MSPNetworks Blog

Smart devices have brought about unprecedented amounts of connectivity in aspects of running a business or owning a home that never could have been dreamed of in the past. People can now unlock their front doors, turn up their thermostats, and even switch the lights on and off through their smartphone. Unfortunately, the part that people don’t like to talk about with these applications and devices is security—big surprise, right?

Most consumers tend to lean toward technology that makes their living spaces easier to manage, but these technologies present their own set of problems and challenges, chief among them being security.

Connectivity Through the Cloud

Smart technology works by sending and receiving data from the chosen smart device, be it a thermostat or a video surveillance system, to your smartphone. It does this through the cloud, but there’s a catch—these connections are often unencrypted and unsecured, meaning that anyone who knows where to look can hijack the transmission and steal that data. If you are going to implement smart technology for your company or home, be sure to look for solutions that come with encryption capabilities, thus securing your connectivity through the cloud.

Be Careful About Permissions

Depending on the application, you might notice that it asks for permissions to use various other applications or hardware on your device, like the camera, microphone, or other data found on your device. Be very careful with these permissions. You must be sure of what permissions you are granting before you actually do so. Depending on what permissions are granted, you might accidentally opt into data harvesting. Furthermore, the more permissions you grant without understanding what they are doing, the more likely you are to get hacked, so it’s always better to err on the side of caution with smart technology.

You may have already noticed, but many of the challenges presented above can be mitigated through understanding the nature of what technology you are implementing and how you are using it. Always understand the details for any device you implement on your infrastructure before doing so, and if you don’t, consult professionals who make it their life’s work to help people like you improve their relationship with technology.

MSPNetworks can help you implement smart technology solutions for your office, but we can do so in a way that prioritizes security in all senses of the word. To learn more about what we can do to help you protect your business and its assets, reach out to us at (516) 403-9001.

Network security can be tough; there’s a lot to know, and you often need to have trained professionals on your side to ensure your systems are as secure as possible. With the right solutions on your side, however, it can be made much more manageable. Let’s discuss some of the most important security features your organization should implement and why.

Unified Threat Management

A UTM is an umbrella term that describes a comprehensive security appliance. A UTM typically includes a content filter, spam blocker, and antivirus software, among other solutions. It’s designed to protect you from the plethora of threats out there through the implementation of a singular hardware-based tool. It’s one security measure that your organization definitely does not want to be without.

Mobile Device Management

With so many people still working remotely or from a hybrid setting, managing your team’s mobile devices and their access to important data is an incredibly important thing to work toward. Mobile device management tools can be used to control user permissions and access to data, as well as whitelisting and blacklisting applications.

Permissions, Access Control, and Monitoring

It’s important that your company understand how permissions, access control, and monitoring work in tandem to protect your company’s assets. In essence, your team should have permissions for only the data they need to fulfill their day-to-day duties, and you should actively monitor who is accessing which parts of your infrastructure.

Virtual Private Networks

VPNs create encrypted tunnels between your network and devices that want to access its data. This protects data from being intercepted or observed while it’s traveling to and from your device. They are particularly valuable for any worker who spends time working outside the protections of your in-house network, and in today’s world of remote and hybrid workflows, they are extremely important.

MSPNetworks wants to be your business’ go-to security resource. We can help you implement any of the above solutions and monitor your systems for any security threats you can imagine. To learn more about what we can do to keep your business safe, reach out to us at (516) 403-9001.

As time has passed, cybersecurity attacks have become another way some organizations and nations engage in warfare. You can argue that there is a war going on at all times in cyberspace while hackers—many of which are sponsored by government agencies—try to outdo security researchers at all turns. One such scenario sees customers in the United States and Israeli defense technology sectors becoming the target of “password spraying.”

Password spraying is a somewhat disgusting-sounding term used to describe the process of hacking into multiple accounts by spamming commonly used passwords. You can see how this can become problematic, especially considering users’ propensity for using variations of these commonly used passwords.

In the above scenario, Microsoft warns that about 250 Microsoft Office 365 customers in the aforementioned sectors were being targeted by these password spraying tactics. Microsoft has called the group performing such attacks DEV-0343, with the DEV moniker being used to showcase that the attackers are, at this time of writing, not state-sponsored. DEV-0343 is thought to originate from Iran.

Less than 20 of the targets were actually compromised, but it’s shocking that such high-profile targets would opt for such basic passwords, to say the least. It’s reported that organizations using multi-factor authentication are at much less risk compared to those who don’t. According to Microsoft, security professionals should be on the lookout for suspicious connections from Tor networks: "DEV-0343 conducts extensive password sprays emulating a Firefox browser and using IPs hosted on a Tor proxy network. They are most active between Sunday and Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time. They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times. On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization.”

In general, your organization should be prepared to analyze its traffic for suspicious activity of any kind, particularly during off-times when nobody should be accessing your infrastructure. Furthermore, it’s critical to remember that passwords are, of course, only one part of an adequate cybersecurity strategy and that you should always strive to use multi-factor authentication when possible. Passwords are one part of this process and should be used alongside something else you have, like a secondary device or smartphone, or biometric technology.

You can count on MSPNetworks to stay in the loop regarding any security risk to your business and implementing solutions designed to protect your organization from any potential threats. To learn more about what we can do for your business, reach out to us at (516) 403-9001.

It’s easy to focus on threats that are external to your business, like viruses and malware that are just waiting to infiltrate your network, but what about threats that exist from within? While insider threats are not particularly common in the dramatic, over-the-top way that they are made out to be in movies and media, they are still a very real issue that should be addressed by your organization’s network security protocols.

In a lot of ways, insider threats are even harder to identify because of the fact that it is difficult to discern what activity is acceptable and what activity is not. According to Gartner, there are four types of insider threats. Believe it or not, most insider threats don’t necessarily have malicious intent; rather, they just have a gross negligence for network security and rules put into place that protects your organization’s intellectual property. Let’s meet some of these insider threats, shall we?

