Published on: March 30, 2020 in
With over three billion internet users around the globe totaling roughly 40% of the population, the internet is rife with opportunities for hackers to steal users’ information. And with technology constantly evolving and the internet growing, it’s not likely to get safer anytime soon. It therefore pays to take extra precautions when surfing the web. We’ve compiled these three easy tips that can amp up your online security.
Tip #1: Use HTTPS
Short for Hypertext Transfer Protocol Secure, HTTPS indicates that a website has an extra layer of security for its users. This layer encrypts data exchanged between a user’s browser and the web server that delivers the data that the user requests. To use a simpler comparison, imagine someone tapping your landline, but instead of getting to listen in on your conversations, they’ll hear people speaking in tongues instead.
In August 2014, Google Chrome, the world’s most popular browser, announced that having HTTPS makes your website rank higher in its search algorithm. And since October 2017, the browser began flagging non-HTTPS websites as not secure whenever users try to fill out something as simple as a contact form on it. In July 2018, Chrome started showing a “not secure” warning on any website that does not implement HTTPS, whether or not users are filling out a form there.
Because of Google’s measures, the security protocol has been widely adopted. Even if your website does not contain or ask for sensitive information, implementing HTTPS on it engenders trust and a sense of security among internet users, while staying left behind security-wise will make web visitors abandon or avoid you sooner or later.
Tip #2: Embrace multifactor authentication (MFA)
Since account credentials can be easily stolen via phishing attacks, username and password combos are no longer enough to keep bad actors at bay. To ensure that the one accessing an account is truly that account’s owner, additional identity authentication steps must be implemented.
These steps can involve the use of the account holder’s device — the one logging in must first verify their phone number, receive a one-time password on their smartphone, then enter that code in the access portal before the validity of the code lapses. Alternatively, MFA may ask for a face, retina, voice, or fingerprint scan for authentication. MFA can be a bit of a hassle for your internal and external users, but a little inconvenience is a small price to pay for immensely effective cybersecurity.
Tip #3: Update browsers and devices
Did you know that dated versions of browsers, operating systems (OSs), and even other software packages can create an easy entry point for hackers? Often, new updates are created specifically to fix security holes. And hackers are ever aware that people can be lazy, saving that update for another day that never seems to come. They’ll often try to take advantage of this, searching for outdated devices to infiltrate while their victims watch YouTube on last year’s version of Firefox.
Yes, installing an update might take 15 minutes of your time. But it can pay dividends in preventing a security breach that could cost you or your business thousands.
Looking for more tips to boost your internet security? Get in touch to find out how we can help.
Published on: March 16, 2020 in
Amidst the current climate of malware, hacks, and phishing scams, companies must take precautions when accessing the internet. Without safeguards, browsers that you or your employees use are vulnerable to cyberattacks that may cripple productivity and profit. Here are steps that your company should take to browse the net safely.
Prevent browser tracking
If you don’t like the idea of a third party (reputable or otherwise) being able to track your browsing habits, enable private browsing using built-in tools in your internet browser such as Chrome’s incognito mode. This offers protection against tracking by blocking third-party cookies as well as malware. Some browser extensions also boast secure Wi-Fi and bandwidth optimization and can guard against tracking and data collection from social networking sites such as Twitter and Facebook.
While online ads may seem harmless, the truth is they can contain scripts and widgets that send your data to a third party. A decent ad blocking program will stop banner, rollover, and pop-up ads, and prevent you from inadvertently visiting a site that may contain malware.
Many blockers contain additional features such as the ability to disable cookies and scripts used by third parties on sites, the option to block specific items, and options to “clean up” Facebook, and hide YouTube comments.
Consider setting up a virtual private network (VPN)
Unfortunately, browser tracking and adware are not the only internet nasties that you need to be concerned about. Hackers can intercept sensitive data between two parties, allowing them to steal and corrupt valuable information such as bank details, login credentials, and other personal information. Installing a VPN can help solve this problem. VPNs encrypt your internet traffic, effectively shutting out anyone who may be trying to see what you’re doing.
Install antivirus and anti-malware software
Finally, it goes without saying that having antivirus and anti-malware software installed on your PC, tablet, and smartphone is crucial if you want to ensure your online safety. These software programs are your first defense against malicious parties intent on stealing your data.
