Email Breaches Remain a Costly Threat

by

You would need to be new to the internet to be unaware of threats to cybersecurity. With Internet World Stats reporting that 69% of the world is now online, that naïveté is increasingly unlikely. But is your business doing all it can to prevent email breaches? We know better than to use “123456” or “letmein” as passwords, but the threat remains.

No matter the industry, global businesses are always at risk. Scammers send emails and set up spoof domains to get employees to enter access credentials online. Or criminals simply buy leaked emails and passwords from a previous data breach.

Once they’ve gained access, they can easily hide their activity. Setting up a simple “forward all email” rule gives them access to business communications. They can also see what services you use from the emails you receive.

For example, they can identify which payroll software your business uses. Then, they go to that site and say they “forgot the password.” The reset instructions go to the email they can already access. So, they follow the steps, delete the email, and take control of the account.

Criminals will also impersonate you and send invoices to your vendors or customers. They might send an invoice that looks like your genuine ones, but they end up paying the crooks.

These attacks are working for cybercriminals. So, don’t expect email breach attacks to go away any time soon. Instead, take action to reduce the risk of compromise.

How to protect your business

Educating your employees is an important first step. You can take all the steps we outline next, but humans will remain your weakest link. You’ll want to:

  • institute an effective training program to safeguard your business;
  • teach employees about the risks;
  • emphasize the importance of strong passwords and good cyber hygiene.
  • Foster a culture of compliance and individual sense of responsibility for cybersecurity.

Put a password manager application in place so employees set more complicated passwords.

Enable multi-factor authentication on all email accounts. This makes it so that having the stolen credentials isn’t enough. A bad actor may have the username and password, but they also need the user’s authenticating device. That’s less likely.

Another important move is to limit access to functions and features online. Take a least-privilege access approach. This means users can perform assigned roles but can’t access other applications. This can curtail the damage if one user’s credentials are exposed.

Ongoing monitoring of technology for signs of suspicious activity is also key. Set up alerts, and track activity logs. Your business wants to be able to react quickly rather than finding out weeks later about a hack.

Keep online attackers at bay

Create a business environment that prioritizes prevention and detection. Email scams aren’t going to slow soon. Instead, your business needs to take action to shore up its defenses. We can help. Contact our IT experts today at (515)422-1995.

Signs Your Computer has Water Damage

by

You drop your computer in the bathtub, or your basement home office floods and the desktop is under water. Or you spill your tea across the keyboard. If any of this happens, you can guess right away that you’ll be dealing with water damage. Only it’s not always that obvious. Knowing the common signs to look for can help you diagnose water damage in your devices.

If you are right there when your computer is exposed to liquids, unplug it immediately. Wet components can short-circuit and cause issues for your motherboard, hard drives, and more.

Still, you might not know immediately that water damage is to blame. You might live in an area with high humidity. Or maybe someone in the family watches Netflix while in a steamy bathroom. That’s when you look for signs that there’s moisture inside your computer.

Signs you can see yourself

Water spilled inside your keyboard can make keys or the trackpad stopped working. Even a few water droplets can cause the keyboard or trackpad to start responding to your touch erratically.

You might also experience screen issues. This depends on where the liquid penetrates your laptop. Look out for:

  • images not displaying properly;
  • pixel discoloration;
  • a display that won’t turn on.

These are pretty obvious signs you need to get help. You might also see some discoloration on the outside of the computer. The white or green residue is not a good sign.

Another scary indicator? The computer won’t turn on at all. That suggests that internal components are damaged, and you’ll need to take action.

Signs that repair shops can see

Most people should not be opening up computers on their own. Even if you think there might have been water damage, it’s safer to take the computer to a trained expert. That way, you won’t do more damage trying to see what’s wrong in the first place.

At a computer shop, the person doing the repairs will look inside for corrosion around connectors and your motherboard. They’ll be looking for that white or green residue you were hoping not to see on the exterior.

Another sign? The water damage indicator shows exposure to water or liquids. The indicator is a small device inside the computer that’s used by manufacturers to deny warranty coverage (despite the consumer’s protests the laptop never got wet).

