Category: Uncategorized

Most business owners are cognizant of the prevalence of fraud in the digital world today. According to Experian’s Global Fraud and Identity Report 2018, almost three-quarters of businesses believe fraud is a growing concern, and nearly two-thirds reported fraudulent losses over the past year.

What is Fraud?

Fraud occurs when an individuals’ payment information is used without their authorization. When hackers breach your network and access your customers’ or clients’ sensitive cardholder information, they have many opportunities to commit fraud numerous times. Anytime someone falsifies an identity and “tricks” a system into thinking the person making a purchase is someone other than who they actually are, this is considered to be fraud.

Fraud is Pervasive in Today’s Digital World

This is because the majority of business and consumer data remains vulnerable. As the value of digital information grows, so does the hacker’s motivation to develop methods to avoid detection from the latest technologies.

The existing account setup process requires consumers to provide extensive amounts of personal information along with passwords and secret questions. And data breaches provide this information to cybercriminals. When this data is stolen, it’s often used for fraudulent activities.

Fraud is a moving target just like the hackers. New tactics are evolving where criminals combine real and fake information to create new identities.

Most business owners just don’t have a handle on this – and they lack confidence in their ability to protect their customers and their companies from fraud.

One of the reasons for this is that their initiatives are mostly reactionary rather than proactive as many continue to use legacy cybersecurity technology rather than investing in new, more sophisticated data protection solutions. As a result, every month that goes by increases their vulnerability and exposure to data breaches and fraud.

Fraud is an ever-present and growing risk

For businesses in e-commerce, managing the risk of fraud is a delicate balancing act between providing an ease of use for customers vs. fraud protection. They struggle with mitigating fraud and providing a positive customer experience. Unfortunately, the customer experience wins out in most cases, and businesses are willing to risk fraudulent losses over losing customers to their competition. Ironically, they are setting their businesses up for reputational damage where they will end up losing customers anyway, fail to gain new ones, and possibly face financial penalties and litigation costs.

The 2017 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, puts the global average cost at $3.6 million, or $141 per data record. That’s a reduction in the average cost in 2016, but the average size of data breaches has increased. It’s also worth noting that the average cost of a data breach in the United States is much higher at $7.3 million.

More than 50 percent of businesses say they still rely on passwords as their top form of authentication.¹ And business leaders know that using passwords isn’t the most secure option. But customers are used to them, and business owners want to please them. They also complain that they lack the financial resources to adopt more advanced authentication methods when this would save them legal fees and penalties if/when their customers’ accounts are breached–not to mention their reputation and the future existence of their business. This, of course, is very shortsighted.

How data breaches and fraud are connected

Data breaches and fraud don’t usually occur at the same time and place. Cybercriminals won’t steal a customer’s information and turn around and use it for a purchase from the same business. So. it’s not easy for a business to detect when a breach occurs.

Data breaches are typically detected by using specific security tools that monitor all payment activity. Merchants should follow PCI/DSS Standards to identify and prevent breaches and remain compliant. PCI-DSS audits will help you find vulnerabilities in your system and reveal inadequacies that must be eradicated.

A successful case of fraud spreads like cancer

If a hacker can get one password, they may have the keys to other password-protected accounts. The more online accounts people open, the greater their risk. And most people have quite a few. If the hacker can figure out the password to someone’s email account, they may also have the key to their credit card and banking accounts as well.

You must remain vigilant to prevent data breaches and fraud.

What to do if you suspect fraud

A key indicator of evidence of fraud is in chargebacks where a customer disputes a charge on their credit card, and where you aren’t paid for the service or product. If your chargeback rate increases above a 1% margin, this is a good indication that you’re experiencing fraud.

In this case, you should hire a third-party auditor like an IT Managed Services Provider (MSP) to help bring you back into compliance and stop the thieves. They will detect where the problem(s) exist and if what they find indicates a data breach. PCI-DSS compliance requirements mandate that you do this to stop the fraudulent activity.

Of course, you should contact the card processor as well. They will connect you to the card providers who can often identify the point of access or detect a suspicious pattern of activity.

What You Can Do to Reduce Fraud and Data Breaches.

Use EMV Technology.

EMV (Europay Mastercard Visa) is the global standard to authenticate payment cards. EMV technology can help you protect your business from fraud. It ensures the card is legitimate and that the person using the card is the authorized user.

EMV chips are microprocessors that store and protect cardholder data. They use a unique cryptogram that’s validated by the card issuer. This makes it more difficult for hackers to break the code and steal card information to commit fraud.

Today, if you don’t use an EMV-capable terminal, and the transaction turns out to be fraudulent, you can be held financially liable for that transaction.

EMV has been used in the United Kingdom since 2004, and card-present fraud has gone down by 80% as a result. By comparison, without EMV in the U.S., fraud increased during this time by nearly 70%.

Protect Data in Transit by Using Encryption.

When credit card data is stolen, it’s considered a data breach. Considering the number of card payments your business processes in a month, hackers may view you as the “Pot of Gold at the end of a Rainbow.” In other words, your business is a prime target.

You can help stop the hackers from accessing data in transit by using end-to-end encryption (E2E) and point-to-point encryption (P2PE).

The advantages of end-to-end encryption are:

• That you don’t need a separate key for the decryption of the data.
• You have flexibility in deciding what data to encrypt.
• You can choose specific configurations for more functionality.
• The file size is small, and the processing time is minimal.

Point-to-point encryption encrypts transmitted data as it goes through a designated “tunnel.” This is used most often for credit card information that’s encrypted from the point-of-sale (POS) to the credit card processor.

With encryption, if a breach does occur, and data is stolen, it will be useless to cybercriminals in its encrypted state.

Protect Data at Rest by Using Tokenization.

Tokenization breaks up a sequence of data into pieces such as words, keywords, symbols, phrases, and elements called tokens. Tokens can be words, phrases or even whole sentences. In other words, tokenization keeps cybercriminals from using data by replacing it with meaningless characters. Tokenization is helpful for businesses that store sensitive card data for re-billing. It’s also one of the most effective and affordable ways for businesses to protect their customers’ confidential card data.

Combining encryption and tokenization is one of the best ways to protect your business from the devastating effects of a data breach.

Secure Your IT Environment

• Ask your IT Managed Services Provider (MSP) to set up a next-generation firewall, anti-spam, and anti-virus solutions.
• Ensure your POS and router are on different networks and separate from other systems that access the Internet.
• Don’t use your business POS for surfing the Web. This can expose it to viruses and result in vulnerabilities that can be breached.
• Assign separate login credentials for each user.
• Forbid sharing of login credentials and enforce this.
• Keep your user list up to date and disable accounts that are no longer needed.
• Only provide remote access for users with a clearly identified need.
• Don’t leave remote access software turned on when unattended.
• Keep all software and anti-virus, anti-spam programs up-to-date.
• Regularly run and review scans for malware.
• Regularly have your MSP run vulnerability scans.
• Ask your MSP to train your staff on the latest security threats and what to do if they come across one.
• Train your staff how to detect unauthorized skimming devices that could be installed on POS or credit-card terminals.

Have Your MSP Train Your Employees on Cybersecurity Awareness.

