BLOG

Techital Blogs and News

By Alex Payne 20 Sep, 2021
Very few employees can honestly say they spend the entirety of their workday actually working. Whether it’s the 15 minutes you spend making your coffee in the morning, or the 10 minutes catching up on Facebook after lunch, the occasional work break is inevitable. A recent study showed that the average worker admits they waste three hours per eight-hour workday, not including lunch and scheduled break-time. However, a different study stated that workers only spent about 35 minutes, per day, not working. While concluding the exact amount of time workers waste during their workday might be difficult (because no one wants to admit they are looking for deals on patio furniture rather than writing that time-wasting blog they were assigned,) we can all say we have been guilty of frittering away some precious time during our workdays. Here are the top four ways employees are wasting their time at work and a few ideas on how to be more productive during your workday. Time Waster #1: Emails Emailing has become the top form of communication in the workplace. What’s the first thing most of us do when we come into work? Check our emails. Technological advances in the way we communicate have brought about the notion of having to be connected at all times. Our clients and even our colleagues tend to expect instant responses to each and every message, even when we are sick or on vacation. While email can be extremely beneficial, a lot of our workday is spent reading and answering emails. Many professionals have actually found they can get much more done during their workday if they don’t respond immediately to every single email. Solution: Try not to check your email first thing in the mornings. Instead, spend anywhere from 30 minutes to an hour working on something more important first thing in the morning. This allows you to fully concentrate on what you have to do without any of those unread emails distracting or stressing you. You can also increase productivity by simply turning off your email notifications for short periods of time during the course of your day. It could be 15 minutes, or it could be 60 minutes, but you’ll realize that during that distraction-less time you’ll be able to blast through your to-do list. Time Waster #2: Online Distractions The Internet is known for luring employees deeper and deeper into its web (no pun intended) with each and every click. It is said that 60% of online purchases are made during regular work hours and 65% of YouTube viewers watch between 9am – 5pm on weekdays when (presumably) at work. While social media outlets such as YouTube and Facebook can be a great platform for brand awareness and business growth, let’s be honest – how many times are you actually on these sites marketing for your company? You’re not, you’re wishing your uncle Brad a happy birthday. Some professionals have even admitted to spending time job hunting during work hours on company computer – shame on you! Solution: If you just absolutely can’t keep yourself from refreshing your Facebook feed every 10 minutes, simply block it. StayFocusd is an extension Google Chrome offers that allows you to set a certain amount of time to any website of your choice and once that time is up, it denies further access to these sites. If that seems too harsh, you can always better manage your lunch time. Take the first half of your lunch break to feed yourself and use the second half to completely indulge and get your daily fix of online distractions without feeling guilty. And if you still can’t get away from these Internet sites, well, you got a bigger problem, buddy. Time Waster #3: Colleagues Nobody enjoys spending their entire workday in silence. Humans are social creatures by nature. We all appreciate a little chat here and there during our workday. For that reason, co-workers can be awesome. But, they can also be a major time suck. How many colors does the printer have? Are we supposed to send this email this week or next? Where should I upload the document? Can you review this really quick? We have all had those colleagues that treat us like we are the employee handbook. While it can be very flattering being thought of as the expert of the group, the fact that you are constantly being asked repeating questions can quickly become irritating. Not to mention, it can take up a huge part of your workday. Solution: Headphones! Wear headphones while you work. Even if you aren’t listening to anything, having both of your headphones in will signal to your colleagues that you’re focused and in the zone. I understand some of us have very persistent co-workers who may still decide to come on over to your desk and give you quick tap on the shoulder. At that point, simply tell them you are glad they came by because you need help with [insert irrelevant work assignment here]. If they leave your desk with some work to do, they’ll think twice next time they come on over for a chat. Time Waster #4: Meetings Meetings are a necessary evil in most companies. 47% of professionals say their biggest time waster is having to attend too many meetings. On average, 33 minutes a day are spent just trying to schedule these meetings. You don’t always need to have a meeting, nothing makes an employee more frustrated than having their scheduled filled with unnecessary meetings. We have all been to those meetings where literally nothing pertained to you and absolutely zero words came out of your mouth. While communication in the workplace is extremely important, there are better ways of communicating information that doesn’t involve attending meetings every other hour. Solution: Next time you’re invited to a meeting, that you believe might be irrelevant for you, ask the host why they think your presence is needed. You can then set up some sort of system where your supervisor can go in your place and later simply cascade down that information to the rest of the team. If your supervisor is too busy to even attend themselves, then you could ask to meet with the host a couple minutes before to share your insight because you will not be able to stay the entire time. There are many other time wasters that we could discuss, but we’ll have to save that for another time – I have a meeting.
