Ducky is more than your average USB flash drive, however. It looks like one, but when it is plugged into a computer, it is read as a simple accessory like a keyboard. This means that any defensive measure that is set up to thwart potentially dangerous data transmission is already worked around when the device gets plugged in, making it much easier for the device to work for the hacker’s end goals, whatever they are. Any keystroke taken while the device is open, is trusted, making the sky the proverbial limit when it comes to device access. 

What Kind of Threat Is the Modern Rubber Ducky?

Any USB dongle needs to be carefully considered before inserting it into your computer, but the Rubber Ducky is designed to overcome the limitations of previous versions of the hardware. The new version makes a major upgrade in that it runs on the “DuckyScript” programming language that the device will use to create demands on any target machine. Other iterations of the Rubber Ducky were limited to writing what are known as “keystroke sequences”, the new DuckyScript is a feature-rich language, which lets users write functions, store variables, and use logic to make it possible to carry out complex computations. 

Now the Rubber Ducky can determine which operating system is running a machine and deploy code that allows for hackers to get into the appropriate software. It can also mask automated executions by adding a delay between keystrokes to make the computing system think that it is human. Most intrusively, it can steal data from any target by encoding it in binary, giving users the ability to extract critical information (such as saved authentication) with ease.

What You Can Do

The best practice here is to not allow strange USB dongles to be placed in your device’s USB drives. Unless you know exactly where the device has come from and what is on it, avoiding interactions with it is the best way to keep away anything unsavory that happens to be on the device to interact with your computer’s OS, and by extension, your network.

Being wary of hardware is just one part of keeping your business and personal information secure. MSPNetworks can help build a cybersecurity strategy that takes into account all types of malware deployment methodology, keeping you from any problematic experiences with your IT. Give us a call today at (516) 403-9001 to learn more. 

This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.

Let’s discuss some ways that AI can assist your organization’s cybersecurity efforts.

Malware is Growing More Dangerous

The biggest notable trend in cybersecurity is the increase in dangerous types of malware, as it has increased by a whopping 86% over the past year alone. These threats are not easy for the average user to spot, either, thanks to phishing, malicious websites, downloads, and other types of attack mediums. They can be difficult to identify and respond to, and businesses that don’t have a plan of action will be in a difficult position.

AI Helps Solve This Problem

AI-powered security tools give businesses the upper hand in identifying threats and protecting their assets.

If you can leverage artificial intelligence and machine learning to your advantage, you’ll be more likely to uncover and stop attacks like ransomware before they occur.

Now, ransomware is pretty scary stuff, we won’t lie to you, and since it is spread primarily through phishing attacks, you need a solution in place that can help to stop these attacks before they have a chance to succeed. These attacks specifically target your users, and they can fool even the most seasoned employee into making a decision that they will come to regret. Naturally, this leads to cybercriminals making phishing attacks difficult to identify and making them as convincing as possible.

You can train employees to identify these attacks, but there will always be a chance that someone slips up. Artificial intelligence can pick up where they fall short, though.

How Does AI Help Your Business?

AI can use predictive tools and analysis to identify threats your organization might face. This has led to many companies adopting it as a security measure, and it can help in several ways. Here are some reasons why businesses might implement AI:

• Spam and phishing protection
• Analyzing DNS data to detect threats
• Identifying problematic data
• Tracking advanced malware

AI has become more accessible than it has ever been, so we think it is worth exploring the concept further.

Let Us Help You Protect Your Business

MSPNetworks can help your business manage its technology and cybersecurity. To learn more, reach out to us at (516) 403-9001.

How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.

The biggest problem with phishing emails is one that you might not expect. It’s certainly problematic enough that phishing scams are increasingly more common, and it’s definitely a challenge to ensure that your infrastructure stays secure under such circumstances. However, you’ll find that the major challenge that cybersecurity professionals face in regard to phishing scams is that hackers are just too crafty with how they continuously adjust their tactics.

Phishing attacks can come in several different manners and tactics, each of them focusing on the fact that the weakest points of your security infrastructure have to do with the human elements of your cybersecurity strategy. They might come in the form of an unsolicited email, or they could come from a phone call asking for sensitive information. No matter what, though, they are going to find ways to circumvent your security protections somehow simply because hackers realize that their best chance of getting through to your organization is through your employees.

And this is not even taking into account the scam emails that are so convincing that even the spam filters cannot capture these potentially dangerous messages. If a hacker takes the time to research your organization and make their message seem like an authentic message, there is a chance that it can bypass your spam filters entirely and become a very real threat to your business. These types of messages can be difficult to identify, especially if your users have not had any formal training about phishing messages.

Simply put, you absolutely cannot rely on your spam filter to keep you safe from the countless threats out there. Messages that don’t automatically get caught by the software’s filters could very well still be phishing emails that have been tailor-made to strike your organization with a social engineering attack.