Those Who Are Tricked

Also known as the “pawn,” this category includes those who are more or less tricked into becoming complicit with hackers’ agendas through the use of social engineering scams or phishing campaigns. In these cases, hackers are simply taking advantage of others who may not know enough to not go along with it.

Those Who Cooperate

Those who cooperate with third parties to disclose sensitive information or trade secrets, also known as the “collaborator,” are dangerous in their own right. Not only do they leak important information, but they do so with the deliberate intent to harm or create problems for your organization.

Those Who Make Mistakes

Sometimes people just make mistakes because they don’t take security standards seriously or deliberately fly in the face of policies. These folks fall into the category of the “goof,” and their arrogance and negligence is what leads them to make such mistakes. Goofs often make choices that benefit themselves, even if they make things significantly less secure in the process.

Those Who Act on Their Own

Sometimes insider threats emerge on their own without being a part of a bigger effort from a hacker or third party. These threats, dubbed the “lone wolf” insiders, are particularly dangerous if they have high-level access to sensitive information. The reasons for lone wolf insider threats acting the way they do might vary, but even if they are made for ethical reasons, like leaking suspicious practices or dangerous activity, this does not change their status as insiders, as they are still acting with a deliberate intent to damage the organization they work for.

MSPNetworks can help to secure your business from threats of all types, including insiders. To learn more about the methods we use to determine legitimate or illegitimate network activity, reach out to us at (516) 403-9001.

What happens when your company configures something on its infrastructure incorrectly? It turns out, according to a recent data leak, that a lot can go wrong, especially in regards to cybersecurity and the privacy of sensitive records. The affected software was not an unknown third-party application, but was actually Microsoft! How did one of the world’s largest software developers put out software that potentially exposed millions of records? Let’s dig into the details.

The data leak in question affected users of Microsoft’s Power Apps, a software that is widely used by many companies and organizations to share data, including such big-name organizations and agencies such as American Airlines, Maryland’s health department, and New York’s Metropolitan Transport Authority. This data leak was discovered by cybersecurity researchers at UpGuard, who promptly notified Microsoft after determining that the data leak was a potential security issue.

The issue has since been resolved, but throughout the duration in which the data leak was still active, information such as names, Social Security numbers, phone numbers, dates of birth, vaccination records, demographic information, and other sensitive information was unsecured and, therefore, could have been stolen or compromised by hackers. While this information was unsecured and could have been accessed at any point during this time, there is no indication that it was accessed in any improper way.

The crazy thing about this whole fiasco is that Microsoft claims that the application was working as intended and that the root of the issue was the way that the software itself defaulted to a setting that allowed for this type of data leak. Microsoft has yet to comment on why the default setting led to such a lack of security, but they have since adjusted the default settings to allow for greater privacy. Still, this does not necessarily excuse the lax privacy settings that the program defaulted to.

It all goes to show that you can never be too sure that your business’ sensitive information is properly secured, as the consequences of having said data leak can be quite devastating. Under ordinary circumstances, a security audit could have been used to identify this risk, but the fact that nobody knew that this was a concern meant that nobody was actively looking for it and, therefore, the security issue flew under the radar for far too long. It’s just one reason why you need to be extraordinarily careful with any sort of configurations your company makes to any tools that are used to store, share, or disseminate information like any records listed above.

MSPNetworks can help your business ensure that all of its system settings are properly configured, as well as work toward properly securing sensitive information of all types. With us on your side, you’ll never need to worry about whether or not you are unknowingly putting information at risk. We can monitor your network, perform security audits, and fulfill just about any other tasks that need to occur to keep your business as secure as possible.

To learn more, contact the cybersecurity experts of MSPNetworks at (516) 403-9001.

Historically there have been several methods to transfer data from one system to the next, and while the cloud has rendered many of them irrelevant and unnecessary, that doesn’t mean they aren’t used by people looking to move data quickly. Many professionals still opt to use USB flash drives to keep certain data close at hand, but how at risk does this put the data on these drives?

Quite a bit, actually. Let’s discuss some of the many challenges that businesses face when dealing with USB flash storage and how it pertains to network and information security.

Device Size

Consider how small many of these flash drives are. This makes them compact and easy to carry around, and they can store a surprisingly large amount of data for their size. Unfortunately, when a business owner heavily uses a USB flash drive for any reason, they are constantly putting that data at risk of being lost or stolen. What would happen if the user accidentally dropped it while out and about? While some USB flash drives allow for encryption and passcodes to lock access as needed, this is not always the case. For this reason, many users prefer alternative methods of data transfer.

Information Security

When USB devices are used to transfer data and take it away from the workplace or off of the company network, tracking where, why, and how it is used can become quite problematic, especially when it comes to sensitive data that is governed by the various data privacy guidelines in specific industries. In particular, you should be wary of employees taking information such as customer data, financial information, intellectual property, source code, and other important assets out of the office; just imagine the fallout that could happen if employees were to lose their drive, or worse, sell the information themselves to make a quick buck. It’s just one other reason to not use USB flash drives, or at least partitioning off data based on user roles within your organization.

Threat Vulnerability

Just because USB drives are pretty low-tech compared to more modern solutions does not mean that they are any less immune to security threats. In fact, infected USB flash drives can become vehicles for security threats to access networks. Consider the fact that these devices are used to transfer or copy files from one location to another. The more endpoints a flash drive connects to, the more likely it is to become infected. The possibility of these types of threats becoming problematic has been detailed in the past through tactics such as the BadUSB firmware hack, so they must be taken seriously.

 Ultimately, it is much easier to secure a cloud-based data storage system and the devices used to access it, but you know what they say: old habits die hard. Do you still use a USB storage device, and if so, did you learn a thing or two about how to keep them secure? If you don’t want to worry about USB technology being used in such a controversial way, we recommend that you implement a cloud-based data storage system that eliminates the need to use physical hardware that could be corrupted or damaged in transit.