By Alex Payne 20 Sep, 2021
Everywhere you turn today you will find social media. People taking selfies at the grocery store, responding to Instagram while walking down the street, and of course checking Facebook status while clocked in at work. What do you do when social media use gets out of hand in the workplace? It can seem like a never-ending battle with employees, but it doesn’t have to be that way. Before you go any further, draft up a social media use policy. This will save you headaches and possible litigation. Employees can agree to it and follow it or they can find work elsewhere. Sounds harsh, I know, but your business’s reputation is not worth Mary’s selfie. Don’t get me wrong, the policy doesn’t have to be rigid and forceful. Your employees are adults and can handle responsibility. Similar to a job description, policies allow for clarification and accountability. Great for both employer and employee. To create a social media use policy, start by splitting the policy between company official accounts and personal accounts. Then take a look at rules and regulations. With this part, you want to clearly overview your brand as well as how you want it perceived. It is important that employees are on the same page for this. That way the message is consistent across all platforms, no matter who posts or comments, talk about confidentiality and what company info can or cannot be shared. It can be similar to the non-disclosure you had your employees sign when they got hired. Then, of course, outline the potential consequences to not following these guidelines. Ensure these are clear and concise because a loophole can be quickly manipulated. Then you can go onto the same steps but for personal use. Once you have that jotted down, you can move to the next part, roles and responsibilities. It is in this section that you have to figure out who will have access to the company’s social media or to any in general. Think about it, it might not be best to block it altogether. You can harness the power of social media for your benefit though if you play it smart. Your marketing team will need it, well, to market. Sales can keep in touch with prospects or members easily and it gives all parties conformation that you care. Beyond that, you may want to give your receptionist or office manager access in order to help with customer service on different platforms. While working on this, keep a few things in mind. Don’t discourage use, and ensure the language of the document sounds positive. Employees will get upset with a big change to what they’re used to. A list of don’ts is only frustrating and discouraging. Also, be transparent on why you have a policy. Let them know that productivity has been affected. Not only that, be clear with them about the potential security risks you are trying to avoid. Train the employees using company social media how to see security risks and what to look for. Then finally, explain how a policy keeps everyone honest and accountable. As long as you are transparent about the new policy, implementing it shouldn’t be a huge issue. If you have employees assist you in drafting this document, that’s even better. They are part of the change and not being steamrolled by it.
By Alex Payne 20 Sep, 2021
Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud, in fact, it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or the workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups, and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you will be a victim of this as well. External Threats With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system. BAITING First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations. PHISHING This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email or log in to check on a policy violation. Usually, the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book. SPEAR PHISHING Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer. Internal Threats Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier. TAILGATING Often, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access. PSYCHOLOGY Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it? PUBLIC INFORMATION Then of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person. PRETEXTING Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, but they can also easily steal your identity with pertinent information like social security numbers or banking information. Prevention Social engineering can be prevented by being educated in it. With so many different ways to steal your important data its imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help. First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that caused your business corrupted data. Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate-looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek is user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise. Then finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but that’s okay because you’ve gotten very good at yours too and can combat these sneaky hackers.