What to do with a wet computer

Unplug it. Get help. The sooner you take a water-damaged computer in for repair, the more likely it can recover. Work with a professional IT repair shop to diagnose and repair your device issues. We’re here to help. Call us at (515)422-1995.

Encourage Better Work Habits with Microsoft Viva Insights

by

Productivity has always been important at work. Yet our awareness that well-being factors into productivity is newer. Microsoft is getting in on that trend with its Viva Insights offering. This article shares the basics of how it improves productivity and helps well-being.

Viva Insights is part of Microsoft’s Viva Suite focused on employee experience. The app gathers data while users work and provides recommendations for improvements.

In Microsoft Teams, Insights reviews collaboration data and suggests strategies to boost engagement. Recognizing common topics across conversations, Insights might automatically create a page devoted to that focus area.

Insights also connect people with meeting reminders and by sending RSVP reminders.

Insights can suggest users take breaks or set longer windows of time for focused work. There’s a Do Not Disturb functionality to help prevent distractions, too.

It is not just process-oriented either. Based on Insights, Viva Learning curates courses to foster learning and self-discovery for individual users.

In Personal Insights, individuals can log how they feel throughout the day. Automated check-ins encourage users to take a moment to reflect or to use the Headspace app integration for guided meditation.

A great feature for remote workers is “start a virtual commute.” This guides people to review and close tasks, preview the next day, and mindfully end their day.

Guides better management, too

The “My Organization” page gives team managers insights into employee trends. They can view items such as “average weekly time spent collaborating after hours,” or see the percentage of employees spending time in “long and large meetings,” or how many one-on-ones they are having with managers, or if they have little time to focus on tasks because of meeting overload.

Insights also give managers input to help them better engage with employees. Managers can view aggregated and anonymized feelings data on the Insights dashboard. This can help them identify the risk of burnout or turnover. When everyone’s feeling overwhelmed, Insights might suggest a no-meetings day.

This may sound a little Big Brother – the platform analyzes Outlook, Teams, and OneDrive activity. Still, Microsoft promises “only you can view personal data and insights based on work patterns.” Managers see data that captures overall user insights.

Getting the most from Microsoft’s Viva Insights

We can help your business get started with Microsoft Viva Insights. We can connect employees to Insights and assign manager roles within the platform. We can make other suggestions, too, about how to get the most out of your Microsoft tools.

Contact us today at (515)422-1995.

Don’t Get Hooked by Vishing Attacks

by

Cybercriminals are motivated and creative, which is not a great pairing for their victims. Just when we think we know what to watch out for, there’s something new to worry about. Right now, voicemail phishing (vishing) attacks are on the rise. Find out more about vishing and what you can do about it.

First, a reminder: phishing refers to bad actors sending fraudulent emails. They use social engineering to get you to reveal personal or sensitive information. For example, employees might get an email that looks like it’s from your IT team. It might ask them to renew their access credentials in the next 24 hours, but they need to enter their existing credentials into an online form to make the change.

Vishing also relies on social engineering – it targets our impulse to trust or help – but, vishing does this using voicemail. Cybercriminals use this approach to attack individuals and businesses, and they aim to obtain the information they need to perpetrate further crimes.

How does vishing work?

Cybercriminals prepare in advance to make vishing more convincing. They’ll call from what looks like a local number, and you’ll be more likely to answer. They learn enough about their victim or the organization they claim to be from to appeal to human nature.

A vishing attempt will:

  • use urgency to encourage you to act;
  • leverage false credibility to convince you they’re legit (e.g. calling from the government, tax department, IT support, or HR);
  • employ persuasive language to make you want to help;
  • take a threatening tone so that your fear you will be arrested or have your bank accounts shut down to override your suspicions;
  • reference current events to tap into your worries (e.g. during the tax season, criminals might spoof tax collection agencies; or during COVID, people were promised testing kits for sharing their bank information).

Avoid falling victim to vishing

Make vishing awareness part of your security training for employees. Communicating how to avoid falling victim can help your business stay safe.