Do you routinely use USBs to transfer data from one place to another? If so, the knowledgeable professionals at MSPNetworks can help you move past antiquated hardware and provide the means to keep your data safe. Give our consultants a call today at (516) 403-9001. 

Have you ever wondered how hackers manage to pull off incredible feats like bombarding networks and servers with so much traffic that they simply cannot function? None of this would be possible if not for botnets. But what is a botnet, and why is it important for your organization to understand? Let’s dive into the details.

A botnet is essentially a network of connected devices that have been infected and taken over by a host. Each device on this botnet can be called a “bot.” The host can then direct these bots to perform various tasks. It should be noted here that the bots on these networks do not have to be computers, like desktops or laptops. They can be smartphones or just about any other connected device. And what is another network that includes all of the above, plus all of those odd devices that don’t normally connect to the Internet? That's right--the Internet of Things--and it’s a network of devices that is increasing in size every day. In essence, the Internet of Things represents endless possibilities for hackers who want to leverage botnets to their advantage.

Botnets are frequently used by hackers to perform Denial-of-Service attacks in which the host directs all devices on the botnet to repeatedly launch attacks at the victim’s network in an attempt to make the service or resources on said network unavailable. Botnets can also be used to perform other attacks, though, and they are incredibly dangerous. Some of the other uses of botnets include stealing data, sending spam, and even allowing for remote access to devices. Like many other types of cybercriminal activity, botnets can even be rented out or purchased in much the same way that other high-profile threats, like ransomware, can.

Navigating network security can be confusing due to the many complexities involved, but don’t worry—you’re not expected to know how to protect your company from every single type of threat out there. All you need to do is know when it’s time to admit that you don’t have to go at it alone anymore. There are so many valuable resources out there that you can leverage to take the fight back to hackers, or at the very least prevent yourself from becoming another statistic in the headlines of news articles following the latest security breaches or data privacy violations.

In times like these, relying on cybersecurity professionals to shore up weaknesses in your network’s defenses can be an incredibly valuable resource. Unfortunately, some organizations see the price tag associated with cybersecurity professionals’ salaries and see them as inaccessible or downright expensive. While it’s true that you do not want to skimp on security, small businesses can outsource this responsibility to a managed service provider like MSPNetworks. You might be surprised by how affordable it truly can be with a managed services approach!

Don’t let your devices become just another cog in the machinations of some hacker seeking to build their own botnet. MSPNetworks can equip your company with the tools necessary to protect itself from the threats associated with botnets. To find out more about what we can do for your business, reach out to us at (516) 403-9001.

What would you say if we told you that someone could buy access to your organization’s network for a measly $1,000? Well, this is the unfortunate reality that we live in, where hackers have commoditized the hard work you have invested in your organization. A study from KELA shows that the average cost to buy access to a compromised network infrastructure is insignificant at best, which is why it’s more important than ever to protect your business as best you can.

This report, published by KELA, followed Initial Access Brokers, an umbrella term used to describe threat actors that sell access to compromised network infrastructures. As you can imagine, these threats play a major role in online cybersecurity, as they are what facilitates many of the most dangerous threats out there that require access to a network, such as ransomware and other remote access threats. This report looked at one full year of listings by Initial Access Brokers to determine just what this type of network access is worth to other threats out there.

The results might shock you when you see how little value might be placed on access to your network. Out of 1,000 listings, KELA found that the average price of network access credentials was roughly $5,400, while the median price was about $1,000. There are other trends here aside from the average prices of credentials, including information on affected industries and countries. Among the top countries affected were the United States, France, the United Kingdom, Australia, and Canada, and the top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just imagine—a disgruntled former employee or a competitor could potentially cause a lot of expensive harm by simply throwing away a small chunk of cash.

With such a low dollar amount placed on the value of your organization’s credentials, including VPN access, you need to start taking your security seriously before someone decides to purchase access to your network. There are a plethora of things you can do today to improve your organization’s security, including the following:

• Implement comprehensive security measures: We recommend unified threat management, or UTM for short, to deal with the majority of threats your business could run into. This all-in-one solution includes a firewall, antivirus, content filter, and spam blocker to minimize opportunities for your staff to encounter potential threats.
• Monitor your network traffic: If you are tracking who logs into your network and from where, you will have a greater chance of identifying sketchy traffic patterns and address them accordingly.
• Implement multi-factor authentication: Password security is important, but it’s not enough. Multi-factor authentication can ensure that anyone logging into your network is actually who they say they are.
• Take regular backups of your infrastructure: While you certainly don’t want it to come to this, you will want to make sure that you are prepared for the nuclear option on the off-chance that you are unable to regain access to your network.

Don’t get caught unaware by security threats. MSPNetworks can help you implement all of the appropriate measures to ensure that your network is as best protected as it can possibly be. Take proactive action now to prevent them from becoming major problems in the future. To learn more about network security, reach out to us at (516) 403-9001.

We don’t like it any more than you do, but if we have learned anything at all over the past several years, it’s that security absolutely needs to be a priority for all small businesses. In the face of high-profile ransomware attacks that can snuff companies out of existence, what are you doing to keep your own business secure? To put things in perspective, we’ve put together a list of some of the more common threats that all companies should be able to address.

Common Security Threats for Businesses

The following list of threats should give you an idea for how to start securing your business. You can never prepare too much for a potential security breach, so take the time now to get ready for what will inevitably come down the line.

Viruses

Some viruses are little more than an irritation, whereas others are incredibly disruptive to operations. They are basically bits of code that can harm your computer or data. Viruses are known for being able to spread from system to system to corrupt data, destroy files, and other harmful behavior. You can get viruses through downloading files, installing free software or applications, clicking on infected advertisements, clicking on the wrong links, or opening email attachments. Fortunately, modern antivirus software has gotten really good at protecting computers, provided that your software is up-to-date. For businesses, it’s best to have a centralized antivirus on your network that controls and manages all of the antivirus clients on your workstations. 