By Alex Payne 14 Apr, 2021
Backup Disaster Recovery is one of those things that all businesses need to have. A BDR backs up any data during the course of a disaster. Whether it’s a natural disaster such as a tornado, a hardware failure, or even an attack from a hacker. Anyone of these could permanently disable your business if you aren’t prepared or have a proper backup plan. For those of you still backing up data manually on tapes or *cringe* not at all, here are some reasons you need a BDR solution and should stop tuning out potential disasters. First of all, a data disaster is more common than you might think and currently, 58% of SMB’s are not prepared for data loss. Even worse, 60% of SMB’s that lose their data will shut down within six months. Something that could have been prevented could potentially wreck your business. Scary to think about when 29% of hard drive failures are caused by accident. It would be silly to have a human error or a simple mishap put your company out of business. You may have security protocols in place and your employees are well versed on avoiding things like malware. Well done. However, you’re still not protected. Human error is a large culprit in data loss. It could be unintentionally deleting items or accidentally overwriting data, but these “oops” can hit hard. Human error can result in other kinds of hardware damage like spills or even accidental reformatting. All of these things are possible and have happened to many SMB’s before you. Sometimes recovery is possible from the software platform you were using, maybe your computer has your back and caught these things. It’s still a time consuming and money wasting error to fix, even if you are so lucky to recover some of what you lost. Viruses and malware can be a significant cause to software or hardware damage depending on what kind of bug found its way in. Usually, this can be avoided with proper employee training as well as an awesome firewall that will help filter malicious attacks. Yet another prey in the night is social engineering – the art of conning people. Hackers have been known to get into server rooms and other data-centric areas of the business. Employees may not even notice their mistake until it’s too late. I guess the “HVAC guy” turned out being a hacker in disguise. Sometimes software corruption can come from unknown viruses lurking around your computer. However, most of the time it is due to improper usage. Things like not shutting down the computer properly or leaving unsaved documents open. Sometimes even a power outage can trigger corruption. Once the software processes are interrupted and damaged, it’s virtually impossible to recover data stored in the software. Did you know that 140,000 hard drives crash every week? With that kind of number, it’s just a matter of time until it happens to you. That is not a comfortable position to be in if you know you don’t have backup. Unfortunately, hard drive corruption is usually due to mechanical issues. Things like age and dust build up can (and will) cause technology to fail. We’ve all used the old laptop we still have, that’s been on its deathbed for months, freezing frequently, taking for-ev-er to load a webpage, and of course, acts as a heater for your lap or desk. All of these things are signs leading to a crash. You may not care if it’s an old hand-me-down laptop from the ’90s. But you will care when it’s your pricey equipment with all of your product data and client information being stored on it. Finally, good old-fashioned acts of God. You can’t necessarily prepare for a natural disaster. Even if you hear the tornado siren, backing up your servers to tape will take longer than it does for the tornado to hit your business. Then what? That tape is left among the rubble, destroyed. This may seem like an exaggeration, but it has really happened to businesses. And even if only hypothetical, it makes for a great metaphor for any other crash within your business. This is also proof that on-site BDR’s may not always be the final protective cover to your business. You may want to consider off-site or cloud data storage to ensure protection, so your data is safe even if your equipment is destroyed. Protect your business and keep it running smoothly and successfully. Backup Disaster Recovery options are available for all kinds of SMB’s and their needs. Don’t wait to be taught a lesson by the “big one” (as most California residents say). Protect your important data and enjoy the peace of mind that comes along with it. You’ve worked too hard to get your business where it is, protect your hard work.