The number-one rule is to never provide or confirm personal information by phone. A bank, hospital, tax office, or the police are not going to call you on the phone to ask for personal details. And they are definitely not going to call and try to motivate you to act urgently.

It is also unlikely that your manager or human resources would call you at home to ask you to transfer funds, provide confidential data, or email documents from your personal account.

Always ask for proof that you can use to verify the caller is who they say they are and works where they claim to. If you’re given a number to call to confirm the caller is legit, look it up. Call on a different phone to check that it’s a real number.

Stay aware of the latest trends. For instance, a new take on vishing sends emails claiming to share links to voicemail messages on LinkedIn- or WhatsApp-type services. If the recipient clicks on the link, they go to a convincing page (complete with CAPTCHA for added legitimacy) where crooks try to capture their access credentials.

This latest iteration of vishing aims to evade your cybersecurity solutions. There’s always something to keep up with. Need help? Our experts can set your business up for network security success. Call us today at (515)422-1995.

Talk to Your Staff About Tech Success and Stumbling Blocks

by

You may be in charge of tech for your entire business, but that doesn’t mean you actually use all the technology you source, install, and maintain. You’re responsible for updating that tech, supporting it, and monitoring for threats, yet you don’t have hands-on with that tech day in and day out. That means you can’t fully understand what’s working and what isn’t.

To gain a holistic picture of how your technology is working, ask the people who use it every day. You can’t rely on the fact that people aren’t complaining to mean your hardware or software is running smoothly.

There are many reasons employees might not reach out to tell you what’s wrong:

  • They are too busy to bring up their issues.
  • They don’t know how to communicate what’s holding them up.
  • They don’t realize that the obstacle they’re hitting isn’t normal for a particular solution.
  • They don’t know who to talk to about the problems they are having.

So, it’s up to you to be proactive. Reach out to employees to find out what they need to do their jobs better.

Gain the employee’s perspective

If you’re in IT, you’re seldom found in the trenches with your sales or marketing. You aren’t in accounting trying to track payments or keep up with supply-chain management. So, you can’t expect to know what the lived experience of your tech is like for those teams.

Talking to your staff about what’s needed can help you learn about:

  • digital solutions your people have heard about from peers at other companies;
  • new technologies staff would like to try;
  • roadblocks that are slowing productivity and undermining employee morale;
  • low-hanging-fruit changes that you can make to improve an employee’s experience (e.g. adding a second screen may be all that a disgruntled staffer needs to see their job isn’t so bad).

You might host a lunch-and-learn, where you discuss technology with different teams, or you could send around a survey. Emailing employees directly, and asking them to answer key questions can help, too. Focus your information gathering in three areas:

  • What works well for you?
  • What challenges are you facing?
  • What would make your life easier?

Of course, people are going to have different ways of speaking about technology. They probably don’t know a LAN from a PAN or a WAN, for example, but they will be able to convey whether they feel the network is too slow or not.

Prioritize tech solutions

Talking to people in the trenches with tech can help set infrastructure priorities. Once you’ve learned what tech is needed and what isn’t working as you’d hoped, reach out to a managed service provider for help. We can consult on new solutions and help you streamline business processes. We know tech for small businesses. Contact us today at (515)422-1995.

How to Reduce PC Power Consumption

by

You probably grew up having a parent saying, “turn the lights off!” That was the number-one way to save on the power bill. But now, with so many of us having personal computers in the home, they too are a big electricity drain. Try these strategies to cut your PC power consumption.

Unplug the extras

You might connect printers, speakers, external storage, and other devices to your computer, but don’t leave them plugged in permanently, as they pull power even if you aren’t using them. An average printer on standby can use 5–8 Watts. High-end printers take even more power, pulling as much as 30 Watts.

Check your settings

Adjusting the brightness of your screen can cut back on your power usage: the brighter your screen, the more power it needs. So, reducing the brightness helps reduce your power intake.

You can also set your computer to run in power-saving mode. On Windows, options under Advanced Settings allow you to select a power plan to manage consumption. On a Mac laptop, you can go into system preferences and change settings for battery and adapter usage.