Malware

Malware is malicious software that performs a specific task. A virus can also be considered a type of malware, albeit more simplistic in nature. Malware comes in various forms according to its purpose, such as spyware for spying on infected machines and adware for displaying ads in extremely intrusive or inconvenient ways. The major takeaway here is that you don’t want to deal with malware in any capacity. It’s often installed on devices under the radar, and unless you are actively looking for it, it’s entirely possible that it can run in the background and cause all kinds of trouble without being detected. You can get malware through the same processes as viruses, and the same antivirus solutions can help you to resolve malware as well.

Phishing Attacks

Phishing attacks are mediums to spread other types of threats rather than actually being threats in and of themselves. Hackers might try to send out spam messages with links or infected attachments aiming to get the user to download them or click on them. When they do, the device is infected. Some phishing attacks are so inconspicuous that they can be hard to identify.

There are other types of phishing attacks as well, some of which try to get the user to share sensitive information or send money to the cybercriminal. Cybercriminals can spoof legitimate-sounding email addresses and use psychological hacks to convince the user to act in a certain way. It’s the most common way that hackers see results, so you should be aware of it.

Ransomware

Ransomware is so dangerous and high-profile that it is deserving of its own section. Ransomware locks down files using encryption and forces the user to pay a ransom in order to unlock them, usually in the form of cryptocurrency. Recent ransomware attacks are also threatening to release encrypted data on the Internet if the ransom is not paid, something which basically forces the user to pay up and gets around the possibility of restoring a backup.

Denial of Service (DDoS)

Denial of Service and Distributed Denial of Service attacks occur when a botnet, or a network of infected computers, repeatedly launches traffic at a server or infrastructure to the point where it just cannot handle the load, effectively disrupting operations and forcing it to shut down. Sometimes this happens with websites or services, so it’s no surprise that businesses can suffer from them, as well.

Trojans

Trojans (also called backdoors) install themselves on devices and work in the background to open up more opportunities for hackers later on. These can be used to steal data, infiltrate networks, or install other threats. Basically, if a hacker installs a backdoor on your network, they can access it whenever they want to; you are essentially at their mercy.

Zero-Day Vulnerabilities

Zero-day vulnerabilities are those that were previously unknown to developers but are currently in use by cybercriminals. These zero-day vulnerabilities are problems because when the developer discovers them and issues a patch, cybercriminals can identify the vulnerability based on the patch, and then exploit users who haven’t installed the patch yet. There is not much to be done besides keeping your software up-to-date, monitoring your networks for issues, and trusting the developers to issue patches as they discover security problems.

User Error

User error is a critical issue for many businesses. Your business is made up of people who perform tasks and work toward objectives. If one of these employees makes a mistake, it could leave your business exposed to threats. Thankfully, a combination of best practices and security solutions should be enough to minimize user error, and with some security training under their belt, your employees should have a good idea of how to handle it.

Get Started with Security Solutions

MSPNetworks can equip your business with the tools you need to be successful when protecting your organization. To learn more, reach out to us at (516) 403-9001.

There are always going to be those who want to use your hard-earned data and assets to turn a profit. One of the emergent methods for hackers to do so is through twisting the “as a service” business model into network security’s worst nightmare. This type of security issue is so serious that Microsoft has declared that Phishing-as-a-Service is a major problem.

Phishing-as-a-Service is not a new concept, and neither is the idea of adopting the “as a service” business model in the context of hacking. The difference between those items and now is that ransomware exists, and it’s one of the more dangerous threats out there to be sure. The biggest challenge that many organizations face, and what makes Phishing-as-a-Service so dangerous, is that it enables even amateur hackers to make money off of someone else’s hard work.

The service entails organizations and groups such as BulletProofLink, a Malaysian phishing service, who sell their clients products like website templates, email delivery, hosting, and credential theft. These services are provided in the form of fully unidentifiable links. The service provider hosts these resources on their servers and works to harvest credentials on behalf of their clients. While the credentials can be stolen—and yes, this is bad—they can also be sold on the Dark Web to others. These other attackers can then use them to launch even more dangerous attacks in the future.

Basically, the one who buys the credentials is not necessarily receiving credentials that are guaranteed to work. They are simply paying for the opportunity to get working credentials.

The aforementioned Phishing-as-a-Service provider, BulletProofLink, provides access to templates for login pages such as Microsoft OneDrive, Google Docs, Dropbox, LinkedIn, Adobe, and more. A different service also uses what is called “double-theft” where the provider steals credentials for one customer and sells them to another. As you can imagine, this affects the ransomware workflow, as attackers can use these credentials to infiltrate networks and encrypt systems, forcing those on the receiving end to pay up.

While the devil is certainly in the details for these threats, we hope that you at least walk away from this article realizing how dangerous and innovative hackers can be. If you underestimate the damage they can do to your business, it might be the last mistake you make.

MSPNetworks can help your business overcome the many challenges that come with cybersecurity. To learn more, reach out to us at (516) 403-9001.

Data breaches have become all too common for small businesses over the past several years and when it seems like there is a solution to one problem, something even worse pops up. Part of a comprehensive risk management strategy is identifying problems and doing what you can to keep them from affecting your business. Let’s take a look at the major cybersecurity threats small businesses are facing in 2021 and what you can do to keep them from hurting your business.

Phishing

For the small business, phishing makes up a large percentage of problematic cybersecurity situations. Phishing is more of a scam than a hack, but regardless of how you view it, it is the most dangerous problem businesses have to face when considering cybercrime. A phishing attack can come on any communications medium (including social media) and it only has to work one time for it to become problematic for your business. 

