Why you will not be fine on this Cloud9

Why you will not be fine on this Cloud9

We go to a lot of effort working to protect our clients from online security threats. These could come in the form of key loggers that record you as you enter your login information, or DDoS (Distributed Denial of Service) attacks, which overwhelm a service with fake traffic, causing it to crash.

As part of our service, we always advise our clients to install software updates as soon as they become available, and support them through the process where they need help.

But if you visit a website that asks you to install an Adobe Flash update… STOP!

Flash itself was actually discontinued in 2020 and is no longer supported, so you should assume that any Flash update messages will be a security threat.

Currently, fake Flash messages are being used as a cover for a new ‘botnet’ campaign that installs a malicious browser extension, called Cloud9. If you use Google Chrome or Microsoft Edge you could be a target.

A botnet forms a group of infected devices that are controlled as one, without the owners’ knowledge, stealing sensitive data, sending spam, or performing DDoS attacks.

Worse still, the Cloud9 botnet will attempt to install additional malware to your device or network if it’s not stopped in time.

This type of attack is hard to spot because it looks like a genuine request, and just about anyone can become a target.

But there are things you can do to protect your business.

First, make everyone aware of the threat. If your people know what to look out for it’s less likely they’ll install the update in the first place.

Next, make sure everyone’s running the latest version of their browser and that security software is up to date.

Finally, enable Enhanced Protection in your browser’s Privacy and Security settings. This will give you a warning if you stumble upon a risky website or download.

We can help you keep your business protected from cyber criminals. Just get in touch.

Published with permission from Your Tech Updates.

Are you losing hours each week setting up video calls?

Are you losing hours each week setting up video calls?

You could be losing a full-time working week for every member of your team, thanks to the hassle of setting up video calls.

Video conferencing has revolutionized team meetings, and saves a huge amount of travel time. But we’re still not getting the full benefit from the new technology, according to new research.

Employees aged between 18 and 24 take up to 10 minutes to get set up for each remote meeting.

Times that by a typical five meetings a week, and it’s suddenly lost you 40 hours every year. That’s a whole working week of wasted time – a figure that gets even higher when you look at older age brackets.

It isn’t necessarily a result of differing technological know-how. The research shows that employees blame the tech itself for the loss of productivity.

Almost a third of people said they didn’t have the right tools for the job, and 23% even said they felt excluded from remote meetings thanks to inadequate tech.

Employees often feel that the audio-visual (AV) technology they’re provided for remote and hybrid working simply isn’t up to the job. That means poor microphones that don’t play ball, jittery webcams that interfere with communication, or the wrong choice of video calling software. All that makes meetings harder to set up and causes them to take longer than they should.

Despite this, businesses that offer remote and hybrid working are reaping the rewards in many other areas, including staff engagement and performance.

But there is a solution.

Assess your employees’ AV technology to make sure their tools are not slowing them down – new webcams and microphones could be a cheap and simple fix.

It’s also a good idea to ask your employees to find out where they see that problems are occurring. If they are finding your existing system difficult to use, or slow to log in to, you should consider alternative options or better training.

If this is something that’s slowing you down, we can help – just get in touch.

Published with permission from Your Tech Updates.

Don’t walk the plank with pirated software

Don’t walk the plank with pirated software

A huge number of small and medium-sized businesses would consider using pirated software to try and save money. A new study has revealed a surprising number of businesses willing to break the law to save costs. Our advice? Think twice before you walk the plank.

Right now, the most popular types of pirated software are project management tools, and marketing and sales software. But a huge 56% of business owners said they’d even think about using illegal cyber security software in an effort to cut costs.

Don’t do it.

Not only is pirated software unsupported – so if you have a problem with it (which you probably will) there’s no help available to rectify the issue – but it can open your business up to bigger problems too.

It’s common for cyber criminals to use pirated software to distribute malware. Some of this is designed to evade firewalls, which means once installed, it can spread malicious files beyond your device to your entire network. That can lead to your sensitive data being compromised or stolen.

The cost of putting things right after this kind of cyber attack can end up costing a fortune, and the pirated software can damage your devices by causing them to slow down or overheat.

We advise our clients to always use genuine software from a reputable source. If the cost of the software seems too good to be true… it probably is.

But there’s more you can do. You should prevent unauthorized employees from downloading software that could be harmful by managing admin rights properly. And you should ensure your whole team has regular cyber security awareness training to make everyone aware of the risks to your business data.

If you’d like help finding genuine software for your business, or creating a cyber security plan, just get in touch.  

Published with permission from Your Tech Updates.

The Facebook Fiasco and Why You Shouldn’t Be Surprised

The Facebook Fiasco and Why You Shouldn’t Be Surprised

As you may know by now, Facebook announced a massive data breach today affecting at least 50 million (yup you read that right) users. 

