Category: Uncategorized

What Exactly Does A Password Manager Do?

A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. 

It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.  It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option.

What Options Are There For Password Managers?

LastPass

This password manager will help you keep track of passwords and what sites they’re intended for. LastPass uses a master password or your fingerprint to identify you. 

After logging in to LastPass, you can view and edit your passwords and their associated sites, as well as your usernames and the website you’re accessing. 

A premium membership for LastPass costs $24 a year ($2 a month) and includes password sharing with those you designate. This membership also provides priority technical support if you need assistance. 

Dashlane 

Dashlane is free and provides many of the same benefits as LastPass. However, if you want to sync your passwords to a mobile device or use two-factor authentication, you must pay $39.99 for their Premium Plan. They also offer a Business Plan for $48 a year that includes everything in the Premium Plan plus:

• Smart Spaces™ for unlimited work and personal password storage.
• An Admin Console with Custom Policies.
• Secure Password Sharing with Group Management.
• Easy Account Administration (SAML, MSI, Active Directory).
• Extra 2FA Options.
• A Dedicated Account Manager (for accounts 50+).

1Password

1Password offers a free 30-day free trial. After this expires a personal account costs $2.99 a month, or $4.99 a month for a family with five members. They also offer a “lifetime license” for $65.00. 1Password is the only password manager that allows you to store passwords locally via their Local Vault rather than in the cloud. 1Password 6 for Windows does not currently support local vaults, but 1Password 7 for Windows does. If you’re worried about losing access to the Internet, you might consider this. 

How Do You Set Up A Password Manager?

Using a password manager is pretty simple. When using a password manager, you simply download and install the software. You must also download and install the extensions for the different browsers you use. 

If you want to use these password managers on your smartphone, you must download their mobile apps. None of this is complicated and should only take a few minutes. 

To set up an account, you must provide your email address, and you’ll also need to come up with a master password—a long, random, complicated one, along with at least one security question. Then you must provide information about your various accounts. 

You can either import passwords that you have stored in your browsers or let the password manager store your username and password when you log in to a website. Once you get started, the password manager will help you along the way.

Do You Really Need A Password Manager?

Not necessarily, depending on who you are. You do not need a Password Manager if you can do the following on your own:

 1. Create long, complex, unintuitive strings of characters, unique for each account you access on a regular basis

2. Memorize each and every one of these passwords

3. Update them on a regular basis

Let’s be honest, though—doing all of the above on your own is a lot of work, and you’re likely to make a mistake at some point. That’s why it’s easier to simply use a manager. 

Don’t Let A Weak Password Be The End Of Your Practice

In the end, managing a strict password policy, creating strong passwords, and using password managers can be frustrating, but it’s incredibly important.  If you’re unsure about implementing these procedures, you can get a little help from our team

Privacy and security are major concerns for personal users and businesses alike these days, and so you have to be sure that you aren’t making it easy for hackers to access you or your business’ private data.

Get in touch with our team to start enhancing your password security. 

What Exactly Does A Password Manager Do?

A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. 

It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.  It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option.

What Options Are There For Password Managers?

LastPass

This password manager will help you keep track of passwords and what sites they’re intended for. LastPass uses a master password or your fingerprint to identify you. 

After logging in to LastPass, you can view and edit your passwords and their associated sites, as well as your usernames and the website you’re accessing. 

A premium membership for LastPass costs $24 a year ($2 a month) and includes password sharing with those you designate. This membership also provides priority technical support if you need assistance. 

Dashlane 

Dashlane is free and provides many of the same benefits as LastPass. However, if you want to sync your passwords to a mobile device or use two-factor authentication, you must pay $39.99 for their Premium Plan. They also offer a Business Plan for $48 a year that includes everything in the Premium Plan plus:

• Smart Spaces™ for unlimited work and personal password storage.
• An Admin Console with Custom Policies.
• Secure Password Sharing with Group Management.
• Easy Account Administration (SAML, MSI, Active Directory).
• Extra 2FA Options.
• A Dedicated Account Manager (for accounts 50+).