Is browsing at your workplace secure? Would you like a more comprehensive security system for your business? We can tell you all about it and help protect your business from online threats. Get in touch with us today.
Published on: February 17, 2020 in
Some hackers have become so skilled that they don’t even need you to give up your credentials to hack into your account. One recent cyberthreat is targeted towards users of Microsoft Office 365. You don’t want to be the next victim, so read up.
A phishing scam that harvests users’ credentials
The latest cyberattack on Microsoft Office 365 involves harvesting users’ credentials. Scammers use this previously unseen tactic by launching a phishing message to users, asking them to click on an embedded link. What makes this scam more insidious than traditional phishing scams is that the URL within the message links to a real Microsoft login page.
How does it work?
The phishing message resembles a legitimate SharePoint and OneDrive file-share that prompts users to click on it. Once they do, they are taken to an Office 365 login page where they will be asked to log in if they haven’t already.
After they’ve logged in, they’ll be prompted to grant permission to an app called “0365 Access.” Users who grant permission effectively give the app — and the hackers behind it — complete access to their Office 365 files, contacts, and inbox.
This technique can easily trick lots of users since the app that requests access is integrated with the Office 365 Add-ins feature. That means that Microsoft essentially generates the request for permission. No, Microsoft is not aiding hackers to breach systems. Rather, the scam is made possible by a feature that allows users to install apps that are not from the official Office Store.
Ways to protect your Office 365 account — and your business
Given their fairly advanced approach, these scammers could effortlessly prey on careless employees. There are ways to make sure that doesn’t happen.
- Always check the email’s sender account before clicking on any link or granting apps access.
- Implement a policy that prevents staff from downloading and installing apps that are not from the Office Store.
- Regularly conduct security awareness training that covers essential cybersecurity topics. Educate employees on how to spot phishing scam red flags (e.g., unknown senders, grammatical and typographical errors, suspicious requests, and the like). Increase their knowledge about more sophisticated attacks and keep everyone informed about current and future cybersecurity risks.
Successful attacks could result in an unimaginable catastrophe to your company. For tips on how to spot this and other nefarious scams and how to plan thorough security practices, contact our experts today.
Published on: November 25, 2019 in
Data is vital to your business. It’s how you keep records, track activities, and function as a business in general. However, with all of the data that your business generates on a regular basis, it can be difficult to keep everything backed up at all times. Fortunately, there is a way to better prioritize your data backups.
Too much data may sound like a good thing, but depending on your organization, backing up everything à la minute may be out of your price range or just flat out impossible with the amount of information that you create. The problem then becomes: How do I structure my backup plan to prioritize the critical files? We believe the answer is analytics.
In order to avoid backing up unneeded data, you’ll require a “smarter” backup solution. This is where an experienced MSP (managed services provider) really earns its keep. We’ve spent years becoming experts in backup solutions and designing systems that keep your mission-critical data healthy, and we can offer something few others can’t: a backup solution that learns.
The first step in ensuring all of your customer information is safely duplicated and quarantined is to install sophisticated analytics engines that help determine what is most essential to your business’s day-to-day operations. These ever-evolving engines will prioritize data in order of importance and translate that to a backup structure that ensures the right data is safe and sound should disaster strike.
Using analytics maintains your existing data-backup solution, but provides it with a map of what to save first, and what to leave for later. What does that mean? Drastically reduced recovery times in the event of untimely outages or disruptions. And, the use of analytics also helps increase efficiency and decrease overall backup costs by providing a better picture of what is unimportant or unnecessary.
Small- and medium-sized businesses have been the drivers of innovation for decades because, as they say, “necessity is the mother of invention.” And we’re here to deliver some good news: Whether you’re interested in implementing a cutting-edge analytics engine or simply want to start with a more straightforward solution, we’re ready to create a new system that prioritizes backups, just for you.
Published on: October 14, 2019 in
The volume of malicious cyber attacks is increasing every year. Although many companies use the latest network security systems, they aren’t immune to the hackers’ favorite strategy — social engineering. Unlike malware, social engineering tricks people into volunteering sensitive data. Here’s what you should know to protect your business.