It seems that a vulnerability in Facebook’s code for the “ViewAs” feature was exploited allowing the attackers to compromise access tokens which are digital unique identifiers of you and your account and prevents you from having to re-enter your password multiple times which would drive you crazy if you had to.

Facebook states that “there’s no need for anyone to change their passwords” however are you willing to trust your privacy to Facebook? Can those two words even be in the same sentence? Probably not. Be proactive and change your password which will regenerate the access tokens associated to your account assuring your account is safe.

It seems like the vulnerability has been there since July of 2017 and was just recently identified and corrected. So this “leak” has been there for a while.

Here are several links with more technical details on the Facebook breach, should you be interested:

So the reality is Facebook and most reputable technology firms go to great legnths to get coding right and keep it secure but it is not uncommon that future modifications of existing code cause changes and vulnerabilities not perceived by the developer making the change. Organizations that have developers working with this kind of code typically have Change Management in place which primary purpose is understanding what effect a change in older code will make. Honestly, it is impossible to cover all scenarios but exposing 50 Million customers private data is not acceptable!

In today’s environment of constant data breaches and privacy compromises you shouldn’t be surprised but at the same time, you should become numb to this issue and protecting your privacy and data should stay high on your priority list. However, it will not protect itself and it has become painfully obvious you can’t rely on the “big players’ either. Be proactive!

What Can I Do Besides Change My Password?

Use Common Sense – First and foremost (and I’m sure you’ve heard if before) common sense should be in play. Be extremely cautious of what you post to social media. Yeah its great to share pics with friends and other interesting items but telling everyone in the world you are on vacation in another country (and that your home is currently empty) is probably not the smartest thing to do. Posting pics is great but consider whats in the picture frame before you take the shot. Are your vehicle tags in the frame? It is way too common to see pics posted on social media that contain things allowing someone to determine locations and identities. Facebook’s face recognition should scare you all by itself and especially your kids.Think ahead.

Use 2-Factor Authentication (also known as 2FA) – 2FA is where you have set up to send an authentication code to mobile devices verifying you are the owner of an account or password. Sure it can be a pain in the butt if you don’t have your phone with you but there are usually ways to do 2FA without your phone. This prevents unauthorized access to your accounts should your password be compromised. Use 2FA when possible!

Use Private Browsing – While certainly not full proof using your browser “private browsing” function, which is not on by default, helps protect the data stream between your computer and the websites you visit.

Use Complex Password – It baffles us how often we see 5-letter super simple passwords that are super simple to compromise. Start using sentences as passwords instead of one word. Most systems limit the minimum number of characters but not the maximum. Recently had a customer whose passwords were her pets name and her account was recently compromised. She couldn’t figure out what happened until we showed her the pics she posted all over Facebook of the pet WITH the pet’s name. Social engineering at its best! Also, we find customers using sentences as passwords are less likely to forget them which is a bonus.

How Do I Keep Up With All These Passwords? – Well, the answer certainly isn’t having everything with the same password! You are making it too easy to compromise. If you find you have too many passwords to track, use a password manager. Not only will it store and auto-enter your passwords, but you can also let it generate a complex password that you don’t have to recall. We highly recommend #LastPass. Shring has done very intensive testing of various password managers and LastPass is the winner. Check it out here.

 

 

 

Some employees won’t stop using apps that could be a security risk

It’s likely a lot of the applications and software tools you’re using now are different from the ones your business used before the pandemic. That’s because we’ve all had to make big adjustments to the way we communicate and collaborate.

And to begin with, it may have been hit and miss. It’s possible in the first few weeks and months that your employees had to use whatever tools they had available to them.

Now that we’ve settled into permanent new ways of working, we can pick the software tools that best suit our businesses.

Unfortunately, your employees might not like your choice of which apps should be used within the company. And some of them may continue to use the ones they prefer, despite the security risk that comes with that.

A recent survey found a massive 92% of employees want more control over the software, collaboration tools, and applications they use. And 51% continue to use apps that have been banned by IT departments.

It’s putting business owners in a difficult position.

Blocking apps and software may lead to employees feeling untrusted. This can lead to frustration and lack of motivation. It can really have a negative impact on your business. But ignoring the issue can be just as bad. Unvetted apps can be a big security risk, leaving your data open to theft and your systems vulnerable to malware.

So, what’s the answer?

We’d always suggest having open conversations with your people. It’s a good idea to invite feedback on the software you want to use. After all, your people are the ones using it day-in, day-out. Take their suggestions on alternatives if the consensus is you’re using the wrong solutions and commit to looking into their viability.

It’s also a very good idea to make sure your people fully understand the risks that come with using unapproved apps, and the impact that can have on a business. Even in cases where your team are all sticking to approved tools, keeping them educated on the latest cyber security initiatives is a smart move.

Can we help you find the most suitable communication and productivity tools for your business? We’ve helped lots of business owners do this. Get in touch.

Are you making these cyber security mistakes?

It feels like every day we’re being warned about a new threat to our cyber security, doesn’t it?

