MSPNetworks Blog

COVID-19 has changed the way that most business owners look at a dollar. For months, businesses have been making strategic budget cuts to try to stay afloat. Cybersecurity has been the ultimate growth industry over the past several years, but in the face of the pandemic, the market for these products and services is seeing substantial retraction. In fact, Gartner estimates that in 2020, the cybersecurity industry will shrink by almost $7 billion. Today, we’ll take a look at the cybersecurity market and why it is important not to slow your cybersecurity spending if you can help it.

The Cybersecurity Market

As more people lean on technology, the cybersecurity industry has been a major beneficiary. The cybersecurity market was estimated to hit $170 billion in 2020 with the United States and Europe making up for nearly 70 percent of all spending in the area. The areas that have seen the most growth recently are the SIEM/security analytics market, threat intelligence, mobile security, and cloud security. In fact, cloud security has seen a 50 percent increase since 2016. 

Why is all this necessary? Simple. Cyberattacks evolve as fast as (or faster than) the security systems in place to thwart them. This has led to massive growth for the better part of the past decade. Since cyberattacks cost businesses nearly $500 billion a year, the large market growth is justified. New sectors like FinTech have pushed cybersecurity companies to innovate faster than ever.  

The COVID-19 Effect

The era of ridiculous cybersecurity spending was on its way out already with business owners and decision makers finding that the return on their security investments weren’t strong enough to facilitate limitless spending initiatives. What nobody who works in cybersecurity saw coming was a global pandemic that would force CIOs to cut into their cybersecurity budgets. 

That’s not to say that businesses weren’t heavily investing in cybersecurity. They absolutely were, and are, but with the only metric to compare it against is a full-fledged data breach, notoriously optimistic executives see the value in spending that money on other things; and; make no mistake about it, until something terrible happens, they will look correct in appropriating those funds from cybersecurity to some other use.

Cybersecurity is the Last Technology You Should Cut

Without strong cybersecurity protections, your business has an even smaller chance to survive an already risky situation. It doesn’t take much for an attack or breach to put a healthy business out of commission, cause layoffs, or at the very least, put financial strain on an organization. If it were to happen now, it will sting even more.

Let’s talk about your cybersecurity, and how to get the most protection for what you have. Give us a call at (516) 403-9001.

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The Equifax Problem

Sometime between May and July of 2017, the credit-reporting giant Equifax suffered a massive data breach that, as of this writing, exposed 148.1 million records containing the personally identifiable information of their customers. In other words, this breach exposed the data of almost half of the population of the United States of America.

In the aftermath of the Equifax data breach scandal, former CEO Richard Smith was cross-examined by Congress. Upon hearing Smith’s defense of “human and technology errors,” Chairman of the House energy and commerce committee Greg Walden quipped, “I don’t think that we can pass a law that fixes stupid.”

How to Fix Your Business’ Security

While Walden may be correct that stupid can’t be fixed by legislation, it may be able to be mitigated through the faithful enforcement of certain standards and practices. These standards should be enforced both on an organizational level, and on a case-by-case, personal basis.

First, let’s review what you should enforce in your organization:

1. Compliance should be the baseline - Unfortunately, compliance with regulations often does not equal true data security. Instead of looking at compliance as being the ultimate goal for your business, consider it the first step to your business security strategy.
2. Vulnerabilities need to be promptly remediated - It is astounding that so many exploits rely on known vulnerabilities… a full 99 percent of them.  Furthermore, other attack vectors often utilize vulnerabilities that are a half a year old at least. Patching these vulnerabilities as soon as possible will help cut down on threats to your business’ data and infrastructure. 
3. Data security needs to be centralized, organized, and assigned - While security should be a shared responsibility throughout the company, there needs to also be someone taking lead and accepting responsibility for ensuring that data is properly distributed in a secure fashion. Part of this responsibility should be to implement access controls, ensuring that the data only can spread to whomever it needs to and no one else.

Encouraging Your Employees’ Security

Of course, your employees are largely in control of how secure your company remains. This could be a bad thing, unless they are also held to certain best practices that keep data, and the accounts that can access it, secure. There are a few basic rules you can enforce among your staff to help encourage them to act securely.

1. Lazy credential habits - There are a variety of behaviors to adopt that can better protect the accounts and solutions that your employees have. First of all, the classic password problem: reusing the same password for every account. If one or more of your employees does this, each one is essentially creating a master key that someone could use to access everything in their life, including your data. Neglecting to set a passcode of some sort for a mobile device can cause the same issue. An effective way to remedy this kind of behavior is to utilize a password management system. That way, your employee can reduce the number of passwords they have to remember, without sacrificing security.
2. Oversharing - While you can’t necessarily control what your employees do in their off-hours, you should reinforce how easily a cybercriminal could piece together their passwords through some examination of their social media, especially if they subscribe to the lazy credential habits we just reviewed. See if they’ll avoid sharing personal anecdotes or information without first restricting the audience that can see that particular post. At the very least, they should have their social media accounts set so that only their approved friends can see their content. Furthermore, do your best to avoid oversharing from the office. Images can easily show confidential information if you aren’t careful, by accidentally capturing an invoice or your customer relationship management solution pulled up on a screen in the picture. Review what you are about to post before taking the image and before you share it online. 
3. Using the wrong Wi-Fi - While public Wi-Fi connections may be convenient, you should remind your employees that this convenience comes at a price: the security of public Wi-Fi is suspect at best. They should be warned against doing anything especially important over a public Wi-Fi signal, like banking or checking their email.

Data security is a critically important consideration, in part because there are so many ways that it can be undermined. We have some solutions to offer that can help keep your business secure (despite what may sometimes seem to be your employees’ best efforts). Reach out to MSPNetworks at (516) 403-9001 today!

Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.

Today’s world is driven by data. As a result, information systems have to be secured. That really is the bottom line. Business is all about relationships and without proper security protocols in place, there are some very serious situations that could completely decimate the relationships you’ve worked so hard to forge. While today’s hackers have a lot of different ways to breach an organization’s network, data breaches that occur as a result of lax security are unforgivable from a customer standpoint. Some organizations can spend more on security than others, but it with the landscape as it is today, it has to be a priority, no matter your IT budget.

Here are some of the regulations all business owners and IT administrators should know:

• GDPR: The European Union’s General Data Protection Regulation is as comprehensive a data protection law as there is. Its aim is to protect the citizens of EU-member countries from data breaches. The GDPR applies to every organization that processes personal information of people residing in the EU.
• GPG13: Known as the Good Practice Guide 13, it is the U.K.’s general data protection regulation for organizations that do business in the U.K.
• HIPAA: The Health Insurance Portability and Accountability Act puts several guidelines on how patients’ data is shared and disseminated by insurers and health maintenance organizations.
• SOx - The Sarbanes-Oxley Act requires corporate records to be kept for seven years to ensure that there is transparency in the accounting. For IT this means being able to have access to data to run reports when called upon.
• PCI-DSS - Payment Card Index Data Security Standard are regulations enacted to try and reduce fraud by protecting an individual’s credit card information.

That’s just a few of the regulations business owners and IT administrators have to be cognizant of. For business owners there are several more, like the federal and state tax codes, and the adherence to the Affordable Care Act. All these regulations seem pretty straightforward and necessary until you begin to roll them out for your business. Then they just get expensive. In the first-ever Small Business Regulations Survey conducted by the National Small Business Association, the numbers reported, although not comprehensive by any means, weren’t pretty. To put it frankly, the cost to the small businesses that reported, would sink as many or more new businesses.