1Password

1Password offers a free 30-day free trial. After this expires a personal account costs $2.99 a month, or $4.99 a month for a family with five members. They also offer a “lifetime license” for $65.00. 1Password is the only password manager that allows you to store passwords locally via their Local Vault rather than in the cloud. 1Password 6 for Windows does not currently support local vaults, but 1Password 7 for Windows does. If you’re worried about losing access to the Internet, you might consider this. 

How Do You Set Up A Password Manager?

Using a password manager is pretty simple. When using a password manager, you simply download and install the software. You must also download and install the extensions for the different browsers you use. 

If you want to use these password managers on your smartphone, you must download their mobile apps. None of this is complicated and should only take a few minutes. 

To set up an account, you must provide your email address, and you’ll also need to come up with a master password—a long, random, complicated one, along with at least one security question. Then you must provide information about your various accounts. 

You can either import passwords that you have stored in your browsers or let the password manager store your username and password when you log in to a website. Once you get started, the password manager will help you along the way.

Do You Really Need A Password Manager?

Not necessarily, depending on who you are. You do not need a Password Manager if you can do the following on your own:

 1. Create long, complex, unintuitive strings of characters, unique for each account you access on a regular basis

2. Memorize each and every one of these passwords

3. Update them on a regular basis

Let’s be honest, though—doing all of the above on your own is a lot of work, and you’re likely to make a mistake at some point. That’s why it’s easier to simply use a manager. 

Don’t Let A Weak Password Be The End Of Your Practice

In the end, managing a strict password policy, creating strong passwords, and using password managers can be frustrating, but it’s incredibly important.  If you’re unsure about implementing these procedures, you can get a little help from our team

Privacy and security are major concerns for personal users and businesses alike these days, and so you have to be sure that you aren’t making it easy for hackers to access you or your business’ private data.

Get in touch with our team to start enhancing your password security. 

How to Use Microsoft Teams Technology

Microsoft Teams has quickly become one of the most popular tools businesses are using as employees have migrated to working from home.

How can your business best use Teams and its features to keep employees connected and productive during the COVID-19 pandemic?

What Is Microsoft Teams?

Microsoft Teams is a cloud-based tool that combines multiple features in one cohesive platform. It can be used by businesses and organizations of all sizes, allowing for collaboration and communication among internal employees, freelancers, clients, customers and partners.

The application includes versions of familiar Microsoft programs and integrates easily with Office 365, the cloud version of the company’s popular productivity suite. Within Teams, employees can create, post, share and collaborate on Word, Excel and PowerPoint files. In addition, the platform includes voice over internet protocol (VoIP) phone services, videoconferencing and instant message capabilities.

Here are some of the main capabilities:

• Chat. The function allows for private or group messages, and file attachments via OneDrive for Business
• Calendar. The platform syncs with participants’ Outlook calendars to simplify meeting and appointment scheduling
• Calls. Using the Skype framework, users can launch voice or video calls
• Teams. When a new team is created, an Office 365 Group is created in the background, allowing integration with the cloud-based apps

Teams allows businesses to work across operating systems (desktop versions are available on Windows, Mac and Linux), a web-based app and a mobile app (for Android and iOS devices).

Teams also supports virtual meetings, presentations and webinars, accessible by internal and external participants.

How Does Microsoft Teams Work?

Teams groups users into channels based on work function, special project, responsibility areas or meeting group. Each channel contains a virtual workspace with threaded chats, shared digital files, and space for real-time collaborating tools.

Teams lets you store files within the Microsoft solutions or other file sharing sites like Dropbox or Google Drive. Ample third-party integrations allow you to connect Teams to other popular tools.