We always recommend that businesses implement not only enterprise-grade spam filtering to keep the majority of threats out of your employees’ inboxes, but also to train your employees to identify potential threats. This is a type of preventative approach that all businesses should implement, and it’s one that is often overlooked. It’s easy to think that technology can solve all of your problems, and while it’s pretty likely to make improvements to your security infrastructure, it’s only as effective as the people who work for you.

It might be impossible to guarantee that your employees never see a phishing message, but you can optimize the chances that they will act appropriately if you provide them with the correct training and IT resources. MSPNetworks can help fulfill both for your business. We can equip your business with enterprise-grade solutions to keep threats off your network while also providing the training needed to inform your team’s security practices.

To learn more, reach out to us at (516) 403-9001.

At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.

Keep Your Antivirus and Security Tools Updated

What’s better than eliminating a threat from your network? Stopping it from getting that far entirely. With antivirus, firewalls, and other security measures in place, you can keep your business secure from the majority of threats before they even become a problem in the first place.

Use a VPN

In case you or someone else on your team has to travel, or if you have a team that works remotely, a VPN is incredibly valuable. Public Wi-fi is notorious for being quite dangerous, and a virtual private network can offer a safe haven for you to access the Internet without fear of being observed by any onlookers.

Utilize Multi-Factor Authentication

You can take your security practices to the next level through the use of multi-factor authentication. A password can only do so much in today’s threat landscape, so you should back it up with biometrics, generated PINs, and other secondary measures that can make things much more difficult for any would-be hacker.

Use a Password Manager

We know you’ve heard it a thousand times; “always use a different password for each and every one of your accounts to maximize security.” While this should be practiced, it can be difficult to observe if you don’t have a password manager keeping tabs on each of your credentials. Plus, let’s face it, you don’t want to rely on your browser’s password management options if you can help it. 

Avoid Phishing Scams

While it would certainly be amazing to win the lottery, a free vacation, or catch some juicy gossip in your email inbox, the fact of the matter is that phishing emails know that these kinds of temptations make you want to click on links in emails, regardless of how likely you think they might be. Other tactics used include fearmongering and threats, which aren’t nearly as fun to receive, but are equally as effective, if not more so under the right circumstances. Either way, you should use extreme scrutiny when navigating messages from unknown or unsolicited sources—especially if they contain links or attachments.

Let Us Help Your Business Keep Itself Safe

While you can certainly do all of the above on your own, why not work with a managed service provider like MSPNetworks? We can take the stress out of managing your network security. To get started, call us at (516) 403-9001.

We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.

Spoiler alert: it’s really, really important.

Data Shows that Enterprises Suffer from Considerable Vulnerabilities

Compiled by Sevco Security, the State of the Cybersecurity Attack Surface report took data from over 500,000 IT assets. This data, compiled from enterprise-level businesses, revealed that a substantial number of the assets these businesses rely on are missing critical endpoint protections or aren’t being actively patched.

According to Sevco Security’s research, the businesses they surveyed were lacking endpoint protections at a rate of 12%, while 5% of them were lacking enterprise patch management. Compounding these issues, 19% of Windows servers were missing endpoint protections.

Furthermore, “stale” IT—assets that are present in the security control console and register as installed on a device, but haven’t checked back in for a few weeks—is a small but serious issue for these enterprise organizations. 3% of the IT assets have stale endpoint protections, while 1% have stale patch management. However, since they are supposedly accounted for, these risks are harder to spot and more likely to create issues.

Of course, these findings were all based on research into enterprise-level companies, with enterprise-level capabilities. Now, just consider what that suggests about the small or medium-sized businesses and their comparative capabilities.

Trust Us to Help Prevent These Vulnerabilities from Presenting Themselves in Your Business

Part of our proactive remote monitoring and maintenance services is to catch these kinds of issues before they result in larger problems for your business. To learn more about how we accomplish this, give us a call at (516) 403-9001 today.

If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.

What is Patch Tuesday?

You don’t need us to tell you that Microsoft as a software developer is a big deal, having released major computer operating systems and business applications that are used by countless individuals and organizations across the globe. We want to highlight one quality that is a little easy to forget sometimes, though, and that is the fact that Microsoft, like any other software developer and publisher out there, is not infallible. They are bound to create products with flaws in them, just like anyone else.

This is why Patch Tuesday exists. It provides Microsoft with the opportunity to routinely address performance issues, security risks, and other bugs that might be discovered in their software. Each month, the Microsoft Security Response Center puts out information using Common Vulnerabilities and Exposures numbers on their website. This information is designed to inform IT workers and the public in general about security issues that are addressed with each update. These updates typically cover Windows operating systems—including those that have reached their end-of-life but are covered under an extended support contract—as well as other Microsoft software products.

Patch Tuesday is the second Tuesday of each month. Patches and updates are issued at 5:00pm (Coordinated Universal Time).