That’s for good reason. Last year, ransomware attacks alone affected 81% of US businesses. And the cost of cybercrime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’. But we’re still seeing far too many businesses that aren’t taking this threat seriously.

It’s not only your data that you could lose if your company falls victim to a cyber-attack. The cost of remediation or mitigation can run into tens of thousands of $$$. And at the same time, you’ll suffer an average of 21 days of downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about. That’s not to mention the loss of trust your clients have in you, which could lead to you losing their customers.

It’s really important that your business is taking appropriate steps to keep your data safe and secure. That most likely means a layered approach to your security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business. This reduces your risk of being attacked. And makes recovery easier should you fall victim.

It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).

No, the key to excellent cyber security is striking the right balance between protection and usability.

There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make. Is your business making any of these?

Mistake 1) Not restricting access

Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals. You should also make sure to change access rights when someone changes roles, and revoke them when they leave.

Mistake 2) Allowing lateral movement

If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster. But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account? This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems. If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.

Scary stuff.

One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.

Mistake 3) Not planning and protecting

Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place. And will be back on their feet faster if the worst does happen. You should also have an up-to-date plan in place that details what to do, should an attack happen. This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.

If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.

The importance of keeping your devices updated

The importance of keeping your devices updated

Hate those annoying update notifications? We all do. First you need to determine whether the notification is legit or not. Assuming it is, then having to go through the process of updating annoys most people when you get one of those alerts that your device needs to be updated.

And they’re so easy to ignore. “Leave it for a few weeks… it’ll be OK…” Right?  Wrong!

There are many reasons why you should always keep your devices fully updated, and why we do this for our clients, so they don’t have to think about it.

Here are the main reasons.

The Sharing Team is experienced in determining what updates you need to stay on top of and help you determine when to safely apply security updates without concern.Let us help.

Is this the end of passwords… forever?

Is this the end of passwords… forever?

No one likes passwords. Creating them. Remembering them. Typing them in.

Your whole mood can change when an application you’re using suddenly logs you out, and you have to go through login all over again. It’s frustrating for all of us. The use of a secure password manager helps but you still have to deal with passwords.

So, we have some welcome news, courtesy of Microsoft, Apple, and Google. The tech giants have joined forces to kill off the password for good.

During the next year, there is a plan to roll out no-password logins across their platforms, using a standard tech by the FIDO (Fast Identification Online) Alliance. This organization sets the standards for passwordless authentication.

Sure thats a bit of a mouthful … so some people call this a passkey. Much easier to remember.

A passkey works in a similar way to multi-factor authentication (where you use a separate code generated by your device to prove it’s really you), also know as Two-Factor Authentication but with less effort required.

It’s pretty simple but secure. To login to your device, you’ll use your phone to prove it’s really you. Your computer will use Bluetooth to verify you’re nearby. Because Bluetooth only works a short distance, this should stop many phishing scams. Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN. And that’s it. You’re logged in.

Passkeys rely on something called public key cryptography. When you register with an application or website a key pair is made between the website and your device. These are a sequence of ong numbers that are connected in some way. But you’ll never see them, and you certainly don’t have to remember them. Your phone verifies the pair when you unlock it in the normal way.

In addition, you don’t have to worry about losing your device. It’s not enough to just have your device … someone has to be able to unlock it as well. Your passkeys will be backed up automatically, so transferring data to a new device is easy. Similarly to the same way it’s now easy to set up a new phone to be just like your old device.

These passkeys are not only simpler for you but will keep your data safer. There is no password for criminals to steal. And your phone needs to be close to your computer to login. Sp physical location is important to security. While you should not consider it completely foolproof, it is more secure than saved passwords.

Any version of authentication has some weaknesses. Whether it is passwords, biometrics, faceID and so on … each has its pros and cons. However, the biggest strength in Passkeys is a physical location and requires two separate devices, one of which, you likely don’t get far from, must be in physical location near to each other.

If you would like to learn more about this technology, check out this link.

 

Digital Transformation and how it can help your business grow

Digital Transformation and how it can help your business grow

We have all seen a LOT of change over the past couple of years. You’ve changed the way your business operates, including how we interact with others.

How has your business changed? What change do you need to make in the years ahead? And how does your technology help to power that?

We’ve written a new guide about something called Digital IT transformation. It’s how you use current technology to bring on a revolution within your business.

It’s what Netflix and Lego did… and Kodak famously didn’t. Download our case study about this, and learn how digital IT transformation affects businesses of every size, in our new guide.

Three ways to keep your phone protected

Three ways to keep your phone protected

We rely on our phones for EVERYTHING these days. Especially running our businesses and doing work efficiently.

If you do any work at all on your phone, this is a must-watch video.

It’s the 3 things we recommend to keep your business’s data safe, no matter what happens to your phone.

The Sharing Team is experienced in determining what updates you need to stay on top of and help you determine when to safely apply security updates without concern.Let us help.