by Felicien | Apr 5, 2020 | Education
Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform
As the usage of Zoom has skyrocketed during the coronavirus outbreak, the company has had to respond quickly to security flaws and potential phishing attacks
As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool.
The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. For context, the company noted that as of December 2019, the most significant amount of daily users was 10 million. In March, that number ballooned to 200 million.
How Are Hackers Exploiting the Zoom Platform?
For many exploits, it starts with a website.
According to Check Point, more than 1,700 domains had been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.
Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.
It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.
“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
What Is Zoom Doing to Protect Users?
Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:
Zoombombing. Multiple incidents of zoombombing have arisen in recent weeks. Uninvited visitors to online sessions have gained access and harassed participants by playing music loudly, displaying pornography and disrupted sessions. That’s led to more explanations of passwords, muting controls and sharing settings
Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If chatters used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed
Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information
Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy
The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”
How Can You Protect Zoom Users from Cyberattacks?
Here are some tips to ensure that Zoom users are protected:
Use password features to require meeting attendees to log in before being allowed access
Update the software. Users should be alerted that upon finishing a meeting, the software will check to see if an update is necessary
Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice
Be careful about recording meetings. The recording sits in a file, either online or the host’s computer and could be stolen
Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.
by Felicien | Apr 1, 2020 | Education
How to Create a Work-From-Home Team Quickly As Your Business Deals With the Coronavirus
Stay productive and secure your tech network as you deal with the coronavirus. Get support for at-home employees. Learn how to switch from an in-office to a remote team.
In the midst of the coronavirus, business owners are facing a host of new challenges. To slow the spread of the virus, you may have been asked to suspend services or allow your employees to work from home. At the same time, however, you also need to continue to bring in revenue, stay productive, and focus on growth as much as possible.
Making the shift from an in-office to a remote team quickly, especially at a time when everyone is dealing with untold stresses, can be difficult, and the right approach is essential. Check out these tips.
1. Decide What You Need to Stay Productive
Creating a remote team isn’t as easy as handing your workers a laptop and telling them to check in once in a while. If you don’t have a current work-at-home policy, you need to create one from scratch, and you may need to adjust workflows, find new tools, and create new security policies. As you try to facilitate this shift, keep these types of questions in mind:
What can my employees accomplish from home?
Can they handle core business activities from home?
Even if my business is deemed essential, can I send some employees home?
What types of projects do I want to prioritize during this time?
What applications do I need to facilitate workflows and keep everyone connected?
How can my employees work from home without compromising the security of our network?
What can I do to make this new arrangement as productive and comfortable as possible for myself and my team?
2. Consider Providing Employee With Devices
Don’t necessarily encourage your employees to use their own devices when working from home. Their home computers and tablets have all kinds of music, videos, images, and other downloads that may be infected with malware, and their devices are usually not equipped with the same level of antivirus or malware software you use in your office.
To reduce the threat of cyberattacks, consider providing your team with company-approved and secured devices. However, if you already have a bring-your-own-device (BYOD) policy for your office, you may want to continue having employees use their own devices because in this situation, you’ve already taken steps to secure those devices.
3. Help Your Workers Secure Their WiFi Access Points
As a general rule of thumb, your employees home WiFi networks are probably less secure than the WiFi you use in your office. To secure these access points, instruct your team to do the following:
Use stronger encryption
Create more complex passwords
Hide your network names
Use firewalls
To help your employees with these steps, you may want to create detailed tutorials or contact an IT managed services provider to help you.
4. Route Traffic Through a Two-Factor Authentication VPN
To secure your tech environment as much as possible, consider having your employees access your network through a virtual private network (VPN). A VPN encrypts all the information passing from your employees’ computers to your network. Even if a hacker gets onto your employee’s WiFi network, they cannot see keystrokes or any of the data being transmitted.
If you don’t already have a VPN, look into services such as GoToMyPC or Zoho. Also, try to choose a VPN that supports dual-factor authentication. Then, your employees have to enter a username and a password, but they also have to use a second authenticator such as a code texted to their phone number or email address. This layer of security provides extra defense against cyber criminals.
5. Consult With an IT Managed Services Provider
Returning to business as normal may not be possible for a while, and a managed IT services provider can help identify the tools and processes you need to support your new working environment, while also taking steps to ensure your network is as secure as possible.
In difficult times, you want your business to survive, but if possible, you should try to thrive. Our managed IT services can help you adapt to this quickly changing environment. We can help you choose the tools, the processes, and the resources you need to stay as productive as possible.
by Felicien | Mar 30, 2020 | Education
Everything You Should Know About Two Factor Authentication
Does your business use 2FA? With the prevalence of data breaches today, it’s time to start employing this simple security feature within your business.
Without a doubt, you’ve read and heard about the rampant cybersecurity problems that are insidiously plaguing businesses today. Municipalities in places like Florida, South Carolina, and elsewhere are having access to their systems denied unless they pay hundreds of thousands of dollars. Businesses of all sizes and in all industries are being shut out of their data until they do the same.
As a business owner or manager yourself, you are probably concerned about whether your organization will fall victim to the same fate. What can you do to prevent a cybersecurity attack?
You may be surprised to know that the fate of your business’s security probably lies within a straightforward thing that you and all of your coworkers and employees use every day: passwords.
The fact of the matter is that most people in your business are putting your data and systems at risk every day with the weak login credentials they use. That is, many people use the same password for all of their accounts — both personal and business related. Furthermore, many people use passwords that are way too simple and easy to guess by hackers — the name of the street that they live on, the name of their pet, their date of birth, or their anniversary date.
It’s hard to stop people from doing this because most employees don’t think that their password really matters. They assume that it will never be guessed by anyone (how could it be?), and as long as they don’t share it with anyone, it’s good enough to keep would-be cybercriminals at bay.
Unfortunately, this is not the case.
The only way to indeed keep hackers from guessing passwords or using high-tech trial and error algorithms to uncover passwords is to use two-factor authentication, also known as 2FA.
What Is 2FA?
2FA or two-factor authentication is a security system that forces users to have two proofs of identity before they can log in to a database, program, computer, or network. This is a system that you should be using at home and within your business.
As the name implies, there are two elements of two-factor authentication. First, the user must provide something they know. This could be a password or passcode, a pin number, or the answer to a secret question.
Next, the user must provide proof of something they have. For example, the two-factor authentication prompt may ask that the individual put in their credit card number (because their credit card number is something they possess). Likewise, some organizations will give each individual employee a security token that actually stays in their possession. This might be an RSA security device, a Google Authenticator, or something else. This device will be activated when prompted during login and will provide a passcode or pin that changes frequently. Another option is biometric authentication, such as an iris scan, voiceprint, or fingerprint.
Has Your IT Services Company Spoken to You About 2FA?
As the owner or manager of your business, it shouldn’t be your responsibility to ensure the security of your sensitive data and network systems. This responsibility falls on the shoulders of your IT services company, and within their security division, one of the pillars of a robust cybersecurity strategy should be two-factor authentication.
If your IT services company has not spoken to you about employing a two-factor authentication system, don’t wait to ask them about it. The foundational necessity of this simple security measure suggests that if they haven’t already employed it, they’re probably not doing their job in other ways.
In that case, it’s time to find a new managed services provider. Give us a call, send us an email, or visit our website today to learn how we can help.
by Felicien | Mar 27, 2020 | Education
Working From Home Due to Coronavirus? Consider These Tips
If you’re suddenly working from home due to the coronavirus, maximize productivity with a dedicated workspace, enjoyable breaks, and engagement with colleagues.
For the vast numbers of Americans suddenly barred from their offices due to the coronavirus pandemic, working from home can pose significant challenges. At home, distractions — including undone chores, needy pets and bored kids — abound, and tech troubles like unreliable Wi-Fi can stymie conference calls and online meetings.
What are some steps you can take to maximize productivity as you maintain a balance between the personal and the professional?
Create a Dedicated Workspace
For individuals living in small homes, working at the kitchen table may seem natural. However, trying to get work done in a space that has other uses — such as eating — can pose problems. At mealtimes, you’ll need to move your laptop, tablet, papers and other necessary work-related items elsewhere, then move them back later. In addition, working in a central location in your home can expose you to any number of distractions.
Consider setting up a dedicated workspace that’s private and quiet. Even a small desk tucked into a corner of your bedroom can work, and it provides you with a spot for leaving your work items set up at all times. A dedicated workspace also makes it easier to separate the professional and personal portions of your day.
Schedule Calls and Concentration Sessions
Working from home, you may feel disconnected from colleagues — and, thus, obligated to participate in any calls or virtual meetings to which you’re invited. At the beginning of your workweek, consider reviewing your schedule to make note of any planned meetings.
Once you know when to expect virtual meetings, cordon off some time dedicated to intensive work that requires uninterrupted concentration. Staying connected with co-workers will be more important than ever as you try to get your work done remotely, but you also need periods you can devote to critical projects.