There are multiple plans available:

• Free Version. You can create a Teams organization of up to 300 people (or unlimited if part of an accredited educational institution) with 10 GB of storage, plus 2 GB per person. Your organization can be divided into teams or channels and allows for group audio and video calling
• Office 365 Business Essentials. This plan costs $5 per user per month. It includes Microsoft support, more features and storage, and integration with Microsoft SharePoint, Yammer and Planner. It also integrates with Stream apps
• Office 365 Business Premium. This version, for $12.50 per user per month, gives access to desktop Office apps like Outlook and Word, plus higher data capacity

How Secure Is Microsoft Teams?

With the rapid deployment of new tools, many of which employees don’t know very well, cyberattacks have increased. Hackers are taking advantage of vulnerabilities and user fears to launch malware that can attack systems and websites, steal data and disrupt sessions. Here are some tips for keeping your Zoom meetings protected:

• Create Global Teams Management. Any user with an Exchange Online account can create and own teams by default. To better manage the number of team managers, consider creating a group that have permissions to make new groups and teams
• Restrict Guest Access. Leave guest access disabled or restrict privileges as default settings, especially for screen sharing and phone calls
• Use Audit Features. The analytics section provides useful data on logins, team membership and changes, data permissions and changes, data manipulations and app installations
• Configure Apps. Teams supports built-in apps from Microsoft, third-party apps and apps built internally. Managing which apps are allowed based on source or data handling is prudent

Microsoft Teams is a powerful tool to help your organization connect, collaborate and communicate.

Everything You Should Know About Two Factor Authentication

Does your business use 2FA? With the prevalence of data breaches today, it’s time to start employing this simple security feature within your business.  

Without a doubt, you’ve read and heard about the rampant cybersecurity problems that are insidiously plaguing businesses today. Municipalities in places like Florida, South Carolina, and elsewhere are having access to their systems denied unless they pay hundreds of thousands of dollars. Businesses of all sizes and in all industries are being shut out of their data until they do the same.

As a business owner or manager yourself, you are probably concerned about whether your organization will fall victim to the same fate. What can you do to prevent a cybersecurity attack?

You may be surprised to know that the fate of your business’s security probably lies within a straightforward thing that you and all of your coworkers and employees use every day: passwords.

The fact of the matter is that most people in your business are putting your data and systems at risk every day with the weak login credentials they use. That is, many people use the same password for all of their accounts — both personal and business related. Furthermore, many people use passwords that are way too simple and easy to guess by hackers — the name of the street that they live on, the name of their pet, their date of birth, or their anniversary date.

It’s hard to stop people from doing this because most employees don’t think that their password really matters. They assume that it will never be guessed by anyone (how could it be?), and as long as they don’t share it with anyone, it’s good enough to keep would-be cybercriminals at bay.

Unfortunately, this is not the case.

The only way to indeed keep hackers from guessing passwords or using high-tech trial and error algorithms to uncover passwords is to use two-factor authentication, also known as 2FA.

What Is 2FA?

2FA or two-factor authentication is a security system that forces users to have two proofs of identity before they can log in to a database, program, computer, or network. This is a system that you should be using at home and within your business.

As the name implies, there are two elements of two-factor authentication. First, the user must provide something they know. This could be a password or passcode, a pin number, or the answer to a secret question.

Next, the user must provide proof of something they have. For example, the two-factor authentication prompt may ask that the individual put in their credit card number (because their credit card number is something they possess). Likewise, some organizations will give each individual employee a security token that actually stays in their possession. This might be an RSA security device, a Google Authenticator, or something else. This device will be activated when prompted during login and will provide a passcode or pin that changes frequently. Another option is biometric authentication, such as an iris scan, voiceprint, or fingerprint.

Has Your IT Services Company Spoken to You About 2FA?

As the owner or manager of your business, it shouldn’t be your responsibility to ensure the security of your sensitive data and network systems. This responsibility falls on the shoulders of your IT services company, and within their security division, one of the pillars of a robust cybersecurity strategy should be two-factor authentication.

If your IT services company has not spoken to you about employing a two-factor authentication system, don’t wait to ask them about it. The foundational necessity of this simple security measure suggests that if they haven’t already employed it, they’re probably not doing their job in other ways.

