by Felicien | Aug 16, 2019 | Education
Small Business Tech Security
Small businesses need to take cyber security seriously, preventing lapses or weak points that could lead to major data breaches or attacks.
Modern technology is rapidly changing the landscape for small businesses. Small companies can now do more and have a far greater reach, but they are also faced with bigger security concerns. What once was a big company issue is now a concern for small businesses as well. Some small businesses get caught into an assumption that security breaches only impact big companies, but hacks, ransoms and malware threaten companies of all sizes.
Small- and medium-sized companies are being attacked at an increasing rate. The average cost of damage from theft, hacking and data loss increased from over $879k to $1mil, according to the Ponemon Institute. This has forced small businesses to spend more each year with a projected spend of $21.2 billion by 2021. Security has become a major small business concern.
Security is a Major Managed Services Offering for Small Business
Tech security is a vital need for small business, but not all companies can afford a full IT department. Small businesses that need additional tech support to cover the various aspects of their company. From firewalls and email to endpoints, top professionals should be keeping your business safe. Cybercriminals are becoming more sophisticated in their approaches, often tricking your employees into clicking on links or opening attachments that help them enter in a back door. Only the best software, updated devices and best practices for your employees will help reduce the risks of a breach. No matter what industry you are in, keeping your data, profiles and customers safe should be a top priority.
The traditional solutions are no longer good enough. In order to protect your business and customers, you will want to outsource tech support. By hiring an IT managed services company, you will have access to top professionals round-the-clock without paying for a full-time team. You want the expertise and niche talents that a full team can offer.
The True Cost of Data Breaches
Remember, your losses will go beyond the cost of recovery. You will have downtime that could cause major disruptions in your business and will impact how your customers trust your company. You could face governmental fines or settlements to cover customer loss. Your business could face investigations, digital forensics sweeps and more that would hinder work and become a huge time drag for you. Most businesses (60%) fail within 6 months of a data breach because the cost is too much to handle.
Strengthening Preventative Security Practices
A preventative approach to cyber security will be more valuable than just a response (though you want a response plan as well). Part of preventing those breaches is going to be in proper training for your employees. An estimated 54% of data breaches are the result of negligence on the part of an employee or contractor, according to a Ponemon study. Starting with good training and best practices will help reduce breaches due to error. A tech company should make necessary updates to your equipment and software to ensure you are protected against malware and virus attacks as much as possible. Backups should also be in place in case of a system breach, protecting you against lost data.
Stay Honest About Your Weaknesses
The right IT team will audit your company to find weak points and make reasonable suggestions for change. Having those honest conversations with your customers about potential risks can help protect both you and them. Being straightforward will help increase the trust and improve how customers treat their own data and account security. No matter what industry you operate in, your customers are going to hold you responsible when it comes to their security and data protection. By staying open about cyber concerns, you are more likely to take them seriously and get them ironed out. Trying to cover security concerns will only lead to bigger problems.
Get a tech team that works for you and knows your industry. If you need help with IT support or security, you can contact us for more information. We offer IT managed services that will help guard your company and prevent disaster.
by Felicien | Aug 16, 2019 | Education
How to Choose the Right App for CEO Online Journaling
Learn why many business leaders turn to journaling to build their brand and improve their leadership skills and see what features the top applications offer.
When you want to establish your own personal and professional brand online, using an online journal is an effective way to spread the word about your insights, leadership, business and philosophy. Having the right tool to help you get your message across to readers is an important decision.
Other CEOs use journals to fine-tune their skills, reflect on their days and improve their leadership skills.
“Setting aside as little as 10 minutes a day to record your thoughts stimulates reflection critical to making sense of the fast-moving world around you,” notes a recent Strategy and Business article. “Journaling engages the analytical, rational functions of the brain, which gives the more creative parts of your cranium space and time to work their magic.”
Below are the top online journal services that CEOs can use to build a better online persona or simply track their thoughts and perspectives.
What Features Should I Look For in a Journaling App?
The most effective apps are those that offer features that make it easier to write and publish. Some of the most common features among the top apps are:
Easy interface. You want to be able to focus on writing, so you need a minimalist interface that lets you focus your thoughts and write well. The app you choose should also be easy to use, with a limited number of clicks or taps needed to add an entry.