Teach your employees about password security and make sure you enforce this behavior:

• Don’t use words from the dictionary.
• Don’t use names of family members.
• Don’t reuse passwords from your other accounts.
• Don’t write down your passwords or put them where others can see them.
• Consider using a Password Manager (e.g., LastPass or 1Password).
• Use password complexity (e.g., P@ssword1).
• Create a unique password for work separate from your personal use.
• Change passwords at least quarterly.
• Use passwords with 9+ characters.
  • A criminal can crack a 5-character password in 16 minutes.
  • It takes five hours to crack a six-character password.
  • Three days for a 7-character password.
  • Four months for eight characters.
  • 26 years for nine characters.
  • centuries for 10+ characters.
• Turn on Two-Factor Authentication if it’s available.

Teach employees about ransomware and phishing threats. These appear to be from an official like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, don’t! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it. Teach them to:

Beware of messages that:

• Try to solicit your curiosity or trust.
• Contain a link that you must “check out now.”
• Contain a downloadable file like a photo, music, document or pdf file.

Don’t believe messages that contain an urgent call to action:

• With an immediate need to address a problem that requires you to verify information.
• Urgently asks for your help.
• Asks you to donate to a charitable cause.
• Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

• Respond to a question you never asked.
• Create distrust.
• Try to start a conflict.

Watch for flags like:

• Misspellings
• Typos

Ask Your MSP to Help You with PCI Compliance.

PCI Compliance is not a one-time event but should be a continual process to ensure your IT systems are appropriately transmitting and storing sensitive data. It mandates that network and business practices are secure.

Failing to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS) can ruin your small business if you get hit with a data breach.

It’s not always easy to do this on your own. Your MSP can help by:

• Performing scans of your network to identify and eliminate vulnerabilities that can lead to data breaches.
• Monitoring network activity and blocking malicious activity before it can lock down or steal your data.
• Providing you the tools and resources to promote compliance.
• Implement data-breach protection solutions.
• Help you sign up for a breach assistance/cyber insurance program that provides for reimbursement of certain card brand fees that are charged if data is compromised. Some cover the costs of a data breach, which can be upwards of $100,000 or more.

Protect Your Business from Data Breaches, Fraud, and the Resulting Consequences

When you take all of this seriously, you’re not just protecting your customer’s confidential information; you’re also protecting your business from fraud.

Most companies that experience a data breach will see a rise in cost to retain existing customers. And, they will also see an increased cost to acquire new customers. When you add these increases in cost to the loss of revenue from customers that choose take their business to your competitors, you’ll soon see how your damaged reputation dramatically affects your company’s bottom line.

You don’t have to face this alone.

The right IT Managed Services Provider can be your best ally against security threats. From helping you with integrated and compliant POS systems to implementing technologies like encryption and tokenization, and providing compliance and breach assistance, the right IT Partner is worth every cent when it comes to helping you secure your business against the devastating effects of credit-card fraud and data breaches.

The standard of next-generation telecommunication is no longer the future, but the present. You’re probably not using it, even though you should be, and you may have to wait.

When casual conversations bring up speed, it’s inevitable we hear the clichés about “faster than the speed of sound” or “faster than the speed of light”. Sometimes, if participants are up on pop culture, even “faster than Usain Bolt” is tossed around.

• Which travels faster, light or sound? Light travels at about 300,000 kilometers per second, and the speed of sound is usually around 300 meters per second.

What is the fascination with speed? Faster cars, faster jets, faster roller coasters…we are compelled to increase speed and speed capacity – you may even have the speeding ticket to prove it! We’re an impatient bunch – or is it a competitive drive that fuels us further in our quest for the next fastest “thing”?

When conversations turn to tech talk, the topic of speed is generally relative to a generation. No, we don’t mean Baby Boomers versus Millennials. The speed at which data travels wirelessly, whether it’s over an organization’s wireless network or a major wireless provider’s network, puts consumers entirely at the mercy of current technology and our data connection. Have you ever been on a Google Hangout and had your connection interrupted? It’s frustrating, possibly embarrassing, and potentially costly if the Hangout was a sales pitch.

There are currently five generations of wireless communications standards:

• 1G: The first generation of wireless cellular networks and technology was analog and considered the telecommunications standard since the 1980s.
• 2G: Wireless data networks go digital! This is the generation that data entered into our wireless world, with the introduction of the text message. There are sub-2G generations, but these didn’t have a noticeable impact on our daily wireless use.
• 3G: The third generation focused on telecommunication networks that supported faster data transfer speeds, regardless of the type of communication: voice calls, video calls, mobile or fixed wireless Internet. This was the generation that introduced the smartphone. This generation also had sub-generations with advancements to support faster speeds and better performance as a preparation of infrastructure toward 4G technologies.
• 4G: Fourth-generation technology increased data speeds again and established thresholds for speed to qualify.
• 5G: The future of wireless technology, implemented in December 2017 and anticipated to be available globally by 2020.

Note that last part: anticipated to be globally available by 2020. Currently, maybe five countries are using it based on wireless providers. Most of the larger providers are testing 5G implantation, including Verizon and AT&T in 2018. The complication is that the U.S. infrastructure doesn’t yet support 5G wireless technology, so even with the “Big Box” mobile service providers testing the technology, consumers won’t get the benefit – yet. But what’s crucial to keep in mind about the future is that 5G is more than faster data speed. The next generation of wireless technology seeks to enable new and incredible insights that drive efficiencies. In other words: faster and smarter! How is wireless technology smart? Glad you asked!

Given the explosion – not literally – of “smart” devices in the market, the Internet of Things reinforced the need for the new generation of wireless. In fact, beyond just wireless, 5G incorporates technologies like computing and the cloud for everything to be smart, and everything to connect – even smart vehicles! Technology is supposed to simplify our lives by finding ways to make things easier. Connectivity and integration further this notion, and underscores the direction of the future is with the Internet of Things.

• What is the Internet of Things (IoT)? The IoT is the network of connected devices that have internal components enabling connectivity, like electronic sensors and software, which allow for the exchange of data.

The wireless economy and data standards are experiencing a massive evolution. Consumer appetite is skyrocketing, and the next generation will support an overhaul of the service model that allows wireless service providers to reduce costs to accommodate data needs while simultaneously driving revenue with new services. Adversely, the current generation actually incurs greater costs for data in cases like autonomous vehicles compared to the costs of its fuel. 5G will fundamentally change this service model.

All this talk of evolution doesn’t mean the existing model will disappear. In fact, the next generation – 5G – incorporates many wireless technologies, and improves upon those we already use (4G). 5G is going to change the way we interact, work, and live in general. As full-scale monetization is recognized – the cost to produce smart goods decreases for manufacturers, and the cost to support increasing data needs decreases for service providers, thus passing these reductions on to consumers – we can expect to see ever greater numbers of smart goods. For example, hospitals are migrating to electronic health records in greater numbers due to the simplicity of the centralized patient records and access to complete history at-a-glance, but the ease of submitting prescriptions to external pharmacies has also been increasing with major metropolitan hospital systems. From cars to hospitals, the 5G model will not only support but become critical to data needs in this evolution.

The transition to 5G will require the U.S. infrastructure to transform to cloud-based architectures with a virtualized core, and it’s expected that companies will spend over $300 billion by 2025 to upgrade and become compatible with 5G demands, including new data centers, new network transformation gear, and new modems/IPs.