In that case, it’s time to find a new managed services provider. Give us a call, send us an email, or visit our website today to learn how we can help.

Working From Home Due to Coronavirus? Consider These Tips

If you’re suddenly working from home due to the coronavirus, maximize productivity with a dedicated workspace, enjoyable breaks, and engagement with colleagues.  

For the vast numbers of Americans suddenly barred from their offices due to the coronavirus pandemic, working from home can pose significant challenges. At home, distractions — including undone chores, needy pets and bored kids — abound, and tech troubles like unreliable Wi-Fi can stymie conference calls and online meetings.

What are some steps you can take to maximize productivity as you maintain a balance between the personal and the professional?

Create a Dedicated Workspace

For individuals living in small homes, working at the kitchen table may seem natural. However, trying to get work done in a space that has other uses — such as eating — can pose problems. At mealtimes, you’ll need to move your laptop, tablet, papers and other necessary work-related items elsewhere, then move them back later. In addition, working in a central location in your home can expose you to any number of distractions.

Consider setting up a dedicated workspace that’s private and quiet. Even a small desk tucked into a corner of your bedroom can work, and it provides you with a spot for leaving your work items set up at all times. A dedicated workspace also makes it easier to separate the professional and personal portions of your day.

Schedule Calls and Concentration Sessions

Working from home, you may feel disconnected from colleagues — and, thus, obligated to participate in any calls or virtual meetings to which you’re invited. At the beginning of your workweek, consider reviewing your schedule to make note of any planned meetings.

Once you know when to expect virtual meetings, cordon off some time dedicated to intensive work that requires uninterrupted concentration. Staying connected with co-workers will be more important than ever as you try to get your work done remotely, but you also need periods you can devote to critical projects.

As you hammer out your weekly schedule, take advantage of the flexibility that working from home offers. In the time that you don’t spend commuting, you can take calls or dive into intensive tasks. If you prefer to read or get work done in the early mornings or later in the evenings, you can do so.

Make Your Breaks Count

As you work remotely, consider scheduling some breaks into your day. Particularly when you work in a confined space, getting some fresh air and a change of scenery can provide a needed boost for both your state of mind and your productivity.

During the few minutes at a stretch you spend away from your screen, try to work in some activities that support health. Whether you prefer a quick walk or enjoying your lunch outside, time outdoors can give you the recharge you need to spend meaningful hours back at the computer.

Find Ways to Engage With Colleagues

If your job involves working as part of a team, you’ll want to keep in touch frequently. Along with virtual meetings, a business-oriented chat app can allow you to ask questions and provide feedback quickly and without the formality of email. For groups who work together throughout the day, a dedicated chat room can provide a virtual location for checking in between project work.

When you’re trying to concentrate or you’re on a deadline, you can use “do not disturb” functionality to signal that you are currently unavailable for online chats or calls.

Video calls have their downsides, including using more bandwidth than regular audio calls. However, conducting virtual meetings through video calling also provides an additional level of nuance and interaction that you may not get with the typical conference call. If you participate in frequent calls, consider using a video calling app for at least some of them.

As you adapt to performing your job from home, you’ll discover what works best for you — including creating a dedicated space, scheduling time for concentration, engaging with colleagues, and taking meaningful breaks. Your co-workers may appreciate hearing your tips as they strive to develop their own remote work-life balance.

What Is Ransomware: 5 Tips To Protect Your Business

Ransomware can damage and take a heavy financial toll on your business. What is ransomware and 5 tips you can take to protect your business today?  

 

For businesses and organizations of all types, the Internet represents great promise and risk, with risk in the form of cyberattacks. Of the different kinds of cyber attacks, ransomware, in particular, can be very damaging exacting a heavy financial toll on you and your business.

What is ransomware?

Ransomware is a type of malicious software designed to block access to your system until a ransom is paid. The reason they are dangerous and damaging is that even if you pay, there is no guarantee that you will get your system back. There are many stories of organizations paying their ransom, receiving nothing in return, and dealing with the loss of their data.

