MSPNetworks Blog

These days most consumers lean heavily on their payment cards. Whether they use credit cards, debit cards, or gift cards, consumers today are much more apt to use their card then they are to use cash. Why is this? Convenience mostly, but also there is a belief that using a payment card is more secure than walking around with a wad of cash in your pocket. Today, we will get to the bottom of the matter.

Are Cards Actually Safer Than Cash?

Credit card companies have long claimed that the credit card is safer than cash, but are they? A few years back, they were unquestionably safer, but with card-issuing banks changing their terms of service to alter non-liability clauses, and with the uptick in global wire fraud, it complicates the scenario somewhat. Sure, if you are on a street and have $5,000 on a credit card and $5,000 in cash in your pocket, the $5,000 on the card is undeniably more secure.

Speaking of changing the language, most credit cards protect borrowers when they have their identities stolen and fraudulent charges pop up on their statements, but not all do. Debit cards typically come with even less assurance because the money is yours directly, and doesn’t belong to a FDIC-covered bank. If you received your credit card from a credit union, you will want to make certain that your card is NCUSIF covered, because their money is not protected by FDIC.

What is Used to Protect Card Users?

All retailers that do business with payment cards have to comply with the Payment Card Index Digital Security Standard (PCI DSS). This mandate requires any organization that accepts card payments to actively protect cardholder data. Cardholder data is any information found on a user’s payment card, and according to the PCI DSS mandate, shouldn’t be stored by an organization unless used to improve the product or service that is being purchased. 

Outside of this standard, there has been some technological improvements that are aimed at keeping cardholder data secure. The first is the “chip”. Over the past few years the EMV chip (which stands for Europay, MasterCard, and Visa) has become standard on most payment cards and is used to encrypt data transfer. It sends a unique code to signify individual transactions. The code then expires if there is no need to return the purchase. 

Other technologies that are improving protection for card carriers include: 

• Dynamic Card Verification Values - The CVV found is the three-digit number found on the back of most payment cards. It functions as another verification option. Today, some banking organizations are beginning to use a dynamic CVV, which changes the value of the CVV based on what time of day it is. This means that someone will have to be in possession of a card in order to use that card digitally.
• Mobile Wallet - Think Google Pay and Apple Pay. Using near field communications (NFC), mobile wallets allow for linked cards and accounts to make purchases in participating locations. While being much more convenient, it is also a more secure way to pay for goods and services, provided that you take care of your account. 
• Biometrics - Using technology that records and analyzes biological characteristics for the purpose of authentication, this technology is often found on mobile banking apps and other mobile technologies, but could be of great use if financial organizations were to standardize a thumbprint or retina scanner. Technology like this is being used in South Africa as well as some European and Asian markets. 

If you rely on your payment cards, you need to consider how to keep your card and account information private and secure. If you need help getting your business compliant with PCI DSS, or if you need to protect your customers as much as your business, call the IT professionals at MSPNetworks today at (516) 403-9001.

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

To get started, let’s review the best practices for creating a password. The best practices for creating a password include the following:

• Use complex passwords: Your passwords should always be a complex string of letters, numbers, and symbols, including both capital and lower-case letters. Try to keep them as random as possible, without including any specific words or phrases if you can help it. This reduces the chance that your password will be guessed by a hacker.
• Use different passwords for each account: If you use the same password for every single account you have, you run the risk of one password exposing multiple accounts to hackers. Using multiple complex passwords can make them difficult to remember, however, which leads us into our next point.
• Use a password manager: If you’re following password best practices, you’ll notice that remembering passwords is difficult--especially when they are all different and complex. A password manager can store your passwords in a secure vault for access when they are needed, allowing you to use complex passwords at all times without needing to remember them. It sure beats writing down passwords in a Word document or elsewhere, and it’s much more secure than doing so. There are even password managers for businesses that let employers dish out certain credentials to staff in a safe, secure way.

While password best practices are important to ensure maximum security for your accounts, they’re often not enough to secure your business. Hackers are always trying to find new ways to crack even the most powerful of passwords. This is where two-factor authentication comes in. A hacker might be able to replicate the password, but can they replicate your accounts needed for access?

Two-factor authentication works by using a device or email account as a secondary credential for accessing an account or network. The obvious example is a smartphone, which can receive an SMS text message with a code needed to log into an account. Others might have codes sent to secondary email accounts. Either way, the point is that these types of credentials can only be received by the holders of the device, which is much more difficult for a hacker to take advantage of. There are even some types of two-factor authentication that utilize biometrics and near field communication technology (NFC), allowing for even more complexities that hackers will sigh and shake their heads at.

If your business needs to protect sensitive data, two-factor authentication is definitely one line of defense you will need. MSPNetworks has a solution for you. To learn more, reach out to us at (516) 403-9001.

