Some employees won’t stop using apps that could be a security risk

It’s likely a lot of the applications and software tools you’re using now are different from the ones your business used before the pandemic. That’s because we’ve all had to make big adjustments to the way we communicate and collaborate.

And to begin with, it may have been hit and miss. It’s possible in the first few weeks and months that your employees had to use whatever tools they had available to them.

Now that we’ve settled into permanent new ways of working, we can pick the software tools that best suit our businesses.

Unfortunately, your employees might not like your choice of which apps should be used within the company. And some of them may continue to use the ones they prefer, despite the security risk that comes with that.

A recent survey found a massive 92% of employees want more control over the software, collaboration tools, and applications they use. And 51% continue to use apps that have been banned by IT departments.

It’s putting business owners in a difficult position.

Blocking apps and software may lead to employees feeling untrusted. This can lead to frustration and lack of motivation. It can really have a negative impact on your business. But ignoring the issue can be just as bad. Unvetted apps can be a big security risk, leaving your data open to theft and your systems vulnerable to malware.

So, what’s the answer?

We’d always suggest having open conversations with your people. It’s a good idea to invite feedback on the software you want to use. After all, your people are the ones using it day-in, day-out. Take their suggestions on alternatives if the consensus is you’re using the wrong solutions and commit to looking into their viability.

It’s also a very good idea to make sure your people fully understand the risks that come with using unapproved apps, and the impact that can have on a business. Even in cases where your team are all sticking to approved tools, keeping them educated on the latest cyber security initiatives is a smart move.

Can we help you find the most suitable communication and productivity tools for your business? We’ve helped lots of business owners do this. Get in touch.

Are you making these cyber security mistakes?

Are you making these cyber security mistakes?

It feels like every day we’re being warned about a new threat to our cyber security, doesn’t it?

That’s for good reason. Last year, ransomware attacks alone affected 81% of US businesses.

And the cost of cyber-crime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’.

But we’re still seeing far too many businesses that aren’t taking this threat seriously.

It’s not only your data that you could lose if your company falls victim to a cyber-attack. The cost of remediation or mitigation can run into tens of thousands of $$$.

And at the same time, you’ll suffer an average of 21 days downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about.

That’s not to mention the loss of trust your clients have in you, which could lead to you losing their custom.

It’s really important that your business is taking appropriate steps to keep your data safe and secure.

That most likely means a layered approach to your security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business.

This reduces your risk of being attacked. And makes recovery easier should you fall victim.

It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).

No, the key to excellent cyber security is striking the right balance between protection and usability.

There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make.

Is your business making any of these?

Mistake 1) Not restricting access

Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals.

You should also make sure to change access rights when someone changes roles, and revoke them when they leave.

Mistake 2) Allowing lateral movement

If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster.

But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account?

This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems.

If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.

Scary stuff.

One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.

Mistake 3) Not planning and protecting

Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place.

And will be back on their feet faster if the worst does happen.

You should also have an up-to-date plan in place that details what to do, should an attack happen.

This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.

If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.

Call us, and we’ll review your current security arrangements.

The importance of keeping your devices updated

The importance of keeping your devices updated

Hate those annoying update notifications? We all do. First you need to determine whether the notification is legit or not. Assuming it is, then having to go through the process of updating annoys most people when you get one of those alerts that your device needs to be updated.

And they’re so easy to ignore. “Leave it for a few weeks… it’ll be OK…” Right?  Wrong!

There are many reasons why you should always keep your devices fully updated, and why we do this for our clients, so they don’t have to think about it.

Here are the main reasons.

The Sharing Team is experienced in determining what updates you need to stay on top of and help you determine when to safely apply security updates without concern.Let us help.

Is this the end of passwords… forever?

Is this the end of passwords… forever?

No one likes passwords. Creating them. Remembering them. Typing them in.

Your whole mood can change when an application you’re using suddenly logs you out, and you have to go through login all over again. It’s frustrating for all of us. The use of a secure password manager helps but you still have to deal with passwords.

So, we have some welcome news, courtesy of Microsoft, Apple, and Google. The tech giants have joined forces to kill off the password for good.

During the next year, there is a plan to roll out no-password logins across their platforms, using a standard tech by the FIDO (Fast Identification Online) Alliance. This organization sets the standards for passwordless authentication.

Sure thats a bit of a mouthful … so some people call this a passkey. Much easier to remember.

A passkey works in a similar way to multi-factor authentication (where you use a separate code generated by your device to prove it’s really you), also know as Two-Factor Authentication but with less effort required.

It’s pretty simple but secure. To login to your device, you’ll use your phone to prove it’s really you. Your computer will use Bluetooth to verify you’re nearby. Because Bluetooth only works a short distance, this should stop many phishing scams. Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN. And that’s it. You’re logged in.