Exporting. You want to choose a product that allows for exporting into formats such as PDF, RTF or common word processing extensions that allow you to use the content wherever you want.
Syncing. Keep your journal synchronized across your devices with an app that has synchronizing capabilities.
Reminders. Gentle automated nudges to enter your thoughts are a good way to maintain the habit.
Visual support. You may want to add other elements to your journal, including photos, videos and graphics.
What Are the Top Online Journal Services for CEOs?
You have many choices when it comes to journaling services. Here are a few of the top options:
Day One. Automatically add metadata such as date, location, time and weather, synchronize your entries across devices, and use a dark mode if working in low light. It also uses IFTTT (“if this then that”), a free web-based service to automate the creation of entries on multiple apps.
Diario. A great choice when you want to add lots of images. You can add folders, tags, dates, locations and other filters.
Diary. A simple interface makes Diary popular for shorter entries, which can be shared easily with friends and followers on Facebook, Twitter and other social media platforms or via email. Provides cloud storage and reminders, too.
Journal. An intuitive interface and clean layout highlight this product. Synchronize with Google Maps to add location metadata and street views. Export entries to file types suitable for printing. Security features include Touch ID, Face ID and PIN protection and automatic backups to Google Drive.
LiveJournal. One of the oldest journaling apps dating to 1999, LiveJournal lets you share and read others’ journal entries while writing your own.
Momento. Connect Momento to social media apps like Facebook, Instagram, Twitter and YouTube and you can automatically add social activity to your journal.
Penzu. Security is the name of the game with Penzu, which offers double password protection and 256-bit encryption, along with customizable backgrounds and fonts.
Whether for branding or reflection, the right journaling tool can improve your professional outcomes.
by Felicien | Aug 15, 2019 | Education
Australian Businesses Closed Due to Phishing Freight Scam
Several Australian businesses have become the targets of a phishing freight scam losing an average of $30,000 to $100,000.
Phishing is on the rise as a method of online criminal activity focused on businesses. Victims are being scammed out of tens of thousands of dollars via this email phishing scheme. Right now, scammers are directing their fraudulent activity at IT and electrical businesses. Several Australian companies have shut down after becoming victim to a freight forwarding email according to the Australian Cyber Security Centre (ACSC). These victims are losing an average of $30,000 to $100,000 after sending their products to the scammers who request delayed payment credit terms from the victims.
How Does The Freight Scam Work?
The scammers trick victims into participating by spoofing internet emails, domains and signatures of executives of large Australian companies and universities to legitimise their communications. An example of how they work is they send their email from lendleases.com.au instead of the actual website lendlease.com.au. One of the fraudulent emails that the ACSC released is supposedly from a Chief Procurement Officer at the University of Sydney.
On each purchase order, the scammers request laptops, hard drives, cosmetics, defibrillators and environmental monitoring equipment, all items that can be easily resold. The targets are asked to ship the orders to a freight forwarding company which in turn, then sends them on to another fraudulent entity who acts as a middleman. Then the freight forwarding company becomes a second victim when their bill is paid using stolen credit cards or using an established credit line.
How are Fraudulent Orders Identified?
In this case, the scammers are requesting shipments to many locations including Singapore, Dubai, Dagenham, Kuala Lumpur, Malaysia and Deira according to the ACSC. Businesses should never automatically trust any unsolicited order of goods with credit without further investigation. However, it’s possible for these orders to slip through the cracks if you don’t have a strict policy for your approval process on every transaction. The ACSC requests that all organisations should do due diligence on any new customers or unusual orders, and investigate any customer before granting credit. They also suggest that businesses should check the domain of websites and emails that are referenced on a purchase order. A good follow up is to contact customers by phone to confirm that they are a legitimate company, and have placed the recent order. Lastly, it’s important to verify the shipping address over the phone.
What is Phishing?
Phishing is one of the most commonly-used cyber attacks in Australia. Statistics from the Office of the Australian Information Commissioner show that phishing accounts for 39 percent of all breaches reported. Therefore, it’s important to be aware of how to protect yourself at home and at work from phishing.
How Does Phishing Work?
The victim receives an email that is simple in format and generally personalised and potentially from a known sender. It may look like an official email from a known organisation or company, and it invites the victim to click on an embedded link. Wording varies, but it may say, “click to learn more” or “click to see the image.” After clicking, the victim is redirected to a web page and asked to enter their user name and password or for other personal information. Once the personal information is filled in the attacker then sends emails to everyone in the victim’s address book and the cycle repeats.
What are the Dangers?
While having spam email issued from your own email account is annoying and a problem, the larger issue is that the victim has given the attacker their user name and password. With an email and password, the attacker can easily hack into anything the victim uses that email and password for. Most people repeat email and password data for multiple accounts. In the world of cloud storage, this can be several accounts including email, CRM, file storage, banking, and proprietary applications.
by Felicien | Aug 15, 2019 | Education
Protect Yourself From Ransomware In Windows 10
You may have been using Windows 10 for some time now, but it’s likely that you haven’t mastered all of its features just yet.
You’ve heard about ransomware, right?
It’s a type of malware that encrypts your data so you can’t access it and holds it for ransom. Usually, this malware makes its way into your systems by posing as a file or program you think you want. Even if you don’t end up having to pay the ransom, it’s a lot of trouble that you should try to avoid.
Did you know that you can enable Controlled Folder Access in Windows 10 to protect against ransomware?
Enabling Controlled Folder Access protects the default Windows data storage locations in your profile from access by unknown applications. When compared to identified and allowed programs, if the malware is determined to be unsafe, you’ll get a pop-up letting you know it was denied access to your storage.
by Felicien | Aug 15, 2019 | Education
Protect Yourself from Potential Attacks Via Chrome Extensions
Learn two simple ways to set the privacy and activity settings for each Google Chrome extension on your browser and steps the company is taking to protect users.
Google’s Chrome web browser is a popular choice for businesses the world over. Managing the extensions gives you more control and faster results when using Chrome to its best. Here’s a closer look at Chrome add-ons and how to use them effectively.
And with emerging cyberthreats targeting browsers, now is an important time to know your way around the extensions.
What Is the History of Google Chrome Extensions?
Google introduced Chrome in 2008. By 2010, there were more than 10,000 extensions available in the Chrome Web Store. Today, the company does not release the number available, but it’s estimated to be in the hundreds of thousands.
That growth brings with it an increasing vulnerability to attacks via vectors embedded in extensions. The company does work to keep malicious extensions out of its store but mistakes are possible. Other extensions can invade users’ privacy.
Should I Uninstall All Chrome Extensions?
Deleting all extensions is not necessary. Instead, use these two helpful tools to manage your extensions better and control permissions you provide to the add-in.
1. Use Extension Icons
To the right of the address bar, you’ll find icons representing the extensions you’ve installed. If you right-click on an icon, you’ll see an option titled “This can read and change site data” with three options:
When you click the extension
On [the site you’re on]
On all sites
The default is the first option, which limits the use of the extension to user-activated times. If an extension is “loud,” meaning it uses a lot of bandwidth, these settings can provide more control.
2. Use Extension Settings
If you click on the hamburger menu icon to the far right of your address bar, you can click on the option “More tools” and click on “Extensions.” This will bring up a screen with a box for each installed extension. Click on the Details button for any extension you want to modify. You’ll see the three options again, but also an option to add the URLs of specific sites on which you want the extension activated.
What Can Go Wrong with Browser Extensions?
There are several risks to installing browser extensions. Here are a few of the ways extensions can do harm:
Malicious intent. Malware can be installed unknowingly that uses your computer for other purposes. Kaspersky, for example, noted a recent example of extensions that made money for the hacker by clicking on pay-per-click ads.
Hijacking. If a hacker steals a designer’s credentials, an extension can be compromised by changing the functionality or inserting malware.
Purchases. Extensions are hard for designers to monetize. That’s why many are eager to sell their code if approached by a buyer. Users are usually unaware if extensions change hands, meaning a previously well-intentioned add-on can be repurposed.
Is Google Addressing Extension Security?
Google recently announced steps it’s taking to combat the security issues with extensions. Among its changes:
More granular user permission options
A requirement that extensions only request access to the minimum amount of user data needed to operate
Expanding privacy rules for extensions. Those that carry user communications and user content will join those that handle personal or sensitive user data and need to post privacy policies
Proactive steps combined with Google’s efforts are critical to keeping your browsing and data safe and secure.