Look, we get it. All you want is for the technology your business relies on to just… work. While that may not always be possible, there are quite a few things you can do to help prevent issues. For this week’s tip, we’ll go over some basics that will help make your use of your computer much less stressful.

1. We’re Not Kidding When We Say “Turn it Off and On Again.”

Yes, we’re aware that this advice has become the go-to punchline for any jokes at IT’s expense. However, we’re also aware that this is the case because we do offer this advice a lot, and that’s because it works. A surprising amount of issues can be resolved through a simple reboot. You know how refreshing a nap can be for someone? A reboot can work similarly for a computer, as it gets rid of all the extra data that can otherwise bog it down. This is a simplified way of describing the process, of course… the important thing is that you know we aren’t just asking that question to sound smart.

As silly as it admittedly sounds, a quick reboot is effective often enough to make it worthwhile to ask right off the bat.

However, it is important to remember that a reboot requires more than just turning your monitor on and off, or just logging out and in again. You need to actually restart your computer - and not by pressing the physical power button on your device, as this could cause worse problems. Instead, use the Restart option - found in the Start menu, under the Power icon. Furthermore, you also need to remember that locking your computer is a different process entirely, but still should be done whenever you leave your computer unattended. All you have to do is press WINDOWS+L.

2. Don’t Rush Your Computer

Anyone who has sat at a computer and had to wait for a process to complete understands how irritating this wait can be. There’s a real feeling that almost seems like helplessness - so it’s only natural that we have the urge to do one of the few things we can do… click on what we wanted to do, over and over and over and over…

There are a few problems to this approach. First, there’s probably some reason that the computer seems not to be completing its action. Second, your computer isn’t ignoring any of these additional clicks. As a result, if/when your computer makes it past whatever it is that is causing the holdup, it’s going to take all those clicks seriously. You won’t just open one instance of whatever file or program you were trying to access, you’ll open the application however many times you clicked on the shortcut. This will be annoying. Naturally, the same can be said for trying to print something out, or really any other action you were trying to complete. Doing so can even slow your computer down further.

Try to be patient… but, if the problem persists, reach out to IT for assistance.

3. Exercise Password Caution

It’s hard to overstate the importance of your passwords and their impact on your security overall. This means you have to be careful about how you remember them, as well as where and how you input them. Take your Caps Lock key, for instance. It won’t matter if you spell you password correctly if Caps Lock is activated unnecessarily, because it’ll still be wrong.

In terms of your security, you need to also consider the consequences of how you and your team stores your passwords. Let’s say that one of your employees is trying to cover up some corporate espionage. If another employee keeps their passwords written on a sticky note somewhere around their workspace (stuck to their monitor, for instance), that gives the insider threat a great way to pin their activities on someone else. This is why it is so important that every computer is locked when left unattended, as we discussed above, especially if the browser or other applications have their access credentials ‘remembered’ by your device.

If you’re seeking a simpler way to remember all the passwords you need to keep in mind, you’d be better off utilizing a password manager.

4. Talk to IT

Regardless of whether you have an internal IT team or you have a managed services agreement with a provider like MSPNetworks, you need to make sure you are communicating your issue to them in clear detail - chances are, they’ll assume that you have some kind of computer-related issue if you’re reaching out to them. Make sure you provide as much detail as you can, like what your error message says specifically, or a screenshot of your issue, if possible. This makes their job much easier, which leads to quicker resolution times. Hopefully, it goes without saying that you should remain available to IT to ask any questions of you once you reach out to them.

If your business needs more help with its information technology, don’t hesitate to reach out to us! We can help your operations by providing the IT solutions and services necessary to remain competitive today. Call (516) 403-9001 to learn more.

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.

How Has Two-Factor Authentication (2FA) Been Defeated?

There are a few different methods that have been leveraged to bypass the security benefits that 2FA is supposed to provide.

On a very basic level, some phishing attacks have been successful in convincing the user to hand over their credentials and the 2FA code that is generated when a login attempt is made. According to Amnesty International, one group of hackers has been sending out phishing emails that link the recipient to a convincing, yet fake, page to reset their Google password. In some cases, fake emails like this can look very convincing, which makes this scheme that much more effective.

As Amnesty International investigated these attacks, they discovered that the attacks were also leveraging automation to automatically launch Chrome and submit whatever the user entered on their end. This means that the 30-second time limit on 2FA credentials was of no concern.

In November 2018, an application on a third-party app store disguised as an Android battery utility tool was discovered to actually be a means of stealing funds from a user’s PayPal account. To do so, this application would alter the device’s Accessibility settings to enable the accessibility overlay feature. Once this was in place, the user’s clicks could be mimicked, allowing an attacker to send funds to their own PayPal account.

Another means of attack was actually shared publicly by Piotr Duszyński, a Polish security researcher. His method, named Modlishka, creates a reverse proxy that intercepts and records credentials as the user attempts to input them into the impersonated website. Modlishka then sends the credentials to the real website, concealing its theft of the user’s credentials. Worse, if the person leveraging Modlishka is present, they can steal 2FA credentials and quickly leverage them for themselves.