There aren’t currently any mobile devices supporting 5G capabilities, but we can expect an upcoming surge of announcements with new products flooding the market once 5G is more widely adopted. Hopefully, the United States isn’t late to that particular game!

Excited for the future generation of wireless telecommunications, Qualcomm debuted the first 5G modem in 2016, and in 2017 European leaders established a baseline for next-generation standards. It’s safe to say the world is not just open to 5G, but embracing the changes in technology this next generation is ushering in.

If you’re the owner or CEO of a small business, then you’re probably already functioning as the Chief Information Officer (CIO) as well. Most small businesses can’t justify paying for both. This means you have to take time from your priorities to manage your technology, ensure that it’s secure and decide what IT solutions to use. It’s not as easy to do this as it was in years past, simply because of the fast-evolving nature of technology, and the increasing incidence of hacking and data breaches.

But, did you know that you can “hire” a Virtual CIO (vCIO) at a fraction of the cost of hiring a CIO?

What is a vCIO?

A virtual CIO is a technology service provider who serves as your CIO. They help you develop an IT Strategic Plan, with up-to-date resources to ensure security, productivity, and efficiency. Rather than hiring your vCIO, you pay for the service on an on-demand basis.

This frees you from the daily worry about technology and whether it will run as it should. It also frees up your limited internal resources and allows your employees to concentrate on their core responsibilities.

A vCIO Will:

• Gain an understanding of both your business and your technology infrastructure and make sure your IT is aligned with your business goals.
• Help you with IT budgeting and cost control strategies to achieve your priorities and avoid unnecessary costs.
• Analyze any inefficiencies in your existing IT infrastructure and centralize/consolidate resources and operations to promote considerable financial savings.
• Advise on Organizational IT Design and replace outmoded processes so you can pursue market opportunities and overcome business challenges through updated, value-based technologies.
• Effectively incorporate technology into your operational processes and ensure security at all times.
• Develop and IT Strategic Plans that aligns with your budget.
• Learn about your competition, and what new IT solutions they are using.
• Interface with your managers and users to ensure that you meet your IT goals.
• Identify and evaluate the impacts of your technology decisions.
• Conduct ongoing evaluations to assess your IT needs and provide service performance metrics.
• Manage technology needs for specific projects, whether they are new ones or ongoing.
• Deliver monthly updates to your management, provide Quarterly IT Summaries that reveal the condition of each component of your network, and prepare other reports as required.
• Provide procurement assistance to ensure you get the best prices on hardware and software.

Your Virtual CIO Will Help Your Achieve These 10 Technology Priorities for 2018.

 Cybersecurity

Security is an essential factor for any organization, and small businesses like yours are the biggest target for hackers today. Risk assessment, data protection, training awareness, and third-party security practices are necessary to ensure maximum security and protection. Continuous diagnostic monitoring is required to view your network, identify risks, quantify attacks and/or breaches, and mitigate them. Digital forensic tools are especially important for companies that require regulatory compliance and incident management. Identity and access management is a security practice that enables only authorized individuals to access resources to comply with security and compliance requirements. These are crucial elements for any business. Your vCIO will manage all these and other cybersecurity requirements for your business.

Disaster Recovery and Business Continuity

Disaster recovery and business continuity refer to your organization’s ability to recover data after a disaster occurs and when IT services are shut down or compromised. Both practices involve the process of backing up data and preparing policies and procedures to implement in the event of a disaster. Your vCIO will confirm your business can stay up and running no matter the IT disaster, manmade or natural.

Mobile Workforce Technologies and Solutions

With the BYOD (bring your own device) trend, organizations are using mobile devices more than ever. Your business is competing in a mobile, technology-driven economy, and you must rely on your mobile workforce to ensure customer satisfaction and product/service innovation. The right mobility solutions ensure secure and simple access to data, tools, and applications from any location. Your vCIO will help you consider applications, support, ownership, security, and communication issues and policies that will ensure your mobile workforce is always productive, and your data is secure.

Cloud Computing, Software as a Service (SaaS) and Virtualization

Software as a Service utilizes a cloud-computing infrastructure to deliver a single application to your employees no matter their location. This is opposed to relying on the traditional one application per desktop. Cloud services are available to your employees via the Internet from a cloud provider’s servers and used instead of your company’s own on-premises servers. Virtualization refers to the creation of virtual servers, desktops, storage devices, applications, and computer network resources. You can virtualize your entire IT infrastructure or just specific aspects of it. Cloud services and virtualization provide easy, quick, scalable access to resources, applications, and services, and simplifies your overall IT infrastructure to promote efficiency.

Enterprise Resource Planning (ERP)

Enterprise Resource Planning involves the use of business management software that combines a variety of integrated applications to store and manage data for all aspects of your business operations. It includes product planning, manufacturing, marketing, inventory management, shipping, invoicing, accounts receivables and payables, and more. Software as a Service Enterprise Resource Planning (SaaS ERP) supports remote hosting of business IT services. It’s also known as Cloud Enterprise Resource Planning (Cloud ERP).

Strategic IT Planning

Strategic IT planning focuses on your organization’s specific needs and how to best use technology to meet them. IT is a strategic capability to be used and integrated into planning and projections with consideration of future IT innovations and business growth. Your vCIO will work with you to determine how technology will help you achieve your business priorities and prepare guidelines and policies that support your vision with the right IT solutions.

Networking: Data and Voice Communications

Data communications refer to the electronic transmission of information for storage and processing, while voice communications refer to systems such as mobile devices and VoIP systems. Your vCIO will help you implement the best communication solutions to keep your organization connected and up and running.

Legacy Application Modernization/Renovation

Legacy application modernization is the process of refactoring, re-purposing, or consolidating legacy software programs to align with a company’s current needs. This enables you to benefit from the advantages of new development without the risk and cost of replacing legacy systems.

Business Intelligence and Analytics for Big Data

Business intelligence, or BI, is a term that refers to a variety of software applications used to analyze an organization’s raw and big data (massive amounts of data). Business analytics is the process of exploring and investigating an organization’s data with emphasis on statistical analysis. This is becoming more important for even small businesses today. They are relying on software solutions like Microsoft Power BI (Business Intelligence) to transform data and create interactive reports to help them analyze data to reach their goals.

Shared Services

Many parts of an organization use the same services and resources. Shared services involve the consolidation of business services and resources used by multiple parts of an organization. For example, with service portfolio management, organizations can define and manage services and resources. By incorporating automation, virtualization, advanced analytics, and other digital technologies into your operations, you can streamline processes. These technologies also may enable you to make better decisions and improve the quality of customer interactions.

By taking advantage of the services a virtual CIO provides, you’ll enjoy all the benefits of a CIO without the added costs. Your vCIO will protect your important data, help you get the most from your technology budget, provide customized reports and recommendations, and ensure you meet the technology challenges of 2018 and beyond.

Dangerous cyberattacks have been released by a group of hackers known as The Shadow Brokers. These exploits will lock up your data for good – no ransom, no return.

But this isn’t all they do – they’ll also leave behind a parasite that lets them “hang out” inside your computer, infect others, and re-enter through a backdoor.

What’s really scary is that these attacks are getting past traditional next-generation security measures. In 99 percent of the cases, security researchers found that these threats bypassed security tools.