You can also set your computer to go to sleep when no activity is detected. This helps ensure you don’t leave the computer taking full power when you forget to turn it off at the end of the day.

Prefer sleep to shutdown

Speaking of sleep mode, putting your computer into sleep mode instead of shutting down consumes less power, especially if you are putting it aside only for a few hours. Starting up the computer consumes more power. As an added benefit, when you come back to a sleeping computer, it’s much quicker to turn back on and let you get back to work.

Corral your windows

Keeping a bunch of windows open and apps running in the background uses power for all those items. Once you’re done with an app or a browsing window, close it.

Note: We’re suggesting you do this when finished. If you are going to be jumping back and forth between programs or windows, keep them open. As above, launching them again and again can consume more power than leaving active apps open.

By the way, this works on your smartphone, too!

Work in airplane mode

Keeping Bluetooth and Wi-Fi open on a connected PC requires more power. The device will scan for available networks in the background even if you don’t need them right then. By turning on airplane mode, you disable this function.

Upgrade your hardware

Legacy equipment may not have the same power efficiency as newer models. Traditional hard drives, for example, are slower and consume more power than solid-state drives (SSDs).

An old computer processing unit (CPU) may need to work harder to keep up with your needs. That’s going to take more power. Additionally, if your random-access memory (RAM) is full, the operating system has to work harder. Yep, that’s more power, too!

If you don’t plan on computer gaming, you also don’t need a high-performance graphics card. Choosing a lesser option can cut your power usage.

Turn off RGB lighting

RGB (red, green, blue) lighting adds special effects around a monitor, or on a keyboard, mouse, or memory stick. It looks cool, but turning off these exciting features can conserve power.

Need to optimize your personal computing setup at home? Our IT experts can help. Contact us today at (515)422-1995!

Securing Your Legacy Architecture: Why and How

by

Some business applications are so essential they are always on, 24/7. That makes them difficult to update or replace. You may also have hardware or software that has been getting the job done for decades. Taking an “if it ain’t broke, don’t fix it” perspective, you continue to rely on this technology. But how secure is this legacy architecture? Convenience could be undermining essential cyber protection.

Legacy systems are common in many industries, including energy, healthcare, manufacturing, and government. Take this high-profile example of the dangers of relying on legacy architecture. American taxpayers got an extension on their 2018 filings due to a legacy tech outage. The Internal Revenue System’s critical systems went down for over 10 hours … on national tax day!

Legacy architecture includes software, hardware, and other tech that is not internet-enabled. It may all still work as intended, but that doesn’t mean it’s secure.

The Risks with Legacy Architecture

The longer you rely on an application, the more critical it may be to your day-to-day operations. This can make it more challenging to upgrade or replace. Downtime would be damaging, and costs could be prohibitive. It could be part of a custom deployment, making mapping what you need to update and secure as challenging as untangling all the electrical cords in the equipment closet.

Yet continuing to run legacy architecture leaves you open to many problems:

  • You could be running outdated software that you can’t control because the original developers are gone.
  • The technology may no longer be supported, so the vulnerabilities are growing every year it is left unpatched or not updated.
  • You risk noncompliance with industry or other cybersecurity regulations.

Your budget may not allow you to replace legacy equipment or overhaul it to provide more advanced cyber protection. Still, you can take action to protect legacy architecture.

Get to know the problem – Part of the issue with legacy architecture is that it has morphed beyond the original design. No one knows all its external dependencies and internal integrations with other equipment. That means you don’t know the threats or vulnerabilities and can’t design effective countermeasures and protections. Thus, protection begins with a deep dive to understand what that technology does and how it does it.

Build protections around it – Enhance security by making it more difficult for hackers to get at your legacy tech. It’s like putting a moat and high walls around a castle to protect it from marauders. Using firewalls can slow down the bad guys, plus, if you keep an eye on the security logs, you may be able to see them trying to break in.

Isolate legacy architecture – Another solution is to separate legacy equipment from other systems. This helps you limit the number of entry points a bad actor has to exploit vulnerabilities. You can also minimize collateral damage by keeping the attack contained.