This is the most frequently used social engineering attack, especially against small businesses. Check out these frightening statistics:
How is phishing carried out? Criminals make use of emails, phone calls, or text messages to steal money. Victims are directed to phony websites or hotlines and are tricked into giving away sensitive information like names, addresses, login information, social security, and credit card numbers.
To protect yourself, be wary of emails from people you don’t know that offer you a prize, come with attachments you didn’t request, direct you to suspicious sites, or urge you to act quickly. Phishing emails usually appear to come from reliable sources, but they are wolves in sheep’s clothing.
One of the most infamous and widespread examples of phishing was during the 2016 Summer Olympics in Rio, where victims received fraudulent emails for fake ticketing services that stole their personal and financial information.
What’s the fastest and easiest way for criminals to enter a secure office? Through the front door, of course! Tailgating happens when an employee holds the door open for strangers and unauthorized visitors, allowing them to infiltrate an organization. This simple act of kindness enables fraudsters to enter restricted areas, access computers when no one is looking, or leave behind devices for snooping.
Quid pro quo
Here, scam artists offer a free service or a prize in exchange for information. They may lure their victims with a gift, concert tickets, a T-shirt, or early access to a popular game in exchange for login credentials, account details, passwords, and other important information. Or hackers may volunteer to fix their victims’ IT problems to get what they want. In most cases, the gift is a cheap trinket or the tickets are fake, but damages from stolen information are all too real.
Fraudsters pretend to be someone else to steal information. They may pose as a telemarketer, tech support representative, co-worker, or police officer to fish out credit card information, bank account details, usernames, and passwords. The con artist may even convince the unsuspecting victim to apply for a loan over the phone to get more details from the victim. By gaining the person’s trust, the scammer can fool anyone into divulging company secrets.
In spite of the many security measures available today, fraudsters and their social engineering schemes continue to haunt and harm many businesses. Thus, it’s best to prepare for the worst. To protect sensitive information, educate yourself and be careful. Remember: If anything is too good to be true, it probably is!
To shield your business from social engineering attacks, don’t take chances! Get in touch with us today.
Published on: September 16, 2019 in
Cybersecurity is everyone’s responsibility. But you don’t need to be an IT expert to know how to protect yourself from a cyberattack. To help you get started, here are helpful terms you need to know so you’re not left in the dark, whether you’re teaching yourself how to update your anti-malware, updating your systems, or consulting your tech support.
For a long time, the phrase “computer virus” was misappropriated as a term to define every type of attack that intended to harm or hurt your computers and networks. A virus is actually a specific type of attack, or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as malware.
Don’t let all the other words ending in “ware” confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is “ransomware,” which is malware that encrypts valuable data until a ransom is paid for its return.
Intrusion protection system(IPS)
There are several ways to safeguard your network from malware, but IPSs are quickly becoming one of the non-negotiables. IPSs sit inside of your company’s firewall and look for suspicious and malicious activity that can be halted before it can exploit or take advantage of a known vulnerability.
Not all types of malware rely solely on fancy computer programming. Experts agree that the majority of attacks require some form of what is called “social engineering” to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account.
Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy and often well-known business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value — always verify the source of any service requesting your sensitive data.
Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well-known malware variants.
Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyberattackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.
When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest malware.
When antivirus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.
We aren’t just creating a glossary of cybersecurity terms; every day, we’re writing a new chapter to the history of this ever-evolving industry. And no matter what you might think, we are available to impart that knowledge on anyone who comes knocking. Get in touch with us today and find out just how we can help you with your IT woes.
Published on: September 2, 2019 in
You’ve received a message from one of your Facebook friends. You click on the link not knowing what you’ve gotten yourself into. This describes one of the latest social media adware schemes, which has wreaked havoc on Facebook users worldwide.
What is it?
Little is known about the adware itself or those behind it, but it was uncovered by David Jacoby, senior security researcher at Kaspersky Lab, when he received a Facebook message from one of his friends, only to find out that wasn’t the case.
Basically, the adware uses Facebook Messenger to track your browser activity and pushes you to click on malicious ads or give out personal information.
How does it work?
By clickjacking and hijacking credentials of Facebook users, the adware is able to send messages to people in the victim’s contact list. If you’re one of those people, you’ll receive a phony message from your friend’s compromised Facebook account.