By Alex Payne 13 Apr, 2021
What is the dark web? Have you heard of the ‘dark web’? You probably picture a guy in a hoodie, slumped over a keyboard peering at a screen of numbers with an evil smile upon his face. Oddly enough, it’s really not as dark and creepy as the media portrays. However, the scary part is the information you can find on the dark web. Don’t think the worse, I haven’t seen any body parts for sale on the dark web, I can assure you if any of your important data has been stolen. It’s likely for sale on the dark web. The dark web is named that because it’s part of the Internet that is not indexed by search engines. This certainly makes the anonymous illegal activity easier, but the dark web does host a few legitimate social networks. What’s on the dark web? As mentioned before, if you’ve ever had your data compromised, it is possible it’s floating around the dark web for sale. Or if you’ve heard of the latest malware attacks that have stolen millions of usernames and passwords (like the Collection #1 breach last January). There are a plethora of items to purchase. Some of the most popular are breached usernames and passwords that have been de-hashed. You can buy credit card numbers, drugs, and hacked accounts to name a few. I have personally viewed 6 stolen credit cards for the cost of $100. No guarantees they had money on them or were still valid, but I suppose it’s worth a try for a hacker. You can even hire a hacker to carry out a job for you. Most of the dark web takes some kind of crypto-currency and has boomed since currencies like Bitcoin have taken hold of the Internet. How do you access it? You can’t just type in “dark web” on Google and expect it to take you there. In fact, your network may even get flagged or the antivirus on your computer will prohibit it. The way people are accessing the dark web now it through a search engine named torproject.org. Now keep in mind, this organization created Tor in order to allow everyone privacy during their browsing experiences. Many countries are unable to access the Internet without someone eavesdropping on them or simply being unable to take part in free speech. Also, keep in mind that these dark web sites look just a normal as a regular website. Sometimes the only way you can see the difference is that dark web sites use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called “Dream Market” goes by the unintelligible address of “eajwlvm3z2lcca76.onion.” Its surprisingly easy to access, just remember what kind of people you’re dealing with. If they stole from other people, they’ll steal from you too. Staying ahead of the dark web Most people will never have the need or the courage to check out the dark web. However many IT industry experts peruse the dark side to look out for current and future hacking trends. It’s always good to know what is making money and what assets scammers are looking for. If by chance you stumble upon your own data, there’s little you can do about it. (Although, we’ve heard stories of people buying back their data). But at least you’ll know what’s compromised. Check out the dark web at your own risk, but whatever you do – save yourself the trouble – and don’t purchase anything.
By Alex Payne 13 Apr, 2021
You’re ready to purchase a BDR. You’ve done all of the research, found a company you’re confident in and are excited to finally have peace of mind. But now you start thinking about exactly what you need to back up. Is all of your data necessary or should you salvage a little server room? All businesses want to back up everything, you never know when you’ll need it. It’s not always necessary to back up everything daily, but there are some you will want to consider. Depending on what kind of BDR you purchased you will first need to delegate what data is stored, is not stored, and how often. Notice that there are three different kinds of backup in today’s tech world. Those are; straight to cloud services, software-based products, and a hybrid approach that combines on-site hardware and software. By segmenting the market, you can quickly assess which approach will work best. Ideally, you will want to spend money on a company that specialized in a backup. However, keep in mind that the faster the solution is and the more automated, the more expensive it will be. Don’t feel bad if you went a little cheap in order to save money. You can still backup without automation or any third party, you will just need to remain diligent about it. If you are making sure to do a daily backup there are several business items you want to account for each day. First is credit card transactions or receipts. Your accounting software should keep an eye on this and automatically back this data up, but you can never be too sure. This also includes things like invoicing, receivables, payroll and just about anything that is financially related. All financials are incredibly important, even one lost invoice could really hurt your business. Next, you will want to backup any client files. Anything with hackable data or items that could be compromised need to be backed up daily as well. Not only is it invaluable to keep this information safe, but it would certainly affect your client confidence if anything was lost or stolen. Finally, we must backup any project management software. Anything that your business uses to keep track of daily activities and work being done needs backup. Just like financial software, usually, project management software will also back up and recover items if lost. But once again, that’s a chance you don’t really want to take. Then, of course, it affects communications, so you don’t want to want to maintain a log of communication or “paper trail” as people day. You want to keep all of these things intact. Not only your precious memories but also the really important stuff that your clients and customers trust from you. Keep these items in mind and you should never have to deal with business killing disaster.
