Hackers Target Zoom Meetings for Cyberattacks

Zoom Security Issues

Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform

As the usage of Zoom has skyrocketed during the coronavirus outbreak, the company has had to respond quickly to security flaws and potential phishing attacks  

As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool.

The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. For context, the company noted that as of December 2019, the most significant amount of daily users was 10 million. In March, that number ballooned to 200 million.

How Are Hackers Exploiting the Zoom Platform?

For many exploits, it starts with a website.

According to Check Point, more than 1,700 domains had been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.

Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.

It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.

“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”

What Is Zoom Doing to Protect Users?

Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:

  • Zoombombing. Multiple incidents of zoombombing have arisen in recent weeks. Uninvited visitors to online sessions have gained access and harassed participants by playing music loudly, displaying pornography and disrupted sessions. That’s led to more explanations of passwords, muting controls and sharing settings
  • Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If chatters used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed
  • Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information
  • Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy

The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”

How Can You Protect Zoom Users from Cyberattacks?

Here are some tips to ensure that Zoom users are protected:

  • Use password features to require meeting attendees to log in before being allowed access
  • Update the software. Users should be alerted that upon finishing a meeting, the software will check to see if an update is necessary
  • Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice
  • Be careful about recording meetings. The recording sits in a file, either online or the host’s computer and could be stolen

Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.

Coronavirus Forcing Your Workers to Stay Home? Quickly Shift to an At-Home Team in the Midst of Crisis

Coronavirus Work From Home

How to Create a Work-From-Home Team Quickly As Your Business Deals With the Coronavirus

Stay productive and secure your tech network as you deal with the coronavirus. Get support for at-home employees. Learn how to switch from an in-office to a remote team.  

Coronavirus Work From Home

In the midst of the coronavirus, business owners are facing a host of new challenges. To slow the spread of the virus, you may have been asked to suspend services or allow your employees to work from home. At the same time, however, you also need to continue to bring in revenue, stay productive, and focus on growth as much as possible.

Making the shift from an in-office to a remote team quickly, especially at a time when everyone is dealing with untold stresses, can be difficult, and the right approach is essential. Check out these tips.

1. Decide What You Need to Stay Productive

Creating a remote team isn’t as easy as handing your workers a laptop and telling them to check in once in a while. If you don’t have a current work-at-home policy, you need to create one from scratch, and you may need to adjust workflows, find new tools, and create new security policies. As you try to facilitate this shift, keep these types of questions in mind:

  • What can my employees accomplish from home?
  • Can they handle core business activities from home?
  • Even if my business is deemed essential, can I send some employees home?
  • What types of projects do I want to prioritize during this time?
  • What applications do I need to facilitate workflows and keep everyone connected?
  • How can my employees work from home without compromising the security of our network?
  • What can I do to make this new arrangement as productive and comfortable as possible for myself and my team?

2. Consider Providing Employee With Devices

Don’t necessarily encourage your employees to use their own devices when working from home. Their home computers and tablets have all kinds of music, videos, images, and other downloads that may be infected with malware, and their devices are usually not equipped with the same level of antivirus or malware software you use in your office.

To reduce the threat of cyberattacks, consider providing your team with company-approved and secured devices. However, if you already have a bring-your-own-device (BYOD) policy for your office, you may want to continue having employees use their own devices because in this situation, you’ve already taken steps to secure those devices.

3. Help Your Workers Secure Their WiFi Access Points

As a general rule of thumb, your employees home WiFi networks are probably less secure than the WiFi you use in your office. To secure these access points, instruct your team to do the following:

  • Use stronger encryption
  • Create more complex passwords
  • Hide your network names
  • Use firewalls

To help your employees with these steps, you may want to create detailed tutorials or contact an IT managed services provider to help you.

4. Route Traffic Through a Two-Factor Authentication VPN

To secure your tech environment as much as possible, consider having your employees access your network through a virtual private network (VPN). A VPN encrypts all the information passing from your employees’ computers to your network. Even if a hacker gets onto your employee’s WiFi network, they cannot see keystrokes or any of the data being transmitted.

