Have you ever been in a position where you are supposed to work on an assignment or important document but you forgot your laptop or cannot access your desktop? That can be frustrating, but thanks to Microsoft, as long as you can access the internet on your phone or even tablet, you can easily resume working on your assignment. Microsoft 365 is an excellent business tool that provides you with lots of options when trying to access a saved document on another device.

A closer look at Microsoft Office 365

Office 365 is Microsoft’s global offering designed to provide users with access to the company’s top-of-the-line cloud-based tools for collaboration and productivity. The service is complete with web conferencing and high definition (HD) video, calendars, business-class email, online Microsoft office suite, as well as file storage and sharing.

When you stay connected to the Microsoft Cloud, you can be sure that all programs are up-to-date and available for users on a 24/7 basis. Below is a simple outline of just a few of the Microsoft 365 apps that enable us to work from any location or device.

Using Outlook App on your phone to work on the go

When you open your Outlook Application, you will see a calendar function, a file function, and a mail function. When you tap on the calendar function, you can see how similar it is to the one that is on the desktop, which means it will be easy for you to use. The files function will help you view all recently accessed documents on OneDrive and even some of the recently shared files—very convenient!

When accessing the mail function, this is where you are able to see all files, documents, and links shared with you. You can also share a file via OneDrive.

Accessing information shared via a link

Simply click on the link and it will open into SharePoint, which will allow you to view the file. If you need to edit the file, open it in the word App and as soon as you start editing, anyone who has access to the file will see your edits right away. Such an incredible feature! This is great because, after editing, you don’t have to keep sending final copies of the same document to everyone on your team. Documents are updated in real time, which is a real time saver!

Accessing the same information on different devices

It’s frustrating to lose devices such as phones, tablets, and even your laptop. If you travel a lot, you may even damage your laptop or phone. Though this can be expensive, it’s also devastating to lose important documents. Retrieving data from a damaged phone or computer usually requires an IT expert. Data retrieval used to be such an expensive ordeal and sometimes unsuccessful. The good news is that on Microsoft 365 you don’t have to worry if you find yourself in any of the above predicaments. Here is a simple outline of how you can access your information from any device.

Open any browser and type the words office.com, then log in. A page will come up with various Microsoft 365 Applications such as Word, Excel, Outlook, and services such as OneDrive. Click on the OneDrive service, which will immediately take you to all files located on OneDrive. You will then be able to access all files that have been saved to OneDrive.

These files are all live so this means that any changes made, such as editing by anyone on your team, will be there. You can view, share, or edit these files. Let’s say you wish to edit a file that you recently shared with someone. Just open that file and you will see an editing option on the top right. You can do all your editing in the browser. This works with all files including Word, Excel, PowerPoint, and other Microsoft applications. All updates will immediately show up on any shared documents.

There are so many other noteworthy features in Microsoft 365 that can help make your work easier. If you want to learn more about these helpful features, just visit this page: www.Microsoft.ca/GetItDone

Wrap Up

Losing or damaging your phone or laptop is always stressful, but you don’t have to lose any of your important documents when you work with Microsoft 365. You may be home sick for a few days, but you don’t necessarily have to get behind on your projects. It’s possible to work from anywhere using any device with Microsoft’s helpful range of products.

Remember that you can work from home and even share updates in real-time with your colleagues. As long as documents are stored to Microsoft’s OneDrive, they’ll always be right at your fingertips. That’s the epitome of convenience!

eFail flaw leaves encryption users on guard and encryption providers in ‘patch’ mode

Security researchers announced this week that a significant flaw exists among popular encryption tools that are used for encrypting correspondence and digital signatures. Any and all email encryption services that use OpenPGP standard and rely on GnuPG to encrypt their data and create digital signatures are subject to this wide-reaching security flaw.

Break Down: How the Encryption Security Hole Leaves Users Vulnerable

After a nearly month-long investigation, researchers have publically announced a series of security holes that have been dubbed ‘eFail.’ The eFail flaws were identified in PGP and S/Mime encryption tools and the glitches give cyber criminals the ability to uncover encrypted correspondence. The overall scope of this security flaw is hard to estimate, as most mainstream email providers – including Outlook, Apple Mail, and Thunderbird – have been impacted by the eFail glitches.