By Alex Payne 13 Apr, 2021
Everyone is talking about cloud computing these days and for good reason. The cloud is revolutionizing how computing power is generated and consumed. Cloud refers to software and services that run on the Internet, instead of locally on your computer. When tech companies say your data is backed up “in the cloud,” it has nothing to do with those white fluffy things in the sky. Your data isn’t actually up in the cosmos or floating around in space. It has a terrestrial home. It’s stored someplace – lots of places, actually – and a network of servers find what you need, when you need it and deliver it. Cloud computing, if done properly can make your business much more efficient. However, a cloud solution is only as good as the quality of the research, the implementation, and the follow-through. So, how do you know if moving your business applications and data to the cloud is the right answer for you? There are few things you need to know about the cloud first. What exactly is the cloud? This is a tricky question in and of itself. Just like the clouds in the sky, there are many clouds when it comes to technology. In the simplest terms, cloud computing means storing and accessing data and applications over the Internet instead of your computer’s hard drive. It is using a network of computers to store and process information, rather than a single hard drive. Public vs. Private vs. Hybrid? Not all clouds are the same. You have options with public clouds, private clouds, as well as hybrid clouds. Choosing the right options for your business comes down to the needs and the amount of control you would like to have. Public clouds: owned and operated by a third-party cloud service provider, which deliver their computing resources such as servers and storage directly through the Internet. With a public cloud, the hardware and software is owned and managed by the cloud provider. You access these services and manage your account using a web browser. Private clouds: unlike the public cloud, the private cloud is used by only one organization. A private cloud is one in which the services and infrastructure are maintained on a private network. Some companies also pay third-party service providers to host their private cloud. Hybrid clouds: combine public and private clouds, that allows data and applications to be shared between them. Data and applications can move between public and private clouds as needed, offering better flexibility and more deployment options. HaaS or Saas? Just like there are different types of clouds, when it comes to cloud computing, there are also different types cloud services. Most commonly used cloud services fall into two categories: HaaS and SaaS. Hardware as a Service, or HaaS, basically refers to leased computing power and equipment from a central provider. The HaaS model is very much like other hardware service-based models – clients rent or lease, rather than purchase, a provider’s hardware. Software as a Service, or SaaS, utilizes the Internet to provide applications to its users, which are managed by a third-party. Unlike HaaS, this is web-based model where software providers host and maintain the servers and databases – eliminates hardware investment costs. Is it safe and reliable? As mentioned before, cloud computing is the way of the future. We know it is easy and inexpensive – but, is it safe and reliable? What good is saving money and switching to a cloud solution if it will bring additional risks to my business? Most cloud service providers offer encryption features such as service-side encryption to manage your own encryption keys. So, in reality, you ultimately decide how safe your solution is. As far as reliability goes, in many cases, cloud computing can reduce the amount of downtime right down to seconds. Since there are multiple copies of your data stored all throughout the cloud, there is no single point of failure. Most data can usually be recovered with a simple click of the mouse. In the end, though, companies shouldn’t make decisions entirely based on what they are comfortable with, or what with what is cheapest. What should be most important is deciding whether or not transitioning into the cloud will work for your business. To cloud, or not to cloud? The choice is all yours. Do your research and ask the right questions.