The message includes your friend’s name followed by the word “Video,” a shocked face emoji, and a shortened URL. Once clicked, the URL will redirect you to a Google Doc with a blurred photo taken from your friend’s Facebook page, disguised as a video. If you click on the “video”, you’ll be redirected to one of a number of targeted websites based on your browser, operating system, and location.
For instance, if you use Google Chrome, you’ll be sent to a website that looks exactly like YouTube, complete with the official logo. The hoax website will show you a fake error message to trick you into downloading a malicious Chrome extension.
If you’re on Firefox, you’ll be sent to a site with a false Flash Player update notice and a Windows adware executable; the same goes with OS X except the adware is hidden in a .dmg file.
The goal here is to move your browser through a set of websites so tracking cookies can monitor your activity and display malicious ads or you can be “social engineered” to give up confidential information.
How do you avoid falling victim?
Facebook has rolled out a number of automated systems to stop harmful links and files. What’s more, they will provide you with a free antivirus scan if they suspect that your account has been compromised by adware.
Still, you should be very skeptical about any shortened URL links sent to you by your Facebook friends, no matter how long you’ve been friends.
Due to their low key nature as potential security endpoints, cyber criminals are turning to social media platforms as their new medium of choice. To keep your business safe, you need to stay up-to-date and educate your employees. If you have any other questions about social media and how it can impact your business, just give us a call.
Published on: February 20, 2017 in
When disaster strikes, organizations need to put their business continuity plans into action and recover their IT systems as quickly as possible. Failing to do so can mean serious financial and reputational repercussions. Despite this, investments in disaster recovery are set aside each year for high-tech IT investments, and every year companies and employees continue to suffer for it. Here are some reasons why disaster recovery is well worth your time, effort, and resources in 2017.
DR isn’t a huge investment
A common misconception about disaster recovery is that it’s a large, bank-breaking investment. Expensive data centers, networks, and server maintenance usually come into mind when a business owner is confronted with the idea of business continuity. And while that may have been true in the past, establishing a strong disaster recovery plan today is as simple as having a secure, compliant cloud-based disaster recovery provider like TECHLINQ. Agreement pricing models are actually comparatively low, meaning you can have minimal downtime while still having enough to invest in new technology.
Onsite backups alone just won’t cut it
Although you might feel secure with a manual backup server down the hall, it is still susceptible to local disasters and, ultimately, does very little in minimizing company downtime. When disaster recovery solutions are hosted both locally and in the cloud, restoring critical data and applications is a much less time-consuming process.
Business disasters can be man-made, too
Even if your workplace is nowhere near frequent disaster zones, cyber attacks and negligent employees can leave the same impact on your business as any natural disaster can. Setting a weak password, clicking on a suspicious link, or connecting to unsecured channels is enough to shut down a 5-, 10-, or even 50-year-old business in mere minutes.
Sure, installing adequate network security is a critical strategy against malicious actors, but last year’s barrage of data breaches suggests that having a Plan B is a must. A suitable disaster recovery plan ensures that your data’s integrity is intact and your business can keep going, no matter the malware, worm, or denial-of-service attack.
Downtime will cost you
A business without a DR plan might come out unscathed after a brief power outage, but why risk the potential damages? Either way, extended downtime will cost your business. First, there’s the general loss of productivity. Every time your employees lose the ability to access network resources, money goes down the drain. Then there’s the cost of corrupted company data, damaged hardware, and the inevitable customer backlash. Add all those variables together, and you end up with a business-crippling cost.
So, if you want 2017 to be the best year for your business, make the smart choice and proactively take part in creating your company’s business continuity plan. Your business will be in a better position financially with it than without it.
Keep your business safe, recover from any disaster, and contact us today to set up a TECHLINQ Backup agreement.
Published on: February 6, 2017 in
The crystal ball certainly won’t be making an appearance anytime soon, so it’s time to start preparing for the far more realistic technology trends of the coming year. Investing in the right technology could be the thing that sets you apart from your competitors in the coming year, and all it takes is a little research and education. Until someone invents a crystal ball, you’re stuck with our professional projections on the state of web services in 2017.