What happens in a ransomware attack?

In a ransomware attack, hackers gain access to your system through a malicious link or vulnerability attacking your network and backup files. Their mission is to render your back up files and folders useless so that you cannot gain access to your system files. Once incapacitated, the hackers contact you demanding a ransom, often in the form of cryptocurrency such as Bitcoin, believing that they are protected behind a shield of anonymity.

What types of organizations are targeted?

One would think that the organizations most vulnerable to a ransomware attack are small to medium-sized. The truth is that any organization that is not taking its cybersecurity seriously is at risk of a ransomware attack. Cybersecurity, for many, is often an afterthought until it happens to them. This includes businesses, non-profits, and government agencies of all sizes.

How can I protect my business from ransomware attacks?

While there are things you can do to minimize the chance that you will be a victim of a ransomware attack, the risk cannot be entirely eliminated. However, there are steps you can take to minimize the risk of an attack. If ever you needed a reason to take action, consider that ransomware prevention is a fraction of the cost to recover from a ransomware attack. Never mind the financial cost. Consider that for most businesses, their IT system is the brains and nerve center of their operation storing customer lists, financial information, and everything else.

Some of the things that you can do to prepare for a ransomware attack include:

Having a business continuity plan

A business continuity plan consists of daily backups of all of your data, both locally, and to the cloud.

Invest in the best tools and equipment

You don’t want to cut corners when it comes to your cybersecurity. For that reason, you want to invest in the best tools and equipment. This includes anti-virus software, anti-malware, DNS filtering, and very strong firewalls.

Never click an unknown without knowing the sender

The average office worker receives 121 emails per day. As a result, it is easy to see how you or an employee can overlook a malicious email. While most people would click a link or download a file without a second thought, never open an attachment or click a link without verifying the authenticity of the sender. If you have any reservations about an email or sender, delete the email.

Keep up on your training

Cybersecurity is evolving quickly. Unfortunately, so are the hackers. As a result, you and your staff need to keep on top of your cybersecurity awareness training to stay ahead of the curve.

Work with a competent IT company

Make sure that your IT services company knows what they are doing. Many companies are marketing themselves as cybersecurity experts. As a result, you need to do your research to assess their cybersecurity skills.

There are more things that you can be doing to protect yourself from ransomware attacks. However, this is a good start for what you can do today. The other thing is to contact us to discuss a personalized ransomware prevention program for your business.

Coronavirus Spreading: Make Sure Your Business Continuity Plan Is Ready

The spread of COVID-19 (coronavirus) has taken root across the country. More and more locations are starting to report cases and this number continues to raise alarm bells throughout the medical profession, and unsurprisingly, across businesses everywhere.

Business Continuity During Crisis

In the video above, We shared with you the importance of making sure your business continuity strategies are in place and ready to go. Many of the largest global enterprises to local small businesses have begun to exercise and test business continuity strategies in the event that their offices and factories are shut down due to the spread of this virus – forcing staff members to work remotely to keep the business functioning.

Are you prepared in the event that your employees need to stay home due to quarantine or a similar occurrence? If not, we urge you to reach out to us to talk about setting up:

1. Remote access solutions that let your team work from home with access to data, applications, and systems.
2. Communication solutions that enable anytime, anywhere communication via the internet from any device or location.
3. Cybersecurity solutions for office and home computers that keep you safe against cybercriminals leveraging this major headline as a mechanism of social engineering.
4. Emergency procedures that outline how to recover equipment, emergency contact information for employees, and more.
5. Virtual private network (VPN) technology to ensure your employees are using a secure, encrypted connection at home to access corporate information.

Systems MUST be in place for employees working from home as they’re using their own computers to access corporate resources. It’s up to you to make sure those computers are clean from viruses or other security issues.

Our team is more than familiar with creating proven contingency plans for situations like this. You don’t have to handle this difficult situation alone. We can help you get prepared and make sure your employees are accessing corporate information in a safe and secure manner.