How to Protect Yourself Against 2FA Phishing

First and foremost, while it isn’t an impenetrable method, you don’t want to pass up on 2FA completely, although some methods of 2FA are becoming much more preferable than others. At the moment, the safest form of 2FA is to utilize hardware tokens with U2F protocol.

Even more importantly, you need your entire team to be able to identify the signs of a phishing attempt. While attacks like these can make it more challenging, a little bit of diligence can assist greatly in preventing them.

When all is said and done, 2FA fishing is just like regular phishing… there’s just the extra step of replicating the need for a second authentication factor. Therefore, a few general best practices for avoiding any misleading and malicious website should do.

First of  all, you need to double-check and make sure you’re actually on the website you wanted to visit. For instance, if you’re trying to access your Google account, the login url won’t be www - logintogoogle - dot com. Website spoofing is a very real way that (as evidenced above) attackers will try to fool users into handing over credentials.

There are many other signs that a website, or an email, may be an attempt to phish you. Google has actually put together a very educational online activity on one of the many websites owned by Alphabet, Inc. Put your phishing identification skills to the test by visiting https://phishingquiz.withgoogle.com/, and encourage the rest of your staff to do the same!

For more best practices, security alerts, and tips, make sure you subscribe to our blog, and if you have any other questions, feel free to reach out to our team by calling (516) 403-9001.

If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.

Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million.

How Could My Asus Laptop Get Hacked?

This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now.

The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack.

What Do I Do Now?

First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date.

If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed.

Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool.

We HIGHLY encourage you to reach out to MSPNetworks if you are running any Asus hardware. It’s better to be safe than sorry.

When we write about Net Neutrality, we typically write about how it is designed to keep the telecommunications conglomerates, who make Internet service available to individuals on the Internet, honest when laying out their Internet service sales strategy. One way to put it is that without net neutrality in place, the Big Four (which are currently Comcast, Charter, Verizon, and AT&T) have complete control over the amount of Internet their customers can access.

In 2018, the Federal Communications Commission repealed the Net Neutrality laws that were in place for several years with a vote of 3-to-2. This has allowed the ISPs to control the Internet again. Today, we present you with a brief reminder, and update the situation as we roll into 2019.

Our Internet?
Commercially-available Internet services have been made available for the better part of 30 years. It is available and utilized almost everywhere in the U.S. As broadband began to take off, there was a very noticeable shift in the way that ISPs governed high-speed internet. Today, as most applications require the use of high-speed Internet, it becomes more important than ever for people to have access to affordable high-speed Internet.

For the past seven years, legislators have attempted to pass a law that would secure an open Internet in the future. These attempts have failed miserably. Cases like Verizon Communications, Inc. vs. FCC haven’t helped the cause much, as the attempts to make broadband Internet service a utility were thwarted in the courts. Today, nobody really knows who is going to control the Internet in the days to come. Currently it is in the hands of the ISPs, but that doesn’t seem likely to stay that way. It seems like an issue that is split down party lines, so the controlling factor seemingly depends on what party controls the executive branch of the government. Without legislative intervention, that likely won’t change anytime soon.

What Is Going on with Net Neutrality Now?
Almost immediately after the last shift in 2018, lawsuits were filed and they seem to keep coming. States, advocacy groups, neutrality lobbies, and companies have all started lawsuits against the FCC both for their handling of the situation and for the repeal of net neutrality itself.

To see if the repeal of net neutrality is working to benefit consumers, you simply have to consider the following two points:

1. Net Neutrality is hindering broadband investment. In 2018, the Big Four spent much less than it did prior to the repeal of the net neutrality laws. It was the first time in three years that investment has been reduced.
2. It doesn’t make sense for ISPs to throttle Internet traffic. These companies reportedly slowed internet traffic without telling customers as soon as six weeks after the repeal. Websites such as YouTube, Netflix, and Amazon Prime were the most targeted for throttling. Verizon, specifically, was put into hot water after slowing speeds that led to slower EMS response times in sections of California battling record forest fires last year.

Despite the political bickering, there are similar views on some issues. Most governing bodies would like to see fast, open, and unobstructed Internet. There are older FCC mandates that have worked to prohibit ISPs from creating anticompetitive and harmful practices in the past, but whether these mandates would be enforceable with current FCC investment thwarted is unknown.

Individuals roundly support net neutrality laws. They simply don’t like the idea that corporations, whose stated purpose is to make as much profit as possible, hold control over how bandwidth is utilized. Only time will tell who is right.

If you would like to do something about it, go to https://www.battleforthenet.com/ and sign up. Do you believe market forces will keep ISPs honest, and the Internet open? Leave your thoughts in the comments section below.