“The average small-business owner is spending at least $12,000 every year dealing with regulations,” NSBA President Todd McCracken said, “This has real-world implications: more than half of small businesses have held off on hiring a new employee due to regulatory burdens.” The report goes on to state that the average regulatory costs to start a new business venture add up to a whopping $83,019. These figures don’t take in to account the dozens of man hours each year spent on these very complex problems. It should be stated that the NSBA has been a long-standing advocate of reducing regulations on small businesses.

Regulators are paid to be skeptical, but overall they are put in place for a purpose, as oversight to ensure sustained adherence to data protection laws. How much can they demand from a small business? The question begs for analysis, as to listen to entrepreneurs talk about them regulations are unnecessary, but as stated before, these regulations aren’t just implemented willy-nilly. They have empirical evidence of immoral or unethical wrongdoing attached to them. Moreover, it becomes clear that the financial pain these entrepreneurs are in is indefinite, which means that it is highly debatable. The truth is that each scenario needs to be seen in perspective in order to understand just how much certain regulations are costing a business.

One thing is certain: that the average small business pays more for their regulatory compliance programs than larger businesses in the same market do. That disparity is a main point of contention for many small business owners, as it directly affects a company's ability to compete. Some studies have seen organizations that have less than 20 employees charged nearly 60 percent more than slightly larger businesses. Getting into which regulations are onerous and which are necessary would take an examination of each one in detail, so it’s worth it to repeat that these regulations were bred out of situations where individuals were hurt, making them an important part of the oversight process.

To Comply or Not To Comply? That Is the Question Small business owners who have been reprimanded or fined as a result of a lack of regulatory awareness have a tendency to get the message, but if an organization is notoriously noncompliant and has slipped past regulators, there is a tendency for them to stay the course; and, that course is filled with nothing good. Many european and multinational corporations are expecting to invest $1 million toward their GDPR compliance. Obviously this figure, despite being higher per user, will be substantially lower for small and mid-sized businesses. The cost, however, remains significant, and while an organization could probably get around it for a bit, when it hits, it could just sink the whole business.

According to Infosecurity Magazine, the average cost of compliance with GDPR is costing enterprises and average of $5.5 million, which comes in about a third of the estimate cost of noncompliance, $14.82 million. That’s a lot of cheddar. It stands to reason that if you are going to spend upwards of 10 percent of your yearly IT budget on ensuring your organization is compliant, that you meet the criteria under the regulation. The best way to do that is by finding affordable solutions that wont take as big of a chunk out of your operational budget every year.

More than the capital, a business that doesn’t adhere to simple IT regulations probably isn’t adhering to other regulations. Would you want to do business with someone that you know won’t do what’s asked of them to protect YOUR data? Unreputable businesses that are looking to gain an edge by not meeting regulations will pay later for not spending now, end of story.

Compliance and Your Business

Finally, we get to your business. How are you going to plan for your compliance burden? The best way is to educate yourself on what exactly your business needs to plan for by looking at the regulatory mandates, sure, but more often seeking out organizations who have already insulated themself from the risks associated from noncompliance. This is where a managed IT service provider (MSP) can be a godsend. Since we take security compliance extremely seriously, and deal with multiple businesses that represent several vertical markets, we have the perspective that can provide a clear strategy on how to avoid problems staying compliant.

Moreover, MSPs like MSPNetworks use extremely sophisticated monitoring, management, and reporting software to reduce risk and put our clients in the best position to prepare for any audits or assessments that need to be completed by regulators. Since the regulatory landscape is constantly changing, our IT professionals are in a unique position to serve as both IT administrator and regulatory consultant.

If you are searching for a way to control your compliance situation, look no further than the IT professionals at MSPNetworks. We can deploy our strategies made up from tried and true industry best practices to virtually eliminate any risk your organization would have as a result of compliance concerns. Call us at (516) 403-9001 today to get started.

In response to the coronavirus pandemic, many people are avoiding human contact by turning to the Internet and mobile apps. On a national scope, mobile banking alone has seen an increase of 50 percent over just the last few months. In what certainly is no coincidence, the Federal Bureau of Investigation recently put out a warning that identified banking apps as likely targets for hackers.

As was said in the FBI’s announcement:

“As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.”

We recommend that you take a few minutes and read the entire announcement, as it has a lot of information about these threats and quite a few tips that can help protect your mobile banking as well as many other applications.

If you don’t have the chance to go over all of this now, we’ve put together some of the most important tips to abide by if you’re trying to protect yourself and your financial interests.

Use 2FA

2FA, short for Two-Factor Authentication, and often seen nowadays as MFA or Multi-Factor Authentication, is effectively the addition of another identifier to ensure that someone trying to access an account is who they claim to be. Via texting, emailing, or generating a unique code through an application like Google Authenticator, Authy, Duo, or LastPass Authenticator, a user is given the key to open the additional lock on their accounts.

Any account you use should be protected by 2FA/MFA, especially those that deal with your finances or other sensitive information.

You should always set up 2-Factor Authentication on any account you have, especially if it deals with sensitive information or your money.

Be Smart About Your Passwords

Make sure that any passwords you use are sufficiently secure for your purposes. Rather than using common phrases or easy-to-guess combinations, like your birthday or a pet’s name, use a unique string of characters, numbers, and symbols for each account, or a passphrase consisting of unrelated words.

If You Aren’t Sure, Don’t Click on It

In what is probably the best piece of advice you can give someone who does business online in 2020, if you don’t know who sent it or where it will take you, don’t click on it. In fact, if you aren’t 100 percent sure about something, don’t click on it. Chances are your bank has a mobile app. Download that one from a reputable app store. They may have the link on their website, but if it doesn’t take you to the Google Play Store or the Apple App Store, don’t click on any link. Your bank has spent significant resources to make sure that their app has the security needed, don’t risk using any other app. 

Contact the Bank if You Have Questions

Confirmation that it was your bank sending you information, or that their app isn’t working properly at the moment won’t take more than a simple phone call to confirm. Go to their official website and get the customer assistance number.

We’re really glad the FBI covered this tip too, as it’s often glossed over. If you have any suspicion that something is strange or not working correctly, just call your bank. Go to their official website, or use the number on the back of your card or from a statement. You don’t want to be fooled into making a mistake that puts your finances in the crosshairs of hackers or scammers. Your bank will never ask you for your name or password over the phone, so never give that information out. 

Keep your money out of the hands of cybercriminals by being vigilant and understanding the signs of a scam. If you would like any more information about keeping your finances secure, call the IT security professionals at MSPNetworks today at (516) 403-9001. 

More people than ever are utilizing the conveniences of the Internet and mobile apps to avoid unnecessary human contact during the coronavirus pandemic. In fact, mobile banking alone has increased by 50 percent over the last few months, nationwide. In a recent PSA, the FBI warned that hackers are likely to be targeting mobile banking apps.

According to the FBI’s public service announcement:

“As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.”

The PSA is definitely worth a read, and includes some good tips and potential threats that are out there. It’s worth noting that many of the tips apply to a lot more than just mobile banking.

If you are in a rush, here are some of the best tips to take away from it to protect yourself.

Utilize 2-Factor Authentication

You’ll see this called 2-Factor Authentication, Multi-Factor Authentication, 2FA, or MFA. That’s where a website or service will email or text you a little code to log you in. Some services will utilize an authentication application, such as Google Authenticator, Authy, Duo, or LastPass Authenticator. Using an authentication app is definitely a safer way to go, as they are harder to spoof than email and text, but anything is better than nothing.