Why is Patch Tuesday Important?

Simply put, Patch Tuesday was created to give IT workers a heads-up as to when patches and updates will be applied. Oftentimes IT workers will need to prepare an infrastructure for a blanket installation of important patches and updates, so this gives them an official date and time to work towards.

Patch Tuesday is also important to another, slightly less altruistic group of individuals: hackers. Cybercriminals and developers of online threats can scour the code of Microsoft’s patches to gain insights into vulnerabilities that might have been addressed within them. They can then use that information to reverse-engineer patches, so to speak, to target individuals who have not deployed their new patches and updates, thereby getting the jump on users who have not expediently deployed them.

Why Are Patches and Updates In General Important?

There is a reason why patches and security updates are issued so regularly, and it’s a big one: your business is very much at risk without them. Patches and updates are issued to shore up security vulnerabilities in software—vulnerabilities that could ultimately give hackers access to your network if they are crafty enough.

It’s important to note that not all vulnerabilities are actively exploited in the wild prior to being detected. It’s entirely possible that developers at Microsoft happened upon them out of the blue and decided to address them appropriately. When they do find unpatched vulnerabilities that are being exploited, however, they tend to release patches and updates out of their routine to get them into the hands of the public as soon as possible.

If all this talk about patches and updates has you concerned about the future of your organization, fear not. MSPNetworks is happy to assist you with the management and deployment of all patches and updates for your mission-critical systems. To learn more about what we can do for your business, reach out to us at (516) 403-9001.

What do you do if you have forgotten your wireless router’s password? You could restore the router back to its default settings, of course, but what if you have, like a dummy, never changed the router’s password in the first place? This Internet password repository could be your saving grace.

RouterPasswords.com

RouterPasswords.com is a website built to document default usernames and passwords for wireless routers. It’s run by a community of users for a community of users. Essentially, anyone can submit their default username and password for their router to help anyone out who may have forgotten it somewhere down the line. They make a point to highlight that the username and password of the router is not the one set by your Internet service provider–rather, they want the factory-set default credentials. Once the credentials have been reviewed by an administrator, they are added to the online repository.

It’s also worth mentioning that this site can be helpful from a technician’s perspective as well, as identifying the default username and password for a device can mean less work and less time spent troubleshooting an issue, if that is indeed the problem at hand.

In addition to having the largest default router password repository on the Internet (according to them, at least), the website also provides tips and tricks for how to manage router settings, reviews for the latest wireless routing technologies, and news related to wireless technology.

There is a Dark Side to This Website Existing

Of course, there is also the negative consequence of a website like this existing in that, if you can use it, so can anyone else on the Internet—hackers included. Imagine that you are a hacker and you’re trying to find the path of least resistance into a wireless network. You notice that the device’s wireless network name was never changed or set up beyond the factory default, so you assume that the wireless network’s password is also the factory default.

From there, well, you can guess where this story goes.

You should always change your wireless network’s name and password for this very reason. Tools like this exist to make users’ lives easier, but they inadvertently also make the lives of hackers easier, too.

Reinforce Your Wireless Practices with Us!

MSPNetworks can of course help you shore up any weaknesses that might exist in your business’ wireless network policies and connections. With us on your side, you’ll have a staunch ally in the fight against cybercrime. To learn more, contact us at (516) 403-9001 today.

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.

No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.

Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.

Why You Should Never Pay the Ransom

Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.

Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.

This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.

Instead, You Should Call Us!

If you become the target of ransomware, we suggest you call MSPNetworks at (516) 403-9001. We can walk you through the appropriate next steps to address ransomware on your network.

Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.

Get started today by calling us at (516) 403-9001.

Passwords are just one part of a comprehensive security strategy, but they are a crucial one. You must make sure that you are investing adequate time and effort into making sure your passwords are secure. This is easier said than done, but by the end of today’s short blog article, you’ll have all the information you need to craft excellent passwords for your accounts.

What Are Some Password Best Practices?

In a list format, we have put together some password best practices for your review:

• Use complex strings of characters: Your passwords should consist of both upper and lower-case letters, numbers, and special characters.
• The longer, the better: If you have more characters in your password, there are more opportunities for a hacker to get it wrong. Your passwords should be easy to remember, but hard to guess.
• Opt for passphrases rather than passwords: To make your passwords easier to remember, you can use a passphrase. The passphrase is basically an upgraded password variant that is harder to guess, but easier to remember. For example, if you were to use a favorite ’80s movie, you might pull a famous line from the movie along with the title and tie it together. For example, if your favorite movie of all time is Short Circuit, you might make your passphrase Sh0rtCIRCUIT#5isALIVE!86
• Use different passwords for each account: You should be using different passwords for each of your accounts, just in case one of them gets stolen. After all, if you use the same password for every account, you’ll have to change every single one of them anyway.