By Alex Payne 24 Sep, 2020
Social media platforms are a scary new front for most businesses. There are so many differing opinions about social media in the workplace. However, besides the main players like Facebook and Instagram, there are many social-related platforms that can evolve your business and increase communication and productivity among employees and clients. Social platforms and related software are part of the natural progression and evolution of business. Its currently being used in most businesses for collaboration, feedback, and research to name a few. It’s understandable to be hesitant, but could this improve your current processes? The answer is yes. Currently, social media platforms offer business utilization. This alone can cut out a lot of the daily customer service calls your office manager may be receiving each day. It won’t take the place of techs if work is needed, but many simple questions or inquiries can be answered. By doing that, you can also boost the number of leads your sales team are receiving too. Now your office manager can get off the phone and answer questions through the platform while they are working on other items. This can also help marketing ventures by visually showing you a slew of analytics that can assist in knowing what people want from you, or like to see. Communication between employees can also be enhanced and done more efficiently with social platforms. Microsoft Office offers a platform called Teams. Instead of walking all the way to someone’s office or trying to multitask while needing answers without a phone call, you can type in a name and send a message to anyone in the company. It cuts time in half, you get quick on the spot response or support. Techs don’t even have to leave their desk. Contact them via teams and they can begin to fix an issue remotely. This isn’t your only option, simply an example. There are several platforms that service so many areas of SMBs. Employee to employee communication isn’t the only thing that benefits from social tools. Client communication does as well. Many of these platforms offer things like instant messages, video conferencing, screen shares and team sites. Think about the amount of time that is saved for both the employee and the client. Your tech can be in the office working remote instead of spending an entire day at a client’s office. You can share documents, walk a client through a simple fix with a quick screen share. This is a huge win for employee productivity and efficiency, not only that but client expectations will be exceeded in a timely manner. Finally, social media, social tools, and social platforms are all shown to increase morale within a business. They are allowing employees to streamline their jobs without the stress and hassle of attempting to collaborate with different people via email or an office visit. It also shows them that you trust them to use these things on work time and not abuse the privilege. Taking a small break to check Facebook or network with a client makes a surprising difference in the workplace. Do some research and find out what would work best for your business. It never hurts to give it a try. For all you know, the results may surprise you.
By Alex Payne 24 Aug, 2020
Data loss is not a matter of if, it’s a matter of when – and it happens to every company, big or small. More than half of businesses locate their disaster/backup systems in the same physical location as their primary system – red alert! If you only have one copy of your system’s backup at your office, and your hardware fails or a breach occurs and all your data is stolen, then a backup was completely useless to begin with. In a bit of irony, it turns out that the safest place to be during a storm is “in the cloud.” Cloud computing not only offers back up protection against system malfunctions or natural disasters, it also keeps businesses safe against cybertheft, ransomware, malware, viruses, phishing, cross-site scripting, employees, and the list goes on. It’s not that businesses don’t recognize the importance of having a disaster recovery plan in place. It’s just that they simply have it in the wrong place. So, let’s say you’ve finally agreed that it’s time to move to the cloud – where do you start? Here are some recommendations that can help you though the process: First off, moving to the cloud doesn’t have to be an all-or-nothing process. Companies that weren’t “born in the cloud,” meaning any company more than a couple years old, need a plan for going cloud. Establish the plan, let your data trickle into the cloud and take your time. No need to jump in head first. You must make sure you know your data. Truly understand what is going on before you begin to move your data and applications. Say you were going to sell your house, you first need to clean and organize your belonging before putting them all away in storage. Same exact concept when it comes to transitioning into the cloud, clean and organize before you store. Know your options. Public cloud, private cloud or hybrid cloud? Refer to our previous blog, To Cloud, or Not to Cloud, to learn the difference between these types of clouds. How much storage, bandwidth, and support do you want to pay for? Make sure you tailor your cloud service to best fit your company’s needs. What works for someone else might not work for you and vice versa. Do your research. Here’s the reality: we have heard and experienced the effects of far too many crappy cloud solution horror stories. Companies that were put up on a half-built cloud solution eventually had to return to their on-premise solutions. With cloud unreliable partners also comes hidden costs such as unexpected fees for the overuse. Choose a reliable provider. Who will have access? Who can add, delete, or modify data? What responsibilities belong to who and how will this change with the cloud? After you move into the cloud, it is you who is responsible for defining who can do what. It is crucial to you know your staffs access imitation. Add encryption. Most cloud service providers offer encryption features such as service-side encryption to manage your own encryption keys. Who controls and has access to these encryption keys? What data is being is being encrypted and when? Ultimately, you decide how safe your solution is. While the road ahead may be tough, with these tips in mind, you can begin moving your business processes to the cloud safely and efficiently.