Reach out to us right away over the phone, by email or by visiting our website.

Data Privacy Day commemorates the anniversary of the signing of the first international treaty focused on data protection. Here’s how you can get involved.  

January 28th, Data Privacy Day 2020, is here. First introduced in January of 2008, Data Privacy Day commemorates the anniversary of the signing of Convention 108, one of the first international treaties focused on data protection. Here’s what you can do to get involved.

Ways to participate at home

Visit with your family about online privacy and safety. Discuss what information is private information and consider together the risks associated with sharing confidential information online. Take a look at the online accounts of any children in the home to identify breaches, risky behavior, and connections with strangers. Remedy any problems identified and use the opportunity to share information and teach.

Now is also a good time to go through old papers, files, and devices, and schedule safe destruction to protect your information before it lands in the wrong hands. Remember, never throw away bills, bank statements, check blanks, or devices without destroying them first.

How you can participate at work

There are a number of ways you can use this opportunity to promote data security at work:

• designate this as archive week, encouraging all staff to identify electronics that are no longer in use so they can be destroyed appropriately
• use games and activities to refresh staff knowledge of the risks of security breaches and internet best practices
• take a moment to ensure all corporate computers have the safest web browser, operating system, and security software installed and working as expected
• review your policies and procedures to ensure they’re still compliant with best practice; we learn and evolve every day so a periodic review is critical to achieving the best results
• share current news surrounding data breaches and lead a discussion exploring what went wrong and how similar crises can be avoided in your organization and industry

Involving your community

Data Privacy Day provides a great opportunity for community outreach and involvement. Include clients, stakeholders, and community members in your commitment to privacy. Host an open house, where you share materials encouraging safe internet practices at home and sharing what your organization is doing to protect client information. Send out client emails celebrating the occasion and summarizing all of the steps that go into maintaining their protected information (and the results of your hard work). You might even consider launching a survey to learn more about stakeholder satisfaction with your commitment to privacy and data protection program.

Small Town Reeling After BEC Scammers Get Employee to Wire $1M

Would you fall for this scam that cost a small town $1M? Find out what a BEC scam is, how it works, and what you can do to keep your company from falling victim.

What would you do if you found out your employee just cost you a million dollars? We’ll just guess they probably wouldn’t stay working for you much longer.

The little town of Erie, Colorado, was recently faced with this scenario. Hackers used a Business Email Compromise (BEC) scam to deplete the town’s savings.

Don’t know what a BEC scam is? You should. Here’s what you need to know

What Is a BEC Scam & How Does It Work?

BEC scams are targeted and sinister. In this scam, a hacker gains access to the business email someone in C-suite, or of similar power.

Once inside, they monitor the account to determine who among your staff they should target from that account for financial gain. Once they’ve identified the person who holds the purse strings, they send that person an email from your account with instructions to wire money somewhere.

If the person who receives the email is suspicious, hackers don’t want their cover blown. So they may also mess with your email rules so that any emails received with words like “scam”, “is this a joke” or “please verify” in them automatically get deleted.

They may target several people to see who takes the bait. And the scammers use the principle of social engineering to convince people to comply.

In the case of the Erie BEC scam, the criminals were able to find a real account payable and request that the employee change where the payment was sent.

This gave legitimacy to the request that reduced suspicion.

How Do Hackers Get Access to Your Email?

The most common way to hack your email is through a phishing email scam. The fraudster may send an email to you that looks like it’s from your email service provider. They then trick you into giving up your password by having you log into a spoofed website or download malicious key-tracking software.

If your business email is through Microsoft, Google or another company with many product lines that use a single password, they can get it in a roundabout way, further lowering your guard.

If you don’t have a strong password, they may also be able to guess it by following the bread crumb trail all of us leave online.

How Do You Protect Against BEC Scams?