It works like this: A member of your staff, working at their regular breakneck pace, accidentally clicks on an attachment in an email that they think of as something to do with their jobs. Turns out, the email was spoofed and the attachment just deployed malware on your network. This can be trojans, viruses, or something as terrible as ransomware. 

Phishing is not only the most prevalent form of cyberscam, it is also extremely hard to combat. The hackers that use it are getting more sophisticated, and if your business isn’t evolving your strategies to keep up, you have a pretty good chance of being a victim. You need to have a comprehensive training system in place to tell your team about the dangers of phishing and how to spot possible phishing attempts. 

Poor Password Hygiene

Like passing that guy at the gym that always smells like B.O., it’s a sour situation when poor password hygiene is the reason for a data breach or a malware infection. Like phishing strategies, today’s hackers have very sophisticated strategies to guess people’s passwords. Not only that, social engineering can expose poorly made or duplicated passwords pretty easily. 

Passwords are used by almost every organization online and it is important that your employees select passwords that aren’t obvious and aren’t duplicates from other accounts. It is also important that your organization understands how to keep their data safe through the use of password best practices, such as not having employees constantly change their passwords, as they have a tendency to make them simple to remember or they don’t change them much from previous passwords.

Holes in Software

Like most other products, software titles have a support staff attached to them. These teams include development professionals whose job is to keep it secure. These patches are rolled out pretty regularly. If you don’t patch your software, you could have major holes that can be exploited. These vulnerabilities are regularly taken advantage of and are effectively open doors for hackers to get into your network.

The best way to keep these vulnerabilities from appearing is to regularly patch your software with the updates as they come out. Doing so will close the proverbial doors to your network and data and keep your digital resources safe. 

If your business would like to talk to one of our IT experts about getting the cybersecurity protection you need, or if you would learn more about which strategies work the best to keep your business’ network and infrastructure free from threats, give MSPNetworks a call today at (516) 403-9001.

We believe that at the end of the day, employees want to do the right thing and accomplish their daily tasks without incident. However, technology can often break these plans with unexpected issues that prevent them from doing so. If you don’t take the time to provide the proper IT support when it is needed, you force your employees to either be unproductive or find unconventional (and often unsecure) solutions.

Employees Using Unsecured Devices

Generally speaking, your employees will use their work technology to fulfill their obligations, including their desktops or perhaps a work-issued laptop or mobile device. Unfortunately, depending on how well these devices are maintained, they may be slower than the technology employees use when they are out of the office. This may lead them to using technology that is not governed by your security solutions, such as their personal devices, simply because they work better than their work-issued devices.

Therefore, it is crucial that you manage and maintain your organization’s devices in a way that makes sure they are working optimally. You should follow this up with a comprehensive Bring Your Own Device policy that outlines how employees are allowed to utilize their mobile devices for work purposes. Doing so will save you a lot of grief in the long term.

Unauthorized Software Downloads

There are times when your staff will require specific tools in order to perform a function of their job. If they do not have the appropriate tools to accomplish the task, they may choose to download applications from the Internet that allow them to do so. These applications are often dangerous to utilize, as they are outside the scope of your company’s software infrastructure, and who can really tell if the application used is secure or not?

This is especially problematic for software that requires a software license. Imagine for a moment that one of your employees is going about their daily tasks without any disruptions, only to be brutally severed from the tools needed to perform these duties by an expired software license. In their desperation to keep working and meet required deadlines, they might download some free software or perhaps one with a counterfeit software license. While this solves the short-term problem of getting work done, it could come at a steep cost should your organization become subject to network audits or otherwise.

In the end, being proactive about technology support is the only way you can prevent these issues from breaking your business and budget. While your employees might feel like they are being proactive in finding a solution, you shouldn’t have to rely on them finding the solution for themselves; instead, provide them with a protocol to follow so that you know they will seek the help of experts when it is needed.

MSPNetworks can be those experts. We want to help your employees do their jobs in the most effective way possible, be it through implementing new and innovative solutions or assisting them with their daily duties through comprehensive IT support. Let your team focus on what they know best: their own jobs, not keeping their computers and other technology in proper working order.

To learn more about how we can help your employees stay productive throughout the workday, reach out to us at (516) 403-9001.

To say someone is adept at a task is to say that they are a professional, or someone with a considerable amount of knowledge that contributes to their ability to complete a particular task. In cybersecurity, this is extremely important, as the entire concept of cybersecurity is complex by nature. Your business too can improve its cybersecurity practices and shift focus to a more mindful approach to network security.

First, let’s consider some of the challenges that small businesses face related to cybersecurity. Then, let’s talk about what it means to be a security professional and how your organization can use this knowledge to its benefit.

The Challenges of Security for SMBs

Security is a huge problem for small businesses, especially those that don’t take it seriously or think that they are not a target. The truth of the matter is that hackers don’t care how many employees you have or what industry you are a part of. Your business has data that hackers would find valuable, period. While many want to take it seriously, there are barriers that many businesses perceive to be in the way, chief among them a lack of security expertise and a lack of funds to hire top cybersecurity talent.

What Does It Mean to Be a Cybersecurity Professional?

This might seem like an odd question to ask, but we want to make sure that businesses understand what they must look for in a cybersecurity professional. Here are some traits that a security professional will have:

• A focus on proactive, preventative defenses rather than a reactive approach
• A divorce from security biases that prevent one from making objective decisions
• The technical knowledge and expertise necessary to understand cyber threats
• An understanding that security also requires training of staff and higher-level executives
• The flexibility to adapt to new threats and learn from them

Ultimately, whoever is at the helm of your cybersecurity strategy must possess these personal and professional traits. Failing to do so puts your organization at risk.