When encryption is discussed, one of its high points that business professionals try to hammer home is that it’s more secure. But what does encryption really mean for businesses? Does it adequately protect data and devices? We’ll walk you through a brief rundown of how encryption works and the role it plays in keeping your business secure.

What is Encryption?
Encryption is a security measure that’s designed to help you keep your data safe on the off-chance that it’s ever stolen by hackers. If a hacker has access to the file, then they can use any of the data they can access, which could be a lot if you’re unlucky. Encryption removes this factor by scrambling the data in a way that renders it unreadable to anyone who doesn’t have the decryption key. This effectively makes the data useless, as high-quality encryption can take insane amounts of time and processing power to crack.

One technology solution that uses encryption particularly well is a virtual private network, or VPN. A VPN can be used by your employees to securely access your network across an Internet connection, no matter their location. It’s like a bridge between the employee’s device and your data. Imagine that there is a clear tube connecting your infrastructure to the employee device; any onlooker will be able to see the contents. Encryption makes it so that it’s more opaque, or less clear, making it more difficult for hackers to steal your data while it’s in transit.

Why is it Important?
Considering how important security is in today’s data-driven environment, you need to take any and all precautions possible to ensure your organization isn’t at risk. Encryption in particular is important because it’s a fail-safe that protects your data should a hacker somehow acquire it. With this in mind, you need to take preventative measures now while you still can. Remember, as long as your data can be stolen in a readable state, hackers will seek it out, so take matters into your own hands now to prevent a catastrophe in the future.

MSPNetworks can help your organization secure its data with encryption. To learn more, reach out to us at (516) 403-9001.

Late in the summer this past year there were several articles written about how Google would continue to track the location of a person’s smartphone after they had chosen to turn their location settings off. A Princeton researcher corroborated those claims for the Associated Press, traveling through New York and New Jersey with locations services off only to be tracked the entire way. Today, we will discuss this issue, and tell you what you need to know to keep Google from tracking you wherever you go.

Google’s 99 Problems
The perception of Google might be as of a benevolent force in a world full of malevolence to a majority of its users, but over the past few years the problems have been mounting up at the doors of the Googleplex. There has been a laundry list of ongoing legal problems, there has been an employee walkout to protest sexual assault allegations by top executives, and for its continued work as a military contractor. CEO Sundar Pichai appeared before Congress in December to answer lawmakers’ questions about data privacy and company censorship. There has also been a recent dust up with Apple over a violation of Apple App Store policy.

With all these problems on the surface, it would be difficult to assume that Google, or its parent company, Alphabet, Inc. would be raking in dough. That is exactly what has happened. Google took in an astounding $39.3 billion in the fourth quarter of 2018. With every dollar they take in, they take in so much more data. In fact, over the past week, the scrutiny over privacy problems led Google to make the claim that changing their privacy policies--something they will most likely be expected to do--could hurt their company earnings and hinder their ability to create revenue.

So Google Tracks User Data?
Like many of the most utilized services, Google, which owns the Android mobile operating system that powers over 81 percent of all smartphones in the world, tracks data down to an individual level. They contend that they do this to be able to improve their services. The more they know about an individual, the more they know about demographics, and about society as a whole. This gives them the best opportunity to develop, build, and bring to market products and services in line with what people want.

Google has its hands in lots of pies, but its most lucrative, by far, is advertising. In fact, in 2017 Google made $110 billion in profits, $95.4 billion of which came from advertising. In order to be the best they can be at advertising, they need information about consumers (and would-be advertisers).

Google’s tracking tools are numerous.

They have the number one mobile operating system (Android), the number one Internet browser (Chrome), the number one hosted email provider (Gmail), the number one video site (YouTube), the number one search engine (Google Search), and the number one mapping application (Google Maps). This is just a small list of all of Google-owned services as hundreds of millions of people and organizations also use their cloud storage systems, their productivity applications, their virtual assistant, and their news aggregate.

Privacy with Google
With all the services you use tracking every piece of data they can, keeping yourself private with Google around might be harder than you think...or is it? You’d think that you should just be able to go into your Android OS and switch off location settings and they will keep from tracking your whereabouts or your activity. This, of course, is not the case, but there is a relatively simple way to keep your location a secret...even from Google. Throw your phone in a large body of water. If you don’t have a large body of water near you, just run it under the faucet for a couple hours (or long enough for those with that pesky IP68 certification to be proven foolhardy).

We’re just kidding of course. If you want Google to stop tracking you, you will need to find, and toggle off the “Web and App Activity” setting. With this setting turned off, Google will no longer be able to store a snapshot of where you’ve been and won’t have access to browser search metrics either.

This may be annoying to some Google users, as to their understanding once Location History is toggled off, the phone should not be able to track his/her location. Google, defending the miscommunication, stated, “Location History is a Google product that is entirely opt in, and users have the controls to edit, delete, or turn off at any time...we continue to use location to improve the Google experience when they (users) do things like perform a Google search or use Google for driving directions.”