With these practices, you can make more complex and secure passwords. In addition to these practices, you can consider some of the following to make using them easier and more efficient.

What Else Can You Do to Protect Your Online Accounts?

To capitalize on the benefits of password security for your business, we recommend that you take things just a hair further with additional policies and technology solutions. We recommend multi-factor authentication and password management solutions to get the most out of your password and authentication policies.

With multi-factor authentication, you can use additional authentication protocols alongside passwords to maximize security. Your average multi-factor authentication tool will utilize two of the three methods: something you are (biometrics), something you have (smartphone, USB key), or something you know (a password, PIN, or passphrase).

In comparison, password management tools take what you have applied to your password security and make them that much easier to manage. Password managers store your passwords in an encrypted database where they are protected by a master password. You can then call the passwords as they are needed when you access your accounts. Password managers often have the capabilities to generate passwords for you, just in case you need some help with your complex passwords. It makes using complex passwords and passphrases that much easier.

MSPNetworks is here to help outfit your business with the security and productivity tools it needs. Give us a call at (516) 403-9001 to learn more.

Chances are pretty good that, by this point, you’ve heard of burnout—maybe you’ve even suffered from it before yourself—but, just in case you’re a remarkably lucky human being, it’s the phenomenon where your employees become disengaged to the point where their performance suffers. While this isn’t good in any facet of your business, it can be especially damaging in terms of your security.

Let’s explore the concept of cybersecurity burnout (spoiler alert: it’s present at all levels, all the way up to cybersecurity pros) and how it could potentially cause problems for your business.

What is Cybersecurity Burnout?

The concept of burnout is a simple one: as we’ve said, it’s a deep-seated disengagement that one of your employees feels from the job you employed them to do. Cybersecurity burnout, generally speaking, is burnout that impacts a business’ cybersecurity professionals and leads them to feel this level of disengagement. However, the reality of today’s workplace is that everyone has to be responsible for cybersecurity.

As a result, everyone is also susceptible to cybersecurity burnout.

 In terms of cybersecurity burnout, the aforementioned disengagement presents itself in a few different ways:

• Human error, in terms of missed phishing signs due to increased stress (which enables attackers to hide their attacks that much more effectively)
• Increased apathy, leading to less adherence to best practices like password standards or bans on shadow IT
• Diminished productivity, leading to less accomplished for your business overall
• Turnover, as stressed and frustrated employees seek out better work environments and compensation

None of this bodes well for a business, so what can be done to prevent this kind of burnout?

How Can I Keep My Employees Engaged in Cybersecurity?

When it comes to cybersecurity burnout, resolving it is very similar to how you would resolve any kind of burnout:

• Recover - Burnout is largely the result of an employee being worn down and exhausted, emotionally and mentally. Giving them the chance to recharge their batteries throughout the day—and insisting they utilize it—can help them break the patterns that lead to swifter burnout.
• Reorient - Once your team members have recovered somewhat, it’s time to help them get back on task in a more effective and balanced manner. Helping them identify their priorities and grasp the importance of their security-related tasks is an effective way to do so.
• Renew - Finally, it is time to help prevent this kind of cybersecurity burnout from coming back. Encourage your team members to develop their professional relationships with one another, and work with them to help align the values that they have with those of your company.

Turn to Us for Assistance with Your Cybersecurity

We’re here to help you keep your business secured in any way we can, especially through our monitoring and maintenance services. This can help take some of the pressure off your employees, allowing them to focus on their tasks more effectively.

Find out more by giving us a call at (516) 403-9001.

Technology has come a long way, but so too have the threats which leverage it to their advantage. How have the cyberthreats which target your organization evolved over time, and what can you do to protect yourself?

There Are More Risks Today Than Ever Before

Modern tools such as artificial intelligence, the Internet of Things, and the cloud give businesses more options to get their work done, but they also represent additional avenues for hackers to attack. Automation can improve your work processes, for example, but it can also make it easy for phishing attacks and other types of threats to infiltrate your network.

This type of advancement means you need to take action. Here are three questions your organization must consider for its continued security and success.

Consider These Three Questions

Let’s examine some of the first questions you should consider for your business’ cybersecurity:

1. Are the security measures we have in place now enough to protect us from developing threats and risks?
2. Are we putting sufficient time into training our employees to be a security asset, rather than a source of vulnerability?
3. Are we preparing ourselves for the threats that will develop thanks to emerging platforms and new technologies?

What Else Should You Consider?

Furthermore, we have some other considerations your organization should look at to keep your technology safe.

Improve the Way You Seek Out Malware

There will always be the types of threats that are in your face and ready to demand a ransom, but more often than not, malware will sneak around in the background and mimic a legitimate user’s technology habits. You have several ways to combat this, such as automated security solutions and increasing your employees’ security awareness.