You should always set up 2-Factor Authentication on any account you have, especially if it deals with sensitive information or your money.

Always Have Good Password Hygiene

Use strong passwords that contain lower and uppercase letters, numbers, and symbols. Your passwords should always be unique and not be used for multiple accounts, and your passwords should never contain information that could be guessed like your name, birthdays, your pets, and so forth.

If Something Seems Fishy, Don’t Install It

Never install something you aren’t 100 percent sure about. If your bank has a mobile app, be sure to download their official app, which they should have linked in their website. Avoid installing a mobile banking app that is sent to you via email or text message, because there is a chance that it could be bogus. 

When In Doubt, Call the Bank

We’re really glad the FBI covered this tip too, as it’s often glossed over. If you have any suspicion that something is strange or not working correctly, just call your bank. Go to their official website, or use the number on the back of your card or from a statement. 

If you accidentally called the number from the banking app, and that phone call seems suspicious, immediately hang up and be sure you use the number from their official website. If the hackers were clever enough to get you to download a fake banking app, they could easily have a fake support number to get you to call and submit your credentials. Your bank will never need your username and password over the phone.

All in all, be ever vigilant, because cybercriminals want to take advantage of the chaos to grift people out of their money. Don’t let them!

If you need help locking down your business and protecting your staff from cyberthreats, give MSPNetworks a call at (516) 403-9001 today!

As much as a business relies on its technology, it relies just as much upon its employees to properly put that technology to use. Unfortunately, this can very easily expose the business to various threats that involve their employees. Understanding these insider threats is crucial for a business, especially given how current events may tempt those who would never have considered them otherwise.

Let’s review what constitutes an insider threat, and why they are now a bigger potential problem than ever.

What is an Insider Threat?

An insider threat is precisely what the term implies: a threat to your business that is sourced from one of your in-the-know employees. While this makes it sound as though we are referring to an embezzler or corporate spy (which can be the case), it also applies to any employees whose actions inadvertently compromise your business’ data, security, and other property. So, when you are working to prevent insider threats, you need to focus on a variety of fronts.

There are many reasons that these kinds of threats can arise, especially with the current issues that businesses everywhere are struggling with.

Technical Shifts

Given the fact that a pandemic has closed many workplaces, a huge amount of businesses of every size have needed to adjust drastically to sustain their operations however they can. For many, this meant rotating to a virtualized environment for remote work.

Of course, putting it this way makes it sound far easier than it is. Not only have many organizations suddenly been tasked with adopting an entirely new means of accomplishing their goals, many of these changes require adjustments to enable remote work at all. When all of this is considered, there is generally some trade-off between capability and security.

Emotional Distress

There is no denying that the last few months have been a challenging time for everyone. Stresses have been high, and without the recreational activities that many would normally turn to as a means of relieving some of this stress, many people will consider actions that they otherwise wouldn’t. With rising anxiety comes less forethought, and always-present thoughts of economic challenges and potential unemployment can tempt even the most trustworthy employee into considering alternatives like fraud and theft.

Organizational Adjustments

Every successful business has struck a balance between its progressive operations and the appropriate level of security it needs. If security were sacrificed, the business’ operations would be undermined, but if security becomes too oppressive, the business wouldn’t be able to function well enough to support itself. As a result, businesses must find a middle ground, of sorts, that positions them in the best possible circumstances.

Typical Behaviors Associated with Insider Threats

Of course, insider threats can be an issue in the best of times, as well. It doesn’t necessarily take the changes brought on by a pandemic to sour an employee’s opinion of a company, and data has shown that about 60 percent of insider threats involve data being taken as an employee prepares to leave a company—particularly if that employee had a role in preparing that data. Most who do this use email, while fewer numbers use cloud storage, data downloads, and removable storage media, respectively.

These flight risks can be spotted, however, with a little bit of diligence. For instance, if an employee is spending time on job search websites with no work-related reason to do so, you should be concerned, as you should if they are accessing data from a strange place or granting themselves more privileges than their responsibilities require.

Insider threats are certainly a problem, but many potential ones can be fixed proactively. It is important to remember that not all of them will be intentional attacks to your business. Very often, it is more of a matter of an employee inadvertently compromising your security in the attempt to do their job—emailing themselves a file to work on it after hours, for instance. Employees who are operating remotely may be reverting to old security habits as they are out of the work environment. Regardless, you need to do whatever you can to minimize the threats your business and its data face from those closest to it.

Putting the Kibosh on Insider Threats

Communicate Better with Your Team

Right now, things are pretty scary, and many are doubting their job security. Therefore, it only makes sense that people aren’t taking the most well-thought-out actions or could be tempted to create an insurance policy for themselves. Frequently and clearly communicating with your team will help to make them relatively more comfortable in their given situation, hopefully making them less likely to make rash decisions or act out.

Maintain Relationships

While there may be a time and a place for taking a step back and managing your team from a distance, a pandemic ain’t it. Make sure you double-down on your efforts to evaluate how well your employees can cope under the circumstances and adjust your processes accordingly. This will both give you a closer view of your employees and assist you in reducing the stress that might lead to error otherwise.

Give Your Team the Tools for Success

Finally, to cut down on the challenges that your employees must cope with while bolstering your business’ security, make sure that the team is making the most of the solutions at its disposal. The collaboration solutions now available, paired with modern security measures and implemented with a focus on best practices, will make life easier for your team… something you want when difficulties will increase the chances of an insider threat.

For the tools and resources to help your business put these protections in place—even now—reach out to the professionals at MSPNetworks today.

It seems as though every business is depending more and more on their IT. This means that their employees have more exposure to their IT systems. Unfortunately, that relationship is where the majority of the problems you will have are. The facts are that any business that has built a strong security policy has the solutions in place to keep direct infiltration from happening. Hackers have to find another way.

To make this happen, scammers create and send billions of phishing emails (and other messages) each day. Some of them will inevitably hit your company’s email. Even if you use the built-in firewall, the vast majority of them will be sent to spam. If you’ve outfitted your system with an enterprise spam blocker, your staff will see even less yet. Unfortunately, however, eventually one will make its way into an inbox. Sometimes the person is targeted directly and sometimes it’s just misfortune, but regardless of the variables surrounding these messages, interacting with one will very likely be problematic for your business.

This is why you spend so much time and money developing procedures, training your staff, and testing their aptitude: to be confident that they know what to do if they encounter problematic situations. Sometimes the attacks are very complex, but more often than not, all it takes is decoding, discarding, and reporting a hazardous message for them to be an actual hero. If your staff is highly trained, it will become just another part of their job. That’s the goal.

Of course, that’s not always the case. In fact, in one study, 77 percent of IT professionals feel as though their companies are unprepared to confront today’s most prevalent security challenges. That number has to scare you a little bit. Fortunately for business owners, IT professionals are notoriously pessimistic about the ability of people to make the right choices. The truth is that breaches do happen and they can be separated into three categories: mistakes, negligence, and sabotage. 

If you are going to be a company that is prepared for the threats that are going to come your way, you need to understand the difference. 

Mistakes 

Mistakes happen. They always have and they always will. People who are normally diligent, hardworking, and good at their jobs can make a decision that is simply wrong. As we mentioned earlier, there are literally billions of phishing emails sent per day, and it’s not out of the realm of possibility that you, your best employees, even your IT provider can mistakenly click on a link that opens up Pandora's box. If someone makes a mistake, immediately reports it, and it’s obvious there was no malice behind it, it’s really hard to come down on that individual too harshly. A mistake is a mistake, after all. You will want to retrain that person and test them to ensure that they understand what their responsibilities are, but ultimately isolated incidents should be met with understanding.