Google’s justifications could make sense, until you consider that a feature called “Web and App Activity” needs to be disengaged in order for Google to stop tracking location, even after you tell the OS to stop tracking location. While the company has a laundry list of valuable services, they continue to try and obtain as much data as they can to drive their ad program’s effectiveness, thus profiting off of consumers’ trust.

Do you think that these major Internet companies reliance on advertising revenue is good for consumers or investors? Who really is profiting? Leave your thoughts in the comments section below.

Email is a core component to many businesses. With 124.5 billion business emails being sent and received each day, that doesn’t seem to be in danger of ending. Are the emails that are coming and going from your business secure? That may be another story, altogether. In order to keep your email security at a premium, we have outlined the following tips:

Using Filters
Filters make a lot of things easier to manage and easier to interact with, but since your employees have to stay on top of their company email, having some pretty easy-to-use solutions is important. Spam-blocking can go a long way toward reducing the amount of unimportant emails each employee sees, and a dedicated antivirus software can keep malware and other nefarious entities off of your network.

Be Smarter with Your Email
No spam filter or antivirus will do it all. In order to achieve the best results with securing your email, users have to be well-versed in the best practices of email management. The most important qualification any person can make when trying to secure their personal email from hackers is to ensure that they have the knowledge of what a phishing email might look like; and to make sure that the business’ network security is up to snuff.

Here are few tips to keep your email secure.

• Know what a legitimate email looks like. For every email sent from a vendor or partner, there are two sent that are there to trick end-users.
• If you aren’t going to take the time to encrypt your email, don’t put any potentially sensitive information within the email. This goes for heath, financial, or personal information.
• The less people who have your email address, the more secure your email is going to be. Teach your employees to not give out their email addresses if they can help it.
• The email solution needs to be secured behind solid passwords, and/or biometrics. Two-factor authentication can also be a good solution to secure an email against intrusion.

End Your Session
There are circumstances that people can’t control, so if you absolutely have to use a publicly-accessible device to access your email, you have to make certain that you log out of the email client and device you access your email on. After you log out, you’ll want to clear the cache. Many browsers and operating systems today want to save your password for user convenience. Better to use a password manager than allow the most public points of your workstation to save your credentials.

MSPNetworks can help you set up an email security policy that will work to ensure that your employees are trained, and you have the solutions you need to keep any sensitive emails away from prying eyes. Call us today at (516) 403-9001 to learn more.

There will never be a time that we are not committed to improving the security of businesses. To continue striving for this goal, we’re dedicating this week’s tip to describing some solutions that can assist in locking a business and its data down.

Access Control
One of the best ways to ensure the security of your office (and its contents) is to prevent threats from getting in at all. There are many overlapping ways to do so, ranging from a fence around the office to a magnetic door lock that requires both a password and biometric authentication. Controlling access to your resources means that you are more able to protect them from threats.

If something were to happen to these resources despite an access control solution being in place, they will keep a record of who it was that entered, and when, allowing you to narrow your investigation from the start.

Data Security Policies and Practices
Your data is valuable, whether it contains your clients’ financial details, your own business’ affairs, or internal documents of sufficient sensitivity. As such, you need to be sure that you are prepared to protect this data before something happens to it.

This will require a few different activities on your part, as there is a lot of ground to cover.

With the number of cyberattacks and data breaches today, many of which rely on businesses being unprepared to deflect them, you cannot afford for your business to be exposed. Furthermore, your team needs to be made aware of the many ways that an attack can sneak through, and how to properly stop them. As more and more attacks are leveraging human error to their advantage, educating your staff is paramount to your success.

It is also crucial to enforce the policies you put in place, embracing your leadership role. By holding your staff accountable to the rules they have agreed to abide by, you can potentially shore up a few vulnerabilities up front, minimizing the rest through implementing the various best practices we recommend. Reach out to us to learn more about these practices, and how we can help you to enact them.

Review Your Insurance
If you haven’t reviewed your commercial property insurance in a while, take the time to do so. Based on your business’ location and its environment, your data security (and your building itself) could be under threat from a variety of sources. From vandalism to theft to flooding to fire, there are plenty of circumstances that could put your business’ future into question. You may want to consider boosting your coverage against certain events based on your risk of them, but you need to make sure you are insured against the risks that your business would be subject to.

Audit and Identify Risks
One of the most effective ways to improve your existing security is to establish what about it leaves you vulnerable. If you can identify the inherent risks to your business and its data, you are better able to prioritize your upgrades and optimization strategies.

A complete audit of your technology is a great way to do so, as it will shine the light on the facets of your IT that need these upgrades more than others may. You should also audit your existing security policies to both ensure that your employees are following your processes, and if these policies are effective in improving your security. If either answer turns out to be “no”, you have an opportunity to resolve it - immediately improving your security with (ideally) minimal invested time and cost.