If you don’t already have a VPN, look into services such as GoToMyPC or Zoho. Also, try to choose a VPN that supports dual-factor authentication. Then, your employees have to enter a username and a password, but they also have to use a second authenticator such as a code texted to their phone number or email address. This layer of security provides extra defense against cyber criminals.

5. Consult With an IT Managed Services Provider

Returning to business as normal may not be possible for a while, and a managed IT services provider can help identify the tools and processes you need to support your new working environment, while also taking steps to ensure your network is as secure as possible.

In difficult times, you want your business to survive, but if possible, you should try to thrive. Our managed IT services can help you adapt to this quickly changing environment. We can help you choose the tools, the processes, and the resources you need to stay as productive as possible.

What You Need to Know About Two Factor Authentication

Two Factor Authentication

Everything You Should Know About Two Factor Authentication

Does your business use 2FA? With the prevalence of data breaches today, it’s time to start employing this simple security feature within your business.  

Without a doubt, you’ve read and heard about the rampant cybersecurity problems that are insidiously plaguing businesses today. Municipalities in places like Florida, South Carolina, and elsewhere are having access to their systems denied unless they pay hundreds of thousands of dollars. Businesses of all sizes and in all industries are being shut out of their data until they do the same.

As a business owner or manager yourself, you are probably concerned about whether your organization will fall victim to the same fate. What can you do to prevent a cybersecurity attack?

You may be surprised to know that the fate of your business’s security probably lies within a straightforward thing that you and all of your coworkers and employees use every day: passwords.

The fact of the matter is that most people in your business are putting your data and systems at risk every day with the weak login credentials they use. That is, many people use the same password for all of their accounts — both personal and business related. Furthermore, many people use passwords that are way too simple and easy to guess by hackers — the name of the street that they live on, the name of their pet, their date of birth, or their anniversary date.

It’s hard to stop people from doing this because most employees don’t think that their password really matters. They assume that it will never be guessed by anyone (how could it be?), and as long as they don’t share it with anyone, it’s good enough to keep would-be cybercriminals at bay.

Unfortunately, this is not the case.

The only way to indeed keep hackers from guessing passwords or using high-tech trial and error algorithms to uncover passwords is to use two-factor authentication, also known as 2FA.

What Is 2FA?

2FA or two-factor authentication is a security system that forces users to have two proofs of identity before they can log in to a database, program, computer, or network. This is a system that you should be using at home and within your business.

As the name implies, there are two elements of two-factor authentication. First, the user must provide something they know. This could be a password or passcode, a pin number, or the answer to a secret question.

Next, the user must provide proof of something they have. For example, the two-factor authentication prompt may ask that the individual put in their credit card number (because their credit card number is something they possess). Likewise, some organizations will give each individual employee a security token that actually stays in their possession. This might be an RSA security device, a Google Authenticator, or something else. This device will be activated when prompted during login and will provide a passcode or pin that changes frequently. Another option is biometric authentication, such as an iris scan, voiceprint, or fingerprint.

Has Your IT Services Company Spoken to You About 2FA?

As the owner or manager of your business, it shouldn’t be your responsibility to ensure the security of your sensitive data and network systems. This responsibility falls on the shoulders of your IT services company, and within their security division, one of the pillars of a robust cybersecurity strategy should be two-factor authentication.

If your IT services company has not spoken to you about employing a two-factor authentication system, don’t wait to ask them about it. The foundational necessity of this simple security measure suggests that if they haven’t already employed it, they’re probably not doing their job in other ways.

In that case, it’s time to find a new managed services provider. Give us a call, send us an email, or visit our website today to learn how we can help.

Two Factor Authentication

Smart Steps When Working From Home

Working from home coronavirus

Working From Home Due to Coronavirus? Consider These Tips

If you’re suddenly working from home due to the coronavirus, maximize productivity with a dedicated workspace, enjoyable breaks, and engagement with colleagues.  

For the vast numbers of Americans suddenly barred from their offices due to the coronavirus pandemic, working from home can pose significant challenges. At home, distractions — including undone chores, needy pets and bored kids — abound, and tech troubles like unreliable Wi-Fi can stymie conference calls and online meetings.