Even worse? The investigation revealed that eFail includes an input sanitization vulnerability, dubbed SigSpoof by software developer Marcus Brinkmann. This particular vulnerability allows hackers to forge digital signatures with stolen user ID data. Again, the impacts of these vulnerabilities are wide-reaching, affecting countless popular encryption applications including GnuPG, Enigmail, GPGTools, and python-gnupg. All of these providers have included patches for the vulnerability in their latest software updates.

According to experts, the vulnerabilities were made possible thanks to an OpenPGP protocol. Regularly, when a message arrives to the intended recipient, decryption occurs by separating the information and verifying a valid signature. This process occurs through the strategic separation of information using a file name system.

However, the investigation led by security researchers uncovered that the file name entry port allows for up to 255 characters, meaning it doesn’t get adequately sanitized in the decryption process. This makes it easier for cyber criminals to modify and alter file names and fraudulently gain access to confidential data. Once they’re able to gain access, cyber criminals can read encrypted messages in plain text and send fake messages via the application in hopes of spoofing digital signature verifications.

Patch Mode: Providers Scramble to Patch Flaw and Avoid Disaster 

This widespread loophole can have hugely devastating impacts on affected users. Besides the obvious risks of data breach and forgery, the investigation uncovered that the flaw holds the potential to maliciously infect enormous parts of a user’s core infrastructure. In addition to email encryption, GnuPG tools are used for backups and software updates; the extent of negative consequences is difficult to estimate.

The investigation wasn’t just speculation either. Researches demonstrated three pieces of evidence to establish just how easily encryption and signature data can be hacked and forged thanks to the loophole. So far, the best and only solution is for affected users to immediately implement the latest available software updates. Since patches have been created, updating to the latest software versions is the only concrete strategy for ensuring the loophole doesn’t continue to leave users vulnerable.

Check out this list of platform-specific update prompts:

• Upgrade to GnuPG 2.2.8or GnuPG 1.4.23
• Upgrade to Enigmail 2.0.7
• Upgrade to GPGTools 2018.3

Navigating the Digital Business Force: Vigilance and Proactivity are Critical

The bottom line is that operating as a business professional in an increasingly digital workforce means having to think about countless potential threats to data security – even in places one wouldn’t expect. It seems a new story is making headlines every week about some scary security flaw or devastating hack. But the reality is, with a proactive and level-headed approach, maintaining strong IT security standards for your organization doesn’t have to be a long and painful battle.

The first step, however, does involve accepting that there are simply some things out of your control. Hacks happen. Security holes happen. What matters most is that you and your team are prepared to respond and that you have a detailed plan for responding efficiently and effectively. It’s no secret that the worst time to think about cybersecurity planning is when you’re already in the midst of an attack. Proactivity is the key.

Being proactive involves more than reading about the latest hacks and telling your team to be on the lookout. It means getting emergency response plans on paper and providing detailed security awareness training for your team. It also may mean upping your network monitoring and management tools and delegating some IT responsibility to the professionals.

Does your team rely on some of the encryption tools mentioned in this article? Has your team updated all software with the latest patches? Do you often wonder about the vulnerabilities that are lurking in your company network? Are you overwhelmed trying to stay on top of seemingly endless cyber threats?

Stop thinking and take action. Maintaining a secure network doesn’t have to be expensive or overwhelming. Reaching out to a team of IT security veterans is the first step in taking control of your cybersecurity efforts. Today is the day to empower your business by reinforcing your security network instead of becoming the next victim of cybercrime.

Cyberattacks in Atlanta likely to be the most damaging in US municipal history

It was only this past March that the city of Atlanta was hit by a massive ransomware attack. However, city officials are claiming an additional $9.5 million dollars is required for the ongoing recovery effort. As the city struggles to restore normal and secure operations, many are wondering how high the total bill for the restoration will get.

When the city first took action in April, costs very quickly reached nearly $3 million. A recent Reuters report called the attack “the worst cyber assault on any US city” and noted the following implications:

• Over 30% of software programs used by the municipality were uninstalled or disabled by the attack.
• Countless municipal applications and government services were stolen, with nearly a third of affected data related to critical services like police and court departments.
• The loss of over 70 municipal computers and the loss of over a decade’s worth of legal court documents.
• An undisclosed amount of lost dash-cam footage from Atlanta PD.