Lean on an Outsourced Provider
A provider of professional IT services, like MSPNetworks, can make any of these activities much simpler to complete without sacrificing your internal productivity. Give us a call at (516) 403-9001 to learn more about how we can help.

Tell us, what other IT security tips have you heard? Leave them in the comments!

Data security isn’t the easiest thing in the world to plan for, especially if your organization doesn’t have any dedicated security professionals on-hand. While protecting your data with traditional methods, like passwords, firewalls, and antivirus, is important, what measures are you taking to make sure a thief or hacker isn’t just walking into your office and making off with your technology?

Chances are you have a Google account, whether it’s for business or personal use. It’s more accessible today than ever before and provides a solid way to gain access to several important features and accounts. Considering how much can be done with a Google account, users forget that they can put their security and personal data at risk. Here are some ways that your Google account is at risk, as well as what you can do to fix it.

Why Is Your Google Account so Valuable?
The Internet has always been a tool to keep those who use it connected, and data stored on it shared and accessible. However, like any tool that evolves and changes over time, its purposes and uses change with it. The idea for what would become the Internet came from J.C.R. Licklider of MIT in 1962, who intended it to be a system of interconnected computers used to share information and programs across the entire world. This idea would become the World Wide Web with the help of Sir Tim Berners-Lee, who had this to say:

“Had the technology been proprietary, and in my total control, it would probably not have taken off. You can’t propose that something be a universal space and at the same time keep control of it.”

These ideals are still retained by today’s Internet; if anything, you might say it’s reached its peak. Social media use and network collaboration is at an all-time high, generally free of control by any central entity. These ideals have led to a demand for the preservation of net neutrality and open-access information, and while these are largely upheld, there are always exceptions to the rule.

While the Internet grew in capability, it also grew in utility. These utilities depend on security and privacy. Since so many people began to use the Internet to deal with confidential information, this increased the importance of security from both the perspective of an everyday user and a business. One of the companies that has helped shape this perspective is Google, a company that offers a plethora of services on both a user level and a business level.

You can’t discredit the importance of Google services for business, such as its G Suite applications and Gmail. Even on a general consumer level, many users find Google services helpful and important to their daily routine, to say the least. With Google security so important, take a moment to ask yourself how many online accounts have access to your Google account. What are you risking if your Google password is stolen by hackers looking to make a quick buck?

What You Risk
You can use your Google account to create other accounts, either by using your associated Gmail address or linking it directly, but what does that mean for security standards? It’s important to remember that this convenience comes at a price; linking an account to your Google account inevitably ties that account’s security to your Google account. This means that if your Google account is compromised, any accounts associated with it could also be at risk.

How Devastating Can It Be?
If you’re reading this on your desktop, you can click here to access your Google account. Under the Security section, you can review all devices that your Google account has been active on, as well as all third-party applications that access your account. You can even see all the websites that are using Google Smart Lock. Take a moment to review this list. Does it contain anything particularly sensitive? How about your bank account? If this is the case, it’s easy for anyone who has access to your Google account to access any accounts associated with your Google account from the simple virtue of being able to recover passwords and usernames for the account.

A Solution
This creates a conflict between two of any technology user’s priorities: convenience and security. Some might even be willing to sacrifice security if it means a little convenience (think using the same password for multiple accounts), but in the professional world, this can be dangerous if mishandled. There isn’t a magical button that will make your Google account secure, so you’ll have to use a collection of best practices and preventative measures to make sure your credentials are properly secured. Be sure to keep an eye out for data breaches and change passwords accordingly, as well as taking into account the following practices:

Passwords and Account Security
The Google account is basically a container of credentials for any account connected to it. This means that you need a strong password or passphrase to protect it. Make sure that your password is long, complex, and doesn’t include any identifiable words that might give it away to someone just guessing at it. Also, be sure to only access your Google account on personal devices rather than public ones, as you could be putting your account at risk this way. Public Wi-Fi is in a similar risk category; only access your account through a private or secured connection.

Two-Factor Authentication (2FA)
One of the better ways you can keep your Google account secure is by making it more difficult to access. A secondary code sent to your mobile device in the form of a text message, generated via Google Authenticator, or a call made to your mobile device, make it so that anyone with your password needs to work a little harder to access your account. Enabling this kind of 2FA decreases the chances that you’ll have problems with a cybercriminal taking over your account, since it’s highly unlikely that they will also have access to your mobile device, too. Google Authenticator is by far the most secure of the options presented for 2FA for your Google account.

Your Google account can be used to access one-time authentication codes that can be printed out and kept on your person, giving you immediate access to your account on the off-chance you don’t have your phone on you at that moment. If you run out of codes or lose the list, you can generate new ones easily enough.

To set up these features, log in to your Google account.

Overall, Google offers great ways to keep your account secure, as long as you take advantage of them. To learn more about how you can keep your accounts secure, reach out to us at (516) 403-9001.