Negligence

On the other hand, if an employee continues to make mistakes regularly, it’s probably a matter of negligence. Obviously, negligent behavior shows that the employee is ambivalent to the rules set forth by the decision makers and is a problem when it comes to organizational network security. An employee that doesn’t take his/her training seriously probably isn’t taking many other aspects of his/her job seriously, either. Negligence is the cause of a majority of the cybersecurity problems that businesses are forced to confront, and cannot be allowed to undermine the organization.

Sabotage

Sometimes work relationships fail. There are a plethora of reasons why this happens, but most people have run into problems with a coworker, direct supervisor, or employer at some point in their work history. Sometimes the relationship gets so tainted that one party will look to undermine the other. Sabotage is when a current or former employee deliberately undermines the continuity of a business. Sabotage is criminal and purposeful. It can be something as simple as deleting files from a project or smashing company property, and it can be as complex as embezzlement and selling trade secrets to the competition. Most sabotage happens as a result of a work relationship that has turned sour. Unfortunately, if the saboteur still works for your company, you may not be able to catch him/her before it’s too late, but many of them are disgruntled ex-employees who for whatever reason still have access to company systems. For this reason, it is important that as soon as someone is let go or leaves the company, that their access to company resources is eliminated. Someone who knows where things are on your business’ network can really do a number. Avoid that fate by closing that door.

Cybersecurity is a complex issue with many facets. Make sure your business has all the resources it needs to protect your digital assets. Call the IT experts at MSPNetworks today at (516) 403-9001 to learn more.

People have been examining the COVID-19 pandemic and the resulting economic and social shutdown from every angle. Unfortunately, some of those people took it as the opportunity they’ve been waiting for to try and steal data and in some cases money from unprotected and unprepared people and businesses online. Let’s examine how the events surrounding COVID-19 have had an effect on cybercrime.

A Variety of Threats

Today, there are a lot of threats out there that could threaten a business’ data and infrastructure. This has been exacerbated by the fear brought on by the COVID-19 pandemic and most businesses don’t know where to start setting up their defenses. Most of the threats are in line with threats that they normally deal with, but many are seeing an increased frequency of them. By using COVID-19 as a ruse, cybercriminals threaten to take advantage of people's empathy. Some of the threats that business see:

• Phishing attacks 
• Distributed denial of service attacks
• Man-in-the-Middle attacks
• Network based user threats due to negligence or sabotage

Of course, any of these threats can undermine your business’ ability to function properly, let’s look at the latest scams businesses are actually dealing with:

Website Spoofing

People shouldn’t have to deal with these types of things during a public emergency, but scammers have been setting up spoofed websites to take advantage of people’s tendency to think it is less risky shopping online. From fake government websites to websites that claim to make available discount face masks or hand sanitizers (a couple of the new staples from the pandemic) are being set up to steal people’s personal information. Using this information, the more sophisticated hackers can gain access to people’s accounts, leaving individuals, and the businesses they work for, reeling. Here are a couple things you can do to keep from being a victim of false websites:

• Check the URL - A fake site might look just like the real thing, but the URL won’t. With a lot of these scams being run on government and banking websites, you will want to remain diligent to check the URL by running your mouse over any links or buttons on a page or webform. If you can’t see where the information is going, or if the address you find is suspicious, don’t send any of your personal information through the website. 
• Use Ad Blockers - Another great way to skim out fraudulent shady information is to utilize ad blocking software available through your browser’s store.

Email and Text Phishing

Of course, phishing is a big deal all the time as encryption does a good job of keeping traditional hackers out of their networks. Of course, phishing tactics change all the time, and since impersonating someone to gain access to personal information is one of the oldest and successful schemes on the web, it continues to be innovated upon. With over three billion phishing emails sent each day, unless you and your staff know how to spot and mitigate these threats, your organization will fall victim to one eventually. Here are a few strategies you can use to mitigate the risk from phishing emails:

• Confirm the Sender - The only way phishing emails work is when the person receiving the message trusts the information they are being sent. Ensuring that the message you’ve received is from who it says that it is from is one of the first steps in thwarting any phishing attempt.
• Don’t Click on Links and Attachments - Even a well-trained eye can be fooled by some link that looks legitimate but isn’t. It is important that if you aren’t expecting an email, or if you don’t personally know the person or organization that’s sending you messages (and their motives), don’t click on anything. 

Cybercrime will be here a lot longer than COVID-19 will be. It’s important that you take the steps necessary to protect your business (and yourself) from the threats presented by scammers online. For more information on how to stop COVID-19-based cyberthreats, or if you would just like to improve your business’ ability to train your staff on the importance of cybersecurity best practices, reach out to MSPNetworks today at (516) 403-9001.

There are many different varieties of cybercrime that businesses need to be vigilant about. However, most of these varieties can largely be avoided through a few basic practices and behaviors. Here, we’re giving you a few tips to help you prevent attacks from successfully influencing your business, so make sure you share them with your entire team, as well.

1. Reconsider What You Click On

It’s almost automatic for many users to see a link on a website, in their email, and elsewhere. This is something that hackers are very aware of, and often use to their advantage.

Kind of like we just did there (if you clicked on that link).

See how easy it is to fool someone this way? To help avoid this being used to undermine your security, build up the habit of hovering your cursor over a link before clicking on it. This will display the actual destination of a link somewhere on your screen, which you should always check so you will know that it is legitimate. 

2. Use Access Controls

While this may be obvious, you need to make sure that someone who isn’t allowed access to your business’ files or location isn’t able to access them. This means that you need to have all the suggested data security measures and practices in place to protect against the unauthorized access of any of your files, including any hard copies. Keep your physical data locked up, and protect all data with multiple layers of authentication requirements.

3. Keep an Eye Out for Scammers

While we’ve already covered this in part with tip number one, there are other ways to catch attempted cybercrimes that are often used in conjunction with misleading links. Cybercriminals use various methods, referred to as “phishing”, to manipulate their targets into behaving the way the attacker wants. Sometimes it is by using a falsified link, sometimes through scare tactics, and often through a combination of the two. Some phishing attacks are researched extensively to be as effective as possible against a certain target, while others are broader and more generic and meant to catch as many people as possible with minimal work. Make sure your team is informed of these attacks and knows to double-check requests through a different communication method if there is any doubt at all. When in doubt? Pick up the phone and call the sender.

4. Two-Ply Protections

Make sure that you are layering your defenses against cyberthreats. Maintain an updated antivirus solution and utilize a virtual private network when accessing the Internet and activate all onboard protections that your devices offer and use all of the assorted solutions and practices that are available for you to leverage. To discourage cybercrime on a comprehensive scale, you need to take thorough actions and fill in all the small holes that could potentially exist in your security.

MSPNetworks can help with all of this, and more. For answers to any technology questions you may have, or direct assistance in implementing any of this, reach out to us at (516) 403-9001.

Wherever there is money, there are scammers. So it may not be a big surprise that scammers are out en masse trying to get between you and your federally mandated stimulus money.  It’s bad enough that we’ve already seen a couple of phishing scams using the COVID-19 pandemic that are designed to help hackers get into accounts they have no business in, now that these scammers know that people are getting cash, the scams are kicked up a notch.