How to Become a Cybersecurity Adept Yourself

We won’t beat around the bush with this one; you are not going to become a cybersecurity professional overnight. Technicians have to undergo extensive training that involves meticulous attention to detail and a thorough understanding of the countless threats out there, as well as knowledge on how to respond to each of them. Suffice to say there is a reason why so many businesses choose to outsource this responsibility.

In a sense, trusting your organization’s security to outsourced professionals does make you a cybersecurity adept. Not only do you acknowledge that there are professionals whose jobs are specifically to handle this responsibility, but you also understand that security is nothing to mess around with. It’s a win-win scenario. MSPNetworks can be the professionals you trust your organization to. To learn more, reach out to us at (516) 403-9001.

Phishing attacks are some of the most common threats out there. Hackers will craft messages or web pages designed to harvest information from your employees, be it through suspicious requests for credentials via email or through false websites that look so much like the real thing that it’s no wonder they were tricked. How can you make sure that your employees don’t fall for these dirty tricks? It all starts with comprehensive phishing training.

So, what goes into a successful phishing training program? Let’s take a look.

Phishing training involves exposing your team to simulated real-world scenarios in which they might encounter a phishing scam. It’s worth mentioning here that phishing can potentially involve much more than just a simple email containing requests for sensitive information or forms on websites asking for credentials. Phishing can come in the form of phone calls, text messages, and other communication mediums. Therefore, it becomes of critical importance that your staff have the skills needed to identify these phishing scams in whichever form they take.

As for what this phishing training might look like, it depends on the context. Training might take a more passive approach with videos, but it also takes on more active approaches with interactive workshops and hands-on training exercises.

One of the best ways to get a feel for how well your employees understand phishing attacks is to test them without them knowing it using these simulated attacks to see who takes the bait and who doesn’t. In this way, you can get a sense for how they would react under normal everyday circumstances. This type of threat awareness is important to gauge where your employees are in regards to cybersecurity, and it can give you an idea of which employees need further training.

We want to emphasize that phishing training is not about calling employees out on reckless behavior; rather, it’s about corrective practices that can help your business stay as secure as possible long-term. It is better to find out which of your employees struggle with identifying phishing attacks in simulated situations than when the real deal strikes, after all.

Look, we all want to trust our employees to do the right thing and know better than to click on suspicious links in emails, but at the end of the day, wanting something and actually getting it are two entirely different things. We need to accept reality and admit that hackers can and will succeed in their phishing attempts if we don’t do anything to prevent them. The best way to keep phishing attacks from becoming a nightmare scenario for your business is to implement comprehensive training practices and consistently reinforce them with your staff.

MSPNetworks can give your employees the training they need to keep from falling victim to phishing attacks. After working with our trusted IT professionals, your employees will know how to identify phishing attacks and how to appropriately respond to them without risking your organization’s security. To learn more about our phishing training and other security services, reach out to us at (516) 403-9001.

It’s no surprise that mobile technology has infiltrated the workplace in more ways than one. Many businesses issue company-owned devices to their employees to get work done while out of the office, while others allow employees to bring their own devices, or use their own laptops and smartphones for fulfilling their day-to-day duties. That being said, it’s important to remember that mobile devices need to be managed in a very specific way to maintain security.

Let’s discuss how your business can manage the benefits of mobile devices in the workplace without sacrificing security.

Remote Wiping

Let’s say that one of your employees goes on a business trip and they set their briefcase down for a moment while they order a cup of coffee or some other task. When they return, the briefcase is gone, along with any devices that were in it. Besides scolding the employee for their negligence, your first thought might drift to the question of “What about the data found on that laptop?” What might the thief do with such data? The possibilities should have you concerned. Should you fail to recover the device, you will want the capabilities to remotely wipe the device of any and all sensitive data. This is to ensure that hackers don’t make use of it against your organization and to comply with various data privacy regulations. While it might stink to lose the device and have to replace it, it would stink more to have that data fall into the wrong hands.

Whitelisting and Blacklisting Applications

Some smartphone and desktop applications will be more secure than others, meaning that you will need to be extra cautious in what you allow applications to access on your devices. While we encourage all users to pay attention to what permissions are granted to applications, this is especially important for businesses. You should have the capabilities to whitelist and blacklist applications based on their potential merits or risks, thus keeping your devices (and data) as secure as possible.

Managing and Tracking Devices

Finally, you will want to consider a method for keeping track of any and all devices used to access your organization’s data. This includes any company-issued devices and employee-owned devices used for work purposes. You want to know who has which device at any given time, when that device was issued, what the employee is using the device for, etc. All of this helps you keep track of devices so that you can be sure they are being used effectively and, most important of all, safely.

Implement a Mobile Device Management Policy

If you want a comprehensive all-in-one policy to keep track of your company’s mobile devices, look no further than mobile device management from MSPNetworks. We can help your business stay on top of its mobile devices and reinforce best practices at every turn. To learn more, reach out to us at (516) 403-9001.

Two-factor authentication is commonplace in the office environment, but it’s not commonplace enough, if you ask us. Too many organizations pass on it, placing their security at risk for no good reason. While the methods might vary, the benefits of two-factor authentication are too good to ignore. We’ll walk you through how to set up two-factor authentication for three of the most common accounts in the business environment: Microsoft, Google, and Apple.

But first, let’s discuss what two-factor authentication is and why it’s so beneficial to utilize.

What is Two-Factor Authentication?

It used to be the case that users would only utilize passwords to secure their accounts. However, passwords are easy for hackers to take advantage of on their own. Two-factor authentication uses at least two of the three methods below to secure an account rather than just the password alone, theoretically making it more difficult for a hacker to access an account. Basically, unless two of the three methods are fulfilled, the account will not be accessible. Here they are:

• Something you know (a password)
• Something you have (a secondary device you own)
• Something you are (biometrics, facial recognition, fingerprinting, etc)

Why Is It Important?