EternalBlue (the worst-ever recorded ransomware strike): In February 2018 EternalBlue was ported to all Windows operating systems. By exploiting a vulnerability in Microsoft’s Server Message Block (SMB) protocol, EternalBlue allowed the dangerous ransomware virus WannaCry to propagate and infect 230,000 computers.

EternalChampion and EternalRomance are two other exploits that were also reported at the same time EternalBlue was.

And then there’s EternalRocks, also known as MicroBotMassiveNet, which is a computer worm that infects Microsoft Windows. It uses seven exploits that were developed by the NSA and unknowingly leaked to hackers. As a comparison for you, the WannaCry ransomware program only uses two NSA exploits. Experts tell us that EternalRocks is much more dangerous.

EternalRocks installs the Tor anonymous network to conceal Internet activity. Your server then downloads EternalRocks to your computers. To avoid detection, it calls itself WannaCry. But unlike WannaCry there’s no kill switch.

EternalBlue and these other exploits use a backdoor implant tool to infect your systems. Plus, EternalRocks is self-replicating worm and leaves the back door open via DoublePulsar so that other hackers can load malware on your computer.

Backdoors leave you exposed to a multitude of cyber threats.

A backdoor is a port or malicious application that provides access to a server or network. It provides hackers with unauthorized remote access to your network by exploiting security procedures and authentication. Backdoors can be used for cybercriminals to gain remote access to your computers.

Backdoors work in the background and are hidden. They are much like other malware viruses and, therefore, difficult to detect.

A backdoor is one of the most dangerous types of computer parasites. It gives a criminal the ability to perform any possible actions on your computer.

The attacker can:

• Spy on what you do,
• Take over your files a user,
• Install additional software or malicious threats,
• Control your organizations’ entire PC system,
• Implement keystroke logging and screenshot captures,
• Infect files,
• Encrypt your data, and
• Attack other hosts on your network.

Plus, the parasite can work automatically on its own and do what the hacker wants.

A backdoor not only allows the hacker to access your computer and network, but it also lets them come back and enter your system again and again.

Backdoors are complicated for system administrators to deal with. In most of the cases, it’s very difficult to find out who is controlling the parasite. In fact, all backdoors are really hard to detect.

Before they can find out how hard it will be to block the hacker’s access, system administrators have to figure out the methods hackers will use. There are so many exploits now that makes this a very difficult, if not impossible task.

Plus, some of these backdoors can’t be detected because of the way they’re designed.

Even if your admin changes passwords when an attack is discovered, backdoor utilities can be programmed to give the hacker repeat access to your system.

They do this via computers on your IT system that don’t log on to the network very often. Because it appears that no one is using the machine, your system administrator doesn’t detect that a hacker is actually using it.

There’s another kind of backdoor utility that lets the hacker return to the network within a short period of time. This way they don’t have to find a vulnerability to exploit in order to gain access. But if your system administrator does detect them, they’ll just take the time to look for another vulnerability. As you can see, this can be a constant battle.

Password cracking is the most-used method of backdoor hacking to breach network security.

The hacker locates your accounts that use weak passwords. These are accounts that aren’t used often. The hacker creates an access point by changing the password. When the system administrator searches for the fragile accounts, the ones that have weak passwords, the passwords have already been changed won’t be visible.

Backdoors can degrade your Internet connection speed and system performance. They prevent you from removing them by hiding in files. Plus, there are no uninstall features to delete them.

There are 5 ways backdoor threats can get in:

1. You can accidentally install them on your computers. Sometimes they come attached to phishing emails or file-sharing programs. They look safe and can trick you into opening and executing them.
2. They get installed by viruses like spyware or Trojans without your knowledge. Then they infect each profile for those who use that compromised computer.
3. They can be manually installed by malicious insiders who are authorized to install software on your computers. Then the backdoors can spread by exploiting remote systems with security vulnerabilities.
4. Some backdoors come with applications, including legitimate ones. Once the hacker gains access to a computer and access to the software installed on it, they have the authorization to take control and infect the software.
5. Backdoors can infect a computer by exploiting software vulnerabilities. They work just like computer worms and automatically spread without you knowing it. You won’t be alerted by warnings, setup wizards or dialog boxes when this happens.

What can you do to protect your business from backdoor threats?

Backdoor parasites are extremely dangerous and must be removed from the system. It’s essential that you contact your Technology Solutions Provider so they can do the following:

1. Block external access to all Server Message Block ports on the public internet.
2. Patch all Server Message Block vulnerabilities.
3. Block access to C&C servers (ubgdgno5eswkhmpy.onion) and
4. Install a DoublePulsar detection script.
5. Make sure to use an up-to-date analytics tool to monitor for insider threats.
6. Monitor your system for any newly added scheduled tasks.

 Contact our cybersecurity experts. We can “shut your backdoors.”

NIST has recently released a quick start guide that outlines the procedures used to place test data on a mobile device by forensics experts during an investigation. In many criminal cases, the authorities can gain valuable information by examining smartphones, computers, and tablets belonging to those involved. The NIST guide provides important directions, guidance, and techniques for setting up a device for use with mobile forensic tools.

 

Criminal Investigations and Legal Trials

Recovering data from digital devices has become an important part of many criminal investigations. The information found on a phone can prove helpful in providing clues as to the whereabouts and activities of suspects. This data is often used during trials and should be as accurate as possible since a legal verdict could be determined based upon what is found on the suspect’s computer, cell phone and/or tablet.

Even the best forensic investigators admit that data extraction from mobile devices can be tedious. This is due to the many differences in the types of data and formats used from one device to the next. Testing can be performed by anyone in the law enforcement community, but the official Federated Testing software must be utilized.

Tools for Law Enforcement

For years, law enforcement and forensic experts have used the data found on mobile phones and computers during the course of their investigations. As this science has moved forward and evolved, it has become necessary to create guidelines for populating mobile test devices. This eliminates much of the guesswork and helps a forensics team to be consistent with their testing procedures. This, in turn, helps to guarantee more reliable results. Consistency and reliability are key aspects of the type of data that can be used during a legal trial.

The two basic strategies for populating a mobile phone, computer or tablet with testing tools are:

• Place test data on a new or sanitized device
• Place test data on a user device and adjust as needed

Mobile forensic tools are primarily used with Federated Testing, but can be used with other test methods. By undergoing these forensics tool tests, investigators can ensure greater accuracy and easy sharing of their results with others in the forensics community.

Contents of the NIST Guide

The NIST Guide begins by describing the primary types of data found on a mobile device or computer, including, but not limited to:

• Text messages
• Photos
• Emails
• Social media posts and information
• Call logs
• Contact lists

A mobile device may contain hundreds of data elements that could be helpful to investigators. In many cases, it’s best to narrow down the search to data that seems to be most relevant to the specific case. This can prevent investigators from wasting valuable time on unimportant information. As the case progresses, investigators may determine that other data could also be helpful to uncover. Testing can be performed as necessary on those.

Divided Sections

The NIST document is separated into sections and appendices that describe the various methods of populating and documenting data found on a mobile device including the SIM/UICC. These are outlined below:

• Section 2: Document Device Data
• Section 3: Personal Information Management (PIM) Data: Contacts, Calendar & Memos
• Section 4: Stand-alone Data Files
• Section 5: Call Logs
• Section 6: Text Messages
• Section 7: MMS Messages
• Section 8: Location Data
• Section 9: Browser/Email Data
• Section 10: Social Media Data 214
• Section 11: Other Applications of Interest
• Section 12: SIM/UICC Card

How to Begin

The guide provides step-by-step instructions for populating and documenting a device. The guide recommends performing these steps for each mobile device tested.

Begin by choosing the most relevant data types that seem pertinent to your inquiry or investigation. If this data does not result in the information hoped for, testers can always go back and perform these steps on other types of data found on the form.

Appendix A-Acronyms

Appendix A explains all acronyms used in these testing procedures. It is necessary to assign an acronym to each item to reduce the amount of writing or typing. These can be confusing since some are so similar. Therefore, it is recommended that testers keep Appendix A handy to make sure they’re using the right terms when filling out their paperwork.

Appendix B-Mobile Device Documentation

Next, fill out the template found in Appendix B for each device to be tested. This template will ask common questions about the type of equipment including the name of the subscriber, device make, and model, IMEI for the phone and other identifying info. The IMEI can be found by going to Settings, then choosing About and scrolling down to where the IMEI is shown. Enter the number with no spaces or dashes on the form found in Appendix B. In this area, there are many other identifying numbers required on the form.

Appendix C-Mobile Device Data Example

This example form has been filled out for one “Stevie Ray Vaughn”. Though it is somewhat humorous, it shows the types of data to be placed in each portion of the form. His full name, address, email address and birth date are shown. If a photo of the phone’s owner is available, that should also be included. Calendar data can be important because it shows the daily routine, meetings, and people that a suspect might be associated with. It can help investigators create a timeline for the last few days of a person’s life.

Appendix C is quite lengthy due to the fact that SMS and EMS messages are recorded here along with call logs. Many people exchange dozens of text messages with friends each day. Include information about who sent the message and its contents. Make separate entries for unread messages and voicemails. Deleted messages and calls should also be recorded.

Federated Testing Project

The Federated Testing project at NIST is an extension of the Computer Forensics Tool Testing (CFTT) Program. This program has been successful in helping laboratories and forensic experts accurately uncover important information from mobile devices and computers. It enables consistent reporting and sharing of results across various labs and law enforcement agencies found across the United States.

The term, “meta description” may seem foreign to some but we all see these descriptions each time we search for something online. The meta description can contain up to 320 characters and should be an interesting summary of what your website is all about. It shows up in the search results as those first few words/lines that explain the essence of your website or post.

How Meta Descriptions Work

Each time we type a search term in the browser, a number of results will come up. For each one, there’s a 320 character description of the site or page. People usually decide which site to click on based on what these meta descriptions say. That means it has to be snappy and fresh. The wording needs to grab your attention. It has to sound enticing. Think of it as a short, but powerful sales pitch. Potential customers are far more likely to visit a site that sounds unique, interesting or entertaining than one that sounds boring.

Though search engines make it clear that there’s no direct advantage from writing good meta descriptions, there is a very strong indirect benefit. If you’ve written a good meta description, then this will improve your click-through-rate (CTR). As visitors click-through to your site, the search engine uses that information as a way of determining that your site was aptly and well described. This will improve your position in the search results.

It is important to point out here that Google will not always show your unique meta description. Sometimes they generate their own description of your business based on factors like the search term and type of business it is. This is where keywords come into play. Most business owners now understand at least the basics of keywords and how they work. If your content is well-optimized, then it should reflect that by serving as a great meta description.

Google changes the way their search engine works at times and this can certainly throw a wrench in all your good plans. However, that should not stop business owners from doing sound keyword research and creating unique content with those keywords. It goes without saying that keyword stuffing is bad and should be avoided at all costs. Always observe the current standards for keyword density in a page of text, which usually runs around 2 to 2.5 percent.

Yoast Free or Premium?

Yoast offers a free and a premium SEO service. With the free service, you get one keyword for each page of content. The premium service allows five keywords for each page. The premium service also does a readability check using the Flesch Kincaid test which measures the grade level of your writing. Since the world wide web is filled with people from all backgrounds and educations, Flesch Kincaid usually recommends writing copy that would be easy reading for a third to fifth grader.

Use short concise sentences. Avoid big words that are not readily understood unless you are writing technical information for a specific audience, like IT experts. Try to use action verbs instead of passive verbs. Use subheadings and catchy taglines. Whatever you can do to make your site more attractive, unique and fun, will help. You can count on getting more traffic and higher conversion rates.

How to Use Yoast SEO to Write Meta Descriptions

If you don’t write a unique meta description, Yoast will produce one. Usually, it simply takes the first three lines of content on your page or post and uses that. If you’d like to edit that, then click on the “edit snippet” button. This opens the snippet editor. There are fields there to edit the SEO title, slug and meta description. As you type, your new meta description will show up. You can make changes until you feel it’s just right. The snippet editor has an orange bar at the bottom that will become green once you’ve typed enough information.

Many site owners use the first few lines of content on their page or post as the meta description. If your site has good, professionally written content on it, then there’s nothing wrong with that. However, if you feel you could improve the text, then, by all means, do so. If you can get the hang of this and really write powerful meta descriptions, it can greatly improve your click-through rates.

How to Write a Superb Meta Description

Once you’ve decided that this is something worthwhile that could improve your bottom line, it’s important to put your best foot forward. In order to write effective meta descriptions, you may need the help of a good copywriter. Copywriting is all about utilizing words to persuade searchers to click on your page. With only 320 characters or about two to three lines of text, it’s important to make every word count. Below are two writing examples to show you the difference between professionally written text and that of an amateur.

Good Meta Description:

Apple

https://www.apple.com/

Discover the innovative world of Apple and shop everything iPhone, iPad, Apple Watch, Mac, and AppleTV, plus explore accessories, entertainment, and expert device support.

The above meta description from Apple does contain some good keywords but it doesn’t feel awkward or forced. It’s informative. It’s also important to note that this meta description was written using the older rules where 155 characters were the rule. Today, we’re seeing longer snippets that contain more information to help searchers decide what to click on.

Bad Meta Description:

Mary’s Bakery

https://www.marysbakery.com/

Get some good donuts and cakes at Mary’s Bakery located in downtown Minneapolis. We cater and deliver. Our baked goods are tasty and made with quality ingredients.

Though the above meta description does contain some valuable information, it’s boring. The shop owner wastes valuable space here to tell consumers where they’re located. This is something that many searchers will not care about in their initial search. Use this space to talk about delicious pastries, cakes, and donuts. Talk about your award-winning cupcakes with buttercream icing. This is how you get people to visit your site and look around.

Caution!

Be sure that your meta description accurately describes your page or post. Yes, the wording can be flowery, powerful, strangely attractive, etc. But it should also be truthful. If you make promises you can’t keep, then searchers will quickly hit the “back” button. This can cause your site to fall in the search listings.

As mentioned above, avoid keyword stuffing. Just about all web visitors today understand what keyword stuffing is and most don’t like it. The reason? Keyword stuffing makes a section of text read awkwardly. It is typically not well-written content and it doesn’t make sense to your human visitors. Remember to write your meta description for humans, not for search engines.