This is not the first time that the U.S. government has distributed checks to everyone, but with online banking being more prevalent now, scammers have a more complete opportunity to steal money. Let’s go through the ways you can ensure that you get your stimulus money:

1. Avoid anything that has you sign up for stimulus money - Unless you haven’t filed a tax return in the past two years, you will not have to do much to get your stimulus money. If someone wants you to fill out a form to get your stimulus money, you are definitely being scammed.
2. Scammers don’t just act online - Like traditional phishing, you need to be aware everywhere. Whether you get postcards in the mail with a password printed on it or you get messages over social media, you need to know that being asked to take action to gain “access” or to “verify” your payment information is almost assuredly a scam.
3. You can’t get your money faster - Some scammers have concocted a scam that “for a small fee” they can get people their stimulus check faster. With tens of millions of people already receiving their check, it's a sign that your money is on its way if you haven’t received it already. No service can help you get your money faster. 
4. No, you aren’t getting more - What’s better than getting $1,200 tax-free money from your government? Getting more money. Some scammers are actually sending checks for two or three times the amount of the stimulus, the scammer will then apologize for the discrepancy and ask the recipient to reimburse them. The check and their strategy are completely false and should be ignored. 
5. IRS correspondence - It’s true that some people have had to fill out forms on the IRS website in order to get their checks sent to them or deposited in their bank accounts. Of course, scammers have set up forms that look like it. If the form you filled out isn’t on the IRS’ website, you shouldn’t fill it out.

Knowing what you are up against is the best defense against scammers. If you haven’t yet received your CARES Act stimulus money, you need to go to the official IRS website to find out why (or more likely when) you will receive your stimulus check.

What scams have you been seeing lately? Let us know in the comments section below and return to our blog for more great technology-related information.

We spend a lot of time on this blog talking about virus avoidance, but today we thought we would go into things you can do to keep another type of virus--specifically COVID-19--away from you and your technology.

It’s known that bacteria and viruses (including COVID-19 and many others) thrive in environments like a typical office. There are usually many people in a confined space and a lot of places that microorganisms and germs can get picked up.

To back up these claims (that only really need corroboration from workers that get sick from their contemporaries regularly), research suggests that the average office phone features more than 25,000 different types of bacteria, the average keyboard sports 3,000 per square inch, and the mouse has over half that. For reference, the average toilet has less than 300 per square inch. This tells you just how important it is to make efforts to keep your workspace clean. 

Virus Removal

You can’t just dump hand sanitizer on your keyboard and expect it to be clean. Here are some tips designed to help you keep yourself healthy:

Traditional Cleaning

It is important that you keep your office clean. Using soap and water to clean surfaces that are able to be cleaned that way and keeping the floors clean with a broom and mop will keep the office in good shape. 

Obviously, you shouldn’t clean your computing components with the same haphazard cleaning that you would do on your floors. You don’t want to ruin them with careless actions. 

Disinfecting Wipes

The disinfecting wipes can be quite useful to build a healthier office, as long as you are diligent about which wipes to buy. You’ll want to get the ones that tell you about their disinfecting power on the label.  You will want to check the labels to see if your supply says they kill viruses.

By using these disinfectant wipes, you will likely see fewer sick people. Cleaning surfaces like door handles, light switches, phones, chairs,  keyboards, and mice will go a long way toward sanitizing your whole office. Be sure to pay special attention to high-traffic areas in the office, like the staff refrigerator, vending machines, coffee machines, and the microwave, to properly disinfect them as well.

Encourage Hygiene

The thing that is going to keep your staff safe against contamination the most is their own hygiene. You’ll want to make a point to remind everyone in the office that they need to be washing their hands after they use the bathroom. You can also make sure that they have access to hand sanitizer, sanitizing wipes, and other useful products that promote a sterile workplace.  Also, you would be wise to tell sick people to stay home from the office or allow them to work remotely if needed. 

Ultimately, with the COVID-19 pandemic bringing these issues to the forefront, you will likely begin to see people making these steps a priority. Nobody wants to get sick, so everyone has a reason to keep their workspace as clean as possible, but since every office has at least one slob, you will want to make sure to make it a priority for them to keep their desk clean. 

What does your company do to promote staff health? Leave your thoughts in the comments below.

There are many reasons that your team may want (or need) to work from home, and there are many reasons to allow them to do so. A 2019 survey by OwlLabs indicated that 71 percent of remote workers are happy with their job (as compared to 55 percent of on-site workers); remote workers responded that they are 13   percent more likely than onsite workers to stay in their current job for five more years than onsite workers will; and when respondents claimed to be working longer than 40 hours per week, onsite workers were doing so out of necessity, while remote workers did so out of desire and enjoyment.

These statistics outline that by allowing employees to work from home, your company will see some very tangible benefits. Like any human resources strategy, however, you’ll need to keep a few considerations firmly in mind to get the most out of it.

Treat It Like Business as Usual

When you are working with your remote employees, it is important that you don’t focus exclusively on your in-house staff. Maintaining communication with every one of your staff is necessary for your operations to continue, so if anything, you need to encourage your in-house workers to regularly check in with your remote employees and involve them in their processes. You should also avoid the temptation to hold off on meetings. Again, don’t act like anything has changed as a result of your employees working from home. If you have regular meetings at a given time, continue them, and simply use the technology available today to include your remote staff members.

Provide the Means to Communicate

Speaking of which, it is also important that your remote team members have the tools that allow them to communicate with their contemporaries. If you haven’t already done so, consider switching your telephony to a VoIP (Voice over Internet Protocol) solution. This will enable your remote staff members access to your business’ phone system, rather than using their own for professional purposes. Other useful collaboration tools include things like video conferencing, instant messaging, and (of course) business email.

Give Them Access and Tools

Your remote workers aren’t going to be capable of being productive if they don’t have access to the necessary resources and applications required to carry out their assigned tasks. Make sure they have this access, either by enabling remote access into their workstation or by providing them with a laptop that they can take with them. It is recommended that, if you elect to take the remote access option, this access is secured through the use of a virtual private network (or VPN). This tool ensures that whether your files and applications are stored on-site or in the cloud, that access to data is available from anywhere a connection can be established.

Don’t Forget About Security

It is critical for the health of your business that you uphold remote workers to a higher standard for data and network security. Remote work brings increased risk. Using the aforementioned VPN is just one of the many tools that will work to maintain the integrity of your business’ digital assets. Another important security measure is to be sure that your remote users are forced into using password best practices for authentication. 

Some Suggestions:

• Hosted VoIP for using phones from any device and anywhere.
• A VPN for secure connections to the office network.
• Remote access policies to ensure compliance and security. 
• Remote terminal access to keep files and applications centralized.
• Email accessibility for internal and external communication.
• Conferencing and meeting applications to keep your team engaged.
• Messaging applications to facilitate easy coworking.
• G-Suite/Office 365 for document publishing and collaboration.
• Disaster Recovery solution to prevent productivity-loss issues.

Our IT professionals are here to help you extend the reach of your business and do it to ensure that your assets are protected. Reach out to MSPNetworks today to kickstart your remote workforce on a path to productivity. Call (516) 403-9001 to learn more.

It’s not uncommon where a situation arises and you will find yourself working from home. To make this work, it is important that you keep a few additional issues in mind so that you can make the most of it. We have put together a few simple best practices that you should keep in mind as you operate remotely.

Security Considerations

Even though you aren’t in the office, you still need to follow the same security protocols and the processes you would need to follow if you were working in the office. In fact, these processes become even more important, as your home network is likely less secure than the one in the workplace. Here are some tips:

Be Hygienic
We aren’t telling you to brush your teeth or wash behind your ears, we are talking about practicing good security hygiene while you work remotely. Don’t reuse your passwords, use multi-factor (or two-factor) authentication to secure all accounts, and don’t share out information over email if you don’t know for certain who will read it. In other words, all the basics still apply.