There Are More Threat Surfaces to Protect

More technology means better processes (when implemented correctly), but it can also mean more vulnerabilities to threats. Businesses need to take stock of their current risk management strategies to ensure that they are effective, even when implementing new technology, without making your systems too complex or hard to manage.

Improve Awareness at All Levels

Your IT department will likely handle most of the cybersecurity issues with your business, but awareness and adoption starts from the top down. If you don’t take security seriously, nobody else will. Now is the time to make security a priority by showing your team just how important it is.

Let’s Work Together to Protect Your Business

As managed IT providers, we work to protect our clients from the many current and emerging threats out there. By making things as easy as possible for businesses like yours to protect themselves from cyberthreats, we give you the power to take back your workday and focus on profits and more efficiently running your business.

To learn more about how we can help you make this vision a reality, reach out to us at (516) 403-9001.

In today’s business, sharing files is easy and something many workers take for granted. Unfortunately, not all file-sharing methods are secure. When efficiency is prioritized over security, it can often lead to extremely troublesome situations. For this week’s tip, we thought we’d go through a half dozen practices you can take to ensure your files get to where you need them to get safely and securely. 

Use a VPN

The Virtual Private Network is a key tool when it comes to securing your data flow. It allows users to use public Wi-Fi, many of which are more than sketchy connections, to safely and securely transmit data. Many public Wi-Fi connections leave users exposed and with a VPN, you have an encrypted portal that makes intercepting data highly unlikely. 

Thorough Password Management

Not only do you need to understand how to concoct a secure password and reliably protect your accounts with solid password practices, you should also consider using a password manager to store your passwords. Not only does a password manager make it almost impossible for hackers to access your passwords, you can also stretch a buck if you need to use shared passwords. There are a lot of them to choose from and the professional consultants at MSPNetworks can help you set up a solution to ensure that your accounts are protected. 

Control File Access

One of the best ways to ensure that files are secure is to maintain control over the permissions of them. One of the easiest ways to do this is by assigning groups that can access certain files or file types. You can set permissions by department, but you can also just set up groups that have users in them who need access to the files. Since not everyone needs access to every single file, controlling users’ access is one of the best ways to keep your files and file storage secure. 

Set Up and Enforce Use of Multi-Factor Authentication (MFA/2FA)

Multi-factor authentication (or two-factor authentication) is a security step that requires any user to prove their identity before logging into a particular system. MFA uses multiple authorization methods to verify their identity. They do this in three ways:

• Proof of knowledge - A password or PIN that only the user knows
• Proof of possession - A key of some sort, typically an authentication key sent via mobile device.
• Proof of existence - A key using biometric data or voice recognition. 

Making users prove they are who they say they are is a solid practice to secure your data, but it is important to limit your efforts as to not put too many redundant barriers between your data and your users. 

Ensure Your File Sharing Fits In

As important as file sharing can be, it also can cause some problems if the solution you choose doesn’t fit into your overall security strategy. There are all types of options on the market and the one that you choose needs to fit into your overarching security posture. File sharing is only one facet of your business that needs to be secured, so as to not leave your business vulnerable, ensuring that any file sharing platform you choose to use fits in with all your other security efforts is a must. 

Here are some types, for example:

• Sending encrypted attachments via email
• Sharing links to public or private files in the cloud
• Establishing shared folders or collaborative spaces either online or by syncing information from one location to another

Train Your Staff

Like any other part of your business, the people that use a piece of technology need to be sufficiently trained on how to use it to ensure that its features are used properly. Most hosted platforms are going to take some getting used to for your staff; there is no way around it. That’s why you should get out in front of it and provide the necessary training that will get your people up to speed faster. The more they know, the more secure your files and your file sharing will be. 

At MSPNetworks, we work with New York companies that require dedicated IT services and support to keep their business secure and running efficiently. If you would like to get some insight about enterprise file sharing from our IT professionals, give us a call today at (516) 403-9001. 

It’s easy to use the terms “patches” and “updates” as if they mean the same thing, and they are often used interchangeably within the same context. However, understanding the difference between the two can make a world of difference in terms of how you approach implementing each of them. We’re here to clear things up a bit and help you better understand the patches and updates you deploy on a month-to-month basis.

What is the Big Difference?

Patches and updates are critical to ensuring that your devices and mission-critical software are kept secure from potential threats. Over time, vulnerabilities or operational issues which impact security could arise, and software developers rise to the occasion to resolve them by issuing these patches and updates. The big difference between the two is scope and scale.

Patches are generally used for quick fixes to specific problems which need attention. You can think of it like patching a rip or tear in a piece of clothing. You get a piece of fabric, throw it over the problem, and sew it on for a fix.

Updates, on the other hand, are more structural in nature, and they are generally larger in scope. They might address multiple problems at once. It’s like changing the fabric of your shirt entirely rather than just patching the hole.

Why Should You Care?