Worse Than It Seemed: Additional Time and Money Required for Atlanta Restoration

However, with the recent request for an additional $9.5 million in recovery funding, it’s becoming quite clear that the scope of municipal government services implicated in the attack is far larger than these earlier reports suggested. According to city officials, the additional funding will be used to rebuild applications and restore services disabled or destroyed by the ransomware catastrophe. Not to mention, this $9.5 million request is in addition to the $35 million allotment the municipal IT department will be making in the annual budget.

Funding allotments have yet to be finalized and decided, and Atlanta’s 2019 municipal budget process was postponed in light of the massive cyberattack. Atlanta Mayor, Keisha Lance Bottoms announced her administration’s commitment to determining the root cause of the attack, as well as its overall impact on municipal operations. However, with such a large attack and a new fiscal year beginning on July 1^st, the city is still struggling to respond strategically.

Maybe the Worst, But Not the First: Municipalities Increasingly Hit by Cybercrime

Atlanta isn’t the only municipality to be struck by cybercrime in recent memory. Though the scope of the Atlanta attack may be record-breaking, attacks on US cities aren’t a singular phenomenon. Just in the last two years, government departments in Rhode Island and North Carolina have made headlines. Not to mention countless attacks on emergency service departments in cities across the country.

So, the question becomes: if municipal and governmental departments are struggling, how can business professionals ensure their own data isn’t sitting prey for cybercriminals? Staying proactively informed is a great first step. Communicating with your team and developing cybersecurity best practices is even better. But even with these best intentions leading the way, cities, governments, and businesses are still at risk for data loss.

Full Throttle Response: Why Consulting an IT Security Expert Makes All the Difference

More and more, IT partners and managed security service providers (MSSPs) are playing a vital role in helping businesses – and governments – stay secure and protected. In fact, two award-winning MSSPs – Secureworks and EY – have been at the forefront of Atlanta’s recovery effort.

However, in an age of cost reduction, professionals are often wary about hiring external partners to do jobs they think they can manage themselves. This is understandable, and to some extent, business professionals do have resources available to help mitigate cyber risk on their own. The problem is, cybercrime is incredibly unpredictable. Standalone automated solutions simply don’t measure up to the reliability and expertise offered by IT security trade professionals.

Partnering with a managed IT security provider offers countless benefits, including:

• Strategic planning – Partnering with an experienced MSSP is one of the best ways to implement strategic planning. An experienced and reliable partner will perform network evaluations, identify and fix vulnerabilities, and help develop detailed and customized plans for responding to threats and attacks.

• Informed expertise – One of the most useful benefits of partnering with IT security professionals is the wealth of knowledge and experience they bring with them. Managed security experts know how to identify and properly handle all kinds of attacks including ransomware and other malware infections. Simply put, it helps to have someone on your team who truly knows the nuts and bolts.
• Best practice development – If you’re looking to get concrete procedures and best practices on paper, an IT security partner can help spearhead the process. Using their experience and expertise, IT partners can help you create strategies and best practices to continually mitigate risk at all endpoints.
• Proactive monitoring, management, and updates – Another key benefit of partnering with an IT security team is the reliability and consistency they bring. Having an IT security partner in your corner ensures there is a constant eye on your systems. Your IT partner ensures things are continually monitored and managed. Including everything from software and hardware updates to access controls and user permissions.
• Employee education and empowerment – Perhaps most importantly, the right IT security partner is the best way to get your team more informed, prepared and vigilant. A managed security provider can help educate your team about different attacks and strategies for effective response. This way, even the weakest links in your security chain are taken care of.

Making Moves: Take Action Before Cybercrime Hits Your Company

Overall, partnering with an expert increases the chances of keeping business networks and servers unpenetrated. Partners provide a wealth of information and resources that help business professionals stay focused and productive while remaining vigilant in the face of cybercrime. This helps team members better identify threats as they occur and respond accordingly to keep them from escalating out of control.

Looking to tighten your cybersecurity effort but not sure where to get started? Desperate to avoid the potentially massive costs of ransomware restoration? Reach out to a team of IT professionals today. A team of experts will do whatever it takes to ensure your data is as secure as possible. Even better they’ll make you feel empowered to be your own cyber security hero.

Exploring best practices for the management of AUSkey data and access

It was just last year that the Australian Taxation Office (ATO), reported that the online ATO portals of countless Australian businesses had been targeted by malicious cybercriminals. The ATO quickly notified all businesses to review AUSkey access control after identity thieves gained unauthorised access in hopes of forging or changing business banking information.