What are some steps you can take to maximize productivity as you maintain a balance between the personal and the professional?

Working from home coronavirus

Create a Dedicated Workspace

For individuals living in small homes, working at the kitchen table may seem natural. However, trying to get work done in a space that has other uses — such as eating — can pose problems. At mealtimes, you’ll need to move your laptop, tablet, papers and other necessary work-related items elsewhere, then move them back later. In addition, working in a central location in your home can expose you to any number of distractions.

Consider setting up a dedicated workspace that’s private and quiet. Even a small desk tucked into a corner of your bedroom can work, and it provides you with a spot for leaving your work items set up at all times. A dedicated workspace also makes it easier to separate the professional and personal portions of your day.

Schedule Calls and Concentration Sessions

Working from home, you may feel disconnected from colleagues — and, thus, obligated to participate in any calls or virtual meetings to which you’re invited. At the beginning of your workweek, consider reviewing your schedule to make note of any planned meetings.

Once you know when to expect virtual meetings, cordon off some time dedicated to intensive work that requires uninterrupted concentration. Staying connected with co-workers will be more important than ever as you try to get your work done remotely, but you also need periods you can devote to critical projects.

As you hammer out your weekly schedule, take advantage of the flexibility that working from home offers. In the time that you don’t spend commuting, you can take calls or dive into intensive tasks. If you prefer to read or get work done in the early mornings or later in the evenings, you can do so.

Make Your Breaks Count

As you work remotely, consider scheduling some breaks into your day. Particularly when you work in a confined space, getting some fresh air and a change of scenery can provide a needed boost for both your state of mind and your productivity.

During the few minutes at a stretch you spend away from your screen, try to work in some activities that support health. Whether you prefer a quick walk or enjoying your lunch outside, time outdoors can give you the recharge you need to spend meaningful hours back at the computer.

Find Ways to Engage With Colleagues

If your job involves working as part of a team, you’ll want to keep in touch frequently. Along with virtual meetings, a business-oriented chat app can allow you to ask questions and provide feedback quickly and without the formality of email. For groups who work together throughout the day, a dedicated chat room can provide a virtual location for checking in between project work.

When you’re trying to concentrate or you’re on a deadline, you can use “do not disturb” functionality to signal that you are currently unavailable for online chats or calls.

Video calls have their downsides, including using more bandwidth than regular audio calls. However, conducting virtual meetings through video calling also provides an additional level of nuance and interaction that you may not get with the typical conference call. If you participate in frequent calls, consider using a video calling app for at least some of them.

As you adapt to performing your job from home, you’ll discover what works best for you — including creating a dedicated space, scheduling time for concentration, engaging with colleagues, and taking meaningful breaks. Your co-workers may appreciate hearing your tips as they strive to develop their own remote work-life balance.

Remote Workforces Deliver Business & Employee Benefits

Remote Working Coronavirus

When considering the employee and employer benefits of working remotely, businesses are wise to change. The alternative could make your outfit less competitive.  

If you would like to gain a little perspective on how radically our culture has changed, try this exercise. Pick up a pencil and a piece of paper and write out a half-days’ worth of emails rather than send them electronically. You will probably discover the first one looks more like scribble than cursive writing. And, your productivity will completely tank.

Remote Working Coronavirus

At first blush, the exercise demonstrates our reliance on electronic devices and real-time communication. But on another level, it shows that thought leaders are wise to embrace technological advancements as they emerge. Remote workforces rank among the more innovative trends of the business landscape today.

“To remain competitive in today’s work-from-anywhere environment, companies will need to invest in responsive technology infrastructure and enhanced virtual collaboration tools, as well as training and tailored performance management and incentive strategies for remote workers,” director of HR at the Gartner research group Emily Rose McRae reportedly said.

This shift away from in-house staff to people working from home or on the road once earned mixed reactions from industry leaders. But the COVID-19 pandemic has prompted businesses across the globe to find a way to have valued employees work from home until health crisis passes. Employers and employees alike are discovering this advancement tend to be mutually beneficial when utilizing platforms such as Microsoft Teams.

Mutual Benefits of Remote Workforces

The health crisis has motivated businesses to shift to Cloud-based systems and Microsoft Teams strategies as a short-term measure. But HR departments may want to take the opportunity to scan the workforce landscape because work-from-home expectations are expected to surge and impact hiring.

“By 2030, the demand for remote work will increase by 30 percent due to Gen Z fully entering the workforce. Gartner’s most recent ReimagineHR Employee Survey found that only 56 percent of managers permit their employees to work remotely. Organizations without a progressive remote-work policy will be at a competitive disadvantage for attracting and retaining talent,” according to Gartner.

That being said, these are the reasons why the global trend to remote productivity is well-received by management and staff.

  • Commute & Stress Reduction: No one can dispute the fact that commuting to the office adds unpaid work hours. Sitting in traffic or being packed into commuter rails tends to be an unpleasant way to begin and end each day. Employees and employers share this stressful routine. Remote work platforms such as the Cloud and Microsoft Teams allow all parties to sit down with a morning beverage and log on from anywhere. No hustle, no bustle, no extra hours, and no commuter expenses.
  • Talent Without Borders: Before the massive cellphone footprint, people used landlines with rotary dialing, and long-distance was expensive. In those days, it was common to pay a premium just to call someone in the next state over. But just as your cellphone can connect you to people far outside your region without added expense, so can the Cloud. When projects are conducted in Microsoft Teams via a Cloud-based network, your remote talent pool expands exponentially. A skilled person 1,000 miles away can secure a job they are qualified for, and employers gain access to talent otherwise unavailable.
  • Reduced Infrastructure: An increasing number of organizations that do not necessarily require a brick-and-mortar footprint. These outfits can eliminate that cost in some cases. Other operations can reduce office space expenditures. With remote workforces, less can be more.
  • Live-Work Lifestyles: Millennials and the Gen Z crowd tend to see work and life more closely aligned in their lifestyle than previous generations. The Cloud has been a boon and securing offsite positions allows employees a preferred professional lifestyle. Raising children no longer comes attached to childcare expenses or limited “parent hours” jobs.

Microsoft Teams Supports Remote Workforce Culture

With dispersed workforces increasing, Microsoft Teams ranks among the most business supportive products on the market. It seamlessly works with Cloud-based networks and delivers real-time communication. The platform offers chat, video conferencing, managed channels, shared calendar options, and project space that can provide supervisors with top-tier oversight. In these troubling times, Microsoft Teams use has surged by tens of millions. But industry leaders may also want to consider the long-term benefits of embracing remote workforces into the future.

Coronavirus Spreads Computer Viruses as Hackers Target Businesses

Coronavirus Hackers

Hackers Target Businesses Concerned Over COVID-19

Hackers are capitalizing on fear and concern related to coronavirus to launch ransomware and malware attacks. Here’s how to protect your business and employees.

As the COVID-19 spreads worldwide, hackers are taking advantage of an already stressed and strained healthcare system to attack vulnerable companies. Phishing attacks are on the rise worldwide, capitalizing on fear and a desire for information.

In many cases, hackers are sending emails purportedly from the World Health Organization or local hospitals. However, these emails contain ransomware and keystroke-logging malware.

Here’s the latest on coronavirus-themed attacks.

Coronavirus Hackers

What Is the Emotet Trojan Virus?

IBM recently warned of a spam issue targeting Japan. The messages contain Microsoft Word files that are full of macros. When opened, the macros infect uses with the Emotet Trojan. Once launched, the trojan can insert itself into email conversations. As the trojan propagates, the malware lets hackers steal information and embed malware onto users’ machines.

Japan is particularly vulnerable, not only due to the coronavirus but also the upcoming Tokyo Olympics, which are under threat of cancelation. One message translation warns of the coronavirus’ spread to areas of Japan, urging readers to open the attached notice.

A similar campaign has targeted Italian companies with a phishing campaign. It purports to be a notice from the World Health Organization with precautions to take to prevent the virus from spreading.

It contains a malicious Word document asking users to click on an “Enable Editing” button then an “Enable Content” button to see all the information. Users doing so, however, download the Ostap Trojan-Downloader. It contains the Trickbot downloader that is a customizable, frequently updated tool popular with hackers.

How Are Hackers Exploiting the Coronavirus?

As the number of news sites covering the coronavirus has grown, so too have the number of registered domain names related to the virus. According to one analysis, since January 2020, more than 4,000 domains have been registered globally related to the coronavirus. Three percent are considered malicious and another 5 percent deemed malicious, making coronavirus-themed domains 50 percent more likely to be dangerous than others registered in the same timeframe.

The World Health Organization has issued a warning about the daily reports it’s receiving about phishing attempts. However, hackers are smartly creating emails that look as though they’re coming from official sources, leading more users to open the emails and download files. Hackers can scrape information from official websites to create email templates that seem legit.

“National emergencies and/or disasters add a fear factor that acts as one more hook for hackers to get what they need,” said Ron Culler, ADT Cybersecurity’s senior director of technology and solutions, in a recent Vox article. “When fear is added to any targeted campaign — be it a legitimate or scam campaign — the effectiveness of that campaign is increased.”

How Can We Prevent Phishing Attacks?

Businesses can take several steps to educate employees and protect against these attacks. A layered approach to cybersecurity is a prudent way to reduce the risk of attacks from various vectors. Here are some tips:

  • Educate users about the prevalence of coronavirus-related phishing schemes, advise them to be cautious and show them how to detect suspect emails (look for spelling and grammar errors, check the sender’s email address)
  • Ensure that hardware and software are patched and updated promptly, ideally with automated update tools
  • Use and update endpoint anti-virus, anti-phishing, anti-spam and anti-malware tools
  • Have an incident response plan in place to ensure teams can respond quickly in the event of a ransomware or malware attack
  • Update endpoint detection tools such as firewalls and other system monitoring and alert solutions
  • Consider segregating networks to reduce the impact of self-propagating malware
  • Use email security tools that inspect attachments and disable the running of macros on attachments
  • Update blacklists of malicious IP addresses and compromised websites
  • Use content filters to block access to inappropriate and dangerous websites
  • Review access restrictions to limit the spread of malware throughout systems

Businesses must now address coronavirus-related issues both from an employee safety standpoint and a cybersecurity perspective. For assistance in protecting your business from coronavirus cyberattacks, contact your managed services provider today.

Top Tips for Improving Data Analysis with the IF Function in Microsoft Excel

Microsoft Excel Training

Improving Data Analysis with the IF Function in Microsoft Excel

Have you ever wondered what the IF Function in Microsoft Excel actually does?  Here we explore a few top tips for making it save you time while evaluating data. 

 

There’s no doubt that Microsoft Excel is a robust program. Companies all over the globe utilize this application to analyze, track, and otherwise organize data in an easy-to-read format. But how much do you know about it and the various features that are available? And are you taking the right steps to ensure you’re looking at your spreadsheets in the most efficient manner possible? Here are a few of our tips and techniques to help you save time and improve your data analysis by using the IF Function in Microsoft Excel.

Tip #1: Understand What the IF Function Actually Does to Help Your Workflow

The first real step in making sure you’re using Microsoft Excel’s IF Function appropriately is to understand what it actually does. The IF Function tests whether a condition is true or false, and then performs an action. These actions can be calculations, data entry, or something closely related. The function is incredibly useful if you have large data sets or need to make significant changes, as it is a great way to save time in your workflow.

Tip #2: Creating the IF Function is Incredibly Easy

Creating the IF Function effectively starts with knowing the three parts: the logical test and then a value if true and a value if false. From there, all you have to do to make it work with your spreadsheet is to choose the data sets that you want to evaluate and determine what you want the true and false results to be. To do this, use the IF Function on the Insert a Function menu. Click okay and enter the conditions as you are prompted to do so on the screen.

Tip #3: Knowing How to Nest Functions

It is possible to use multiple IF Function formulas at the same time. In some cases, you might have multiple different possibilities or different levels of data that you want to compare. That’s when knowing how to nest multiple IF Functions becomes important. Nesting functions adds the ability to build more comparisons within your formulas instead of having to complete them separately.

Tip #4: Adding AND and OR to Your Functions

You can also add AND and OR to your IF Functions to make the results much more specific. While this is technically part of understanding how to nest functions, knowing how to do this is an effective way of utilizing the IF Function in a more efficient manner. An example of this is comparing two columns of data: one showing the amount of sales and one determining if an employee has completed training. By adding AND or OR to your IF Function, you can show a specific result, such as those employees that hit a specific sales goal and finished the training program you provided. As you can see, this can be a really easy way to get the information you need without having to spend a ton of time scouring through your entire spreadsheet.

Tip #5: Using Range Names to Make Data Easier to Sort

Range names are essentially a stored label that allows you to identify a range of one or more cells. They are incredibly useful for navigation, formulas, and even printing off specific parts of your spreadsheets. For use with the IF Function, you can utilize data ranges to save time when you’re working on a specific block of values as it allows you to use that range name instead of specific cell names. Range names can have letters, numbers, or an underscore, but cannot have spaces. And they are not case-sensitive, but title case is recommended for ease of viewing.

Tip #6: Remembering to Use Quotations with Text Strings in Your IF Function

Using the IF Function is an incredibly easy way to add text to a specific cell when certain criteria are present. However, you do need to remember to use quotations around your text strings in your IF Function formula. Failure to do this can really mess up your data set and make the formula not work correctly. Should you have a problem getting the IF Function to work for you, this is one of the first things you need to check.

Tip #7: Changing Text with Conditional Formatting Based on Your Result

Not only can you add text or insert a formula with the IF Function, but you can also change text visually with conditional formatting based on your result. It can be done automatically and setup within Excel under the Home tab. Examples of this option in use include turning a specific number bold and red if it does not meet the criteria of your IF Function, or highlighting it in yellow if it does meet certain requirements.

Conclusion
Microsoft Excel is a great way to analyze and interpret datasets. The IF Function allows you to do this in an easy-to-read and simple manner while saving you tons of time in the long run. These quick tips are a great way to skip complicated formulas and really make your spreadsheets work for you.

Microsoft Excel Training

What Is Two Factor Authentication?

Two Factor Authentication

Protect Yourself – Use Two-Factor Authentication for Your Business

Learn about what two-factor authentication is and how it works. Once you understand its benefits you will see how helpful it could be for your business.  

 

Two-factor authentication is something every business should be using to protect themselves and their customers. You know the value of adding layers of security to your business. If you have a brick and mortar operation, you probably have a lot more than a simple lock on your front door. Security cameras, alarms, barriers and more are common for most businesses because one layer of security is never enough. The same is true for online security. Two-factor authentication gives your business and customer another layer of protection beyond the standard password – so why not use it to improve your security?

What is Two-Factor Authentication?

You have probably already encountered two-factor authentication as you navigate the internet for personal or business reasons. All the major tech companies like Google and Facebook are using it because it makes sense to do so. The process of two-factor authentication goes something like this:

  1. Input your username and password. Two-factor authentication starts off just like your standard security measures. You input your username and password for the site you are trying to access or the app you are trying to use. This is the first step of the authentication process, the first factor.
  2. Provide a second factor to authenticate yourself. Here is where two-factor authentication becomes special. It asks for you to provide a second factor that is much harder for hackers to mimic. For example, it might ask to send an authorization code to your smartphone or ask for your fingerprint to verify your identity. Hackers are much less likely to have these available to mimic you and try to access your account.

You have definitely encountered the older way to verify your identity – security questions. But security questions have become less and less effective at protecting your information than they used to be. Most security question answers can be found on your social media account, after all. Hackers can spend just a little time doing some research to find all the answers they need, particularly if they have already stolen your password from another site through their cybercrime efforts.

How to Use 2FA in Your Business

You can easily implement two-factor authentication or 2FA into your current business security efforts – both for your employees and your customers. There are multiple ways you can use two-factor authentication, including:

  • Text Messages (SMS). Most people prefer to use SMS to verify their identities over the other methods listed below because it is so easy to check your text messages and access the authorization code. All the user needs to do is log in with their username and password, then receive the code through SMS and type the code into the verification box. The only drawback to this method is that if the user loses their phone they can’t authenticate.
  • Email. You can also allow users to send their verification code to their email. They need to be able to access their email – which usually isn’t a problem – but if they can’t this method would not work. The other problem that can come up with emails is that they can sometimes get caught in spam filters and never arrive at the person’s inbox.
  • Phone Call. While this option is not used nearly as often as the two above, it is a possibility depending on the system you are using. The user can choose to get a phone call which will use text to speech to deliver the code they need to log in.
  • Tokens. Some companies find it easiest to give employees tokens, either hardware tokens like key fobs or software tokens through apps, that can then be used to provide the second factor in the authentication process.
  • Push Notifications. It is possible to get an app that will allow users to receive push notifications so that they can authenticate their accounts. They get the notification and then click yes or no to authenticate.

2FA is possible using a variety of methods – the most important thing is that you start using it to begin with. Whichever authentication method you choose, your business and your customers will be more secure as a result.

Two Factor Authentication

Does Your Cybersecurity Plan Include Incident Response Measures?

Incident Response Planning

Has Your Business Fallen Behind In Its Incident Response Strategy?

Incident Response plans are proving to be a key element in data breach recovery. That’s why proactive industry leaders are adding and updating these strategies.  

Incident Response Planning

Entrepreneurs and other decision-makers are acutely aware that doing business in the digital age requires robust cybersecurity. Most companies employ standard anti-virus scans, firewalls, and other commonplace measures to protect valuable data. But we are all just as keenly aware that the number of debilitating data breaches suffered continues to uptick despite business leaders’ best efforts.

From 2017 to 2018, the number of exposed records increased from 197 million to more than 446 million, according to reports. Cybercriminals will ultimately continue their efforts to come up with increasingly deceptive ways to penetrate business networks and leverage personal identity files, financial records, and other information that can be ransomed or sold on the dark web. How your organization responds to a breach could have lasting implications about business sustainability. That’s why companies now need an Incident Response plan embedded into their cybersecurity strategy.

What Does An Incident Response Plan Entail?

Proactive business leaders are enlisting the help of cybersecurity experts to create a viable response to an otherwise debilitating breach. These plans are crafted with input from key stakeholders to be ready to identify, contain, mitigate, and make a full recovery from a cyber-attack.

What many industry professionals may not realize — until it’s too late — is that recovery from data and financial loss could be the least of your problems. When employees, shareholders, and other businesses are impacted due to a hack of your network, you could be facing civil litigation. With that goes the industry reputation you worked so hard to develop. To truly recover from a systems hack, industry leaders are pulling together their resources to implement a six-phase Incident Response plan.

How To Develop A 6-Phase Incident Response Plan

It’s imperative that decision-makers understand that a robust Incident Response plan is not a set-it-and-forget-it endeavor. As part of your overarching cybersecurity strategy, it will need to be revisited regularly. That’s mostly because digital bandits are ceaselessly finding innovative ways to penetrate business defenses. Regardless of their criminal activity, a deftly implemented Incident Response plan delivers results. These are the six necessary phases.

  • Preparedness: This phase calls for your valued team members to be trained to manage their clearly outlined responsibilities in the event of a cyber-attack. Common strategies for readiness include running mock breaches and ongoing education.
  • Threat Identification: A hacker can attempt to breach your system in a variety of ways. Targeting endpoint devices and convincing an unsuspecting employee to log in or click on a malicious link is among the most prevalent. Having the ability to identify threats and breach entry points promptly reduces response time.
  • Damage Containment: From the moment a breach or cybersecurity incident occurs, your ability to deter the spread of malicious software or the removal of data ranks among the most crucial ways to control the damage. Hackers may decide to destroy files after their theft to erase digital fingerprints. It’s in your best interest to have methods in place to swiftly regain control.
  • Eliminate Threat: Once you have secured control over your data, eliminating the threat must be decisive. The cause may be malicious software or login and password penetration. Whatever allowed the cybercriminal into your business system, it must be stamped out immediately.
  • Begin Recovery: Once you are satisfied that the threat has been eliminated, the team members tasked with restoring systems and data can do their job. Having an actionable Incident Response plan likely helped save essential data and shortened the time your operation was offline. If you believe other parties could be impacted, notify them promptly.
  • Post-Mortem Analysis: In the aftermath of a cyber-attack, specific team members should be designated to gather information and create a report to share with key stakeholders. There are valuable lessons to be learned that can make your organization better prepared the next time.

Although every business wants to be ready to defend against a cyberthreatThe Third Annual Study on the Cyber Resilient Organization indicates that upwards of 77 percent do not have a clearly articulated Incident Response plan in place. If your organization has not implemented an Incident Response strategy, we would like input about enhancing an existing one. It may be in your best interest to enlist a third-party cybersecurity consultant.

[Video] What Is Ransomware?

What is ransomware

What Is Ransomware: 5 Tips To Protect Your Business

Ransomware can damage and take a heavy financial toll on your business. What is ransomware and 5 tips you can take to protect your business today?  

 

For businesses and organizations of all types, the Internet represents great promise and risk, with risk in the form of cyberattacks. Of the different kinds of cyber attacks, ransomware, in particular, can be very damaging exacting a heavy financial toll on you and your business.

What is ransomware?

Ransomware is a type of malicious software designed to block access to your system until a ransom is paid. The reason they are dangerous and damaging is that even if you pay, there is no guarantee that you will get your system back. There are many stories of organizations paying their ransom, receiving nothing in return, and dealing with the loss of their data.

What happens in a ransomware attack?

In a ransomware attack, hackers gain access to your system through a malicious link or vulnerability attacking your network and backup files. Their mission is to render your back up files and folders useless so that you cannot gain access to your system files. Once incapacitated, the hackers contact you demanding a ransom, often in the form of cryptocurrency such as Bitcoin, believing that they are protected behind a shield of anonymity.

What types of organizations are targeted?

One would think that the organizations most vulnerable to a ransomware attack are small to medium-sized. The truth is that any organization that is not taking its cybersecurity seriously is at risk of a ransomware attack. Cybersecurity, for many, is often an afterthought until it happens to them. This includes businesses, non-profits, and government agencies of all sizes.

How can I protect my business from ransomware attacks?

While there are things you can do to minimize the chance that you will be a victim of a ransomware attack, the risk cannot be entirely eliminated. However, there are steps you can take to minimize the risk of an attack. If ever you needed a reason to take action, consider that ransomware prevention is a fraction of the cost to recover from a ransomware attack. Never mind the financial cost. Consider that for most businesses, their IT system is the brains and nerve center of their operation storing customer lists, financial information, and everything else.

Some of the things that you can do to prepare for a ransomware attack include:

Having a business continuity plan

A business continuity plan consists of daily backups of all of your data, both locally, and to the cloud.

Invest in the best tools and equipment

You don’t want to cut corners when it comes to your cybersecurity. For that reason, you want to invest in the best tools and equipment. This includes anti-virus software, anti-malware, DNS filtering, and very strong firewalls.

Never click an unknown without knowing the sender

The average office worker receives 121 emails per day. As a result, it is easy to see how you or an employee can overlook a malicious email. While most people would click a link or download a file without a second thought, never open an attachment or click a link without verifying the authenticity of the sender. If you have any reservations about an email or sender, delete the email.

Keep up on your training

Cybersecurity is evolving quickly. Unfortunately, so are the hackers. As a result, you and your staff need to keep on top of your cybersecurity awareness training to stay ahead of the curve.

Work with a competent IT company

Make sure that your IT services company knows what they are doing. Many companies are marketing themselves as cybersecurity experts. As a result, you need to do your research to assess their cybersecurity skills.

There are more things that you can be doing to protect yourself from ransomware attacks. However, this is a good start for what you can do today. The other thing is to contact us to discuss a personalized ransomware prevention program for your business.

What is ransomware