In short, the biggest reason why you should care about the difference between patches and updates is that it could very well impact your ability to do your job correctly.

Let’s say you implement a new update. Yes, it solves several problems with the security infrastructure of your software or applications, but it could very well introduce new bugs or operational issues that either affect the way your team gets work done or your ability to perform specific tasks. Imagine if someone updated your operating system overnight and, all of a sudden, the user interface changes, or a critical task you need to perform no longer works the way you expect it to. You have to take the time to adjust to the update or review documentation to ensure that it’s not going to disrupt your operations too profoundly.

Make Patches and Updates Easy to Apply

We know that applying patches and updates can be a bit disruptive to your day-to-day duties and responsibilities. Furthermore, you don’t want to be applying patches and updates on a whim; you need to approach these carefully to ensure they have minimal negative impacts on your business’ operations. This is why MSPNetworks offers remote patching and security update services. We can apply any patches or updates your systems need without the need for an on-site visit. With our management tools, you can rest assured that someone is keeping an eye out for your systems.

To learn more, reach out to MSPNetworks at (516) 403-9001.

Mobile devices demand a special type of attention in order to ensure security. You want to ensure that your devices are protected as well as possible, but you also need to ensure that this does not come at the expense of your employees’ productivity or efficiency. We’ve put together a list of common security issues you might encounter when securing your mobile devices, as well as a couple of practices you can implement to work toward an adequate level of cybersecurity for your mobile infrastructure.

Malicious Applications

Mobile applications will be crucial to productivity with your mobile devices. Just like how laptops and desktops run software and programs, mobile devices require applications for various tasks, including data storage, file access, communication, productivity, and many more. You can usually find these applications on the designated app store for Android or iOS, but you might have to dodge a couple of malicious applications in the process. Make sure you are downloading the appropriate app from a trusted developer rather than a fake, malicious one.

Unsecured Connections

Mobile devices will be connecting to wireless networks in order to dodge the use of mobile data for every little task, but the problem with most public wireless networks is that they are unsecured and susceptible to attacks from all sorts of threats. Even if they are secured, they likely are not secured appropriately, and hackers might be able to intercept or view data traveling to and from your device.

Lost or Stolen Devices

One of the major challenges of mobile devices is the fact that they are… well, mobile, and as such, more likely to be lost compared to your traditional in-house technology solutions. It’s easy enough to misplace a smartphone or laptop, and it’s just as easy for a thief to walk away with it if you take your eyes off of them long enough. 

Security Solutions

To keep your mobile devices from becoming a major pain in the neck from a security standpoint, we recommend that you implement the following solutions and measures. They will go a long way toward keeping your business and its data safe.

• Mobile Device Management: An MDM solution gives your business the power to control app downloads and permissions on devices, all while remotely wiping lost or stolen devices as needed. It makes keeping track of your company’s mobile devices as easy as can be.
• Virtual Private Networks: A VPN is a powerful security tool that gives your mobile devices access to an encrypted connection to your business’ data infrastructure. This means that a hacker won’t simply be able to steal data while it’s in transit, and if they do, they will have to deal with military-grade encryption to make heads or tails of it.

Mobile device security doesn’t have to be difficult; make it easier by contacting MSPNetworks at (516) 403-9001!

Anyone who has a mailbox or an email knows all about junk mail. We all receive Publisher’s Clearing House entries, calls about your car’s extended warranty, promotions for items and events that you swore that you discontinued by typing “STOP”, and just needless spam that you waste your time going through and deleting. We receive unsolicited messages every single day.

It’s actually more routine now than annoying. 

Today, there are more scams directed at the average individual than ever; and, as a result, it can have negative effects on every organization if someone mistakenly interacts with the wrong one. If you think it isn’t a big deal consider that these scams cost individuals, businesses, and governments over a trillion dollars every year. That’s >$1,000,000,000,000. These scams affect more people from all different types of age groups more than any other crime. Today, we’ll go through why so many people fall for scams and what you can do to protect yourself against being part of this staggering statistic. 

More Scams, More Exposure

The first reason that there are more people falling for scams is because there are just so many scams sent out. For years, there were lottery scams that cost people in the neighborhood of $200 million dollars, but today that cost has doubled; presumably because there are just more scams of that type sent every day. Before everyone depended so highly on the Internet, scams would happen, but they would be more intimate. Individual people stealing money by getting people to invest in real estate scams. Even the Bernie Madoff scam, that defrauded investors of over $64 billion dollars, was the work of a lone firm where many of the people working there thought the company was legitimate. 

 Today, there are teams (companies, in fact) that are in business to defraud people. Since the cost of perpetuating this type of crime has dropped substantially, businesses with the model of fraud have grown and are responsible for the major increase in stolen money.