Many industries depend on their IT working properly to function as intended, and healthcare is among them. Prior to 2009, information technology had failed to take root, but with the passing of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), the health industry is much more involved and reliant on IT than it has ever been before.

Electronic medical record technology is partially responsible for this rapid adoption, as it has made record keeping much easier for the healthcare industry. Since healthcare is quite a private industry, a system that can store patient and insurance data in a central location that can easily be accessed is critical to its success. This is one of the most important reasons why the healthcare industry suffers from some of the largest and most expensive data breaches out there, exposing countless medical and financial records for millions of patients.

Hoping to find a better way to keep data safe and secure from external threats, healthcare professionals are looking to alternative ways to store data so that it’s located in an environment where it is both secure and easy to distribute. When you take into account all of the other problems associated with healthcare, such as standards of care and rising costs, it’s clear that finding a way to keep data secure and accessible, while also not stifling innovation, is critical.

The Blockchain Might Be the Answer
An emerging technology called blockchain could be one of the best ways to solve the healthcare technology issues the industry is currently presented with. Many people know of blockchain as the tech that makes cryptocurrency possible, but it’s being looked at to solve a lot of issues associated with healthcare technology. The distributed ledger and technology behind it make it ideal for sharing information to a certain extent. Developers know that doctors, insurance agencies, and patients need access to this information, and the blockchain can provide this while guaranteeing data integrity. While it isn’t all great for the blockchain’s use in healthcare, there are various benefits that the blockchain can provide:

• Medical records: Once a medical record is completed, it is placed as a node into the blockchain. This effectively guarantees the authenticity of the record. The distributed nature of the blockchain allows the patient control over their medical and insurance information rather than have it be hosted by the care provider.
• Consent: Blockchain-based applications for consent management can potentially create a standard for these practices. A doctor or insurer might need access to records, so a patient can provide their consent through the blockchain as it’s needed.
• Medical rewards: Patients might be able to reap rewards and enjoy incentives for using this blockchain technology for their health records. This would be able to promote the solution to the rest of the industry, allowing for reduced costs in the long run.

While the blockchain might still be a developing technology, it could save the healthcare industry lots of time and resources in the future. What are your thoughts on these developments? Let us know in the comments, and be sure to subscribe to our blog.

If you’ve been in business for a while, there are devices on your network that see little to no use. Even for the most frugal business, due to the fact that technology eventually winds up being arbitrary thanks to the continued development (and deployment) of more powerful solutions, there will always be situations where you have devices that do nothing but take up space. You can reduce the chances of this happening by finding the right IT for the job the first time, while sparingly implementing only IT solutions that will provide a return on your investment.

If you’re trying to determine whether or not a piece of technology will help your business, you’ll first have to figure out how the technology will affect your product or service. If you think your business can properly utilize the technology to create more opportunities and improve efficiency as a whole, then it’s clear what you must do. On the other hand, if the solution doesn’t offer you obvious benefits, you’ll have to put more thought into whether or not you’ll actually want to implement it. An IT provider or technician can be of great benefit in this regard--especially when you’re facing IT troubles.

We’ll discuss some of the technology that you’ll find in today’s business environment, as well as when you know it might be on its way out.

Server Hard Drives
Your business probably has at least one server unit on-premise which relies on hard disk drives (HDD) in order to accomplish various tasks. These tend to last around three-to-five years, but they will also showcase various signs of failure before it actually strikes. Here are some of them:

• The drive is making strange noises (clicking, whirring, humming).
• Repeated crashes and software errors.
• Repeated disk errors.
• Strange computer behavior.

Keep in mind that these signs of trouble can also apply to just about any device that utilizes a HDD. Many computers these days have moved in the direction of solid-state drives (SSD) due to the plethora of benefits they provide, but they are constructed in a fundamentally different way. Monitoring them is the best way to ensure they don’t prematurely fail and cause a world of trouble for your organization. MSPNetworks can help you accomplish this in an easy and affordable way that won’t break your bottom line.

As far as some telltale signs of a failing SSD, here are a couple to think about:

• Recurring error messages
• Files that can’t be written or read
• Frequent crashes during the boot phase

Upgrading your hard drives and solid-state drives periodically can help you ensure minimal damage in the long run, but we always recommend having a quality data backup system in place as well to minimize downtime and the costs associated with it.

Networking Components
Businesses that suffer from networking problems can have significant difficulty keeping operations progressing at a smooth rate. If your employees need access to data or the Internet to do their jobs, they will simply get paid to do nothing in the event of a downtime incident. If you are experiencing issues with staying connected to the resources needed to stay productive, perhaps you need to investigate the issue at the source of the problem--either your router or the service provider.

Of course, it could also just be an internal networking issue, but this isn’t always easy to diagnose. If your business needs assistance with rooting out the cause of networking problems or inconsistencies with your IT infrastructure, MSPNetworks can help. To learn more, reach out to us at (516) 403-9001.