For a little bit of business-tax background, an AUSkey allows businesses to securely access a central hub of government and tax services. In addition to ATO access, AUSkey data allows businesses to access Australian Securities and Investments Commission (ASIC) and Australian Business Register (ABR) portals.

ATO Warning: Maintain High Standards for AUSkey Access Control

It was on Monday 30 January 2017 that the ATO issued a warning to AUSkey holders that fraudulent activity has been detected. The ATO issued a formal statement and gave key recommendations for internal risk management and mitigation. The ATO also emphasised the immense risk to businesses impacted by fraudulent AUSkey activity.

“Once an AUSkey has been allocated,” the ATO statement reads, “access is gained to the Business Portal so that fraudulent Business Activity Statements can be lodged and bank details updated to accounts that are not controlled by the entity.”

The ATO offered one leading strategy for internal mitigation: AUSkey protocols must be stringent and well understood among the staff with access. The ATO went on to advise that businesses regularly document the team members who have access and ensure old employees no longer have functional login credentials. The overall extent of the 2017 ATO hack is impossible to know. However, the incident continues to serve as a reminder for businesses to better mitigate risk in today’s cybercrime climate.

A History of Attacks: ATO Frequent Target for Cybercrime Hits

In fact, this wasn’t the first time ATO portals had been subject to fraudulent AUSkey activity. The ATO reported similar attacks in both 2013 and 2015. Andrew Gardiner, a representative from the National Tax and Accountants Association told SmartCompany that the 2017 attack solidifies the true risk involved in an increasingly digital tax environment. Simply put, the financial risks to businesses are high, and professionals must be vigilant.

“Now that we deal with the ATO online on such a regular basis, people do become complacent,” Gardiner said. “People just need to be diligent – and businesses that are diligent treat their AUSkey like their credit card.”

Best Intentions Aren’t Enough: Creating A Well-Rounded Cybersecurity Approach

However, creating rigid internal standards and procedures isn’t the be-all-end-all solution to AUSkey cyber risks. Cyber-attacks happen and very often under conditions outside the control of impacted professionals. So, it’s critical to fully understand the scope of threats facing professionals in an increasingly digital finance environment. After all, these risks have the potential to impact every company’s most critical asset – their clients.

This means doing more than managing internal access and keeping track of AUSkey holders. Businesses must remain one step ahead of the increasingly sophisticated network of cybercriminals in the digital marketplace. The good news is, implementing thorough cybersecurity strategies and best practices aren’t as hard as it seems.

So, in addition to treating AUSkey data the same way as credit card data, here’s a list of strategies for keeping your team prepared and vigilant in the face of cybercrime:

• Stay in the loop – Knowing what threats you are up against really is half the battle. Staying in touch with news of the latest and most dangerous cyber-attacks allows you to remain proactive and stay informed. Knowledge is power.
• Communicate with your team – Make sure you’re talking to your team – especially those with AUSkey access – about the potential risks and cyber threats that exist. Create an environment where your staff feels comfortable to ask questions or report suspicious activity of any kind.
• Make a plan – No matter what, be sure to put down your cyber security efforts on paper in some way. Maybe you’ll schedule regular meetings to check-in on cybersecurity missions and update staff. Perhaps you’ll create a list of cybersecurity standards that all staff members must be aware of. No matter which approach you take, planning ahead is critical.
• Partner with an expert – If you’re struggling to get a concrete plan in place, reach out to experts. The initial step of asking for help can be tricky, but once you partner with a tech expert, cyber security challenges become much less daunting.

Many Australian IT service providers have extensive experience in providing cybersecurity services across Australia. They work alongside clients from Melbourne to Brisbane to ensure their networks stay secure and well-monitored.

Instead of just wondering if your business’ ATO protocol is powerful enough to stop cybercrooks, find out. Work with a professional managed IT provider and you can expect regular system check-ups. They will identify your company’s weakness and recommend security solutions designed to provide optimal protection for your network, servers, computers, and mobile devices.

Most companies today are not doing everything possible to stop cyber-intruders but if you’re ready to step up your game, then work with the best Outsourced IT services provider in your area.

Remember! Australian businesses are at risk! Don’t wait for disaster to strike. Most IT professionals offer free assessments of your current network in terms of the types and severity of cyber-attacks that might occur. Once you partner with an excellent IT services provider, they will work hard to make sure your systems are fully protected. They will also perform regular backups to all data so that if something does happen, you can quickly reinstall your programs and files and keep working.