Imagine that your online accounts are a house with two doors: one for the mudroom and one for the house proper. If both doors use the same key, a thief only needs to steal one key to gain access to both the mudroom and the house. Now imagine that the mudroom and the house have two different keys. That essentially doubles the effort needed to break into the home.

Simply put, in the same way as the above scenario, it’s much harder for a hacker to access an account that is protected by multiple measures. For example, even if a hacker has your password, if the account is set up to use an external device like a smartphone or biometrics, they still won’t have access to the account. Unless the hacker goes through the trouble of stealing the secondary device or stealing your fingerprints/facial structure (something that is remarkably difficult compared to swiping a password), the account will remain secure.

Setting Up Two-Factor Authentication

Right, let’s get to the bread and butter of this article: how to set up two-factor authentication for the big three accounts: Microsoft, Google, and Apple.

Microsoft

Microsoft recommends that you either have a backup email address, a phone number, or the Microsoft Authenticator application installed on a mobile device before you get started with two-factor authentication for this account. To get started, go to this page and sign in with your Microsoft account. Next, select More security options. Under the option for Two-step verification, select Set up two-step verification. After that, it’s just a matter of following the on-screen instructions.

Google

The first step here is to log into your Google account by going here. Next, in the navigation panel, select Security. Under Signing in to Google, select 2-Step Verification. Finally, click on Get started. You’ll see the directions for the next steps appear on the screen. You can set up your verification step in a variety of ways, including Google Prompts, security keys, Google Authenticator, verification code via text or call, or a backup code. You can also disable this second step on trusted devices, but doesn’t that defeat the purpose?

Apple

To set up two-factor authentication for your Apple ID, go to your account by clicking here. Sign in, answer your security questions, then click Continue. If you see a prompt to upgrade your account security, tap Continue. Click on Upgrade Account Security. You can then add a phone number for which you will receive verification codes via text message or phone call. Click on Continue, enter the verification code, and turn on two-factor authentication.

Want to get started with two-factor authentication for your business? The three accounts outlined above are just the tip of the iceberg. MSPNetworks can help you implement a multi-factor authentication system that secures your data and network. To learn more, reach out to us at (516) 403-9001.

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

According to reports from SecureList, spam and phishing trends in Q1 of 2021 relied heavily on COVID-19 and the buzz generated by it. Let’s take a look at some of the major threats that took advantage of the pandemic.

Stimulus Payment Scandals

The first couple months of 2021 saw businesses and individuals receiving payments from governments, such as economic impact payments or business bail-outs. Hackers took advantage of this opportunity to try to convince users to hand over their credentials through the use of messages that both looked and sounded professional. As is often the case with phishing messages, some users of specific banks were targeted through the use of near-identical websites designed to steal credentials and fool users. Others tried to convince users to enter information by convincing them that the latest details on the bank’s COVID-19 practices could be found on the other side of links or sensitive information forms.

The Vaccine Race

For a while, the COVID-19 vaccine was a bit tricky to get your hands on. While things have improved significantly in recent months, the initial rush to get vaccinated triggered many would-be hackers to try their hand at vaccination phishing emails that replicated the look and language of communication from health officials. Users would have to click on a link in the message, which would then redirect them to a form for plugging in personal information and, in some cases, banking credentials. Even those who already received vaccinations were not safe, as there were fake surveys circulating urging people to fill them out and claim prizes for doing so.

What You Can Do

Don’t let hackers take advantage of the cracks in your business’ defenses. Phishing attacks can come in countless forms, so it is your responsibility to protect your business from them. Here are some ways that you can make sure your organization is secured from phishing attempts.

• Filter Out Spam: A spam filter can keep the majority of threats out of your inbox, but the unfortunate fact is that most phishing emails are probably going to make it past the spam filter. Therefore, you will want to take more advanced tactics against these threats.
• Train your Employees: Training your employees on how to identify threats gives them the power to avoid threats that do manage to get past your defenses. Teach them what to look for and you’ll be giving yourself a better chance of overcoming them.
• Implement Unified Threat Management: No matter how well trained your employees are, it helps to have just a little bit of reassurance that you have done all you can to secure your business. This is what a UTM does; it’s a single security solution that can optimize your network’s protection.

MSPNetworks can help your business keep itself secure. Not only can we implement great security solutions, but we can also help to train your employees, including regular “tests” where we send out fake phishing emails to see who is and is not paying attention. To learn more about how this can help your organization, reach out to us at (516) 403-9001.

Data privacy is a bit of a hot topic in today’s business environment, especially with high-profile hacks and ransomware attacks emerging and putting organizations at risk. In particular, the emerging concept of “privacy engineering” has a lot of businesses thinking about how they can secure their organization and future-proof their data privacy infrastructures.

Let’s discuss what privacy engineering is, as well as what some big names in the industry have to say about the future of data privacy.

What is Privacy Engineering?

The International Association for Privacy Professionals, or IAPP, defines privacy engineering as “the technical side of the privacy profession,” which can mean any number of things. For some, it is making sure that the processes involved in product design take privacy into consideration. For others, it might mean the technical knowledge required to implement privacy into the products. At the end of the day, it seems there is a general consensus that privacy engineering is the consideration of privacy, from a user’s standpoint, throughout the production process, from conception to deployment.

This is notable for a couple of reasons. Systems and products that take privacy into consideration at every stage of development will be much more consumer-friendly. Users can be more confident that their privacy has been considered through each stage of the process, making them much more likely to buy into the product. When products have this kind of reputation, it would be no surprise to see profits increase.

This sets off a chain reaction for businesses that create these products, increasing their bottom line. When businesses achieve this level of success, the value of the company increases, leading to more investors and the production of similar goods or services. Furthermore, since privacy and security is such an important part of modern computing, these types of investments are relatively safe from a shareholder’s point of view, as organizations that invest in products that meet specific regulations and set these high standards are more likely to persist into the future.