Instead, focus on writing interesting descriptions and unique content for your human visitors. In the end, search engines will not be purchasing your products and services. Humans will, so cater to their needs, wants, desires, whims—and you’ll be rewarded with higher click-through rates and stronger sales.

According to SC Media:

In January 2018, a Long Island, N.Y., medical practice left an exposed port normally used for remote synchronization open, exposing at least 42,000 medical records.

UpGuard Director of Cyber Risk Research Chris Vickery found that port 873, normally used for remote synchronization and moving data between devices (on a server belonging to the medical practice of Cohen Bergman Klepper Romano Mds PC), was open and configured for global access allowing anyone who knew the server’s IP address to find the data. A secure server would only allow access from select IP addresses, UpGuard wrote:

The flaw allowed the patient names, Social Security numbers, ethnicity, insurance information, dates of birth, phone numbers and insurance information of the Huntington, N.Y. practice to be exposed. In addition, physician’s personal information to include Social Security numbers and more than three million of the doctor’s notes on their patients along with emails were also left unprotected, UpGuard said.

The unsecured server was found on January 25, 2018, and finally secured on March 19.

“Beyond the obvious sensitivity of any exposure of an individual’s medical background, the leak of patient – and doctor – Social Security numbers, in association with personal details like home address, insurance information, and date of birth, provide ample ammunition for fraudsters. Armed with the contact information for patients, and the knowledge of which doctor’s office they go to, malicious actors could also socially engineer exposed individuals, posing as a representative of the physicians to further extract sensitive information,” UpGuard reported.

This is a warning to patients who have visited the Huntington, New York practice, along with doctors’ offices and healthcare organizations across the country.

Part of the problem is that the Health Insurance Portability and Accountability

Act is so complicated that most organizations hire specialists to handle all their compliance needs. This at odds with the original intent of HIPAA. It was supposed to improve patient privacy by simplifying administrative procedures, reducing costs and upgrading the level of security throughout the healthcare industry. HIPAA seems to have accomplished just the opposite on all fronts.

Under HIPAA, any organization that deals with patient information must comply with their regulations. This includes anyone who retains, accesses, stores, modifies or destroys protected healthcare information. In order to fully comply, it’s necessary to create a solid audit trail of any disclosures, whether past, present or future.

An organization must be diligent to protect any information that might identify the patient. Although the HIPAA Privacy rule deals more with any type of protected health information (PHI), the HIPAA Security Rule focuses more on the electronic side of things.

Healthcare professionals should become familiar with the two sides of HIPAA regulations:

The privacy of patients. HIPAA maintains strict rules for protecting the health information of an individual. PHI refers to demographic information, medical history, test and laboratory results, insurance information and other data that a healthcare professional needs to identify an individual and determine appropriate care.

Key identifiers such as phone numbers, patient ID numbers, social security numbers, insurance ID numbers, electronic mail addresses and even some vehicle ID numbers. In fact, there are 18 different types of information that might reveal the identity of a patient. These must all be protected from intruders.

With so many hacking and cyber-theft events occurring each year, it has become even more challenging to protect the personal health information of every individual.

The process is even more complicated by the fact that personal data can be stored in a number of different devices. You may have electronic protected health information (ePHI) stored in your email server, voice mail, fax machine, computer, cell phones, tablets, medical devices and other places. In any area that is considered within the purview of the organization, there are serious financial penalties for breaches. The fines range from $100 to $1.5 million.

Did you know that healthcare hacking is the leading cause of data breaches?

Here are a few more examples:

The prominent Washington University School of Medicine learned about a phishing incident on January 24, 2017, when an employee responded to a phishing attack on December 2, 2016. The Office of Civil Rights (OCR) said that 80,270 individuals might have been affected.

“This phishing scam allowed some of Washington University School of Medicine’s patient data to potentially be accessed, the school reported on its website. The accessed employee email accounts may have included names, birth dates, medical record numbers, diagnosis and treatment information, other clinical information, and Social Security numbers in some cases.”

Texas-based Urology Austin, PLLC in Texas revealed that they experienced a ransomware attack on January 22, 2017. Within minutes of the attack, they shut down their computer network. However, OCR reported that 279,663 individuals’ private data might have been affected.

They immediately took steps to restore the impacted data and their operations. A Urology Austin representative told local news that they didn’t pay the ransom and that they were able to restore the patient information from a backup.

The odds that a data breach can happen at your healthcare organization

have greatly increased. This is because healthcare workers generally lack cybersecurity awareness.

Some alarming statistics:

• 24% of healthcare workers lack awareness about phishing emails as compared to 8% in non-healthcare sectors
• Only 18% of healthcare employees were able to recognize phishing emails. Physicians were 3 times worse at it.
• 88% of healthcare workers opened phishing emails.
• 50% of doctors were in the “risk” category, making them disposed to commit a serious data breach.
• Healthcare employees exhibited less knowledge about cybersecurity than did the larger population.
• 24% of physicians couldn’t identify the common signs of malware.
• 30% of healthcare workers took risks that put the safety of patient records at risk.
• 23% failed to recognize forms of malware.
• 18% chose the wrong actions when they were given scenarios to respond to. Many thought it was okay to share patient data via their personal email accounts or over insecure cloud platforms.

Healthcare hacking and IT incidents accounted for the majority of large-scale incidents in 2017.

According to the 2017 Cost of a Data Breach Study: Global Overview, healthcare data breach costs are the highest for the seventh straight year. Data breaches from healthcare organizations cost $380 per record. This is greater than 2.5 times the global average in other industries.

Beyond ensuring that your ePHI and other confidential data is secure and protected at all times, you must provide cybersecurity awareness training that’s conducted by a professional who understands ePHI and what healthcare employees need to know.

It’s obvious from this data that healthcare entities are not properly educated and prepared to defend themselves against sophisticated hacking attempts today. From these statistics, you can see that these organizations are at risk of HIPAA noncompliance.

Your first layer of defense is your employees. They require professional security awareness training that includes both privacy awareness and demonstrations on how to recognize phishing attempts and what to do if they receive one.

It’s only through ongoing Cybersecurity Awareness Training that you can keep your healthcare employees apprised of the latest sophisticated threats, how to mitigate them and what to do protect your organization from severe, negative consequences.

According to the US Department of Health and Human Services, employee cybersecurity awareness training should meet the following 4 objectives:

1. Develop and demonstrate foundational-level knowledge of cybersecurity.
2. Employ best practices to protect privacy and safeguard Controlled Unclassified Information (CUI).
3. Recognize cyber threats to information systems.
4. Identify and report potential cybersecurity and privacy incidents promptly.

5 More Tips:

 Regular and Recurring Security Training Is Essential.

Hackers are constantly developing new, sophisticated methods to trick your employees into clicking on malicious links and downloading dangerous software. For this reason, it’s critical that your employees stay up to date on the very latest security threats and how to avoid them. Additionally, refresher training will keep them on their toes and save you a lot of worries.

 KISS (Keep It Simple and Secure)

If the security measures you teach are complicated and difficult to follow, your employees won’t remember them. Instruction should be clear and concise with ways for employees to easily remember your policies and rules. This is another reason why it’s always best to defer to IT professionals to train your staff.

Your Employees Need to Know How to Respond to Security Incidents.

Along with teaching your staff how to avoid security incidents, they should be aware of how to appropriately respond to them. What should they do if they come across a malicious attachment or link? What should they do if they accidentally click on one? Make sure they know what to do and who to contact.

Teach Your Employees about Cybersecurity for Their Personal Use.

It’s also important to teach your healthcare staff about network security for their personal purposes, such as when purchasing items online or what to do if they receive phishing emails on their personal accounts. They should also know how to protect their personal information on your organization’s network.

Make Sure Security Support is Easily Accessible.

Ensure your staff knows where to go if they have security questions or concerns. Your Technology Service Provider (TSP) will have a 24/7 Help Desk for support and assistance with these concerns or anything regarding technology. Plus, if an employee does come across a ransomware attempt, your TSP can intervene remotely to remove any malware and ensure your ePHI and confidential data remains secure.

Don’t become another statistic. Keep your healthcare organization off the Wall of Shame. Contact our HIPAA Cybersecurity Experts for assistance.

We all hear the rumors, the buzz, and constant speculation any time there is a hotly-anticipated iOS release hyped at an Apple keynote. We read the online gossip about the features announced and compare past keynotes.

If you’re reading this, you’ve been there. We have, too. More importantly, we ask the same questions. Will my current iPhone or iPad be supported? Will there be settings to make my iPhone or iPad operate more efficiently, and improve battery life? That’s the ultimate goal for every Apple product user. That, and the glittering unicorn emoji, naturally.

So, let’s dive right into Apple iOS 11.3, shall we?

The release of iOS 11.3 is the third follow-up to the overhaul that was iOS 11 from 2017, and – if Apple is being honest – it’s entirely due to the scandal for which news broke just before Christmas.

Owners of older iPhones are going to love Apple iOS 11.3 because it’s the promised “fix” to the controversial iPhone-slowing process that Apple covertly implanted in our beloved iDevices, intended to slow down the operations of dated models to prevent “sudden shutdown” of the iPhone. (Pssst…Apple…we didn’t believe you!)

Unless you’ve been comatose for the last six months, you’ve heard of Apple’s scandal in admitting it slowed down older phones. There were vague excuses, but it felt like a confirmation to many who joked that it seemed like Apple implanted alarm clocks of sorts that made iDevices slow to a crawl around the 20-month mark, fueling the desire to upgrade the device to the latest version – a well-controlled supply and demand market. Cue Apple’s admission and iDevice owners worldwide felt vindicated, completely ignoring that gnawing feeling of how many devices we feel we’d been tricked into purchasing since the release of the very first iPhone over a decade ago. It wasn’t until after Apple’s offer of battery replacements – at a “discount” – and this release to put control back in the hands of the user that we began to realize that we feel a bit violated.

Looking more closely, Apple offers several features in iOS 11.3, so let’s take a closer look at the highlights of what we get with our digital apology.

• Animoji: Have you ever wanted to turn yourself into a bearmoji? Available in the Messages app, now users can select the bear, dragon, skull and sullen lion characters to mimic facial movements and include voice recordings.
• Apple News: Apple News: A new, customizable “For You” section with personalized content, including video.
• Advanced Mobile Location: An improvement on Location Services, when toggled on this setting automatically shares a user’s location with emergency services when an emergency call is initiated.
• App Store Updates: Updates impacting user experience, like the ability to sort reviews by Most Recent, Most Helpful, Most Favorable, and Most Critical, have been long awaited. Thanks, Apple, for catching up and giving users what is most helpful! Apple is recognizing that users want more control and customization of their devices and this update, which also includes file size of updates, will make the App Store more useful in general.
• Security Improvements: Ever a concern, Apple detected cybersecurity vulnerabilities in Mail, Find My iPhone, iCloud Drive, and the Phone and Clock apps and patches for these were included in the 11.3 release.
• Battery Health: The infamous battery issue has its own setting! Users can get up close and personal with their battery details in Settings, Battery, Battery Health (Beta), and see maximum charge capacity and peak performance capability – and the battery will also indicate if it needs replacing.
  • It’s only when the charge capacity is less than 100% that users will see a message that “performance management” features have been applied (aka, the slowing-down effect) and offering the user the ability to disable this. Users might notice increased operation speed, but Apple warns to expect sudden shutdowns.
  • Note: Disabling this feature is semi-permanent; you cannot turn this feature back on unless a sudden shutdown occurs and then this message reverts.

• Health Records: iPhone owners can now store personal medical records on the iPhone, including the ability to connect to medical providers and download encrypted records. Have information about allergies, medications, tests, and results, vaccinations, and a plethora of medical details at your fingertips. We expect this feature to continue to evolve.

The Big One:

• Updated Privacy: Apple is recognizing that their community greatly values their privacy, and is vowing to help do more to safeguard it.

After installation of iOS 11.3, users are greeted with a welcome message going into more detail about its new Data & Privacy feature that states, “Apple believes privacy is a fundamental human right.” The good news is that Apple is now trying to be very transparent with regard to what data it collects from users. To be fair, iPhone owners are Apple customers, and with this relationship, a degree of consumer information is expected in a transaction. Is Apple not held responsible for maintaining the security on our iPhones? We, therefore, assume they require tidbits of consumer information but also have ironclad security with which to protect us – fair trade on the smallest scale. Apple now tells users what data it collects and why just inside Apple apps with a small icon that looks like two shaking hands. The irony is that much of this information has been included in the privacy policy offered by Apple for iTunes transactions (over 1,000 words, roughly).

Compatible iDevices – iPhone 5S or newer, iPad mini 2 or later, 6^th generation iPod Touch or newer, and the 2018 iPad – will (or will have already) receive automatic prompts to install iOS 11.3, but it can also be manually installed via Settings, General, Software Update. The focus with 11.3 is the iPhone, but iOS doesn’t only run on phones, so the new operating system comes with the goal of overall efficiency and privacy.

We love our iPhones (and iPads, too), and we keep endless information on these tiny pocket computers that run our daily lives. From phone calls to text messages, from email to apps, from appointments to reminders, our iPhones hold the key to our productivity and our connectivity, and we want control over how they function. Apple finally recognizes and concedes (some) control to users with iOS 11.3, and we expect even bigger things to come from this.

Apple, this is the beginning of an even better, stronger relationship!

Your company is busting at the seams. Staff is piled on top of each other. You’re growing, but the building isn’t. The time has come to move your office and your technology. Where do you begin? 

If you stick with us, we have it all sorted out for you, with our “Top 5 Easy Technology and Office Moving Tips.”

The best moving plans always start with a little bit of reconnaissance. Getting it down in writing, as you would see on a blueprint.

• What you want
• Where will you be located
• What will your new location look like
• Where will your technology be installed
• Will you need to upgrade or replace your equipment
• Will you need to renovate the office space
• What are the parking slot allotments per business
• How to minimize office downtime through your move

As you consider your move, remember, your technology has become one of your employees, in many respects. Behind the scenes, they operate quietly. Your technology performs a high volume of functions, not seen by you and your staff.

Without them, your company doesn’t function smoothly. So, your technology moving plan is as vital as your office moving plan. Implementing the process takes careful and timely planning.

Tip 1. Phone System Evaluation

At your new location you will want to:

• Establish a new internet connection
• Install new phone lines
• Run new cables

Ask yourself: Is it time for equipment upgrades or replacements? How long have your phones been in use? What are the phones speaking and listening quality? Is it hard to hear the caller? Do you or any of your staff sound garbled when speaking? Are the warranties valid or have they expired?

Quick warranty tip – Most phone equipment warranties do not go beyond 24 or 36 months. If you’ve reached those milestones, go ahead and replace.

Installing new phone equipment will save you money, adapt to more modern technology, and new warranties are in place.

As you plan for additional growth, new phones allow you to:

• Use video conferencing
• Forward voicemails to email
• Use an IVR system
• Improve call quality

Let’s also not forget telecommunication providers bundle packages, with new installations and low-cost introductory offers.

Tip 2. Cloud-Based Services

At your new location simplify your process. Maybe clean-up IT processes. Starting with Internal Server and Infrastructure. If you keep your current physical set-up, you will need to create new operation protocols.

On the other hand, you could switch over to Cloud-Based Services before your office move. What could you move into the Cloud that would free up physical space at your new location?

1. Accounting
2. CRM
3. Email
4. Files
5. Phone System
6. Administration
7. Industry-specific software

Anything currently at your location you can send to the cloud reduces your overhead costs and secures your system. You will also eliminate the expense of installing and the upkeep of a secure server room.

Tip 3. Connectivity and Floor Layout

Here is where you must do a physical walk-through of your new location. Before you conclude, your Wi-Fi will work step into the building, look at every square inch of the landscape. What is the construction of the walls? (Some interior building walls make connectivity difficult due to their development and materials)

These are the physical attributes and barriers you’ll want to look for:

• Floor layout
• Office configuration
• Wall and ceiling textures
• Water Damage
• Mold and Mildew
• Technology services availability
• Types of technology your neighbors use

Consider hiring a building inspector, that specializes in Connectivity and Technology office space setups. Laying the groundwork here removes any negative impact on employees, should the Wi-Fi connection be blocked and not work on opening day.

Tip 4. Internet Speed and Connection

Frustrated with your internet speeds? All of us have at one point. As you plan your office and technology move, now is the time to improve this necessity. Before you move to your new building, check with your provider to see if there is a cost break on the new service. What you may be paying now is for existing service at your current location, not the new one.

You’ll want to coordinate, with your provider when your new Internet connection goes live. We recommend giving plenty of notice, should you or a staff member needs to be at the location when the service technician arrives.

Tip 5. Transition and Moving-Day

As stated above: “Simplify your process.” Before you make that rapid transition, from one phase of your business to another, consider cutting over before you move.

If you can do it without hindering your business, cut-over before your move date. This part of your transition will make your final relocation simpler. If you are having new equipment installed, before your move, this part of the transition will be fast too.

Finally, these five items stay in place before your move:

1. Furniture
2. Computers
3. Servers and network equipment
4. Public IP Address (if it’s still needed)
5. Phone Number Block migration to the phones lines at the new office

Taking the time to consider these items will make the overall office relocation project a more positive experience for everyone involved, including you.

 

Your most valuable asset has nothing to do with information or data you store, but rather within your human resources departments – which may also be your greatest weakness.

Cybercriminals don’t sleep. Nope. In fact, it’s when we sleep that cybercriminals are the most active! There is a good stretch of time during which they can cause significant damage before we rise to start our day, much less notice. While the rest of us are sleeping, cybercriminals are like attendees at an all-night rave with glow-in-the-dark colors splashed about the otherwise-pitch-black room, in the form of paint, black lights, and glow sticks worn by the party goers. Loud music pumps up the energy well into the wee hours of the morning, until just before Average Joes rise at the sound of their alarm clocks to prep for the workday.

Unlike the revelers at the rave, cybercriminals – hackers – aren’t dancing the night away in black leather and copious amounts of hair gel, although we can’t guarantee their wardrobe or style choices. What we can guarantee is their activity: seeking a network with even the tiniest cybersecurity vulnerability which they plan to exploit to their every advantage. This is where your greatest asset comes in: human resources. These human resources are not the team members that oversee onboarding, payroll, benefits administration, or anything like that. We literally mean the resources on your staff that is human! The people that get the daily tasks done are an organization’s greatest asset, even more so than the most dedicated and loyal customers that spend the most money.

Think of these human resources like cheerleaders in a human pyramid: the company is only as strong as the weakest link. This group of individuals is the frontline of defense when it comes to a network’s cybersecurity, and no individual is foolproof. That’s the goal of any hacker, to find that one email address or Internet user that isn’t as solid on defense and wriggle inside with covert tactics.

Most professional organizations install some form, or multiple forms, of antivirus protection at the user-level, as just one of the methods to safeguard against cybersecurity vulnerabilities. End-user antivirus software has remained one of the most effective and reliable methods to protect against infiltration, but antivirus programs have three major faults:

• Antivirus programs are only as “good” as the programmers that designed them.
• Antivirus programs are only effective when installed and used properly by the end user.
• Criminals don’t follow the rules.

That last part is the most important of everything you need to keep in mind for your cybersecurity needs. Hackers have their own set of rules, and those rules change faster than anyone can keep up – including antivirus software developers.

How does antivirus software work? Software installed to protect at the user level, known as endpoint protection, is design to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected. If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – it recognizes as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against the suspicious behavior.

The threat landscape is evolving, and new viruses and threats are constantly emerging – faster than antivirus software programs can keep up. Increasing security challenges present ongoing opportunities to strengthen cybersecurity. Brand new viruses emerge and antivirus programs react with new updates to maintain optimal protection for the user’s computer or network. The problem is that the antivirus software industry is in a constant reactive state. Detecting in advance is more proactive, but it relies on predicting criminal behavior. The good news is some viruses behave similarly because of their design, and this helps antivirus programs detect “families” of viruses, including some newer versions.

The trouble is like we mentioned before, is that criminals don’t follow rules. Cybercriminals already know how antivirus software programs work, and the most effective means by which to ensnare a victim to gain access to a network. The number of new viruses being detected each year drastically decreases, which poses the question of whether fewer viruses are being created or antivirus software programs are less effective. It’s not a great position to be in, and a question no business owner ever wants to be forced to answer.

There are many arguments that claim virus detection software programs aren’t as effective in the last 12 months as compared to the previous time frame. Current overall detection rates for the last 12 months are averaging right near 70% of the time. Considering this number is nearly three out of every four instances where a threat is detected before it has the chance to impact a user or network, it’s not a terrible statistic, but it’s still incredibly scary. The potential damage a virus that slips through these cracks can cause is immeasurable.

• Reports have shown the average number of professional emails received per day is near 125. Of these, about 75 are legitimate, which means that roughly half of all emails received are spam. These only represent the number of messages that clear security filters.

After digesting these scary numbers, consider an even scarier number: the IT budget for an organization. This is the number by which an organization’s ultimate cybersecurity strength is measured.

• Do enough resources get allocated to training end users?
  • If your human resources – end users – are those responsible for not falling victim to a cyber-attack, help prevent them from being the weakest link that allows access to your network.
• Does enough of the budget account for emerging cybersecurity needs?

Your human resources are your greatest asset, but only if properly armed with the right tools and knowledge to protect themselves, a network, and the organization for whom they work. The right cybersecurity awareness training and education can be the thin line between an organization’s success – and failure.