If your business experiences a technological failure, how many operations simply stop dead in their tracks until the problem is resolved? While it might seem like you have no control over your business’ technology (at least the issues that cause downtime), this is far from the truth. If you take action now, you can prevent issues from cropping up in the first place rather than reacting to them later, after they have already caused considerable problems for your business.

If you think about it, waiting to fix problems as they appear is simply accepting that downtime will be an issue. This is a dangerous and wasteful mindset to have. If you can prevent it from happening, then you should. Your bottom line will thank you for it.

Unfortunately, it’s not always easy to add new initiatives to the docket, whether it’s because you have plenty of other responsibilities or you don’t have the budget to hire new staff members to handle it. Thanks to a service called remote monitoring and management (RMM), you won’t have to worry as much about these problems. MSPNetworks can provide your business with remote maintenance to catch issues early and resolve them before they cause trouble. Here are some of the benefits:

The Benefits

• You’ll acquire a better understanding of your organization’s IT: Countless questions about your IT are asked throughout the day, and many of them have to be answered in order to maintain operational efficiency. RMM can address these issues before they even become problems. It’s not uncommon for issues to be resolved without the business even knowing they were about to have a major problem on their hands.
• Your internal productivity will increase, diminishing downtime: Imagine that you have recurring issues that keep your staff from being as productive as they can be. These repeated problems can basically equate to downtime, as they are unprepared for (and can create situations where) your staff cannot work as intended. MSPNetworks can monitor your systems to ensure they encounter as few problems as possible, adding more productivity back into their workday.
• You’ll learn more about your maintenance needs: Internal IT networks are essentially the engine of the business. They are what provide organizations with the tools and data needed to proceed. Of course, they will always require maintenance at some point, as they are built out of technical components that receive wear and tear from daily use. If these are monitored, you can keep them from failing when you need them most. This gives you the chance to act on these inconsistencies and prevent a disaster.
• Efficiency will increase: Without downtime in their way, employees will be empowered to get more done throughout the workday. Remote monitoring and management can cut these distractions out completely be solving the root issue of the recurring problem.
• Security will improve dramatically: Security updates can become a major point of contention for organizations that don’t issue patches as they are released. This is why so many businesses fell at the hands of ransomware like NotPetya and WannaCry. Updating systems is made much easier thanks to RMM solutions, as the patches and updates can be issued remotely without the on-site intervention of technicians. This helps you focus on operations rather than keeping your business safe.

The benefits of RMM basically mean that you’re putting all the time you would normally spend worrying about keeping your business functional back into your schedule for other tasks. If this sounds like a great deal for your organization, reach out to MSPNetworks at (516) 403-9001.

What are your chances of being hacked, or targeted by some kind of cyberattack? I hate to tell you this, but they’re probably a lot higher than you might think.

For instance, despite almost 90 percent of small business owners believing they’re safe, about half of all small businesses will suffer from a catastrophic cyber-attack.

Are you at risk of being part of the unfortunate half?

Fortunately, there is a lot that you can do to help reduce the chances that a cyberattack will successfully target you. This is a really good thing - not only will a hack damage your relationships with everyone involved with your business, half of the businesses that are attacked close up shop within six months.

I’ve seen it happen far too often to businesses that just weren’t prepared.

Here, I’ve compiled a few tips to help you improve the basics of your cybersecurity, reducing your risk of a successful attack:

• Updates - We know how annoying those update notifications can be, but it is important to remember that the vast majority of them are meant to improve security in one way, shape, or form. Therefore, you should prioritize these updates whenever possible. It may prevent an attack from victimizing you.
• Involve Your Employees - The unfortunate reality is that your employees can be the biggest vulnerability your business has. Properly educating them in cybersecurity best practices and holding them to these standards will help reduce the chances that one of them will inadvertently let in a threat. Training them in various security best practices and explaining why certain requirements are in place will help to motivate them to participate for the company’s benefit.
• Limit Access - On the other side of the coin, the less an employee has access to, the fewer chances there are that one of them leaves you vulnerable in some way. The same can be said of your clients - regardless of how much someone is trusted, you shouldn’t allow them privileges beyond their role. Whether its role-specific resources, data, or other information, employees should be given individual login credentials to make assigning privileges easier. Your business Wi-Fi should also remain separate from the Wi-Fi made available to clients.
• Backup, Backup, and Backup Again - If, despite all your preparations, you are still infiltrated, you want to have an extra copy of all of your important data somewhere else, safe and sound. This backup copy would ideally be stored offsite and securely encrypted.

As it happens, MSPNetworks is able to help you out with all of these measures, and many more.

If you want some added help with these cybersecurity basics, or want to do more to protect your operations, you can always lean on us. MSPNetworks is committed to ensuring that your technology allows your business to operate better, improved security being a major part of that goal. Reach out by calling us at (516) 403-9001.