Hackers Discover New Way to Bypass Microsoft’s Office 365 Security Protocols

Hackers have discovered an innovative method of getting those malicious URLs in their emails past Office 365’s security protocols. This was first revealed by Avanan, a company that deals in internet security. Avanan says that cybercriminals are now using a <base> tag in the HTML header employed with a URL to by-pass security and infect a computer with malware.

Officials at Avanan explained further. “At one time, email clients did not support the <base> tag, so every link needed to be an absolute URL. Support for relative URLs in email is a recent development and the behavior is client dependent. Older email clients will ignore the <base> tag, but web-based email clients, recent desktop clients and most mobile apps will now handle the <base> tag and recombine the URL into a clickable link.”

How Microsoft Safe Links work

Office 365’s Advanced Threat Protection provides a feature called “Safe Links” that compares a link found in an email against those on a blacklist. This feature was designed to catch and stop a malicious link. It was working well for all MS products until hackers discovered this workaround.

The new technique has been dubbed “baseStriker” and it’s aimed at those using Microsoft Outlook. Malicious messages can now bypass the filters included in Microsoft products using the <base> tag.

The new baseStriker program splits the malicious URL so that Microsoft’s product, Safe Links, cannot detect that it points to a malicious URL. Safe Links checks the base domain, ignoring the rest, thereby allowing the user to move on to the phishing site. A few security solutions do protect users against these new cyber-threats, including Mimecast and Proofpoint.

As part of Microsoft’s Office 365 Advanced Threat Protection (ATP), Safe Links was designed to provide a strong layer of protection against malicious links embedded in documents and emails. Microsoft diligently updates the software so that it consistently protects against the latest cyber threats. The software works by determining if a link is malicious, then replacing the bad link and alerting the user. Up to now, ATP has been considered state-of-the-art protection against phishing scams.

Microsoft investigation underway

Officials at Microsoft were contacted by Security Week and they issued a brief statement that said, “We encourage customers to practice safe computing habits by avoiding opening links in emails from senders they don’t recognize.” They also said they were investigating the claims about the new hack.

In the meantime, all security experts discourage users from clicking links found in emails—even if they seem to be from a reliable source. Best Practice for internet security is to always navigate to a web page the old-fashioned way. Open a new browser page and type in the web address. Get in the habit of glancing up to the browser line and making sure it says what it should. Periodic security awareness training is also recommended. This is a good way to remind users about the many phishing scams and malware that constantly threaten users.

Other email clients may be vulnerable

The baseStriker hack may be used in other email programs as well. This has caused all email service providers to begin checking to make sure their security protocols are still intact and working as expected. This is a timely reminder to everyone that crooks are constantly searching for any vulnerability they can take advantage of. New types of malware, worms, viruses, and ransomware are developed each year. Experts believe that Gmail, along with a few other email clients already have built-in protection for splitting the URL and will not be at risk.

Better security training for employees

Though all software developers are now working toward shutting down cybercriminals, every type of cyber defense utilizing technology has its weaknesses. The best methods of cybersecurity usually involve training employees about what to look for and remind them often that hackers never take a break from their work.

Second Chance

A new product called Second Chance offers users a way to “roll back” a decision to click a suspicious link. If the user thinks they may have clicked a bad link in a phishing email, now they can stop the process from moving forward. The software checks out any potentially unsafe link the moment you click on it. Then it informs you that you may be navigating to an unsafe website. You can then abort your actions and return to safety. While products like this do help, there are a flood of new worms, ransomware, malware, and phishing scams developed each year by cybercriminals.

Why hackers always seem to be ahead of the game

Many hackers are now backed by governments the size of China or North Korea, so they have unlimited resources to work with. A Newsweek article[1] reports that Chinese hackers have stolen billions of dollars’ worth of secrets and data from businesses and individuals all over the world. Russia and North Korea are in second and third place when it comes to cyber-theft.

The Newsweek article states that Chinese cyber-aggression toward the United States has evolved rapidly over the last few years. Chinese hackers represent a growing threat to world economies due to their disruptive nature. Today’s battlefield is no longer on actual ground using weapons and artillery. The war is being fought online—on the internet where everyone’s data is sometimes exposed to vast criminal enterprises.

[1] http://www.newsweek.com/chinese-hackers-cyberwar-us-cybersecurity-threat-678378

Many people usually turn to Microsoft’s online productivity suite, Office 365 because of the apparent breadth and depth of its features, which allow them to accomplish what they are unable to do with other similar products on the market.