Use multi-factor authentication – Better protect access to legacy systems with multi-factor authentication. This makes it more difficult for cybercriminals to get in. They’d need more than stolen access credentials for authentication.

Also, limit each user to applications or hardware that is essential for their role. This is a least-privileges-access approach. It keeps a bad actor from having carte blanche access to your systems.

Migrate workflow to modern systems – If part of a workflow doesn’t have to be done on the legacy architecture, move it to the more modern system. Transition to cloud technology to benefit from current systems with built-in redundancy. That can help you bounce back sooner if something does go wrong.

Develop a security mindset – Your people are often the weakest link in cybersecurity. When working with legacy tech, encourage your people to patch often and update always. Demonstrating you care about security can encourage caution. That can help you avoid costly mistakes or give the criminals a way in.

Partner with a managed service provider

By working with an external IT provider, you can enjoy a fresh perspective. An outsourced IT expert is skilled with legacy architecture and the latest tools, too. We can provide the know-how you need to protect what you want to hold on to a little longer. Contact us today at (515)422-1995!

Data Breaches Are Getting Worse: Know the Basics

by

The exposure of sensitive information can be disastrous for individuals, businesses, or governments. Yet data breaches aren’t going away. The first data breach compromised more than a million records in 2005. Since then, we’ve seen ongoing news of breaches. But there are some basic steps you can take to avoid falling victim to an attack.

Let’s look just at August 2022:

  • A breach at communications giant Twilio exposes 1900 users’ phone numbers and SMS verification codes.
  • Researchers discover at least 9000 virtual-network computing endpoints exposed online without a password.
  • CISCO confirms a ransomware gang has exfiltrated 2.8GB of data.
  • An American neurology practice notifies 363,833 individuals of a data breach.
  • 4 million Twitter users are thought to have been affected by a data breach at the social media firm.

And that’s all during a 10-day period!

In its annual Cost of a Data Breach study, IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.

How does a data breach work?

A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone. Data breaches happen mainly when hackers can exploit user behavior or technology vulnerabilities.

The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.

Popular methods for executing malicious data breaches include:

  • phishing – emails in which hackers persuade users to hand over access credentials or the data itself;
  • brute-force attacks – hackers use software and sometimes even hijacked devices to guess password combinations until they get in;
  • malware – infects the operating system, software, or hardware (often without the user knowing) and steals private data.

Disgruntled employees or political hacktivists can also be behind data breaches. However, more often than you would hope, the breach is due to human error.

Basic steps to avoid data breaches

Too many data breaches trace back to people using weak access credentials. Yes, there are still people out there using “password” or “123456” to log in at work! Thus, an important step to counter data breaches is enforcing strict password policies.

Multi-factor authentication can also help. This way, even if the employee uses a poor password, or their strong password is stolen, the hacker has to work to get access. They might need the user’s physical device to confirm a one-time-use code sent to verify identity.

It’s also important to patch and upgrade software as soon as asked to do so. Manufacturers support security by keeping abreast of hacker attacks throughout the world. They’ll also watch for bugs and any vulnerabilities. Disregarding that message to upgrade or patch could leave your computers at risk.

Encrypting all sensitive data can also cut the risks of a data breach. That way, if the bad guys do get inside your systems, they can’t do anything with the information they access.

With more people working remotely, the number of users doing business on their own devices is also up, which represents another data breach risk. Enforce strict Bring Your Own Device (BYOD) policies to minimize exposure. You might require virtual private networks and professional-grade antivirus protection.

Don’t risk data breach damage

Data breaches cause business downtime and can cost your reputation and bottom line. You may lose customers and also have to pay legal fees or compliance fines. Don’t let this happen to you. A managed services provider can install protection and take precautions against data breaches. Call us today at (515)422-1995.

How to Know if a Laptop Screen Is Damaged

by

You may not see broken glass, but you can know the laptop screen is damaged because you experience:

  • distorted images;
  • pixelization;
  • resolution lines
  • backlighting issues;
  • a blank screen.