By Alex Payne 02 Jul, 2020
While the number of people falling for sending personal information to the crown prince of Nigeria in hopes of receiving his promised wealth and riches seems to be dropping, phishing remains a major issue. In fact, the number of phishing campaigns pursued by hackers around the world increased 65% in the last year. What exactly is phishing? Hackers mimic the emails, forms, and websites of legitimate companies in an effort to lure people into providing their private, personal information, like credit cards numbers, social security information, account logins, and personal identifiers. The victim typically doesn’t realize they’ve been compromised until long after the event, and oftentimes only after their identify or finances are affected. In the past, an attack was carried out relatively quickly. As soon as the victim gave up their information, the hacker moved in and stole money from the compromised bank account. Today, it’s often more lucrative for hackers to sell that information on the Dark Web, resulting in longer-lasting, even more devastating attacks. 3 Types Of Phishing Attacks SPEAR PHISHING Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is by far the most successful on the Internet today, accounting for 91% of attacks. Threat Group-4127 used spear phishing tactics to target email accounts linked to Hillary Clinton‘s 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented accounts-google.com domain to threaten targeted users. CLONE PHISHING Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. WHALING Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena. Have you ever gotten an email from your bank or medical office asking you to update your information online or confirm your username and password? Maybe a suspicious email from your boss asking you to execute some wire transfer. That is most likely a spear phishing attempt, and you’re among the 76% of businesses that were victims of a phishing attack in the last year. METHOD OF DELIVERY Phishing scams are not always received through email and hackers are getting trickier and trickier with their preferred method of execution. Last year, in 2017, officials caught on to attacks using SMS texting (smishing), Voice phishing (vishing) or social engineering, a method in which users can be encouraged to click on various kinds of unexpected content for a variety of technical and social reasons. Ransomware: The Consequence Phishing is the most widely used method for spreading ransomware, and has increased significantly since the birth of major ransomware viruses like Petya and Wannacry. Anyone can become a victim of phishing, and, in turn, ransomware attacks; however, hackers have begun targeting organizations that are more likely to pay the ransoms. Small businesses, education, government, and healthcare often, unfortunately, don’t have valid data backups, so they are unable to roll back to a pre-ransomed version of their data. Instead, they have to pay their way out or cease to exist. Outside of ransom costs, victims of phishing campaigns are often branded as untrustworthy, and many of their customers turn to their competitors, resulting in even greater financial loss. Why are effective phishing campaigns so rampant despite public awareness from media coverage? Volume: There are nearly 5 million new phishing sites created every month, according to Webroot Threat Report. There are now even Phishing as a Service companies, offering phishing attacks in exchange for payment. One Russian website, “Fake Game,” claims over 61,000 subscribers and 680,000 credentials stolen. They Work: Over 30% of phishing messages get opened, and 12% of targets click on the embedded attachments or links, according to the Verizon Data Breach Investigations Report. In short, these hackers have gotten really good at looking really legitimate. They’re simple to Execute: New phishing campaigns and sites can be built by sophisticated hackers in a matter of minutes. While we think there are far more legitimate ways to be earning money, these individuals have made a living out of duplicating their successful campaigns. How do you protect yourself from a phishing attack? Now that you have an understanding of what phishing is, our next two blogs will teach you How to Spot a Phishing Attack, and Fixing Your Weakest Link: Your Employees.
Show More
Share by: