by Felicien | Sep 15, 2017 | Education
The Aftermath of the Equifax Hack
Do you have a credit report in the US? Then there’s a good chance your private information is now in the hands of hackers. Find out what you need to do now!
Almost everyone in the US with a credit score is now at risk for identity theft. Hackers gained access to the sensitive information of at least 143 million people, including names, social security numbers, birthdays, and driver’s license numbers. Plus, they have credit card numbers for over 209,000 Equifax customers.
This hack, the fifth largest data breach in history, occurred sometime during mid-May to June 2017. Equifax realized the breach occurred on July 29, but waited until September 7 to release a statement to its customers—that there was a good chance their sensitive information was compromised.
The backlash from the press was quick and harsh, as well as from the public—especially when three Equifax executives admitted to unloading company stock just days after the discovery of the breach. Top company officials promised that they would do everything in their power to correct the situation, but instead of taking full blame, they deflected much of it onto the software the company they use, Apache STRUTS a free, open-source framework for developing Java applications.
As Equifax struggles through its PR nightmare, I suggest that all my clients take action now to minimize the risk of identity theft resulting in a financial nightmare of their own.
First Things First: What You Need to Do Now.
This data breach is too large to just sit there and hope it won’t affect you. Now is the time to get out in front of this thing and to take action to help protect yourself. But what can you do?
First, don’t panic and try to relax. Yes, this is a serious situation, and customers have every right to feel frustrated, but writing an angry email or calling to scream at a customer representative at Equifax won’t solve anything or help stop criminals from stealing your identity.
When you can once again breathe normally, consider freezing your credit report. A credit freeze is one of the most powerful weapons against identity theft. A credit freeze prevents anyone, including yourself, from accessing your credit report without the use of a special pin number to “thaw” the report. This helps to stop criminals from using your credit information to apply for a loan or credit cards.
There are three credit reporting companies in the US. When you freeze your credit at one of them, it won’t do any good unless you freeze the others as well. Equifax is currently offering everyone in the US the ability to freeze their credit report for free, but it’s important to know that the company won’t charge fees when you use the thawing option. The two other credit reporting companies, Experian and Transunion, are currently charging fees to both freeze and thaw credit reports, but it’s worth the small expense for more peace of mind.
After freezing your credit, it is time to find out what personal information hackers may have stolen about you. While Equifax is making promises to inform every customer whose credit card information the breach affected, it may be weeks or more before you hear anything. You can speed up the process by checking online to learn if hackers may have your information. To handle the large volume of additional calls, the company set up a hotline at 1-866-447-7559. This hotline is open every day from 7 AM to 1 AM Eastern.
Finally, if you don’t already have credit monitoring, make sure you enroll in a program now. Equifax is offering free credit monitoring through a partnership for one year. However, there are many other credit monitoring services that may be more appropriate for your needs. It’s a mistake to sign up for a free year with Equifax and think you can cancel the service after 12 months. The fact is the threat won’t end after only one year. Protecting your credit report from fraud is your lifelong responsibility. Whether you choose to hire a company to help protect your credit report through automatic monitoring, or if you prefer to keep watch on it by yourself, it is a modern-day necessity.
Moving Forward
The Equifax data breach is likely to continue to cause repercussions for months, and even years down the road. Hopefully, this breach is the wake-up call everyone needs to take to modernize the way the US financial industry handles credit. It’s a good sign that the US government is promising an extensive investigation into the Equifax hack and cover up. As a response to the outrage of the voters, Senators are already reintroducing the Stop Errors in Credit Use and Reporting (SECURE) Act, which would give people more control over their credit reports. The Act would give consumers many additional rights, including the ability to view the same reports the credit-reporting companies send to lenders, to freeze the credit reports of minors, and to sue companies that violate any credit-reporting rules.
Senator Brian Schatz said that the SECURE Act is only the first of several actions the US Senate is planning to implement to prevent something like the Equifax hack from having devastating impacts in the future.
If you have any questions about how the Equifax hack could further affect your or your business, contact {company} at {phone} or {email}. We’re always here to help.
by Felicien | Sep 14, 2017 | Education
Your Kids Are in Danger from The Online Predators You Don’t Know About.
You wouldn’t let your child walk down the middle of a busy highway, would you? Most would consider this child endangerment. So, why aren’t you strictly monitoring their online activities? Why aren’t you educating them about the predators and other dangers? It’s time to stop doing what you are right now, and think about this.
Education about data safety is more important than ever.
Keeping children safe online is a goal everyone must get behind – parents, relatives, teachers and organizational leaders, etc. If you don’t understand the online threats your children face, it’s time you got educated, and educate your children.
Take a look at the latest online dangers targeting your kids and teens.
Child-Specific Phishing Schemes
Email and text message phishing schemes are growing. And the criminals behind them are targeting groups with the highest success rates –your children and teens.
While your children may be technologically savvy, they don’t always have the real-world experience to recognize phishing schemes.
Plus, most kids tend to rush headlong into things without thinking about the consequences—This could mean that they’re sharing information they shouldn’t. Online predators know this and are urging them on.
Train your children about the dangers of phishing messages. Teach them how to recognize these schemes, and above all, not to share any personal information online.
Malware App Downloads
This is a big problem, especially for kids and teens who have their own phones. Apps are incredibly easy to download, and frequently free or priced at only a few dollars. As a result, kids like to download and try them out.
The problem is when malware apps target kids. They promote free video games and software, but, instead, deliver a virus to their phones, tablets or computers. It’s critical that you install security software on their devices so they can’t download whatever apps they want.
Teach kids not to download apps without your authorization first.
Compromised Networks
When kids want internet access to keep up with their friends, they want it badly – And that usually means using any available Wi-Fi network, as long as it works. This is a problem because Wi-Fi networks have varying levels of security – or no security at all—making it easy for “man-in-the-middle” data theft and other wireless hacking.
Teach your children not to use random Wi-Fi service, especially those without any sort of authentication.
Cyberbullying
Cyberbullying has become an overused term these days, and it’s sometimes difficult to identify in the world of digital communication. Are these comments jokes, or are they truly intended to harm?
For example, once children reach a certain age, they may have already been called terrible things during online gaming or while chatting with friends.
But with the power of anonymity, cyberbullying can get much darker. This includes spreading lies on social media, stealing account information, assuming different identities to hurt people, and more.
It’s important to teach young users not to hurt each other, and make sure that they are neither recipients nor instigators of this sort of bullying. Digital interactions should not be immune to accountability at any level.
Entering the Dark Web
A lot of teens try to access the dark web in search of illicit information, or just out of curiosity. The problem is that they don’t really know what they’re doing.
It’s easy to download some Tor software and try to open an encrypted channel to various black-market websites. But that’s only part of a complicated process: Jumping into the dark web can be quite dangerous. Rules of civility rarely apply, and many links are deceptive and lead to malware, or outright illegal activities.
Tell your teens that even if they just “try out” the dark web, they’re still opening their device to identity theft and hacking.
Sexual Predators
These days, there’s no forum or site your child should join outside of carefully monitored education/safety zones. There are thousands of different, specialized subreddits, tumblrs, and social groups—And, who knows what sexual predators are lurking behind innocent-looking identities? These predators represent a serious danger, especially to kids who haven’t learned much about online anonymity yet.
It’s very important to teach kids as early as possible about the dangers of talking to strangers online, or believing what people say (this works well as a phishing lesson, too). Additionally – and on an obvious note – keep kids off any forums related to sexual matters, regardless of their purpose.
Trading Information
This happens a lot in more peer-related online conversations. Someone will say, “Sure I can help you with this, but I need ______.” This could be a PayPal address, gamer handle, or other contact information.
The problem is that kids don’t see the harm in providing information like this to a “friend” or someone who appears to be their age.
Teach your children to be cautious when participating in any online conversations, and not to trade information—even in peer-related groups.
Drug Rings
Illegal drugs are everywhere—even in “small-town” America. It can be surprisingly simple for young teens to get involved in illegal drug-related activities via online services (even if they aren’t on the dark web).
Teens are especially at risk because:
They rarely know the details of drug-related laws, and what counts as a felony or misdemeanor, and
They don’t usually care anyway, because they don’t truly understand the full consequences of getting caught, or addicted to drugs.
When teaching your children about online safety, it’s important to underline the legal dangers of asking for drugs, or drug-making instructions, as well as the health and safety dangers of using them.
Groupthink
There’s an interesting article about the incredibly stupid things Harvard students have done online. These actions are now preserved in time forever and could ruin their professional hopes in years to come.
Why does this happen to even the best and brightest? Because it’s extremely easy to fall into groupthink patterns online—where you believe that what you’re doing is acceptable. Or it’s totally fine because it’s “just a joke” or they’re just “having fun” with friends. This kind of thinking can be very dangerous.
It’s important to remind growing teens that their online selves aren’t separate from who they are in the real world. Everything is connected and has consequences.
For help keeping your children safe online, contact {company} in {city}. We can hold an in-service at your place of business to teach you and your staff about the dangers, so you can teach and protect your children. {phone} {email}
by Felicien | Sep 14, 2017 | Education
Everyday hackers are among the most pressing threat your business faces today. Are your protections in place?
The current cybersecurity situation plaguing businesses worldwide is a lot more dangerous than we previously realized. Since 2013, an incredible nine billion data records were lost or stolen due to breaches.
To make matters worse, only 4% of those breaches were “secure breaches,” meaning that some or all of the data that was stolen was encrypted by hackers, and ultimately rendered useless.
When you break down these statistics, the situation looks dire. It’s estimated that:
2 million records are lost to hackers every day,
219,000 per hour,
3,600 records a minute, and
61 records per second.
By the time you get to the end of this sentence, approximately 305 sensitive documents have been compromised online.
How’s that for putting things into perspective?
This is all from the work of everyday hackers—And, not sophisticated criminal organizations like something out of a James Bond film. The truth is rarely that “sexy” regardless of how much we want it to be.
The Curse of the Everyday Hacker
Thanks largely to feature films and television shows that glorify hacking, a wide range of myths prevail around the people who are online daily trying to do you harm. These aren’t creepy criminals who operate from some secret, underground fortress – Most of them are working out of their homes or offices. They may even be in your neighborhood!
These everyday hackers aren’t trying to break into the computer systems of world governments. They’re just trying to figure out your credit card PIN numbers.
They also don’t spend months targeting any one victim, pouring over key details until they identify exactly the right piece of info they need to get the results they want. Sadly, they’re far more opportunistic than that—They usually try anything and everything, “throwing it all at the wall to see what sticks.” Unfortunately, more often than not, this is much easier than it even sounds.
Enterprise and business users must realize that these everyday hackers are the true threats to must protect against. It’s everyday people who are working hard to get into your business.
Worst of all, many businesses don’t prioritize cyber security efforts. This is just like handing over the keys to your safe.
Educate Your Employees About Using Strong Passwords.
One of the most common methods everyday hackers exploit are weak passwords. Your employees are probably using some right now. This sounds incredibly basic, but it’s also frustratingly true—Employee education must be a top priority. Teach them the difference between a strong password and a weak one. And make sure they understand the very real consequences that come from the latter.
Update Your Outdated Systems.
Outdated systems are another favorite of everyday hackers. Take Windows XP for example. For a while, it was one of the most widely used operating systems in history—Your own company probably spent years using XP.
Even if you still love it, and it does what you need, it’s imperative that you upgrade to something more modern like Windows 7 or (better yet) Windows 10.
Outdated operating systems like Windows XP are no longer supported, which means that as soon as a new vulnerability is identified your entire system could be easily compromised. Plus, Microsoft will no longer be releasing security updates to fix these problems.
Ransomware is a favorite of everyday hackers in large part because of its simplicity and effectiveness. Viruses may seem complex, but in reality, they’re not. Ransomware is easy to write and even easier to execute–All you have to do is trick someone with the right security credentials into downloading and installing a file on their computer.
Once the file is executed on their machine, the hacker has literally every kilobyte of data at his or her disposal – and they can ask for whatever they want to give it back (or not).
The old saying, “crime doesn’t pay” proves false when it comes to everyday hackers. These are the people you need to be worried about—the ones your security policies should be designed to keep out.
Cybersecurity is one of the most pressing issues of the common era—The best thing we can do is to learn as much as we can about the dangers we’re up against. If you think that “super hackers” or sophisticated people with unparalleled skill are the only ones you need to worry about, think again. Everyday hackers are just as dangerous, if not more, so because they’re right here among us, and much more difficult to detect.
If your business is in {city} and you’d like to learn more about this or other cybersecurity and IT-related topics, please don’t delay. Contact {company} at {phone} or {email}. We’re ready and waiting to do whatever we can to help.
by Felicien | Sep 14, 2017 | Education
Some terrific new features are about to arrive for Microsoft’s SharePoint Online and OneDrive solutions. They’re sure to take your productivity to a bold new level.
To say that technology has changed the way businesses operate is something of an understatement, even if they weren’t “techie” businesses to begin with.
SharePoint Online makes it easier to store, share and manage digital information.
OneDrive for Business is a similar option, and allows you to store, sync and share work files from anywhere, on any device, at any time.
Both use a collection of cloud and web-based resources that would have seemed like something out of a science fiction film even a decade ago!
Thanks to solutions like these and others, suddenly “productivity” and “geography” are no longer as closely tied together as they once were. If you’re in the middle of an important product launch, but also happen to be halfway around the world, you no longer have to wait until you’re back in the office to get things done. You can be just as productive while sitting in an airport lounge waiting for your flight to take off as you can at your desk in the office.
The best part of all is that because these options are cloud-based, they’re being updated all the time to become even more valuable than they already were. For example, in just a few short weeks, Microsoft is going to begin adding support for special characters like “#” and %” to both SharePoint Online and OneDrive for Business that enterprise users in particular will no doubt be thrilled about.
The Addition of “#” and “%”—What’s the Story?
Early in 2017, Microsoft announced that they were adding support for special characters like “#” and “%” for file and folder names across the document libraries that you’re already creating in SharePoint Online and OneDrive for Business. This is something that we’ve long been clamoring for, and will begin rolling out in October.
This will give you the ability to create, store and sync files containing these special characters with greater ease than ever before – regardless of whether they’re used as a prefix or suffix in a particular file or folder name.
This is a small but essential change, as it gives you a greater level of control over how files and folders are created in line with your own in-house organizational practices. Other solutions and even other operating systems have long supported characters like “#” and “%” in this way, so their addition to SharePoint Online and OneDrive for Business is a welcome addition.
Savvy users are no doubt already aware that this feature has actually been available in an “opt-in” capacity since earlier in 2017. Starting in October, this feature will be turned on by default for those already using these solutions. The total global rollout is expected to be completed around March of 2018, along with Office 365 Roadmap ID 14656.
Do You Need More Time to Prepare?
Because this feature will be enabled by default in just a few short weeks’ time, some may need more time to prepare their in-house methods for the adjustment. Thankfully, this feature also has administrative controls that allow you to disable it at will, and enable again.
If you and your team need additional time to prepare for the change, go into the administration panel on your deployment and configure the feature to be “off by default” by the end of September 2017. Then, when the global rollout completes, you can go back in and enable it whenever you’re ready.
Guest Compatibility
Another new feature that’s slowly making its debut involves guest compatibility for Teams, something that affects not only SharePoint Online and OneDrive for Business, but all the apps in the Office 365 productivity suite. Now you can add guest accounts for your pre-configured Teams at will so they can work under the same policies and protections as regular members.
This is perfect for people who want to bring a client or a new employee into the fold on a temporary basis, giving them access to certain resources in a limited capacity without making them a full-fledged member. Teams was originally launched in March of 2017 as Microsoft’s alternative to other workplace communication applications, with Slack being perhaps the most prominent example.
With the already robust feature set and support for options like special characters, and more being added all the time, it’s easy to see why SharePoint Online and OneDrive are widely used by businesses and other professionals all over the world.
If your business in {city} needs assistance with SharePoint Online, OneDrive, or other Microsoft solutions, please don’t delay. Contact {company} today at {phone} or {email}. We can help you accomplish your goals with the right IT solutions.
by Felicien | Sep 13, 2017 | Education
Employees don’t mean to unwittingly release trade secrets or respond to phishing attacks, but when they do, it can be incredibly damaging to your company. Help your employees spot the warning signs and stay safe online.
Your employees are both your biggest asset and your weakest link — at least when it comes to preventing a cyberattack. Criminals today launch sophisticated attacks that are undistinguishable from advertising, push notifications or special offers. How can you prevent employees from laying out a virtual “welcome mat” for cybercriminals by clicking somewhere that they shouldn’t, or setting passwords that are easy to hack?
The Dangers of BYOD
Work is more mobile than ever, and the trend of using BYOD (Bring Your Own Device) makes the job of information security professionals very challenging. Technology teams are scrambling to patch software and system vulnerabilities to keep email spam-free. But, this can be an uphill battle if your employees aren’t trained to recognize cybercrime.
As much control as you have over your office computers, that’s how little control you have over personal electronic devices -many of which now have access to the same business-critical information that’s on your business network. While offering this easy access is critical to your operations, it opens your IT systems to exposure from criminal elements.
Employees working remotely from a coffee shop or on shared devices could easily forget to log out, leaving open access to your network for anyone who “wanders by and decides to take a look.” Losses of laptops alone cause IT directors to hyperventilate, as many users have passwords that are easily hacked or discovered, providing the lawbreaker with the proverbial “keys to the kingdom” in terms of business data.
Malicious Leaks
It’s difficult to believe, but there are people on your staff who don’t have the best interests of your business at heart. These individuals may be looking for a way to get back at the boss for a real, or imagined slight, get a better job by offering confidential intel to a competitor, or simply be angry and want to cause damage wherever possible.
The best way to limit this possibility is to ensure that your employees only have access to the information that they need to do their job. For instance, while your customer service employees may need to view customers’ purchase details, do they really need to see their credit card numbers, expiration dates and other personal details? Probably not.
It’s also important to appropriately handle HR situations when an employee is being removed from their position, or when a supervisor recommends limited access to information. Quickly removing access may be enough to stop a situation from getting worse. It also puts all employees on notice that stealing information from your business is considered a crime and will be treated accordingly.
Accidentally Sharing Data
Whether an employee is on a job interview with a competitor and coerced into reluctantly sharing information, or sends the wrong attachment to a contact, accidents happen. Today’s fast-paced business world guarantees that workers who are continually distracted and multi-tasking – will make mistakes and accidentally share confidential data.
Train your employees to double-check email addresses and contact lists before hitting the “Send” button— And have them practice file-naming standards that may make it more difficult to grab the wrong document by mistake.
Alternatively, employees may not realize that the information they’re sharing is truly confidential, and could be damaging if leaked.
Cybersecurity Training is Essential
By far, the most likely scenario is where one or more of your employees are the target of a cyberattack (such as phishing when hackers try to entice them to click a specific link that leads to the installation of malware or ransomware, or provides direct access to your network).
Training is an essential part of any cybersecurity effort. However, this means more than sending a simple email with directions to your employees. If your technology team can’t find the time to train them, hire an outside managed service provider to do so.
Maintaining Secure Operations and Communication
Email is by far the most-used method of communication in today’s business world. But, is your email secure enough? If your emails aren’t encrypted, then you have a large hole in your security that cybercriminals will be happy to take advantage of.
If your business is one of the 60 percent that don’t encrypt daily emails, it can easily cost you thousands of dollars in the event of a significant data breach (and in notification costs alone!).
The same is true of software tools that are difficult to use. If your employees find that a required platform limits their functionality or slows them down, there’s a high possibility that they may attempt to download random software from the Internet that may not be secure.
The majority of cybersecurity precautions are common sense: maintain excellent password security, don’t click on unknown links, optimize systems and operations, encrypt emails and train your employees to recognize cyber threats. However, for them to work, they must be implemented.
Need help training your employees to identify cyber threats, or protecting your organization from data breaches? Contact {company} in {city} at {phone} or {email}. We’ll work with you to define the level of protection that you need!
by Felicien | Sep 13, 2017 | Education
Optimize your IT infrastructure with the right IT contract. Find out what should be included, and who you can trust.
When it comes to IT services and support, it can be difficult to know when you’re receiving the best possible deal, or when you are being “taken to the cleaners.” While there are always ways that you can tighten up any IT contract, how can you be sure you’re actually cutting non-critical services and not the ones that you really need?
This can be particularly challenging when negotiating IT managed services contracts—These are highly-detailed documents that can be confusing.
You must ensure you’re receiving the service levels that you expect. Learn negotiation tips from the pros, so you can cut the fat, and leave the important items untouched to keep your business IT running smoothly.
Cost vs. Value
The cost of ongoing services is often the first question that comes up, but, professional negotiators know that it’s not always advisable to select the least (or most!) expensive option.
Instead, it’s critical to find the services that correctly fit your organization’s requirements, and provide the essential services you need to maintain your daily business operations.
Selecting by price alone can end up costing you more money in the long-term. You may have to pay for supplementary services to cover items that aren’t a part of your managed services contract. This could be anything from disaster recovery in the event of a cyber security incident, to having someone available to help install critical upgrades and patches on a regular basis.
IT Service Models
There are three models of service that the majority of IT providers offer:
Time and Materials: IT professionals may refer to this option as break-fix, which refers to the services that are offered. With this model, you agree on a discounted rate for problem-solving, such as resolving a specific issue or completing a large upgrade project. This may be offered in the form of a monthly allowance of hours, or a “block” of discounted hours that you can use at any time. This support is reactive, as your service provider is not engaged to work for you until something breaks and needs to be fixed.
Managed IT Services: By far, this is the most comprehensive option. Managed IT Services allow a vendor to act as an extension of your internal IT department, or be outsourced as your primary IT partner. Managed Services Providers (MSPs) provide phone, email and web-based support, as well as critical upgrades and patches to managed software and network performance monitoring. Considered to be the most proactive solution, MSPs actively review your infrastructure and software configuration, often negotiating with other vendors on your behalf to ensure that your business information systems run efficiently and securely.
Services Supplied by IT Software Vendors: When you purchase software, generally some level of support is offered by the software vendor if there are difficulties with their platform. These are very limited services, and typically only support the specific software that was purchased. They don’t extend to your entire network infrastructure.
So, What Do You Need?
There are specific options that you want to include in every IT contract. This is where details truly matter. The first, and most important question you must ask is whether costs are determined on a time-and-materials basis or a fixed-cost contract basis. Time and materials may be a better choice if you’re doing relatively simplistic and set tasks, such as upgrading to a specific system. In most cases, your best option is to negotiate a fixed time frame and budget for the work that’s to be done. This allows you to tightly define what success looks like, so you can accurately measure what’s accomplished against the agreed-upon deliverables. Your IT consulting firm should be able to review your needs and correctly assess the amount of time and effort required to make your desired changes.
Here are some of the critical services that your MSP should deliver as a part of their contract:
Antivirus/firewall monitoring and updates
Constant monitoring for new security patches, with immediate application to your systems
Spam monitoring, spyware detection and removal
Backup monitoring and disaster recovery services
System optimization, with monitoring for hard drive disk space throughout the organization
A ticketing system that allows your users to submit requests for service
Note that there’s a great deal of proactive monitoring involved with a quality managed services contract. This is because most IT issues are best solved when they’re detected early or prevented from happening in the first place. It’s customary for MSPs to bill separately for hardware such as new computers, on-site support and new software licensing. However, there may be significant discounts involved when working with your MSP. Always ask.
What You Don’t Need
When you go into the negotiation, it’s good to know some of the items that should be included in your contract. However, be aware that these items may incur an additional charge when working with a less-than-trustworthy MSP. Items such as phone support as well as email support shouldn’t incur additional charges, but should be included in your SLA (Service Level Agreement)—As should quick responses to your requests. Are there any hidden charges for changing, adding or removing users, or applying software patches? Be sure to always read the fine print, and think through all the possible scenarios that you may experience over the course of a year. These might include: upgrades, new software, adding employees, disaster recovery and more. Plus, consider any “upgrades” that should be included in the base cost of any agreement.
Learn more about how a proactive managed services provider can be a true partner for your business—One you can trust to only offer the services that you require. {company} is a respected IT Managed Services Provider in {city}. We’ll be happy to provide references from our satisfied clients to show that we’re trustworthy, and will keep your organizations’ best interest in mind. For more information, or a complimentary IT consult, contact us at {phone} or {email}.