Passkeys rely on something called public key cryptography. When you register with an application or website a key pair is made between the website and your device. These are a sequence of ong numbers that are connected in some way. But you’ll never see them, and you certainly don’t have to remember them. Your phone verifies the pair when you unlock it in the normal way.

In addition, you don’t have to worry about losing your device. It’s not enough to just have your device … someone has to be able to unlock it as well. Your passkeys will be backed up automatically, so transferring data to a new device is easy. Similarly to the same way it’s now easy to set up a new phone to be just like your old device.

These passkeys are not only simpler for you but will keep your data safer. There is no password for criminals to steal. And your phone needs to be close to your computer to login. Sp physical location is important to security. While you should not consider it completely foolproof, it is more secure than saved passwords.

Any version of authentication has some weaknesses. Whether it is passwords, biometrics, faceID and so on … each has its pros and cons. However, the biggest strength in Passkeys is a physical location and requires two separate devices, one of which, you likely don’t get far from, must be in physical location near to each other.

If you would like to learn more about this technology, check out this link.

 

Digital Transformation and how it can help your business grow

Digital Transformation and how it can help your business grow

We have all seen a LOT of change over the past couple of years. You’ve changed the way your business operates, including how we interact with others.

How has your business changed? What change do you need to make in the years ahead? And how does your technology help to power that?

We’ve written a new guide about something called Digital IT transformation. It’s how you use current technology to bring on a revolution within your business.

It’s what Netflix and Lego did… and Kodak famously didn’t. Download our case study about this, and learn how digital IT transformation affects businesses of every size, in our new guide.

Three ways to keep your phone protected

Three ways to keep your phone protected

We rely on our phones for EVERYTHING these days. Especially running our businesses and doing work efficiently.

If you do any work at all on your phone, this is a must-watch video.

It’s the 3 things we recommend to keep your business’s data safe, no matter what happens to your phone.

The Sharing Team is experienced in determining what updates you need to stay on top of and help you determine when to safely apply security updates without concern.Let us help.

Are your remote employees using faulty equipment?

Are your remote employees using faulty equipment?

A new report has discovered that 67% of remote workers are using faulty tech when they are working remotely. Often that’s because they’ve accidentally damaged the tech themselves they don’t want to admit it to their boss in case they get into trouble.

A survey of 2,500 remote workers found that laptops were most likely to be broken, followed by keyboards, monitors, and PCs.
Most of the time the damage was done by spilled food and drink. Other causes of damage included other people in the house such as a partner or housemates – and of course, pets.

We’ve all watched in horror as a cat brushes up against a full glass of water next to a laptop. While more than half of people try to fix the damage, and 81% of people continue to use their faulty devices with limited features, a third of workers switch to their personal devices instead.
As well as this causing a loss of productivity, it could also be a huge data security risk for your business. It’s possible, even likely, their personal laptop doesn’t have proactively monitored security protection as their work laptop does, including:

      • Security software
      • Data encryption
      • Multi-factor authentication

When an attacker gains access to an unmanaged device, if it’s connected to your network, it also can give them unmonitored access to your infrastructure and all of your business’s data.

This can result in your data being stolen and sold. Or worse, your data is encrypted and held for ransom. However, you already have a plan for that … right? No? Ransomware is the most common cyber security threat to your business right now.
It’s not just access to your data that’s the problem. After a ransomware attack, there is a huge time and financial cost involved in making sure your network is clean, protected and secured … if you aren’t prepared.

Shring’s recommendation is to start with evaluating your employee’s Security Awareness. This includes helping them understand the risks associated with using personal devices, whether they work remotely or not. Some will say “Just block any non-business managed device from accessing your infrastructure”. And honestly, that would be ideal however this is not practical with many organizations.

We can help evaluate your current exposures and assist you in choosing the right security approach for your organization, or implementing new policies to help your staff protect your critical business data, give us a call.

Resource – Protect yourself from phishing

Resource – Protect yourself from phishing

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information — such as credit card numbers, bank information, or passwords — on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.

You’ve all heard of the “big name” phishing/ransomware attacks that have had widespread affect on us all. Know that all of the organizations had high-dollar, cutting edge technology in front of their networks to help mitigate these attacks however these events prove that technology alone, cannot prevent your organization from being a victim of a phishing attacks. And unfortunately they are becoming the norm.

One person accidently clicking on a malformed url/link in a email is all it takes. So it is important to educate yourself, your peers, your family how to identify and protect yourself from these vicious attacks.

We encourage you to take about 10 minutes to review this highly informational article/video by Microsoft focusing on how to protect yourself and your organization from phishing and ransomware. We are confident you will learn something. 

 

The Facebook Fiasco and Why You Shouldn’t Be Surprised

The Facebook Fiasco and Why You Shouldn’t Be Surprised

As you may know by now, Facebook announced a massive data breach today affecting at least 50 million (yup you read that right) users. 

