Author: Stuart Crawford

When a company functions at a high level, productivity and profitability appear seamless. But it’s also incumbent on decision-makers to understand the potential ramifications for business disruption. Without a working knowledge of how a breakdown in one area of an operation impacts the other moving parts, viable solutions remain out of reach. Determined industry leaders take proactive measures to conduct a business impact analysis (BIA), so they are prepared for adversity.

Importance of a BIA

One of the primary reasons that some organizations fail to conduct the initial and subsequent BIAs is that it seems abstract. It’s common for CEOs and other decision-makers to have earned their position through experience and expertise. That offers a sense of confidence they can captain the ship during a crisis. A decade or two ago, that may have been sound thinking. However, today’s technology-driven companies are far removed from nuts and bolts fixes.

Data loss, hackers, malware infiltration, or just lost connectivity between departments can down an outfit’s productivity. Such realities create a burden to have multi-level solutions available that often are outside a CEOs area of expertise. Business leaders are wise to tap department heads to review likely and even unlikely vulnerabilities and develop a contingency plan for as many critical interruptions as imaginable. Consider this pair of foundation ideas in terms of your operation.

• Idea 1: Your company functions like a living organism with each system relying on the others for its health and vitality.
• Idea 2: Certain parts of the whole are more crucial to survival and long-term success. These areas require heightened resources.

With this anatomy analogy in mind, consider your operation with the perspective that specific departments and systems are vital. If the heart, brain, or lungs of your operation shut down, so does the entire company. Stubbing your toe, on the other hand, may only slow things. The point is that certain aspects of any business are critical, while others are support.

Once department heads are tapped to conduct a BIA due diligence and submit a report, leadership is tasked with understanding how all the moving parts work. With this in mind, first-run BIAs generally require interdepartmental meetings or communication to ensure key stakeholders are on the same page.

Motivation for Conducting BIA Due Diligence

Having the support and blessing of the leadership team remains critical to a thorough BIA. When such stakeholders view this as just an additional duty impeding their daily, profit-driving work, potential challenges are unlikely to get the due diligence necessary for improved success when a crisis occurs. Before moving forward, direct communication and articulation of why thoroughness is a priority must be established. Clarifying the following benefits of a BIA early in the process may improve team motivation.

• BIA delivers management with vital data to make real-time decisions to ensure business continuity
• BIA delivers insight about interdepartmental reliance
• BIA provides a playbook for employee roles in critical situations
• Identifies company-wide priorities for sustaining operations during crisis
• Provides a tangible road map to restore full operations

At the end of the day, the BIA removes the fear of the unknown and puts guidance in its place. That offers otherwise panicking employees the confidence their jobs are secure and empowers them to work through adversity.

Working through the Tedious BIA Process

Getting leadership and rank-and-file employees on board to undertake a BIA is not a difficult sell. The bottom line for everyday workers is that it provides a rare level of job security. Infusing that positive attitude will likely go a long way toward working through the sometimes tedious information collection process. For each department or aspect of the company, data collection is necessary.

• Lead function of a process or department
• Detailed analysis of department function and processes
• Disruption analysis and timetable regarding increased impact
• Identify interdepartmental disruption
• Analysis of the financial, legal and regulatory impact of disruption

With a detailed report, departmental leaders garner an enhanced understanding of impacts across the organization. Each department head can identify likely and unlikely disruptions and craft realistic solutions or ways to bridge crisis. This information can be compiled and shared with the goal of building a final report.

Value of a Comprehensive BIA Report

The final report moves beyond the data collection and single department solutions. The concept is to deliver a company-wide plan of action. It generally proves beneficial to make a hardcopy or online report that articulates reasoning, goals, strategies and empowers employees during duress. These are headings often found in a comprehensive BIA report.

• Executive Summary
• Analytic Methods Used
• Potential Department or Function Disruption
• Impact of Disruption
• Protocols to Mitigate Disruption
• Guidance for Organization Restoration

CEOs and other decision-makers generally enjoy enhanced confidence in their leadership abilities following a comprehensive BIA. It’s also imperative to set a schedule for BIA updates and create a policy that requires emerging technologies, business developments, and other evolutions to be included in the report. In many ways, a BIA gives everyone in your organization security.

Today’s digital-savvy educators do more than simply lecture their class. They’re creating interactive quizzes and gathering real-time feedback via an app. They’re assigning projects to students, while students complete and submit their homework digitally. They’re instantly sharing feedback with parents and students — and they’re finding new ways to engage with the world around them through the tool that students are most attuned to: their phones. Here are a few of the top apps for educators that will help keep peace in the classroom, finally memorize the periodic table or safely and securely communicate in groups.

Top Classroom Management Apps for Teachers

Is your classroom out of control, or are you just looking for a simpler way to slog through your daily tasks and assignments? Going digital may be exactly what you need to reduce your frustration — and your work levels — on a daily basis, while giving you more time for meaningful interaction with students.

• TooNoisy is the perfect app for teachers who prefer their classroom a little on the quieter side! This straightforward noise level meter helps determine when the noise level is getting out of control and provides a fun visual interface that children will love. If things really get out of hand, the app also offers an audio feedback option — also known as an alarm — to cut through the racket and get the room back on track.
• ClassDojo is billed as a classroom community that allows teachers to provide real-time feedback to both students and parents through a friendly, interactive interface. Ideal for elementary-aged children and younger, ClassDojo helps reinforce positive classroom behavior in students while providing a secure and private notification and communication platform between parents and educators.
• Google Classroom is the product of collaboration between Google and teachers to create a streamlined, easy-to-use, multi-device tool that allowed educators to manage coursework digitally. The workflow is completely paperless, from the teacher creating the classes and assignments to students completing their courses and submitting final work for a grade.
• Skyward is a grade and contact management app that is utilized by many public school districts to allow students, teachers and parents to have a holistic view of the student’s activities. This includes everything from grades on individual assignments to the ability to update parent contact information or push messages to parents. On the backend, Skyward also includes finance and HR suites that help power schools and municipalities.

Top Apps for Teacher (and Coach!) Communication

Communication between parents, teachers and students is a topic that is challenging on all fronts. Teachers need to limit the access of parents and students, or they will be overwhelmed with communication requests on a variety of different channels. Parents need to be able to relay questions or last-minute information to teachers in a way that can be acknowledged. In a world where after-school tutoring is still present but definitely shrinking, students need to ask questions of teachers in a way that’s secure and doesn’t release the personal contact information of either party. These apps are meant to keep everyone’s communication on track while protecting children and tracking communication.

• The Remind app does exactly that: “reminds” users that there’s a way to stay in touch, engaged and share resources between parents, teachers and young learners. You can quickly create a classroom and assign a unique code, which can then be provided to parents and children so they can download the app and get started. You can schedule messages for later delivery, send visual messages and receive direct feedback and messages securely.
• GroupMe is a great option for any sport or social activity where you need to share information with a group of individuals at once. You can create groups on the fly, sharing images, high-resolution video and provides a free and convenient option for group messaging. What’s better is that users aren’t required to have a chat option installed on their phones to use the app.
• TeamSnap is for all the coaches who would love to get rid of their clipboards, spreadsheets and marked-up calendars. This sports team management and communication app allow you to follow over 100 different sports. With an install base of 15 million users, you can bet that the tool is useful. It also allows a way to communicate with groups and individuals in real time via chat or push messaging.

Top Educational Apps

There are so many opportunities for education in the digital sector. From AI to flashcards, real-time digital quizzes and more — there’s never been a better time to be an educational technologist than today.

• Socrative is a quizzing app that allows you to customize questions to determine if your students are understanding the information that you’re teaching. Teachers can design and release a quiz to her students while getting real-time feedback. Quizzes are even sharable between teachers, allowing you to integrate this type of learning easily into the classroom.
• StudyBlue allows teachers or students to create mobile flashcards, quizzes or study guides — and you can even select a setup that another student or teacher has already created. Flashcards have been an exceptional learning model for many years, but StudyBlue introduces this concept to the digital generation.
• Khan Academy is an always-free model that provides instructional videos, a personalized learning dashboard and practice exercises to individuals wishing to learn hundreds of different topics from art history to computer programming, science and economics.
• Duolingo provides learners of all ages with one-on-one, interactive training in languages that they crave. Based on real-life learning techniques, Duolingo offers students the ability to correct their pronunciation and memorization in many popular languages including Spanish, Japanese, French, German, Dutch and Portuguese. You can even learn Klingon!

Learning doesn’t have to be expensive, and most if not all of these apps are completely free. Teachers will appreciate having world-class tools at their fingertips that will help them speak in the digital language of their student population.

Cyber security is more important than ever before. The news is full of stories of leaks and breaches large and small. Some of these result from sophisticated, targeted hacks, and others occur thanks to enterprising hackers taking advantage of security holes in insecure or out-of-date software.

At the end of the day, though, just about every organization has the same weak link: its employees. The finest security tools are no match for bad (or just naïve) behavior from your employees. With that in mind, today we’ll review 6 strategies and tips crucial to improving your employees’ cyber security behavior.

1. Use Long, Complex Passwords

People tend to be lazy. It’s a part of human nature. If your IT policies allow people to set their passwords to “password” or “12345”, you can be assured some of your employees will do just that. Short, simple, easy-to-guess passwords are a security threat to your business. Not only can passwords like these be easily guessed by a human, they take next to no time to be brute forced by hacking tools.

Encourage (or, better, require) your employees to use long, complex passwords. A phrase that’s memorable to the employee is a good start. Add in some complex characters (symbols, mix of capital and lowercase) to increase the complexity further.

2. Understand That Everyone Can Be Targeted

Don’t think of cyber crimes in the same way people used to think about military conflict: as something that occurs between large entities with high-powered offensive and defensive capabilities. Yes, it’s the Targets and Experians of the world that make the national news when they are breached, but those high-profile cases are the exception, not the rule.

Smaller hackers aren’t going after hard targets, like governments or Wall Street. They’re going after soft targets: small and medium businesses that think they “can’t afford” good cyber security. In other words, they’re going after you.

3. Don’t Go Swimming and You Won’t Get Phished

One of the best tools hackers use is phishing. Phishing starts with your employees receiving a fake email. It could look like a legit business message or like a message from a vendor or service that you’re already using (like Microsoft Office 365). In other cases it looks interesting, tantalizing, or even salacious. These emails will contain a link or an attachment and will encourage users to click the link and log in or to open the attachment.

But the links and attachments aren’t what they appear to be. Once users do those actions, their credentials or devices are compromised.

Our best advice here is don’t go swimming so you won’t get phished. Don’t click on suspicious links, no matter how interesting they look. Don’t open attachments from unfamiliar accounts. If the email looks to be from a legit service (like Office 365), navigate to that service manually instead of by clicking the link. Lastly, if you’re not sure about an email, check with your IT group before continuing.

4. Consider the Security of the Network You’re Using

One of the advantages of cloud services is the ability to access many work systems from anywhere. As more and more firms move to cloud software and cloud services, those firms’ users need to stay up to date on security best practices. Employees dealing with sensitive company information or accessing customer data should only do so on secure networks. Public computers, free Wi-Fi at the corner café, and your cousin’s open Wi-Fi network are all examples of insecure network environments. Save the sensitive stuff for a more secure environment like the office.

5. Be Physically Aware

Many cyber attacks are perpetrated through actual, physical access to systems. Employees can be shockingly careless with company tech. If you walk away from your computer, phone, or tablet — even just for a second — lock the device. This is true even in your own cubicle or office. You never know when a disgruntled coworker might attempt to compromise something while posing as you.

Also, make sure employees understand that devices can be compromised by anything that’s plugged into them. Computers can be compromised by plugging in a flash drive or SD card that’s infected with malware. Be sure you trust the source of any external device that’s coming into your company.

6. Beware Social Engineering

Employees also need to watch out for social engineering schemes. These are similar to phishing schemes, but instead of stealing credentials using a fake form or website, thieves convince employees to hand credentials over outright. Don’t be afraid to hang up on (or stop emailing with) someone claiming to be from an important vendor (we’ll use Microsoft again). If anyone is asking an employee to supply credentials or to take actions on your computer or network, that’s a huge red flag. Legitimate vendor contacts likely wouldn’t need the employee to do this for them. Employees can call back directly using a number they know is legitimate. If the concern is real, the real support team will know about it.

Conclusion

These 6 strategies will help your employees resist cyber intrusions, but there is so much more for your team to know. For more comprehensive help with your cyber security strategy, contact us today.

The 2019 Apple Worldwide Developers Conference in California has come to a close, and we’ve learned everything there is to know about the new software updates to expect from one of our favorite technology companies.

Say goodbye to the iTunes app.

If you’ve ever been frustrated by iTunes’ inability to successfully organise your music, television shows, movies, podcasts, and other media in a coherent way (or to retain your Apple ID password for more than a day), it’s time to rejoice.

iTunes is being dismantled.

What was once a Frankenstein-like amalgamation of all media rolled into one complicated program will now be three programs. Those used to working with iPads and iPhones won’t have much to adjust to. This is how their devices have been running for some time. But as soon as desktop users upgrade their devices to MacOS Catalina, they’ll see their iTunes icon disappear, and their media will be segmented into three apps: Apple Music, Apple Podcasts, and Apple TV.

Privacy improves on the iPhone.

As always, privacy is an extremely important aspect of Apple’s software upgrades. Today, more than ever, users are demanding better privacy all-around, and Apple is delivering, especially in regard to iPhone’s location controls.

First, it’s no longer a given that background apps will have the ability to track your phone using Bluetooth and/or Wi-Fi connections. Furthermore, if you want an app to track you in the background, this permission can be opted into on a day-by-day basis instead of having to give a flat yes or no. Of course, it’s possible for apps to still track you while the app is open.

iPhone’s photos app gets better … again.

Always on the lookout for better ways to organise your media, Apple’s come up with yet another spin on optimal photo arrangement within the Photos app. Mostly, they’re looking to provide better “glimpses” of recent events or highlights you’ve photographed.

With the new updates, you’ll be able to view your favorite snapshots and videos from a recent trip or event for reminiscing or sharing with others. Live photos and auto-play videos offer additional upgrades for camera-loving iPhone users.

Tap into your dark side with iPhone’s new dark mode.

See apps in their darker alter-egos and give your screen-drenched eyes a break. For those addicted to in-bed iPhone browsing at night or in the early hours of the morning, iPhone’s new dark mode makes it all a bit easier and clearer.

Sidecar lets you use your iPad as a secondary Mac display.

Graphic designers and those who work with their iPads as graphics tablets will love this one. iPads can now be connected by cable or wirelessly to your Mac for simultaneous use as a secondary screen.

Secondary screens can be extremely helpful for working on large projects or multitasking with a few programs at once. For those uninterested in investing in an additional monitor, Sidecar is a new feature that allows you to wirelessly connect your iPad screen to your Mac while still allowing Apple Pencil use.

iPadOS is the bigger, better operating system for iPad.

Speaking of iPads, Apple hopes to increase its use as touchscreen Macs with its bigger, better iPadOS. With the new software, users finally get support for using external drives and mice, and there’s even been an application for storing files added in. You will also be able to open multiple windows of the same app, use unique gestures for basic tasks, and go straight to websites in the desktop version instead of that pesky mobile version.

Get Ready for Changes to Your Devices

Whenever big upgrades come to your regularly-used devices, it’s best to brush up on the changes you can expect beforehand.

Automatic updates can be useful; however, the changes revealed may throw your routines off-course or even set your business back a few days if you’re not ready. Furthermore, you risk not knowing what updates will actually be useful to you if you’re unaware of what updates to expect.

iOS 13 has been released for select developers and will be broadly available later in June. The new iPadOS is set to be released in July of 2019. Another iOS 13 update is planned for release later in the fall of 2019; this will include updates such as dark mode for iPhone.

The small city of Riviera Beach, Florida, north of West Palm Beach is the latest government to be crippled by a ransomware attack. Their data was encrypted by hackers so they couldn’t access it. This has paralyzed the City’s computer systems.

In an attempt to retrieve their data, the City of Riviera Beach paid the hackers nearly $600,000 (65 Bitcoin). Hackers demand Bitcoin because it’s a hard-to-trace digital currency. The City Council hopes to regain access to their encrypted data, although there’s no guarantee that this will happen.

Rose Anne Brown, a city spokeswoman for the 35,000 person city, said that Riviera Beach was working with law enforcement and security consultants. In the meantime, unless they had a secure cloud-based backup solution, all they can do is wait to see if their data will be released.

What Is Ransomware?

When ransomware infects your computer or mobile device, your organization’s operations can come to a grinding halt. You’ll be denied access to your computer and may even lose your data. Ransomware attacks have cost U.S. businesses millions of dollars in losses.

Ransomware attacks are on the rise. Attacks on business targets have seen a substantial increase in the first quarter of 2019, up by 195% since the last quarter of 2018. And for governments and organizations that are victimized, the consequences can be paralyzing and destructive.

Fast Facts:

• Ransomware is the most malicious and frequently used form of malware today.
• There’s more than one type of ransomware.
• It’s important to know what to do if you experience a ransomware attack.
• The best way to protect your organization from ransomware is to prevent it from landing on your computers in the first place.
• Always back up your data so you can restore it in the event of an attack.

Ransomware blocks access to your data and demands payment through an anonymous system like Bitcoin to restore access. The criminals who distribute and operate these attacks are making millions of dollars. They extort money from you in exchange for a promise to unlock your computer. But this doesn’t always happen. The FBI doesn’t support paying a ransom in response to a ransomware attack.

What Can You Do To Protect Your Organization From Ransomware?

The best way to protect your organization from ransomware is to prevent it from landing on your computers in the first place.

If you experienced a ransomware attack, this means that it got through all your anti-virus software and security on your machine(s). Unfortunately, because ransomware performs multi-layered attacks, there’s no one security feature today that can protect against every threat. However, we can provide advice on the most current and effective protection.

The best security software is made up of layers that protect specific areas, and where each layer communicates with another for the best protection possible.

The first layer of protection is for your email where spam typically enters. Securing your email with the right program allows you to scan every email for malicious files before you or other users open them.

We can also offer a compatible sandboxing program so you can open attachments in a secure environment where they can be analyzed for ransomware.

Always backup your data so we can restore it for you in the event of an attack.

To protect yourself and your business from ransomware attacks, you must perform secure backups. This requires backups that occur in real time, daily and weekly. These backups must be isolated from your network to ensure they can’t be compromised by a ransomware attack.

We can provide a secure cloud backup so you can always access and recover your data from wherever you have an internet connection. We will need these backup files to restore your data. In most cases, we can erase the hard drive, reinstall the operating system and restore your machine with the backup copy.

We can also educate your staff about the threats and prevention of ransomware attacks. We’ll train your personnel with simulation tools to help them recognize malicious IT threats of any kind. By doing this, you’ll reduce the odds of falling victim to a ransomware attack.

If you are a lawyer or if you are hiring a lawyer, technology competence, often shortened to tech competence, is a term that you should be aware of. Recently, changes have been recommended in regards to tech competence and attorneys. Here is everything that you need to know about this topic.

What is Tech Competence?

Lawyers have always had a duty to be competent in the areas of law they practice. However, in 2012, the American Bar Association made a change to the Model Rules of Professional Conduct. The change being made was to make it clear that attorneys need to take steps to be competent in regards to technology. This change stated the lawyers need to stay competent in regards to the benefits and risks associated with technology that is relevant to their firm and line of work. Each state was free to adopt or reject this change, and to date, 36 states have adopted this change.

What New Changes Have Been Recommended in Regards to Tech Competence?

A committee met and issued a report in February of 2019 that recommended revisions be made to the current Rules of Professional Conduct in regards to technology. The changes that the committee recommended making were designed to make it clear that it is an attorney’s job and legal responsibility to ensure that they are competently representing their client. The changes that are being recommended to ensure that law firms and lawyers understand that this duty reaches into the technology that they use. The committee wanted to make it clear that it is a lawyer’s duty to ensure that client information is confidential, and as such, they are responsible for protecting against unauthorized access. Unauthorized access can occur if a database gets hacked or emails are intercepted.

The committee designed with making changes issued its report in February of 2019. The public was given the opportunity to comment and provide feedback through April 19, 2019. Currently, the recommendation is being reviewed by the D.C. Bar Board of Governors. Ultimately, they will decide if the recommendations should be passed on to the District of Columbia Court of Appeals, who ultimately sets the rules of practice within the District of Columbia.

How Can Your Law Firm Ensure You Are Meeting the New Guidelines?

While the changes in regards to tech competence and lawyers have not yet been approved, it is expected that it will be. It is also expected that many of the 36 states who adopted the tech competence changes will follow the District of Columbia’s lead and adopted these rules. As such, you may find yourself wondering what this means for you as a law firm, lawyer or individual or business looking to hire a law firm. If you are a lawyer or law firm, you need to ensure that you are taking steps to protect any personal client information. You need to ensure your website is secure, that you are sending all confidential emails in an encrypted manner, and take steps to ensure your cloud is secure. As a client, you want to ask law firms what steps they have taken to ensure the technology they use is secure.

As technology advances, new changes will likely be made to tech competence and the way it impacts attorneys and law firms. Being proactive and ensuring the technology you use is secure is the best way to meet your requirements under the new guidelines.

There are many types of risk in business: the risk that a new competitor will come on the market and steal market share, the risk that top staff members will jump ship for a better offer . . . but are you considering the significant risk that is associated with a cyber attack? A recent report by IBM shows that more than 77 percent of companies don’t have a cybersecurity response plan in place, a dangerous proposition when you consider that 60% of businesses that suffer a cyber attack fail within 6 months. These are pretty terrifying statistics for small to mid-size business owners, especially in specific verticals that require the capture and storage of sensitive customer data such as health and financial information.

See why unsecured data is the #1 security threat to local small businesses.

(Response) Time is Money

When your business is able to react quickly to a malware or ransomware attack, you significantly raise the likelihood that you will be able to bounce back to full operations before your business is devastated by the impact. The response time that your technology team and business leaders are able to command could easily be a make-or-break moment, as cyber attacks can cost organizations thousands of dollars a minute in reduced productivity, losses of sales, compliance charges and more. Knowing that you have a comprehensive cybersecurity response strategy in place can help your business make the best of a bad situation and achieve the proper resilience that you need.

Ditch That False Sense of Security

You might think that your business is too small to be of interest to cybercriminals. Those hackers are going after the big haul, right?!? Turns out, the majority of cyber attacks are being committed against smaller organizations, because there is a perception that infiltration will be easier and criminals will be able to easily make off with your valuable customer data. Brokers on the dark web are willing to pay a significant fee for each stolen record, complete with a tiered pricing scale for financial data that is based on the size of the bank account. It’s crucial that businesses do not have a false sense of security, but proactively put plans in place that will help reduce the risk associated with a cyber attack.

Put Staff Members on Lockdown

Increase the security requirements for passwords, and require them to be reset on a regular basis. Invest in ongoing training for staff members that will help them understand everything from the potential of phishing attacks to why it’s important to stay away from specific activities online. Create security policies and put strategies in place to ensure that they are followed — and regularly reviewed and updated by cybersecurity experts. Actively engage white-hat hackers to look for holes in your current data security and then quickly put a remediation plan in place. While staff members may feel as though they are being placed on a type of lockdown, it’s imperative that information technology professionals effectively communicate the severity of the issue that is facing businesses today. When employees understand the damage that can be accidentally done to the organization, they are much more likely to be an active member of the solution instead of a part of the problem.

Creating a secure environment for your business data requires the proactive involvement of business and technology professionals alike. Just as you wouldn’t leave customer credit card information lying around the office or on a printer, you can also educate staff members that using an easily-guessed password is the digital equivalent of those poor security practices.

Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.

Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.

Hacking vs Spoofing—What You Need to Know

What does it mean when your email account has been hacked?

A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:

• Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
• Answering your security questions correctly
• You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
• You used the same password on a different site and the site used it to access your email
• You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
• Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password

If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.

Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:

• Check your recent email activity to see if anything was sent that you were not aware of
• Change your password
• Use different passwords for every account
• Start using a password manager to generate random, complex passwords
• Update your system to the latest OS and update your security software
• Run your antivirus and malware detection programs

What does it mean when your email account has been spoofed?

Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.

Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:

• Do not share your email address with anyone who does not need it for business purposes
• Do not allow employees to share your email address

Improving Business Email Security

For more information about improving email security for your business, please contact our IT services team.