You can see how this all shakes out; in the end, the concept of privacy engineering is beneficial to both the consumer and producer. Therefore, placing your bets on technology that facilitates this is a great way to invest in your own company’s future.

What Does the Future Hold?

Back in 2020, Gartner made some predictions for where the data privacy industry was heading in the years to come. Here are some insights from their report:

• Proactive security and privacy is better: When you take measures to build security and privacy into operations, you are more likely to build trust and adhere to regulations. We preach this all the time; it is easier to prevent issues from emerging than reacting to those that are already here.
• Increased reach of security regulations: According to Gartner, 65% of the world’s population will have their privacy governed by some sort of data privacy legislation or regulations by the year 2023. This is notable, especially with the rise of regulations like GDPR.
• The rise of a privacy officer: By the end of 2022, 1 million organizations will have appointed a data privacy officer. Having someone within your organization whose sole responsibility is to keep you compliant means that you can rest easy knowing that you are doing all you can to make sure it stays that way.

Don’t Wait to Get Started

MSPNetworks can help your business ensure it is implementing adequate data privacy and security standards all across your infrastructure. To get started, reach out to us at (516) 403-9001.

With the onset of the COVID-19 pandemic, many organizations were forced to transition to remote work, even though they would have preferred to keep operations within the office. While the transition was rough at first, these organizations may have found that remote work offers certain flexibilities that were impossible in the traditional office environment. That said, one looming threat was (and still is) a major concern for the remote workplace: security.

One of the major ways that businesses can protect their organization while working remotely is through the use of what’s called a virtual private network, or VPN.

What is a VPN?

When you connect your device to a virtual private network, what exactly is happening to the connection? It’s actually much more simple than it sounds; what it boils down to is that the device connects to an encrypted network over the Internet. This encryption allows for the secure transfer of data to and from the device, preventing onlookers from observing (or stealing) the data.

Think about it like looking at a pipe that is transferring something to and from a location. If the outside of the pipe is solid, onlookers cannot see what is in the pipe. When it is clear, you can see exactly what is inside it. Encryption in this case acts like an opaque pipe, obfuscating contents to the point where they cannot be seen clearly, but you still know that something is there. In VPN terminology, the pipe in the above scenario is referred to as a “tunnel.”

How Does It Help Your Business?

You can see how this would benefit the remote employee. Since the employee is not in-house working on the company network, they do not have access to the in-house security solutions that you may have implemented to keep your data safe. This is why encryption is so necessary; if you fail to protect your company’s assets through unsecured connections to your network, you are unnecessarily risking your company’s future.

Now, think about the possibilities that open up when you don’t have to worry about network security while out of the office. Employees can travel for business trips (when it’s safe to do so, of course) without fear of data being stolen while communicating with your home office. They can perform work from anywhere at any time, allowing for enhanced productivity without sacrificing security. They will not need to rely on public Wi-Fi connections or other unsecured networks to connect to your office.

We don’t want to beat a dead horse, but from a security and longevity standpoint, it just makes sense to implement a VPN.

Get Started with a VPN Today

If you are ready to take the leap and implement a virtual private network for your business, don’t wait any longer. MSPNetworks can help you deploy a solution that is specific to the needs of your organization. We’ll work with you to get the most secure solution at the best price point. To learn more about how a virtual private network can benefit your business, reach out to us at (516) 403-9001.

Data breaches have a tendency to destabilize relationships. With so many data-related problems befalling businesses nowadays, it is important that each side of every data-driven relationship understands their role in the protection of other organizations’ data. Today, we’ll take a look at the issue and how to determine if your partners are putting in the effort required to keep your data secure. 

Are Your Vendors Properly Protecting Your Information?

We’ve seen businesses have a litany of challenges protecting their sensitive data over the past several years, and as threats get more sophisticated it poses more problems. Additionally, many businesses outsource a fair amount of their operational and support efforts and that can have a negative effect on their security. 

So, how do you know that your vendors are protecting your information?

You ask them, of course. 

Before you onboard any new vendor, you should come up with a questionnaire that asks the right questions about how they handle their own cybersecurity, and more specifically (and importantly) how they go about handling your information. 

At MSPNetworks, we do this for all of our clients to ensure that they are partnering with reliable companies that, at the very least, are attempting to do the right things to protect sensitive information. 

Questions You Should Ask Your Vendors

The first thing you should consider when making up some questions to ask your vendors about security is: do you understand the answers? If you don’t know what you are doing, you could just assume any thoughtfully answered response would be sufficient. This is far from true and is a liability, especially in trying to ascertain what risk your business is facing by doing business with a company. We can’t stress enough that if you don’t have someone that knows what they are doing, you need to find someone, as this will serve you much better in times like this.

Let’s go through a couple of important questions you should ask if you do have the competence available to sufficiently measure risk from the answers:

1. Do you collect, store, or transmit personally identifiable information (PII)?
2. If so, do you store your PII onsite or in the cloud?
3. How do you provide users access to the PII you store?
4. Can PII be accessed remotely?
5. Do you constantly monitor all services, systems, and networks?
6. What regulatory bodies does your business operate under? Do you have proof of compliance?
7. What kind of encryption do you use for data-at-rest? Data-in-transit?
8. Do you consistently patch your software? 
9. Do you have mobile device management and IoT management systems?
10. Do you utilize legacy systems that aren’t supported by manufacturers?
11. What cybersecurity tools do you use?
12. Do you have language in your agreements about vendor cybersecurity? 
13. How are your continuity systems?
14. How would you go about the situation in the event of a data breach?
15. What authentication procedures do you use? 
16. Do you train your employees on the best practices of cybersecurity?

There are many more questions you can ask, and you should ask them if you find them necessary. Vetting your vendors is a great way to know if they have your best interests in mind. 

If you would like to partner with a company that not only has your best interests in mind, but also can help you ascertain if your other partners do as well, give MSPNetworks a call at (516) 403-9001 today.