 What’s worse, it is more difficult than ever to catch and prosecute these criminal organizations. They often operate out of nations that don’t have the type of law enforcement infrastructure needed to combat them. Think about this: Have you recently got a phone call from your area code only to answer it and it be a scam caller? This isn’t somebody in the next town trying to sell you on an extended warranty for your car, it is someone a world away using a routing program to spoof the number that will work to engage the call’s recipient. 

Scams Have Targets

Another reason people are falling for scams is that they are becoming more and more sophisticated by the day. Scams today use the names of popular brands or even people’s own companies to get them to engage with the ruse. Most businesses move fast, especially on the Internet and if a subordinate gets an email from their direct supervisor to send money, login credentials, or other sensitive information, many workers will ignore the warning signs and complete the task. Only after the fact will they understand that they’ve been had by an organization that’s whole mission is to steal data and defraud individuals. 

 The more familiar the tone of the correspondence and the more familiar the whole thing is presented as, the more apt that people are going to let their guard down and interact with these scams. Somewhat surprisingly, younger people are more likely to ignore warning signs and move forward. There are more millennials in the current workforce than any other generation and their lack of awareness, or even their desire to do their job well, can lead to major issues. Since older employees tend to have experience dealing directly with the people they need to deal with, they aren’t as targeted as younger employees. That said, there were over 1.2 trillion phishing emails sent in 2020, and that number continues to rise every year, so everyone remains a target. 

What You Can Do

Well as a business owner or manager, you need to do everything in your power to keep your people educated about how to interact with scam emails, phone calls, and instant messages. Let’s look at some good tips to follow when educating your staff and building your cybersecurity strategy. 

• Be alert - In order to catch a phishing scam before it creates a headache for you, you have to interact with every message you get with a degree of skepticism.
• Verify - The best way to avoid troubles from email and messages sent to you that demand action is to verify with the sender. It doesn’t take that long and any grief you may get from it is far less than the grief you would get if you sent money or information to an unauthorized person outside the organization.
• Look for telltale phishing signs - Does the message you received demand things of you that aren’t normal? Does it have links, phone numbers, or attachments that the email directs you to interact with? Are there spelling and grammar errors? If the message you’ve received doesn’t seem legitimate, it likely isn’t.
• Use security software - One of the best ways to fish out phishing emails is to use a spam protection program. Most enterprise emails have one built in, but they don’t always catch all of them. If you find that you are getting spam emails in your inbox, you can direct them to your spam folder. 
• Keep a backup (or several) - One of the best ways to protect your business in lieu of all the scams and hacks going on is to ensure that your applications and data are backed up. At MSPNetworks, we utilize a backup and disaster recovery service that keeps your files backed up onsite and in an offsite data center to ensure that when you need to get to your backups, you can. 

 If you would like to know more about how to avoid online scams and keep your business more secure, give us a call today at (516) 403-9001 and return to our blog regularly.

When we think about cybersecurity, we usually think about protecting our computers from viruses, right?

I’d imagine a few of our older readers remember a time when you would go to the store and buy antivirus software that came in a big brightly-colored box with a CD in it each year.

As you probably already know, things aren’t as simple anymore.

Cybersecurity is a Huge Problem, Because It’s a Lucrative Business

Maybe the idea of going to the store to purchase the latest version of Norton Antivirus for my home PC makes me wax nostalgic a little, but things have become much more complicated over the last couple of decades when it comes to cybersecurity.

Gone are the days where computer malware simply exists to spread and annoy users. Well, that stuff still exists, but most users are pretty well protected from it, thanks to free antivirus software and built-in protections that are baked right into the various operating systems we’ve come to depend on.

Unfortunately, cybercriminals started to figure out the value of their skills and have been able to turn their talents into careers. I won’t dive too deep into the history of this, as it’s not even necessarily new, but it has been a major factor behind the majority of attacks against personal users and businesses.

It’s estimated that over one percent of the entire global economy is lost to cybercrime each year, and that rate has been increasing quickly over the years. A single percentage might not seem like much, but it’s monetary worth at least $600 billion, and it’s also likely that percentage is a bit higher as many crimes go unreported. As a comparison, the US film industry is about 3.2% of the GDP, and the US professional sports industry is about 1% of the GDP.

That’s not nothing.

Cybercriminals Treat It Like a Business

It’s pretty rare to come across a business that doesn’t have some form of antivirus these days (thank goodness). That’s good. All businesses need to have centrally-managed, carefully monitored, and thoroughly maintained antivirus.

Let that sink in, though. Most businesses have this base-level of protection, but cybercrime is booming.

You need to look at cybercriminals and realize there are very clever, hard-working entrepreneurs within this group, and that they are always looking for ways to grow and expand. You need to compare cybercriminals to other businesses you see today. They are constantly trying to disrupt in the same way that Uber and Lyft disrupted the taxi industry… while also disrupting the course of business for everybody else involved.

It’s a business about making the most money with minimal effort, using tactics that can easily be repeated and have a high success rate.