As you hammer out your weekly schedule, take advantage of the flexibility that working from home offers. In the time that you don’t spend commuting, you can take calls or dive into intensive tasks. If you prefer to read or get work done in the early mornings or later in the evenings, you can do so.
Make Your Breaks Count
As you work remotely, consider scheduling some breaks into your day. Particularly when you work in a confined space, getting some fresh air and a change of scenery can provide a needed boost for both your state of mind and your productivity.
During the few minutes at a stretch you spend away from your screen, try to work in some activities that support health. Whether you prefer a quick walk or enjoying your lunch outside, time outdoors can give you the recharge you need to spend meaningful hours back at the computer.
Find Ways to Engage With Colleagues
If your job involves working as part of a team, you’ll want to keep in touch frequently. Along with virtual meetings, a business-oriented chat app can allow you to ask questions and provide feedback quickly and without the formality of email. For groups who work together throughout the day, a dedicated chat room can provide a virtual location for checking in between project work.
When you’re trying to concentrate or you’re on a deadline, you can use “do not disturb” functionality to signal that you are currently unavailable for online chats or calls.
Video calls have their downsides, including using more bandwidth than regular audio calls. However, conducting virtual meetings through video calling also provides an additional level of nuance and interaction that you may not get with the typical conference call. If you participate in frequent calls, consider using a video calling app for at least some of them.
As you adapt to performing your job from home, you’ll discover what works best for you — including creating a dedicated space, scheduling time for concentration, engaging with colleagues, and taking meaningful breaks. Your co-workers may appreciate hearing your tips as they strive to develop their own remote work-life balance.
by Felicien | Mar 25, 2020 | Education
When considering the employee and employer benefits of working remotely, businesses are wise to change. The alternative could make your outfit less competitive.
If you would like to gain a little perspective on how radically our culture has changed, try this exercise. Pick up a pencil and a piece of paper and write out a half-days’ worth of emails rather than send them electronically. You will probably discover the first one looks more like scribble than cursive writing. And, your productivity will completely tank.
At first blush, the exercise demonstrates our reliance on electronic devices and real-time communication. But on another level, it shows that thought leaders are wise to embrace technological advancements as they emerge. Remote workforces rank among the more innovative trends of the business landscape today.
“To remain competitive in today’s work-from-anywhere environment, companies will need to invest in responsive technology infrastructure and enhanced virtual collaboration tools, as well as training and tailored performance management and incentive strategies for remote workers,” director of HR at the Gartner research group Emily Rose McRae reportedly said.
This shift away from in-house staff to people working from home or on the road once earned mixed reactions from industry leaders. But the COVID-19 pandemic has prompted businesses across the globe to find a way to have valued employees work from home until health crisis passes. Employers and employees alike are discovering this advancement tend to be mutually beneficial when utilizing platforms such as Microsoft Teams.
Mutual Benefits of Remote Workforces
The health crisis has motivated businesses to shift to Cloud-based systems and Microsoft Teams strategies as a short-term measure. But HR departments may want to take the opportunity to scan the workforce landscape because work-from-home expectations are expected to surge and impact hiring.
“By 2030, the demand for remote work will increase by 30 percent due to Gen Z fully entering the workforce. Gartner’s most recent ReimagineHR Employee Survey found that only 56 percent of managers permit their employees to work remotely. Organizations without a progressive remote-work policy will be at a competitive disadvantage for attracting and retaining talent,” according to Gartner.
That being said, these are the reasons why the global trend to remote productivity is well-received by management and staff.
Commute & Stress Reduction: No one can dispute the fact that commuting to the office adds unpaid work hours. Sitting in traffic or being packed into commuter rails tends to be an unpleasant way to begin and end each day. Employees and employers share this stressful routine. Remote work platforms such as the Cloud and Microsoft Teams allow all parties to sit down with a morning beverage and log on from anywhere. No hustle, no bustle, no extra hours, and no commuter expenses.
Talent Without Borders: Before the massive cellphone footprint, people used landlines with rotary dialing, and long-distance was expensive. In those days, it was common to pay a premium just to call someone in the next state over. But just as your cellphone can connect you to people far outside your region without added expense, so can the Cloud. When projects are conducted in Microsoft Teams via a Cloud-based network, your remote talent pool expands exponentially. A skilled person 1,000 miles away can secure a job they are qualified for, and employers gain access to talent otherwise unavailable.
Reduced Infrastructure: An increasing number of organizations that do not necessarily require a brick-and-mortar footprint. These outfits can eliminate that cost in some cases. Other operations can reduce office space expenditures. With remote workforces, less can be more.