#1 On-premises servers will survive another year
Cloud adoption will most likely continue its stellar rise, but that doesn’t mean it will be hard to find affordable service for your in-house server or data center. Based on a recent survey of companies that utilize cloud services, nearly half will continue operating some sort of on-site data management in response to perceptions of security or compliance concerns. We may not believe those worries are well-founded, but that does mean hybrid clouds will continue to be a popular option.
#2 Voice commands will get better
Although better voice command technology may not mean much for running a business, big vendors like Amazon releasing development kits and application program interfaces does mean you have the opportunity to make your products and services more accessible via popular consumer technology such as Alexa.
#3 The Internet of Things (IoT) hasn’t peaked yet
Marketing experts are just as certain that consumers are feeling oversaturated with references to machine learning as they are that IoT hasn’t yet reached its full buzzword potential. If prices of connected devices come down, and their functionality improves, you can bet “IoT” will be one of the most profitable keywords of the year. If this technology doesn’t integrate with your products or services, there’s significant potential for its rise to stardom to make in-house business automation a whole lot better.
#4 Containers won’t just be a fad
As a subset of virtualized computing, containers unshackle applications from the constraints of single operating system compatibility. And with several vendors jumping into the market in late 2016 (such as Amazon Web Services), it’s a trend that we’re fairly confident will grow next year.
The market for web services may seem too fickle to gamble on, but as a small business owner, you don’t have much of a choice. Technology is essential to reaching new customers, operating efficiently, and remaining competitive with your business rivals. If you’re ready to start the new year with a new outlook on these technologies, call us today.
Published on: October 24, 2016 in
There are a lot of web-based email platforms in the marketplace. Many come and go, but there’s a reason Gmail has crossed the 1 billion monthly active user milestone and is still standing strong as one of the world’s most popular web-based email clients. It’s extremely easy to use and is always up-to-date and secure, courtesy of Google. But if you’re just using Gmail for sending and receiving emails, you’re really missing out on some of its nifty features that allow you to manage your email more effectively. Here are some tips to make the most of Gmail.
Ever had that moment when you’re in a hurry to type up an email and send it off only to notice a few seconds later there were a couple of mistakes? Maybe you’ve forgotten to attach a file or misspelled a word. Heck, you may have even sent it to the wrong recipient! Don’t worry, we’ve all been there. This is the moment where Gmail’s ‘Undo Send’ feature will become your new best friend. You can activate this by clicking on the gear icon on the top right hand corner of Gmail, then go to Settings. Scroll down to ‘Undo Send’ and hit the ‘Enable’ box. Now you have up to 30 seconds to click the ‘Undo’ button that will pop up once your email’s been sent.
Create to-do lists
Gmail provides an easy way to create a task list that you can use to keep track of all the things you have to do in a minimizable window. This way you won’t have to send yourself an email and clutter your inbox every time you need to remind yourself to do something. Adding a to-do list is easy; simply click the ‘Mail’ menu in the upper left corner of the Gmail window and choose ‘Tasks’. A small window will appear in the bottom right corner of the page, and here you can type in your tasks and check the boxes once you’ve completed each of them.
Some emails are too important to be buried in a crowded inbox. This is where you can use Gmail’s Star feature to your advantage. Adding stars is a way to single out emails that need to be read later or require a follow-up. You might already know that clicking the yellow star beside the email will highlight the line and makes the message easier to find. But there’s a way to take things up a notch. Navigate to ‘Settings’ and scroll down to the ‘Stars’ section. Here you can drag the stars from the ‘Not in use’ row up to the ‘In use’ row to make them active. Once you’re done, hit ‘Save’. You could use the blue star for emails that need a follow-up, red for problems, question mark for the ones that require clarification and so on.
Use canned responses
Have you ever had to answer the same questions sent by clients over and over again? Well you’re in luck. Gmail has a productive hack that allows you to create and send off repetitive messages in just a few clicks. Activate it by heading over to ‘Settings’, ‘Labs’ and click the ‘Enable’ button in the ‘Canned Responses’ tab. Now type up a response email. Click the arrow in the lower right corner of the message box and select ‘Canned Responses’. You can add common phrases, sentences or email bodies that you find yourself using a lot, whether for marketing inquiries, sales pitches or client requests.
With these Gmail features you can save time, get more things done and become more productive. If you want to learn more about Gmail or any other Google apps, please get in touch with us today.