Look at them as your competitors in sort of a weird sense. They are ruthlessly vying for your revenue.

It’s Time to Take Cybersecurity Seriously

For many businesses, complying with certain levels of cybersecurity protections is the law, but it’s more than that too. Even if you are a healthcare practice that is strictly following HIPAA and every other compliance regulation, you need to review and push that envelope a little harder to stay ahead of those who are working just as hard to get a piece of your business.

It’s terrible, it really is. Like I said, I miss the days when it was as simple as installing new antivirus every year.

That said, we are here to help. At MSPNetworks, we take a security-first approach to everything we do, and we can help your business protect itself. It’s not worth waiting. Even if you just want a second set of eyes to evaluate your network, don’t hesitate to give us a call today at (516) 403-9001.

Insurance is a great asset, should you ever need it… including where your business technology is concerned. If you weren’t aware, there is a form of insurance—cyber insurance—that you can purchase in case your business suffers from a data breach.

Is this additional form of insurance worth the investment? Absolutely.

Let’s take a few moments and explore why you’ll be happy to have cyber insurance when the time comes

What is Cyber/Cybersecurity/Cyber Liability Insurance?

Cyber insurance, like any other form of insurance, is meant to help cover the financial impacts of a given event. In this case, the event would be some kind of cyberattack.

It can be easy to underestimate the fallout that a cyberattack can have. Sure, there’s the immediate issue that the attack itself creates in terms of lost time and productivity, but there are plenty of other impacts and aftereffects that are also associated with these attacks as well.

For instance, if you’ve lost data, you could very well face significant fines from the government, on top of the definite lack of trust the general populous will likely feel toward your business once word gets out about your data loss event.

Then, you also have to consider how much it will cost to restore your business, fixing the systems that have been impacted and influenced by the attack. You need to account for all the business that the aforementioned lack of trust will lose you. You need to factor in the cost of all the notifications that you will need to send out to those impacted by your data breach.

This is a pretty, pretty penny… far more than you can realistically budget away in your IT costs.

Hence, cyber insurance.

What Can Cyber Insurance Help Cover?

There are assorted needs that cyber insurance can help you to pay for, if need be, including:

• Notifying affected parties
• Resolving security issues
• Providing credit monitoring services for those impacted
• Extortion payments
• Expenses related to resuming your business practices
• Covering public relations costs

Who Needs Cyber Insurance?

To put it in no uncertain terms: any business that stores or handles sensitive information, whether that’s financial data, medical information, contact details, or personally identifiable information.

Don’t get us wrong, we don’t hope that you ever have a need for cyber insurance—we just know it is better to be prepared. Having said that, we’re also here to help minimize the chances that you’ll ever need it.

Reach out to us to learn more about our comprehensive cybersecurity services by calling (516) 403-9001.

Phishing attacks can be scary to deal with, especially since it is not unheard of for staff members to not even know they are looking at one. To make sure your staff can identify and respond to phishing attacks in an appropriate way, we’ve put together this short guide to help you along the way.

First, let’s go over what makes a phishing attack.

What is Phishing?

Phishing is one of the most common forms of cyberattacks used by criminals with goals ranging from stealing data to gaining access to an infrastructure. Essentially, a phishing attack is an attempt by a cybercriminal to communicate with your team members in hopes that they will give away important information or allow access to critical systems. Phishing attacks are a natural evolution of cyberattacks that rose in popularity due to the advancement of security standards; while solutions have grown stronger and more difficult to crack, the human mind remains ever-vulnerable.

Phishing emails are the most well-known type of phishing attack, but they also come in other forms, like online forms designed to harvest credentials, SMS messages with infected links, phone calls, and other means of communication. Since phishing attacks can take so many different forms, it’s important that your team knows what to look for in these attempts, as well as how to report them to your trusted IT administrator. 

Let’s go over some of the ways your team members can identify a potential phishing attack.

Signs That a Phishing Attack is Targeting You

There are plenty of warning signs you can use to identify a phishing attack. Here is a short list to consider, but if you have any concerns at all, we hope you will reach out to us at (516) 403-9001 to learn more about them:

• A tone that doesn’t match the supposed sender
• Misspellings and other discrepancies in key details, like email addresses, domain names, and links
• Out-of-the-blue messages
• Egregious spelling and grammar errors
• Unexpected or out-of-context attachments
• Excessive urgency behind, or open threats as a consequence of, not complying with the message
• Ambiguous messages that motivate the recipient to investigate
• Unusual requests, or requests for explicitly sensitive information

It’s incredibly important to know what these warning signs are so you can actively keep a lookout for them. If you don’t, who knows what could happen?

We’re Here to Help Keep Your Team Safe!

If you feel you could use some help keeping your business safe from phishing attacks, we are happy to help. To learn more, reach out to us at (516) 403-9001.