Live-Work Lifestyles: Millennials and the Gen Z crowd tend to see work and life more closely aligned in their lifestyle than previous generations. The Cloud has been a boon and securing offsite positions allows employees a preferred professional lifestyle. Raising children no longer comes attached to childcare expenses or limited “parent hours” jobs.
Microsoft Teams Supports Remote Workforce Culture
With dispersed workforces increasing, Microsoft Teams ranks among the most business supportive products on the market. It seamlessly works with Cloud-based networks and delivers real-time communication. The platform offers chat, video conferencing, managed channels, shared calendar options, and project space that can provide supervisors with top-tier oversight. In these troubling times, Microsoft Teams use has surged by tens of millions. But industry leaders may also want to consider the long-term benefits of embracing remote workforces into the future.
by Felicien | Mar 19, 2020 | Education
Hackers Target Businesses Concerned Over COVID-19
Hackers are capitalizing on fear and concern related to coronavirus to launch ransomware and malware attacks. Here’s how to protect your business and employees.
As the COVID-19 spreads worldwide, hackers are taking advantage of an already stressed and strained healthcare system to attack vulnerable companies. Phishing attacks are on the rise worldwide, capitalizing on fear and a desire for information.
In many cases, hackers are sending emails purportedly from the World Health Organization or local hospitals. However, these emails contain ransomware and keystroke-logging malware.
Here’s the latest on coronavirus-themed attacks.
What Is the Emotet Trojan Virus?
IBM recently warned of a spam issue targeting Japan. The messages contain Microsoft Word files that are full of macros. When opened, the macros infect uses with the Emotet Trojan. Once launched, the trojan can insert itself into email conversations. As the trojan propagates, the malware lets hackers steal information and embed malware onto users’ machines.
Japan is particularly vulnerable, not only due to the coronavirus but also the upcoming Tokyo Olympics, which are under threat of cancelation. One message translation warns of the coronavirus’ spread to areas of Japan, urging readers to open the attached notice.
A similar campaign has targeted Italian companies with a phishing campaign. It purports to be a notice from the World Health Organization with precautions to take to prevent the virus from spreading.
It contains a malicious Word document asking users to click on an “Enable Editing” button then an “Enable Content” button to see all the information. Users doing so, however, download the Ostap Trojan-Downloader. It contains the Trickbot downloader that is a customizable, frequently updated tool popular with hackers.
How Are Hackers Exploiting the Coronavirus?
As the number of news sites covering the coronavirus has grown, so too have the number of registered domain names related to the virus. According to one analysis, since January 2020, more than 4,000 domains have been registered globally related to the coronavirus. Three percent are considered malicious and another 5 percent deemed malicious, making coronavirus-themed domains 50 percent more likely to be dangerous than others registered in the same timeframe.
The World Health Organization has issued a warning about the daily reports it’s receiving about phishing attempts. However, hackers are smartly creating emails that look as though they’re coming from official sources, leading more users to open the emails and download files. Hackers can scrape information from official websites to create email templates that seem legit.
“National emergencies and/or disasters add a fear factor that acts as one more hook for hackers to get what they need,” said Ron Culler, ADT Cybersecurity’s senior director of technology and solutions, in a recent Vox article. “When fear is added to any targeted campaign — be it a legitimate or scam campaign — the effectiveness of that campaign is increased.”
How Can We Prevent Phishing Attacks?
Businesses can take several steps to educate employees and protect against these attacks. A layered approach to cybersecurity is a prudent way to reduce the risk of attacks from various vectors. Here are some tips:
Educate users about the prevalence of coronavirus-related phishing schemes, advise them to be cautious and show them how to detect suspect emails (look for spelling and grammar errors, check the sender’s email address)
Ensure that hardware and software are patched and updated promptly, ideally with automated update tools
Use and update endpoint anti-virus, anti-phishing, anti-spam and anti-malware tools
Have an incident response plan in place to ensure teams can respond quickly in the event of a ransomware or malware attack
Update endpoint detection tools such as firewalls and other system monitoring and alert solutions
Consider segregating networks to reduce the impact of self-propagating malware
Use email security tools that inspect attachments and disable the running of macros on attachments
Update blacklists of malicious IP addresses and compromised websites
Use content filters to block access to inappropriate and dangerous websites
Review access restrictions to limit the spread of malware throughout systems
Businesses must now address coronavirus-related issues both from an employee safety standpoint and a cybersecurity perspective. For assistance in protecting your business from coronavirus cyberattacks, contact your managed services provider today.