With this understanding, Microsoft is rolling out updates to its Office 365 and the Office.com environment to simplify tasks and take the user experience to a higher level. Once this rollout is complete, users will be able to enjoy a much better experience across Word, Excel, PowerPoint, OneNote, as well as Outlook.

While these user experience updates are set to roll out slowly over the next couple of months, many of them are already available for Office.com users to experiment with. Microsoft has deployed new designs to a select customer group. These will be released in phases and carefully tested, so the tech giant can learn as they go.

A user centric approach

According to Microsoft, every change they are making on the user experience is focused on three key things: incorporating customer input, considering the context under which the feature will be best and most easily applied, and giving people control over their experience.

It is actually because of this user-centered approach that Microsoft is rolling out these updates gradually to allow room for incorporating the new feedback they obtain from customers during the process.

Shadow and depth on Office

As you scroll over the items on Office.com, you will notice that they pull forward with shadow and depth. This is because Microsoft is bringing its Fluent Design system to the web and to Office 365.

More importantly, Microsoft has rebuilt Office on a modern platform to be much faster and far more efficient than ever. So you’ll notice that every item you tap, such as a Word document, opens much faster than ever.

Simplified ribbon

Once you open your document, you’ll notice an updated, simplified, and better version of the ribbon. The new ribbon design will help users focus on their work and collaborate with others in a more natural and informal way.

For those who prefer to dedicate more screen space to showing commands, there is the option to expand the ribbon into the classic three-line view. This option will continue to be available to users so that everyone can choose the experience they prefer.

The simplified ribbon is first rolling out on the web version of Word. It will then become available to select consumers on Office.com and to Select Insiders in Outlook for Windows later on in July.

The simplified ribbon will not be available on Word, Excel, and PowerPoint for Windows yet. Microsoft intends to gather enough feedback from a broader set of users before implementing any changes that could disrupt people’s work. Upon rolling out the ribbon on these products however, users will still be able to revert back to the classic version of the ribbon with just a single click.

New animations

As part of the Fluent Design system, the ribbon has been improved with new animations. The user experience is improved with better speed and velocity to improve the overall look and feel. All these have been designed to be inclusive and accessible so that the user experience is streamlined.

New icons and color in the right places

Along with the new animations, users will enjoy a fresh array of new colors and icons. These will help people find the commands they’re looking for more easily. These new features were developed as scalable graphics. They render with precision on any screen size or type.

Users will be able to see the new icons and colors first in the web version of Word for Office.com. Select Insiders will see these new features in Word, Excel, and PowerPoint for Windows in late June. The new icons and colors will then roll out to Outlook for Windows in July, and ultimately to Outlook for Mac in August.

Personalized intelligent Search

Microsoft is also rolling out a new personalized, intelligent Search feature across its products. This will provide access to commands, content, and people in a more enhanced manner. This feature makes suggestions on actions you can take, the content you may be looking for, and people that you may want to connect with – all based on your past work patterns. For those who love Office 365 and even for those who may not yet be fans, these new updates promise a world-full of new possibilities.

All you have to do is place your cursor in the search box and all these recommendations powered by machine learning and the Microsoft Graph will show up.

This experience is already available to commercial users in SharePoint Online, Office.com, and the Outlook mobile app. Commercial users of Outlook on the web will also start seeing this experience in action in August.

Wrap up

These updates are a sign of Microsoft’s commitment to making its products more useful to its customers. Against this backdrop, we can expect nothing but the best user experience from these products as the tech giant continues to roll out innovative modifications.

One of the biggest problems facing American businesses today is Ransomware. In fact, it is becoming a global threat. In 2017, a ransomware attack was launched every 40 seconds and that number has grown exponentially in 2018. What are the main reasons for this type of escalation? Why can’t law enforcement or IT experts stop the growing number of cyber-attacks?

Ransomware Trends

One of the reasons involves the latest trends. The art of ransomware is evolving. Hackers are finding new ways to initiate and pull off the cyber-attack successfully. Thieves rarely get caught. So, you have a crime that pays off big financially speaking and no punishment for the crime. The methods of attack expand almost daily. Attack vectors increase with each new breach. If cyber thieves can just get one employee to click on a malicious link, they can take over and control all the files and data for an entire company.

If you go to work in the morning and find that hackers have locked up all your data and are demanding a $2,000 payment in bitcoin, do you pay it or not? Most business owners pay the ransom. It’s easier and cheaper and it gets everyone back to work much faster. One of the major keys to this cyber-attacks success is the fact that criminals keep the ransom amounts fairly low. If you can simply pay $2,000, get all your files back and move on, then why not do so?

Contributing Factors

One of the most crucial contributing factors to this crime is the cryptocurrency revolution. If criminals had to rely on bank accounts and credit cards for payment, their crimes would soon be solved and they would be caught and placed in jail. But cryptocurrency is perfect for Internet-based crimes. It’s untraceable and that makes ransomware a practically unsolvable crime.

The five major cryptocurrencies worldwide in order of their popularity are:

1. Bitcoin
2. Monero
3. Zcash
4. Ether
5. Litecoin

A recent article in The Motley Fool[1] reports that there are currently 1,658 cryptocurrencies available worldwide. That number grows each day. People love the anonymous nature of cryptocurrency. There are a growing number of questionable businesses on the Dark Web and most only accept cryptocurrency as payment. That’s because much of the sale of goods and services on the Dark Web is illegal. The only safe way to pay for illegal materials is to use a completely untraceable form of payment. The answer is cryptocurrency.

But there are other contributing factors as well:

• Social engineering
• Both known and unknown software vulnerabilities
• Poorly configured servers and workstations

Most of these vulnerabilities do have a workable solution. It’s just a matter of finding out where you are most at risk and taking steps to close up those weaknesses. A good IT managed services outfit can assess your current IT infrastructure and make recommendations for improving it. Consider it an investment in your company’s future.

It would be nice to speculate that the whole world will suddenly wake up and decide to be honest and upright in all their dealings; but that is not a realistic viewpoint. Instead, we must move forward with the resolve to create and support global internet police agencies who have the power to track down and arrest cyber-criminals. When there’s no punishment for a crime, it’s a proven fact that it will increase and even flourish.

What Can You Do As a Business Owner?

Knowing that all these things are true and things are not going to just suddenly get better, you have to ask yourself how you can protect your company from cyber thieves. The number one way that all security experts agree on is better employee training. Thieves most often trick an employee into clicking on a bad link. The human factor is the weakest link in the cyber-security chain.

But the good news is that training your employees doesn’t have to be expensive or time consuming. Ask a local security expert to come out once a month and address all your employees. The experts can educate everyone about the latest cyber threats. They can share helpful information about what phishing scams are and how to spot a suspicious email. If you don’t have the budget for it, you could even ask the security expert to do his talks on YouTube and then send links to everyone in your organization. Make watching these security briefs mandatory for all employees.

There are plenty of good resources online now about cyber theft and best practices for cyber security. If you can afford to have a local IT guru come out quarterly and speak to employees about Internet security, this will reinforce what employees have already learned.

Head in the Sand?

The problem with many organizations today is that their leaders are living in a bubble. They think ransomware attacks only happen to other people. They don’t really think they will ever be a victim of a cyber-crime. This isn’t true. Statistically speaking, your company will eventually get caught in the web that cyber thieves weave. The question is not “whether” your company will be a target, but “when” this will occur. The best course of action is simply to prepare for it.

• Educate your employees.
• Hire the best IT experts you can afford to test your network.
• Spend the money on whatever new improvements are needed to fortify your IT infrastructure.
• Make sure all software and hardware is patched and up-to-date.

Sadly, the Crypto Crime Wave is backed by huge communist governments. These countries are earning billions of dollars each year by stealing data from businesses, hospitals, charitable organizations, individuals or whoever falls prey to their scams. They sell the information online and there are always plenty of buyers for this type of data.

However, knowledge is power. Now that you know a few things about ransomware attacks and what you can do to stop them, take action! Don’t wait around until you get that awful message on your computer screen that says:

“You’ve been Hacked! Your files are frozen. Here’s what you need to do to get your computer access restored!”

Don’t wait for that day to come. Take action now to protect your company from the threat of ransomware, malware, and all the other forms of internet piracy. When business owners become more proactive about their internet security, the threat of these attacks should start to diminish. Today, American businesses are making it all too easy for cyber criminals to succeed. But as company owners become more savvy, these criminals will find it harder to earn a living stealing.

[1] https://www.fool.com/investing/2018/03/16/how-many-cryptocurrencies-are-there.aspx