It seems that a vulnerability in Facebook’s code for the “ViewAs” feature was exploited allowing the attackers to compromise access tokens which are digital unique identifiers of you and your account and prevents you from having to re-enter your password multiple times which would drive you crazy if you had to.

Facebook states that “there’s no need for anyone to change their passwords” however are you willing to trust your privacy to Facebook? Can those two words even be in the same sentence? Probably not. Be proactive and change your password which will regenerate the access tokens associated to your account assuring your account is safe.

It seems like the vulnerability has been there since July of 2017 and was just recently identified and corrected. So this “leak” has been there for a while.

Here are several links with more technical details on the Facebook breach, should you be interested:

So the reality is Facebook and most reputable technology firms go to great legnths to get coding right and keep it secure but it is not uncommon that future modifications of existing code cause changes and vulnerabilities not perceived by the developer making the change. Organizations that have developers working with this kind of code typically have Change Management in place which primary purpose is understanding what effect a change in older code will make. Honestly, it is impossible to cover all scenarios but exposing 50 Million customers private data is not acceptable!

In today’s environment of constant data breaches and privacy compromises you shouldn’t be surprised but at the same time, you should become numb to this issue and protecting your privacy and data should stay high on your priority list. However, it will not protect itself and it has become painfully obvious you can’t rely on the “big players’ either. Be proactive!

What Can I Do Besides Change My Password?

Use Common Sense – First and foremost (and I’m sure you’ve heard if before) common sense should be in play. Be extremely cautious of what you post to social media. Yeah its great to share pics with friends and other interesting items but telling everyone in the world you are on vacation in another country (and that your home is currently empty) is probably not the smartest thing to do. Posting pics is great but consider whats in the picture frame before you take the shot. Are your vehicle tags in the frame? It is way too common to see pics posted on social media that contain things allowing someone to determine locations and identities. Facebook’s face recognition should scare you all by itself and especially your kids.Think ahead.

Use 2-Factor Authentication (also known as 2FA) – 2FA is where you have set up to send an authentication code to mobile devices verifying you are the owner of an account or password. Sure it can be a pain in the butt if you don’t have your phone with you but there are usually ways to do 2FA without your phone. This prevents unauthorized access to your accounts should your password be compromised. Use 2FA when possible!

Use Private Browsing – While certainly not full proof using your browser “private browsing” function, which is not on by default, helps protect the data stream between your computer and the websites you visit.

Use Complex Password – It baffles us how often we see 5-letter super simple passwords that are super simple to compromise. Start using sentences as passwords instead of one word. Most systems limit the minimum number of characters but not the maximum. Recently had a customer whose passwords were her pets name and her account was recently compromised. She couldn’t figure out what happened until we showed her the pics she posted all over Facebook of the pet WITH the pet’s name. Social engineering at its best! Also, we find customers using sentences as passwords are less likely to forget them which is a bonus.

How Do I Keep Up With All These Passwords? – Well, the answer certainly isn’t having everything with the same password! You are making it too easy to compromise. If you find you have too many passwords to track, use a password manager. Not only will it store and auto-enter your passwords, but you can also let it generate a complex password that you don’t have to recall. We highly recommend #LastPass. Shring has done very intensive testing of various password managers and LastPass is the winner. Check it out here.

 

 

 

PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

THIS IS AN IMPORTANT ALERT FROM THE SHRING SUPPORT SERVICES TEAM

We have seen a huge uptick in spear-phishing attack attempts globally. Some group(s) are mounting large-volume attacks utilizing phishing emails in an attempt to catch folks working from home off guard. They are banking you not having the typical protection you would in the office.

Shring has a very robust email protection platform that utilizes multiple technologies to determine the legitimacy of inbound emails. You … as the recipient are the last line of defense for your organization. Whether we host your email or not .. it is imperative that you up your skepticism on inbound emails you may receive. This not only applies to work email but your personal email as well. There seems to be a focus on GMail, Hotmail and Microsoft hosted email domains.

With that being said, it is super important that you be diligent in reviewing emails before taking any type of action if they include links. DO NOT CLICK ON ANY LINKS OR ATTACHMENTS in an external email body unless you are 1000% sure that it is legit.  Yup … you’ve been hearing this from us for years but it is another reminder of the potentially severe consequences that can result from just a single click.

If you receive an email and are unsure about its legitimacy, please do not hesitate to forward us for review. We will get back to you within a few minutes during normal business hours of 8AM to 8PM EST. However please do not forward any emails that may contain Personally Identifiable Information (PII) such a Social #s, Account numbers, TaxIDs, etc. Call us and we can work with you on these without compromising data security.

It is unfortunate, with everything else we are having to deal with in our world right now, this being a concern but it is. Remember all the malware protection tech in the world will not work if you overrule it. Should you be working remotely and get a popup message from a threat prevention tool .. don’t ignore it! Read it so that you understand what it just did and why?

As always our sole focus is protecting your organization’s mission-critical data and your privacy.

Shring Support Services