Be Mindful
For similar reasons, you also need to be extra careful of online scams or phishing attacks while working remotely. Lost business data is lost business data, regardless of where you were when it was left vulnerable. Make sure you are up-to-speed in terms of identifying and mitigating breach attempts.

Use a VPN
Finally, because you will not be protected by the defenses on the company network, you need to implement a few extras, such as a virtual private network. A VPN uses encryption to conceal the contents of any data you transmit over the Internet, protecting the contents from virtually all attacks.

Business Practices

Again, as you aren’t in the office, your remote work needs to follow the same processes as it would if you were in-house, and you will need to be more deliberate about carrying them out. For instance:

Use Communication and Collaboration
Since you are not working alongside your colleagues and coworkers while you are working from home, you should be extra diligent about remaining in contact with them. Use your email, instant messaging, and phone capabilities to keep the rest of the team apprised as you progress with your tasks.

Follow Processes
As we don’t want anything falling through the cracks as we continue our operations, it is important that each team member sticks to procedures with every task they touch. This will help ensure that all the ‘i’s are dotted and each ‘t’ is crossed, and that things progress productively.

Schedule Strategically
While you should still work the amount of time you would be in the office, you may have a little more freedom and autonomy as far as your schedule is concerned. Don’t be afraid to arrange your tasks around any scheduling conflicts you may have, or shuffle your tasks to better fit your productivity levels throughout the day.

Personal Wellness

Finally, it is crucial that you are able to manage yourself and your time while not in the office environment. Here are a few tips to help you do so, that may be useful to keep in mind.

Set Limits
While the assumption surrounding remote work is that employees are prone to slacking off, it is also likely that you may be tempted to push yourself a little further than you should with your day to try and accomplish as much as possible. While this is an admirable goal, it isn’t effective if you overwork yourself one day and accomplish almost nothing the next as a result. Moderate yourself and stop when it’s time.

Build Patterns
Process is crucial to working effectively from home. This means you need to actively make sure you get into a work routine (even one that resembles the one you follow normally). Get up on time. Make yourself breakfast. Make sure you get dressed (at least most days). Establish a place that becomes your work area. Consistency will help keep you on task and feeling sharp.

Resist Temptation
There are a lot of things at home to help distract you from doing what you need to do. Hobbies, that TV show that you always meant to watch, even household chores can tempt you away from getting down to business. Shut these excuses to procrastinate out, and if you must procrastinate, do so in a beneficial way. Meditating can help you refocus, or even switching to another task briefly can help you refresh your mind.

Remember, your team is here to support you, but they also need that support to be reciprocated. Make sure your remote work is just as productive as your in-house work would be.

The COVID-19 pandemic has greatly disrupted daily life, restricting people to their homes and preventing them from going into the office to work. In response, many companies are hurriedly changing over to a remote-capable workforce and having their employees work from home. This strategy can be highly effective, but if a company and its team isn’t careful, it can also be risky.

Why This Matters Now

Many businesses have had no choice but to shut down as “non-essential” businesses are closed. While the definition of an “essential” business varies from place to place, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency have provided some general guidelines describing what kind of services should be seen as essential.

This list includes many businesses who could conceivably operate on a remote basis, if they had the internal capabilities. Unfortunately, this often isn’t the most secure option. Let’s review why working from home can be less secure than working in the office, and what you can do to help minimize these effects.

Security Threats for Remote Workers

As you would expect, there are a lot of factors that can serve as a detriment to remote work’s inherent security. This is exacerbated by the fact that there is currently a global health disaster that cybercriminals can use to their advantage:

• The security implemented into the business’ network is no longer protecting the employees and their devices.
• Employees may have more lax security habits when not in the workplace.
• Cybercriminals can shape their attacks and scams to be more convincing in the current climate.
• Many businesses haven’t prepared for this eventuality, and so are lacking the remote strategies that would keep their employees secure.

Therefore, cybercriminals have the opportunity to use many of their favorite tactics to their advantage. Researchers and cybersecurity professionals have seen an uptick in ransomware attacks, remote access tools, and trojans, thanks to cybercriminals using COVID-19 as bait during their phishing attacks by playing off the stress that the coronavirus is causing in many people. It doesn’t help that many remote workers will check their personal emails alongside their professional ones, adding to the chances of a successful attack via their email. Others will pose as the hiring organization itself to swindle remote employees.

To be fair, attackers are also seeing more success in targeting businesses directly, while security is put on the back burner as they focus on their COVID-19 preparedness.

As we mentioned earlier, businesses are also generally ill-prepared for this kind of event, especially those who operate in industries that aren’t commonly associated with remote operations, and whose systems are often outdated and poorly maintained, and/or proprietary in nature and not conducive to remote capabilities. Industries that face particular regulations and certification requirements have another hurdle to clear.

What Can Be Done?

While it is unfortunately going to be a reactive response at this point instead of a proactive measure, businesses can adopt certain solutions that will assist them in securing their remote workers from attack.

• Cloud Solutions - Utilizing the cloud, rather than requiring users to remote into an at-work solution, can prevent an external access point from being created that leads into your network. Simpler to use than remote access and inherently secure, a cloud solution is ideal for remote working. With the opportunity to host software, store data, or some combination of the two, the cloud can enable many of your employees to work completely independently of your network.
  
  
• Company Issued Eequipment - With a company-issued device, it becomes a lot easier to ensure that your team has the security solutions and updates you need them to have. While this will require some investment into mobile devices that support your needs, this is a measure with lasting influence on your overall security and productivity.
  
  
• Employee Training and Education - Finally, and perhaps most importantly, your employees need to understand that their responsibility for the cybersecurity of the company at large carries over as they are working remotely. Teaching them how crucial security updates are, how to spot phishing attacks, and other preventative measures will make a huge difference.

While the COVID-19 pandemic may be providing businesses with the motivation to put these measures into place now, these measures and other recommended best practices should always be followed. MSPNetworks can help you put them into place whether you’re an essential business or not. Give us a call at (516) 403-9001 to learn more. 

If you’re in business today, there are three words that are critical for you keep in mind: Cybersecurity. Is. Important. As such, every business needs to have taken the time to put together a cybersecurity policy--a set of guidelines that instruct the business how to proceed with the highest level of security possible. We’ve taken the liberty of suggesting a few guidelines for your business to follow as you do so.

Establish Definitions 

When you’re putting together a cybersecurity policy, there cannot be any uncertainty in what you are referring to at a given time. It is important for you to make it clear: if one of your policies references a “cyber incident,” what kind of situations could that apply to specifically?

This makes it imperative that you clearly establish what certain terms you use in your policies refer to, relatively early on. Take the “cyber incident” example: does that refer to an attack by a cybercriminal, or does it refer to an internal mishap or equipment failure. If it does refer to an attack, does it describe a limited scope, or do all attack vectors (phishing, man-in-the-middle attack, et al.) fall under its umbrella?

Remember, the person referencing this document will be a relative layman, so you need to make sure that these definitions make it clear to them what situation they are encountering and how to proceed.

Establish Processes

When you are putting together a cybersecurity policy for your business to follow, the fundamental idea is to make sure everyone is on the same page in the event of some major issue, event, or need. Therefore, you need to make sure you create standards that apply to a variety of circumstances, such as the need for remote work to take place, what qualifies as acceptable use of the Internet, and the modern demand for improved passwords and other forms of authentication. You also need to remember that various regulations and other compliance requirements could come into play, and adjust your standards accordingly.

As you document them, these procedures themselves should include:

• What protections are in place (and what they protect against)
• What backup policies are in place
• What the updating/patching process looks like regarding your protections

... among other key pieces of information that would come in handy if recovery from a cybersecurity issue was ever a concern.

Establish Accountability

Once your processes are devised, refined, and finalized, you need to make sure that they are properly documented and that your staff is trained to follow them… otherwise, the effort you made to put them in place is rendered redundant.

The importance of this particular aspect cannot be emphasized strongly enough. In fact, part of your new policy should address how much harm an employee can do to the business’ well-being and outline how your employees need to conduct themselves as they go about their work. There are many ways that you can--and should--do so.

Education is going to be key, of course, as your established protections will only do so much if one of your employees doesn’t recognize a threat when presented with one. Phishing is incredibly popular for a reason.

Just as important is to keep in mind that accountability can often be shared, especially when a cybersecurity issue has transpired. Sure, an employee may have fallen for a phishing scam, but could that have been because the training they received to avoid them was inadequate or outdated? When was the last time you held a training session? In order for your business to properly secure itself against threats, the whole business must be involved.

MSPNetworks can get involved, too. Our professionals have the experience needed to ensure that your business has the security it needs, with the policies in place to support that security. Find out more by giving us a call at (516) 403-9001.

Most businesses that really lean on their IT go to great lengths and expense to keep those systems secure. Sometimes, however, all those firewalls and antivirus software don’t stop threats that come in from your staff. Today, we are going to go through the three different types of human error that your staff can undertake, and how to deal with each.

Accidental

The most benign of the insider threats, the accidental mistake typically happens when data is in transit. Circumstances often lead to situations that are less than ideal. Typically, these types of mistakes are made when an employee isn’t properly trained. If you have security policies in place, but an employee hasn’t been made privy to them, or at the very least they aren’t given the knowledge on how to stay compliant of them, there is a disconnect that can often lead to problems. 

Negligent

Unfortunately, most insider threats are of this nature. These are threats that are brought on directly from user error because of a lack of diligence. When data is lost in a database, when malware is downloaded on the network, or when mobile hardware is lost, your company is dealing with user negligence. Most negligence is not premeditated, but due to its avoidable nature, it is looked on much less favorably as compared to accidental mistakes. 

Malicious

When an insider acts in a way that is intentionally malicious towards an organization. This can come in several forms. A user that has access to company computing resources can deliberately steal data, inject malware, and bypass security policies enacted by the IT administrator. Then there is the mole, who is a person that is actually an outsider, but is provided access to company computing resources, and uses his/her position to pass information onto competitors, steals it with the intention of selling it off, or using it nefariously later. 

How to Spot Insider Threats

The nature of the beast here makes spotting insider threats difficult, but there are some indicators that can help you identify if you have a bad actor in your midst. 

• Type of activity for users - If a user has access to certain resources, but their job doesn’t typically require them to use those resources, especially ones that are filled with sensitive information, you wouldn’t be misguided to further monitor that employee’s behavior on your computing network. 
• The volume of traffic - If you can’t account for a sudden uptick in network traffic, you may want to investigate. 
• Times of activity - If you see spikes in traffic at strange times, you’ll need to ascertain why.

How to Protect Against Insider Threats

You can take some pretty straightforward steps to combat any insider threats. They include:

• Increase visibility - You will want to put systems in place to keep track of employee actions. You can do this best by correlating information from multiple sources. 
• Enforce policies - Having your policies documented and easily accessible will avoid any misunderstanding of your business’ expectations on how employees interact with its technology resources. 
• Comprehensive training - IT isn’t everyone’s cup of tea. To avoid accidental mistakes and to help reduce negligence, consider putting together strong training initiatives. They will go a long way toward helping staff understand what is expected and what is possible.
• Access control - Of course, if you set up permissions for every part of your business, you can effectively set who can see what, making sabotage and negligence less likely to hurt your business. 

If you would like help identifying how to protect your business’ network and data from threats, even the ones that come from inside your business, call the IT professionals at MSPNetworks today at (516) 403-9001.

The modern business has to deal with a lot of potential security problems. Today’s threat landscape is filled with people looking to prosper off of your misfortune. As a result, doing what you can to maintain the security of your network and data is essential. Today, we will discuss how maintaining your organizational cybersecurity doesn’t have to be costly or time consuming.The best way we’ve found to go about doing this is by highlighting a few key actions that you can take to keep your network secure and your data safe.

Use Strong Passwords

Like many of these quick tips, this one is a good practice regardless of where you are. Good password management is an extremely important part of the security process. To concoct a good password, you need to first make something that people or computer programs won’t guess. You can do that by using both lower- and upper-case letters, numbers, and symbols.

Another good practice is to create a passphrase of unlike words. This serves two purposes. First, it ensures that you can remember the password; and, secondly it is secure enough where no one can crack the password.

Finally, you will want to create a unique password for every online account and save them in an encrypted password manager. Doing so will not only protect your passwords, it sets up a system where you only have to remember one. 

For additional security, you will want to use two-factor authentication. This is a system that adds an additional layer of security to your online accounts. Once you enter a password into a password manager, you then will get an additional box where you will enter a code. This code can be sent through email or it can be generated through an authentication app. 

Only Use Secure Wi-Fi

The Wi-Fi inside your office should be secure, hidden, and encrypted. For those times when working in your office is impossible, the use of a virtual private network (VPN) can keep your uploads and downloads secure. Utilizing public Wi-Fi without a VPN is just asking for problems. 

Some VPNs are better than others. Typically, if your company uses a comprehensive network security suite for your office, it will come with VPN licenses that will be more than enough to protect data transmission when you are working on someone else’s Wi-Fi.

Avoid Unknown Links

Phishing is the number one way that hackers gain access to a network. This is because people click on links and download attachments that they have no business interacting with. Your account has likely been phished many times this year. Most are probably thwarted by your spam blocker, but it only takes one attack to grind productivity to a halt.

If we have one piece of advice, don’t enter personal or company information in an email or instant message unless you are very clear who is on the other end. The threats that line up against your integrated security are substantial ones. Phishing is the number one cause of identity theft and ransomware. Since it runs the entire gamut of negative results, ensuring that you are doing what you can to not be part of the problem is important. 

Cybersecurity can be difficult for a business, but an individual’s role in protecting business and personal networks isn’t. If you would like to learn more about IT security or how to effectively manage risks that come from phishing and other attacks, subscribe to our blog today.

Wi-Fi has swiftly become one of those amenities that we just expect to have, including in the workplace. While it does make work around the office more convenient, it should not be at the cost of your security. To help prevent this, we’re reviewing a few key Wi-Fi security considerations to keep in mind.

Don’t Rely On It For Your Security

Regardless of how secure your network purports to be, it doesn’t hurt to continue subscribing to best practices when it comes to maintaining your security -- in fact, it could very well hurt you not to do so. Wi-Fi in particular isn’t the most secure method to use out of the box, so you should always be sure to support what you use with additional protections and security measures. For example, you should always incorporate encryption to help protect your traffic, something that you need to make sure is done, because your traffic won’t be secure otherwise.

You should also follow general browsing best practices at all times, just as an added precaution. Avoid websites that lack the ‘s’ in https, as that ‘s’ stands for secure.

Protect Your Wi-Fi With Good Passphrases and Practices

At this point, most people are at least aware of what makes a bad password: the usual suspects, including:

• Simple and common words and letter combinations being used
• No variation in character type
• Reusing the same password for different sets of credentials
• Passwords written down on scrap paper or sticky notes

This is just a small sample of all the little habits and shortcuts that users will understandably start to pick up to make sure that they can remember all of the different passwords they need to maintain (not to mention the idea that they should use a different password for each account).

While your employees certainly shouldn’t be shortchanging your security measures, they are only human. One way to compromise with them (without compromising your security) is to use passphrases instead of passwords, creating a very bland sentence and using that as your authentication proof instead - something like “ipourthemilkintothecereal.” Memorable, yes, but certainly not well-known. Naturally, these should be kept confidential, and it will probably help to use a password manager to keep track of them. On top of that, add numbers, symbols, and capitalization.

Consider Your Wi-Fi Network

There are many ways that you can help increase the safety of your wireless network. Here are some quick highlights:

• Change your SSID away from the factory default to a unique but unrevealing alternative, even if you keep your network hidden.
• If a device has Wi-Fi capabilities that you are not actively using, make sure that the device is off to help truncate the amount of access points you have into your wireless network. If a device can be connected to your network via ethernet, consider doing so.
• Keep business use of the network separate from any guest use of the network with a dedicated guest network, protected by a simple passphrase that you update periodically. Turn off the guest network whenever it is not needed for added security.

Want extra help with any of these security considerations? Trust the experts at MSPNetworks! We can help keep your technology safe for you to continue your business operations with it in your corner. Call (516) 403-9001 to learn more.

With email being such a huge part of doing business, phishing has become a favorite tool of many scammers. To fight back, it is key that you know how to recognize a phishing email, so we’re dedicating this week’s tip to doing just that.

What is Phishing?

Phishing goes beyond just your email. The term actually covers any digital attempt that someone makes to trick you into revealing important information about your business or personal accounts. A ‘phisher’ would try to fool you into handing over a particular detail about yourself, like the password you use for your online banking, or your business’ client and personnel files.

Of course, a scammer doesn’t have to use email as their preferred phishing tool. With social media becoming such a big part of business and personal life, phishers will pose as people you know and message you to try and extract information. Others will just pick up the phone and call you as someone else, hoping you won’t question them and hand over the information they want.

These different methods that a scammer might use can even classify the attempt into a more precise type of phishing. Attacks that are highly customized to one particular target are called “spear” phishing attacks, while those that pose as the CEO of a company are called “whaling.”

Regardless of what kind of phishing it is, it ultimately relies on deception to work, more than any other factor.

Spotting Phishing

Fortunately, while some phishing scams are getting to be pretty elaborate, there are a few practices that can help prevent you from being fooled. Here, we’ve put them together to give you a simple guide to avoiding potential phishing attacks.

Warning Signs

There are plenty of warning signs to help you spot a phishing attack. Some are found in the body of the email itself, while others are actually based a little bit in behaviors. For instance:

Is the message filled with spelling and grammar issues? Think about it this way: does it look good for a business to send out official correspondence with these kinds of avoidable errors? Mind you, we aren’t referring to the occasional typo, rather the tone of the message as a whole. It certainly does not, which suggests that the message may not be legitimate.

Is the message written to make you panic about something? Consider how many phishing messages are framed: “Oh no, you have an immediate issue with something so we need you to confirm your access credentials so that this immediate issue can be resolved. Otherwise, there will be huge consequences.” While there are a variety of ways that people can be convinced, these types of messages hit on some major ones: striking quickly to keep people from questioning you, removing power from someone who wouldn’t listen to you, and using very definitive and final terms. Does the message do these things, suddenly alerting you to a terrible issue that only the sender can protect you from? If so, there is a good chance that it is a scam.

Is the message a typical occurrence in general? Finally, think about the average case when a message like this is received. If you were to suddenly get a message on social media from someone who you really don’t talk to, it’d be a little weird, right? The same goes for your business communications… how often would this supposed sender actually reach out for this?

Protecting Your Assets

Fortunately, there are a few simple ways to help reduce how effective these attacks can be.

• Use a spam blocking solution to help reduce the number of phishing messages your employees need to deal with. While many phishers have become more sophisticated, plenty are still keeping it simple enough to be stopped automatically.
  
  
• Make sure your employees are trained to spot and properly handle attempts that may come through. By starting with the end user, you’re taking away a lot of the power that phishing has.

At MSPNetworks, we appreciate the importance of secure workplace practices. If you’d like to learn more about phishing, and how we can help stop it from hurting your business, reach out to us at (516) 403-9001.

A full week into the new year, have you resolved to make any improvements to your business? In light of all the resolutions that may (or may not) have been broken by now, we decided to share a few resolutions you could put into place to improve your business and its processes.

Make S.M.A.R.T.er Goals

I know, I know… it isn’t as though you don’t already have goals for your business to reach, whatever they may be. However, not all goals are set equally - there are ways that you can improve your likelihood of reaching them. One way is to follow the S.M.A.R.T. methodology, which means that all of your goals are made to be:

• Specific
• Measureable
• Attainable
• Relevant
• Timely

To make sense of this, let’s create a S.M.A.R.T. goal here. To do so, we’ll assume you want to see more revenue come in. To make this more specific, let’s specify where that revenue should come from - perhaps recurring services. To make sure your progress is measurable, you want to set a few concrete values, as these are easier to measure and track. For our case, let’s say that you want to increase the number of people signed on to your recurring services by a total of 15 percent within the next month.

Now, ask yourself, is this goal an attainable one, under typical circumstances? While there is nothing wrong with being expeditious, you need to make sure that you aren’t sending yourself on a fool’s errand at the same time. So, let’s pretend that, in this scenario, you see a natural sign-on/conversion rate of about three percent for these services each month, and can increase that to five or six percent if you push them. That means that a goal of 15 percent is pretty much doomed for failure. As a result, we should adjust this goal to signing on 15 percent more in the next three months.

Furthermore, your goal needs to be relevant to your business’ ongoing success. Does the service you are pushing increase your profits, or does it make your other tasks simpler to accomplish? You should focus, first and foremost, on goals that benefit the business and/or its processes. Finally, and hearkening back to the selection of three months over one month, you need all of your initiatives to have a timely end. Otherwise, you won’t be as motivated to strive for success - you’ll probably get there someday, after all - and really, what kind of goal is that?

Motivate Your Team by Improving Your Culture

Not all business growth can necessarily be measured in mathematical terms. However, this other growth can have an impact on the benchmarks that you might first think to measure - such as generated revenue, employee retention, or productivity - as well as provide clearly visible benefits to your business. Basically, by making the workplace a place where people are happy to work, you can make progress toward these goals as a natural side effect,

To accomplish this, have your employees chime in and share what might make them feel more energized and enthused to come to work - and then try to act on it. By working to motivate everyone, you help lift up the culture of the entire workplace - as well as create an environment that attracts many prospects to join your team.

Strengthen Your Business Relationships

While many business owners might dream of becoming the next huge, global business, there are certain disadvantages to becoming one. For instance, when managing a colossal business like that - despite what many advertisements may say - the tendency is to make everything as impersonal as possible, mostly out of practical necessity. The thing is, many clients are looking for a personalized experience, the relationship that a smaller provider can provide. Building relationships like these can be the difference between you getting their business, and the conglomerates getting it. 

Are there any resolutions that you’ve made for your business this year? Share them in the comments, and don’t forget that we’re here to help with any of your technology needs to give you the best chance of accomplishing them! For more information, give us a call at (516) 403-9001.