BEC scams are convincing. You’re dealing with professional con artists, not hacker hobbyists. Because of that, you need a multi-faceted plan, which will include email scam security solutions like:

• Employee education
• Having a clear verification process including additional safeguards when changing where payment is sent or when other red flags go up
• Email server monitoring for suspicious activity
• Strong password policy with two-step verification along with enforcement
• Spam filters, which reduce the risk of you or someone else in C-suite seeing the spoof email in the first place.
• Up-to-date malware protection

And above all, stay informed about scams and schemes like these. Criminals constantly adapt their strategies. Don’t fall for it. Follow our blog to stay up-to-date.

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

Threat actors are targeting companies to obtain personal information about employees to use for tax fraud and filing false returns.  

Your company stores all sorts of personally-identifiable data about your employees. Birth dates, social security numbers, health information, and bank account numbers are all on the shopping lists for hackers who can sell the information they steal or use it for malicious acts. One of the most sought-after documents by bad guys is tax records and tax forms.

These threat actors use that information to steal identities and file fake tax returns. Tax identity theft is the biggest type of ID theft reported to the Federal Trade Commission (FTC) each year. The FTC estimates the fraud at more than $5 billion annually.

Often, the victims aren’t aware anything has happened until they go to file their personal tax returns. They may try to file electronically, and have it rejected as a duplicate, or get a notice from the IRS saying there’s a problem. By then, the fraudsters are long gone.

How Do Hackers Steal Employee Data?

The most common way your employee data is breached is via phishing emails. Nearly a third of all data breaches and 78% of cyber-attacks started with a phishing email.

Hackers use email as a weapon to gain access to your systems. It may be as simple as sending an email asking employees to update their payroll information. Clicking on a malicious link can send that info to the wrong people. That’s exactly what happened to employees at the University of Kansas who soon found the direct deposit of their paychecks had been re-routed.

Other phishing emails may be targeted at individual employees using a variety of schemes to trick employees into giving up login credentials allowing cybercriminals to have access to company records. Other schemes may install malicious code when clicked and set up backdoors for hackers to access company computer networks. HR employees are also being targeted. A forged email may appear to come from a company executive or a third-party payroll processor asking for verification of information.

In an increasingly mobile society, hackers are gaining access to sensitive data when employees are connecting remotely to company servers without using proper security practices. When employees use public Wi-Fi, for example, they are vulnerable to man-in-the-middle attacks where threat actors intercept data as it’s being transmitted back and forth.

How To Prevent Becoming A Victim

Educating your employees about the dangers of phishing emails is a good place to start. One trillion phishing emails are being sent every year. While your company’s spam filters catch many of them, a significant number can slip through. Employees need to recognize the warning signs and everybody within your organization needs to take precautions to safeguard your data:

• Install anti-virus and anti-malware software on all devices
• Use strong passwords of 8 or more characters, numbers, and alphanumeric characters. Force changes regularly.
• Encrypt all sensitive information
• Back up sensitive information to a secure external source
• Limit access to employee data with escalating security procedures
• Require employees to install security software on all devices that access company data, including personal devices
• Use Virtual Private Networks (VPNs) to encrypt data accessed remotely

It’s also important to keep all your software up-to-date. Hackers exploit what’s known as zero-day vulnerabilities in outdated software. These are known security problems that have been patched by the company. If the patches haven’t been applied by those using the software, hackers can exploit this known problem. That’s what happened to credit reporting agency Equifax, which saw hundreds of millions of records stolen when the company had failed to apply patches to known security issues.

Consider A Managed Service Provider

Even the best IT teams can be overwhelmed by managing all the various devices and entry points to their networks. They may not have the expertise needed to stay on top of constantly evolving threats and security practices.

A Managed Service Provider (MSP) can actively monitor a company’s servers, exchange servers, active directory servers, firewalls, routers, switches, and platforms remotely. This ensures software is always up-to-date and breaches are identified immediately.

An MSP will monitor your network traffic and incursion points 24/7 in a cost-effective way. In case there is a cyber-attack, an MSP can be your best weapon in identifying the threat, shutting it down, and building additional security walls to prevent future breaches.