You might want to turn that laptop into a piece of art. The screen, after all, is now showing very psychedelic, colorful images. If you have an LCD screen, the liquid inside might have spread, which can make deciphering your text or graphics like reading a Rorschach test.

Whether you want to get artistic with that laptop or not, replacing the entire laptop is one way to go, but it’s also the most expensive response. Ideally, you can avoid this approach. So, what’s left to do?

What to do with a damaged screen

If the laptop is under warranty, and the screen wasn’t dropped or damaged by you, you may be able to send it back to the manufacturer for repair.

Otherwise, you may be able to replace just the screen. The difficulty in replacing a screen depends on the manufacturer and laptop model. There are many screws and very fine cables that are easily snapped, and it’s going to be safer to go to a professional. Of course, you will also need to determine whether anything else was damaged.

Screen replacement is still a costly option. In fact, it may be more expensive than a new laptop. Plus, you might be without your laptop for several days while it is in for repair or even longer if you take it to a big-box store, where they will send it away for attention. That’s one reason to prefer a local repair shop.

Another option is to attach your laptop to an external monitor. This method has its own pros and cons.

It’s a more affordable option and can see you through finishing that report that’s due tomorrow.

The problem? This undermines the mobility of a laptop unless you want to walk around carting a monitor and its cords. Also, you may find the original, broken screen gets in the way.

Avoid damaging your laptop

Of course, we’re also going to share strategies to help avoid breaking the screen in the first place. Try these tips:

  • Never open or close the lid by one corner. Instead, use one hand to close the lid from the center, or hold the keyboard as the other hand opens the lid.
  • Don’t leave a laptop attached to cords that someone can trip over and bring the computer crashing down.
  • Avoid overheating your computer, as it can burn the laptop’s screen.

The price you’ll pay to deal with a broken screen will vary based on brand and model, as well as what’s gone wrong. Check with a local computer repair shop for an estimate and get back up and running. Call us now at (515)422-1995.

Making the Most of Microsoft Lists

by

If you have Microsoft 365 but aren’t using Microsoft Lists, you could be missing out. This useful feature, which is included with your 365 subscription, helps businesses work more efficiently.

Lists is a productivity feature on Microsoft 365 (MS365), formerly Microsoft Office. This app is a more recent addition to the MS365 app store, so you may have missed it. This article shares some advantages of this tracking and work management app.

An upgrade of SharePoint lists, which has been with MS365 all along, Lists integrates with Microsoft Teams. This means Lists help you collaborate and cooperate better. In fact, all users in a Teams channel with a List can access and edit that List without leaving Teams.

With Lists, you can create, distribute, and track data in a configurable way. Yes, it is good for helping you make a simple list of, say, things to do, but you can do much more with Lists.

Added functionality of Lists

Lists comes with templates to get you started quickly. You can also configure the lists to suit your specific business needs. Plus, you can set the lists to display in the way that works best for you. Maybe you want to look at Lists as a calendar, a grid, a gallery, or in a custom view. You can do that but in real-time, with everyone using that list getting the same updated data when they’re logged in.

In Lists, you set up tables of information to track extensive amounts of data. For example, you might track a project in Microsoft Lists by adding all the tasks to a List. You could add columns for the person responsible, task status, project priority, and more. You can also use colors within the List to help sort information more easily.

Additionally, since Lists is part of MS365, you can use Lists wherever and on whichever device you access the software. You can also integrate Lists with other powerful tools on the MS365 platform. You might extend forms with Power Apps or customize workflows with Power Automate. With automation, you get even more from your Lists.

Taking advantage of Lists

There are many business applications with Lists. Besides project management, you might organize an event itinerary and speaker info in a List, or track assets, or manage a new employee onboarding checklist. If you have an idea of something you want to create, configure, watch, and share, you can probably do it within Lists.

Lists is a default feature in MS365 Teams, but you can switch it on or off in the Teams admin center at any time. You can even permit or ban certain users from Lists.

If you’re not yet using MS365, our IT gurus can help you get started. If you’re on the platform already, let our experts help you get the most you can from your license. Call us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy