Email Breaches Remain a Costly Threat

by

You would need to be new to the internet to be unaware of threats to cybersecurity. With Internet World Stats reporting that 69% of the world is now online, that naïveté is increasingly unlikely. But is your business doing all it can to prevent email breaches? We know better than to use “123456” or “letmein” as passwords, but the threat remains.

No matter the industry, global businesses are always at risk. Scammers send emails and set up spoof domains to get employees to enter access credentials online. Or criminals simply buy leaked emails and passwords from a previous data breach.

Once they’ve gained access, they can easily hide their activity. Setting up a simple “forward all email” rule gives them access to business communications. They can also see what services you use from the emails you receive.

For example, they can identify which payroll software your business uses. Then, they go to that site and say they “forgot the password.” The reset instructions go to the email they can already access. So, they follow the steps, delete the email, and take control of the account.

Criminals will also impersonate you and send invoices to your vendors or customers. They might send an invoice that looks like your genuine ones, but they end up paying the crooks.

These attacks are working for cybercriminals. So, don’t expect email breach attacks to go away any time soon. Instead, take action to reduce the risk of compromise.

How to protect your business

Educating your employees is an important first step. You can take all the steps we outline next, but humans will remain your weakest link. You’ll want to:

  • institute an effective training program to safeguard your business;
  • teach employees about the risks;
  • emphasize the importance of strong passwords and good cyber hygiene.
  • Foster a culture of compliance and individual sense of responsibility for cybersecurity.

Put a password manager application in place so employees set more complicated passwords.

Enable multi-factor authentication on all email accounts. This makes it so that having the stolen credentials isn’t enough. A bad actor may have the username and password, but they also need the user’s authenticating device. That’s less likely.

Another important move is to limit access to functions and features online. Take a least-privilege access approach. This means users can perform assigned roles but can’t access other applications. This can curtail the damage if one user’s credentials are exposed.

Ongoing monitoring of technology for signs of suspicious activity is also key. Set up alerts, and track activity logs. Your business wants to be able to react quickly rather than finding out weeks later about a hack.

Keep online attackers at bay

Create a business environment that prioritizes prevention and detection. Email scams aren’t going to slow soon. Instead, your business needs to take action to shore up its defenses. We can help. Contact our IT experts today at (515)422-1995.

Encourage Better Work Habits with Microsoft Viva Insights

by

Productivity has always been important at work. Yet our awareness that well-being factors into productivity is newer. Microsoft is getting in on that trend with its Viva Insights offering. This article shares the basics of how it improves productivity and helps well-being.

Viva Insights is part of Microsoft’s Viva Suite focused on employee experience. The app gathers data while users work and provides recommendations for improvements.

In Microsoft Teams, Insights reviews collaboration data and suggests strategies to boost engagement. Recognizing common topics across conversations, Insights might automatically create a page devoted to that focus area.

Insights also connect people with meeting reminders and by sending RSVP reminders.

Insights can suggest users take breaks or set longer windows of time for focused work. There’s a Do Not Disturb functionality to help prevent distractions, too.

It is not just process-oriented either. Based on Insights, Viva Learning curates courses to foster learning and self-discovery for individual users.

In Personal Insights, individuals can log how they feel throughout the day. Automated check-ins encourage users to take a moment to reflect or to use the Headspace app integration for guided meditation.

A great feature for remote workers is “start a virtual commute.” This guides people to review and close tasks, preview the next day, and mindfully end their day.

Guides better management, too

The “My Organization” page gives team managers insights into employee trends. They can view items such as “average weekly time spent collaborating after hours,” or see the percentage of employees spending time in “long and large meetings,” or how many one-on-ones they are having with managers, or if they have little time to focus on tasks because of meeting overload.

Insights also give managers input to help them better engage with employees. Managers can view aggregated and anonymized feelings data on the Insights dashboard. This can help them identify the risk of burnout or turnover. When everyone’s feeling overwhelmed, Insights might suggest a no-meetings day.

This may sound a little Big Brother – the platform analyzes Outlook, Teams, and OneDrive activity. Still, Microsoft promises “only you can view personal data and insights based on work patterns.” Managers see data that captures overall user insights.

Getting the most from Microsoft’s Viva Insights

We can help your business get started with Microsoft Viva Insights. We can connect employees to Insights and assign manager roles within the platform. We can make other suggestions, too, about how to get the most out of your Microsoft tools.

Contact us today at (515)422-1995.

Don’t Get Hooked by Vishing Attacks

by

Cybercriminals are motivated and creative, which is not a great pairing for their victims. Just when we think we know what to watch out for, there’s something new to worry about. Right now, voicemail phishing (vishing) attacks are on the rise. Find out more about vishing and what you can do about it.

First, a reminder: phishing refers to bad actors sending fraudulent emails. They use social engineering to get you to reveal personal or sensitive information. For example, employees might get an email that looks like it’s from your IT team. It might ask them to renew their access credentials in the next 24 hours, but they need to enter their existing credentials into an online form to make the change.

Vishing also relies on social engineering – it targets our impulse to trust or help – but, vishing does this using voicemail. Cybercriminals use this approach to attack individuals and businesses, and they aim to obtain the information they need to perpetrate further crimes.

How does vishing work?

Cybercriminals prepare in advance to make vishing more convincing. They’ll call from what looks like a local number, and you’ll be more likely to answer. They learn enough about their victim or the organization they claim to be from to appeal to human nature.

A vishing attempt will:

  • use urgency to encourage you to act;
  • leverage false credibility to convince you they’re legit (e.g. calling from the government, tax department, IT support, or HR);
  • employ persuasive language to make you want to help;
  • take a threatening tone so that your fear you will be arrested or have your bank accounts shut down to override your suspicions;
  • reference current events to tap into your worries (e.g. during the tax season, criminals might spoof tax collection agencies; or during COVID, people were promised testing kits for sharing their bank information).

Avoid falling victim to vishing

Make vishing awareness part of your security training for employees. Communicating how to avoid falling victim can help your business stay safe.

The number-one rule is to never provide or confirm personal information by phone. A bank, hospital, tax office, or the police are not going to call you on the phone to ask for personal details. And they are definitely not going to call and try to motivate you to act urgently.

It is also unlikely that your manager or human resources would call you at home to ask you to transfer funds, provide confidential data, or email documents from your personal account.

Always ask for proof that you can use to verify the caller is who they say they are and works where they claim to. If you’re given a number to call to confirm the caller is legit, look it up. Call on a different phone to check that it’s a real number.

Stay aware of the latest trends. For instance, a new take on vishing sends emails claiming to share links to voicemail messages on LinkedIn- or WhatsApp-type services. If the recipient clicks on the link, they go to a convincing page (complete with CAPTCHA for added legitimacy) where crooks try to capture their access credentials.

This latest iteration of vishing aims to evade your cybersecurity solutions. There’s always something to keep up with. Need help? Our experts can set your business up for network security success. Call us today at (515)422-1995.

Talk to Your Staff About Tech Success and Stumbling Blocks

by

You may be in charge of tech for your entire business, but that doesn’t mean you actually use all the technology you source, install, and maintain. You’re responsible for updating that tech, supporting it, and monitoring for threats, yet you don’t have hands-on with that tech day in and day out. That means you can’t fully understand what’s working and what isn’t.

To gain a holistic picture of how your technology is working, ask the people who use it every day. You can’t rely on the fact that people aren’t complaining to mean your hardware or software is running smoothly.

There are many reasons employees might not reach out to tell you what’s wrong:

  • They are too busy to bring up their issues.
  • They don’t know how to communicate what’s holding them up.
  • They don’t realize that the obstacle they’re hitting isn’t normal for a particular solution.
  • They don’t know who to talk to about the problems they are having.

So, it’s up to you to be proactive. Reach out to employees to find out what they need to do their jobs better.

Gain the employee’s perspective

If you’re in IT, you’re seldom found in the trenches with your sales or marketing. You aren’t in accounting trying to track payments or keep up with supply-chain management. So, you can’t expect to know what the lived experience of your tech is like for those teams.

Talking to your staff about what’s needed can help you learn about:

  • digital solutions your people have heard about from peers at other companies;
  • new technologies staff would like to try;
  • roadblocks that are slowing productivity and undermining employee morale;
  • low-hanging-fruit changes that you can make to improve an employee’s experience (e.g. adding a second screen may be all that a disgruntled staffer needs to see their job isn’t so bad).

You might host a lunch-and-learn, where you discuss technology with different teams, or you could send around a survey. Emailing employees directly, and asking them to answer key questions can help, too. Focus your information gathering in three areas:

  • What works well for you?
  • What challenges are you facing?
  • What would make your life easier?

Of course, people are going to have different ways of speaking about technology. They probably don’t know a LAN from a PAN or a WAN, for example, but they will be able to convey whether they feel the network is too slow or not.

Prioritize tech solutions

Talking to people in the trenches with tech can help set infrastructure priorities. Once you’ve learned what tech is needed and what isn’t working as you’d hoped, reach out to a managed service provider for help. We can consult on new solutions and help you streamline business processes. We know tech for small businesses. Contact us today at (515)422-1995.

Securing Your Legacy Architecture: Why and How

by

Some business applications are so essential they are always on, 24/7. That makes them difficult to update or replace. You may also have hardware or software that has been getting the job done for decades. Taking an “if it ain’t broke, don’t fix it” perspective, you continue to rely on this technology. But how secure is this legacy architecture? Convenience could be undermining essential cyber protection.

Legacy systems are common in many industries, including energy, healthcare, manufacturing, and government. Take this high-profile example of the dangers of relying on legacy architecture. American taxpayers got an extension on their 2018 filings due to a legacy tech outage. The Internal Revenue System’s critical systems went down for over 10 hours … on national tax day!

Legacy architecture includes software, hardware, and other tech that is not internet-enabled. It may all still work as intended, but that doesn’t mean it’s secure.

The Risks with Legacy Architecture

The longer you rely on an application, the more critical it may be to your day-to-day operations. This can make it more challenging to upgrade or replace. Downtime would be damaging, and costs could be prohibitive. It could be part of a custom deployment, making mapping what you need to update and secure as challenging as untangling all the electrical cords in the equipment closet.

Yet continuing to run legacy architecture leaves you open to many problems:

  • You could be running outdated software that you can’t control because the original developers are gone.
  • The technology may no longer be supported, so the vulnerabilities are growing every year it is left unpatched or not updated.
  • You risk noncompliance with industry or other cybersecurity regulations.

Your budget may not allow you to replace legacy equipment or overhaul it to provide more advanced cyber protection. Still, you can take action to protect legacy architecture.

Get to know the problem – Part of the issue with legacy architecture is that it has morphed beyond the original design. No one knows all its external dependencies and internal integrations with other equipment. That means you don’t know the threats or vulnerabilities and can’t design effective countermeasures and protections. Thus, protection begins with a deep dive to understand what that technology does and how it does it.

Build protections around it – Enhance security by making it more difficult for hackers to get at your legacy tech. It’s like putting a moat and high walls around a castle to protect it from marauders. Using firewalls can slow down the bad guys, plus, if you keep an eye on the security logs, you may be able to see them trying to break in.

Isolate legacy architecture – Another solution is to separate legacy equipment from other systems. This helps you limit the number of entry points a bad actor has to exploit vulnerabilities. You can also minimize collateral damage by keeping the attack contained.

Use multi-factor authentication – Better protect access to legacy systems with multi-factor authentication. This makes it more difficult for cybercriminals to get in. They’d need more than stolen access credentials for authentication.

Also, limit each user to applications or hardware that is essential for their role. This is a least-privileges-access approach. It keeps a bad actor from having carte blanche access to your systems.

Migrate workflow to modern systems – If part of a workflow doesn’t have to be done on the legacy architecture, move it to the more modern system. Transition to cloud technology to benefit from current systems with built-in redundancy. That can help you bounce back sooner if something does go wrong.

Develop a security mindset – Your people are often the weakest link in cybersecurity. When working with legacy tech, encourage your people to patch often and update always. Demonstrating you care about security can encourage caution. That can help you avoid costly mistakes or give the criminals a way in.

Partner with a managed service provider

By working with an external IT provider, you can enjoy a fresh perspective. An outsourced IT expert is skilled with legacy architecture and the latest tools, too. We can provide the know-how you need to protect what you want to hold on to a little longer. Contact us today at (515)422-1995!

Data Breaches Are Getting Worse: Know the Basics

by

The exposure of sensitive information can be disastrous for individuals, businesses, or governments. Yet data breaches aren’t going away. The first data breach compromised more than a million records in 2005. Since then, we’ve seen ongoing news of breaches. But there are some basic steps you can take to avoid falling victim to an attack.

Let’s look just at August 2022:

  • A breach at communications giant Twilio exposes 1900 users’ phone numbers and SMS verification codes.
  • Researchers discover at least 9000 virtual-network computing endpoints exposed online without a password.
  • CISCO confirms a ransomware gang has exfiltrated 2.8GB of data.
  • An American neurology practice notifies 363,833 individuals of a data breach.
  • 4 million Twitter users are thought to have been affected by a data breach at the social media firm.

And that’s all during a 10-day period!

In its annual Cost of a Data Breach study, IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.

How does a data breach work?

A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone. Data breaches happen mainly when hackers can exploit user behavior or technology vulnerabilities.

The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.

Popular methods for executing malicious data breaches include:

  • phishing – emails in which hackers persuade users to hand over access credentials or the data itself;
  • brute-force attacks – hackers use software and sometimes even hijacked devices to guess password combinations until they get in;
  • malware – infects the operating system, software, or hardware (often without the user knowing) and steals private data.

Disgruntled employees or political hacktivists can also be behind data breaches. However, more often than you would hope, the breach is due to human error.

Basic steps to avoid data breaches

Too many data breaches trace back to people using weak access credentials. Yes, there are still people out there using “password” or “123456” to log in at work! Thus, an important step to counter data breaches is enforcing strict password policies.

Multi-factor authentication can also help. This way, even if the employee uses a poor password, or their strong password is stolen, the hacker has to work to get access. They might need the user’s physical device to confirm a one-time-use code sent to verify identity.

It’s also important to patch and upgrade software as soon as asked to do so. Manufacturers support security by keeping abreast of hacker attacks throughout the world. They’ll also watch for bugs and any vulnerabilities. Disregarding that message to upgrade or patch could leave your computers at risk.

Encrypting all sensitive data can also cut the risks of a data breach. That way, if the bad guys do get inside your systems, they can’t do anything with the information they access.

With more people working remotely, the number of users doing business on their own devices is also up, which represents another data breach risk. Enforce strict Bring Your Own Device (BYOD) policies to minimize exposure. You might require virtual private networks and professional-grade antivirus protection.

Don’t risk data breach damage

Data breaches cause business downtime and can cost your reputation and bottom line. You may lose customers and also have to pay legal fees or compliance fines. Don’t let this happen to you. A managed services provider can install protection and take precautions against data breaches. Call us today at (515)422-1995.

Making the Most of Microsoft Lists

by

If you have Microsoft 365 but aren’t using Microsoft Lists, you could be missing out. This useful feature, which is included with your 365 subscription, helps businesses work more efficiently.

Lists is a productivity feature on Microsoft 365 (MS365), formerly Microsoft Office. This app is a more recent addition to the MS365 app store, so you may have missed it. This article shares some advantages of this tracking and work management app.

An upgrade of SharePoint lists, which has been with MS365 all along, Lists integrates with Microsoft Teams. This means Lists help you collaborate and cooperate better. In fact, all users in a Teams channel with a List can access and edit that List without leaving Teams.

With Lists, you can create, distribute, and track data in a configurable way. Yes, it is good for helping you make a simple list of, say, things to do, but you can do much more with Lists.

Added functionality of Lists

Lists comes with templates to get you started quickly. You can also configure the lists to suit your specific business needs. Plus, you can set the lists to display in the way that works best for you. Maybe you want to look at Lists as a calendar, a grid, a gallery, or in a custom view. You can do that but in real-time, with everyone using that list getting the same updated data when they’re logged in.

In Lists, you set up tables of information to track extensive amounts of data. For example, you might track a project in Microsoft Lists by adding all the tasks to a List. You could add columns for the person responsible, task status, project priority, and more. You can also use colors within the List to help sort information more easily.

Additionally, since Lists is part of MS365, you can use Lists wherever and on whichever device you access the software. You can also integrate Lists with other powerful tools on the MS365 platform. You might extend forms with Power Apps or customize workflows with Power Automate. With automation, you get even more from your Lists.

Taking advantage of Lists

There are many business applications with Lists. Besides project management, you might organize an event itinerary and speaker info in a List, or track assets, or manage a new employee onboarding checklist. If you have an idea of something you want to create, configure, watch, and share, you can probably do it within Lists.

Lists is a default feature in MS365 Teams, but you can switch it on or off in the Teams admin center at any time. You can even permit or ban certain users from Lists.

If you’re not yet using MS365, our IT gurus can help you get started. If you’re on the platform already, let our experts help you get the most you can from your license. Call us today at (515)422-1995.

How Secure is Cloud Data?

by

Data security is a common concern when migrating to the cloud. When data is on-premises, the business secures the sensitive data, and that feels safer. But that isn’t always the case. In fact, data can be safer in the cloud than on-site at your business.

When you put together your business infrastructure, you have many business priorities. Securely storing data is only one of your objectives and could even be one that you added on later.

A cloud services provider builds from the ground up with the goal of securing data online. Thus, cloud companies typically offer far more robust cybersecurity measures. After all, the success of Dropbox or Amazon Web Services depends on securing cloud data.

A hacker can use malware or phishing emails to target the data on your business devices. With ransomware, they make it impossible to reach your data unless you pay a ransom (or have a good data backup). Yet these cyberattacks don’t work in the cloud. Bad actors might access what’s stored on an individual user’s device, but they can’t get to the larger trove of data online.

Cloud servers are also safer because they’re in data warehouses most workers can’t physically access. Plus, the service providers will usually set up redundancies. So, for example, if a natural disaster hits one server site, they will offer continued access from another site.

Some cloud service vendors will also invest in third-party testing. To keep data safe, they hire external companies to test for vulnerabilities.

More reasons cloud data is safe

Cloud data is encrypted not only in storage but usually also in transit to and from the servers. This means your information is scrambled, and a bad actor getting between your business and its cloud data can’t understand it.

Cloud service providers also regularly monitor and maintain security. They spend more resources ensuring systems are up to date. They’re also more likely to use data analytics to identify trends or threats to their security. You might do the same, but you are unlikely to do so on the same scale.

Another advantage of keeping your data in the cloud? When you move to the cloud, you no longer have to store all that data on your own hardware. You still have access to your documents, media, or reports, but the third-party provider will likely have more storage space and processing speed. So, your on-site technology may function better, too.

You’re also cutting out common cybersecurity risks. You don’t have to risk storing data on laptops, which can get lost or stolen. You also end the need for thumb drives (or USB drives), which can also be stolen or lost. Plugging in these external devices can also expose you to viruses or other risks.

How to secure data in the cloud

First off, encrypt your data. Make sure you contract with a provider who will encrypt data in transit. This makes it more difficult for hackers to get at your information.

Enabling multi-factor authentication can also help secure data by adding layers of rigor. It moves your data security beyond just asking for a username and password. We know all too well that those are often compromised or guessed.

When you move your data to the cloud, you will need to pay attention to compliance regulations. Depending on your industry, there may be particular standards for data storage. Encryption is a common compliance expectation.

It’s also a good idea to train your employees on the importance of securing data. Engaging in ongoing security awareness training can help protect your endpoints. This is particularly important with people working remotely and connecting from off-site locations.

Help with securing your cloud data

Migrating to the cloud has its benefits. Still, that doesn’t make it a straightforward process. Work with our IT experts to move your data to the cloud with minimal disruption. We can help you find the right cloud service provider and assist with data backup processes. Contact us today at (515)422-1995.

What is Digital Friction, and What to Do About It?

by

No one wants to work harder than they have to. Digital transformation is one way businesses can make employees’ lives easier. Yet simply increasing the amount of technology isn’t the answer. Digital friction can actually make the workday more challenging. Read on to learn more about digital friction, its demotivating force, and how to avoid it.

Digital friction describes added challenges employees face trying to work with business technology. As businesses add more digital tools, teams must adapt to a more complex ecosystem, but problems can arise:

  • Technology isn’t integrated, so there are now more steps to follow.
  • Workflows grow more complicated, as there are several digital solutions to navigate.
  • Employees are overwhelmed with notifications tracking, managing, and monitoring digital workflows.
  • New approaches create or duplicate manual processes.
  • Employees become overloaded with information thanks to the many new collaborative, digital tools.

Any of these issues is counterproductive to digital transformation. The idea behind adding new digital solutions is to streamline and simplify, but if you’re complicating the work environment, you’ll undermine productivity. You aren’t helping employee engagement and morale either. Your people grow frustrated with your fresh expectations.

Sources of digital friction

When you install new tech, you intend to save time, reduce effort, and improve productivity, but the best intentions don’t avoid digital friction. If you’re going to install digital technologies be wary of these problems:

  • Poor understanding of workflow. If you don’t understand what is happening now, you can’t effectively install digital processes.
  • Inconsistent workflows. When employees approach processes differently, there will be friction on new, digital solutions.
  • Poor-quality data. Digital technology relies on data. A major source of digital friction is low-quality data. Employees spend too much time locating, validating, and formatting data to see benefits.
  • Lack of understanding of a solution’s impact. Investing in tech for the sake of “going digital” is not setting employees up for success. You need to know what the technology can do and how it will impact employees’ daily work.

What to do about digital friction

Before even adding technology, consult with your employees. Learn their pain points and what they want from a digital solution. Find out how they are doing their jobs today. Then, you can work with an IT consultant to determine which digital offerings will add value.

Look for opportunities to integrate your digital technology. Help employees avoid information overload and being constantly pinged and notified. Take stock of all the apps and software you’re using. Identify where you are duplicating processes, especially manual ones. Ferret out the places where your people are having to work harder to do their jobs. Know that data quality is a prime culprit.

Make decisions about new digital technology based on outcomes. What do you want the software to do? How will it be used and managed? Be sure you know how this new tool you’re offering is going to help people if you want them to embrace the change.

Simplify access by ensuring employees have a positive user experience. With more employees working remotely or hybrid, they need to do their jobs on a wider range of devices.

Need help cutting digital friction? Our technology-agnostic IT experts can identify problems and increase productivity. We can also consult on legacy tech and data migration to support digital transformation success. Call us today at (515)422-1995.

Automated Data Backups Still Need Management

by

Your business is backing up its data in case of a cyberattack or other disastrous disruption. Yes, you can pat yourself on the back for that, but don’t get too complacent with backing up. Automated backup still needs monitoring and management.

Having decided to back up data, you may feel confident you can withstand an attack or recover from unexpected downtime. But if you simply trust the backup to run at a certain time, you might be surprised. Automated backups can make the job easier. Still, you should be monitoring these backups and checking them, too. There’s nothing worse than finding out months later that something went wrong with your automated backup.

Why you need to monitor backup

A technician can set an automated backup to run on a set schedule. They select a time that causes the least interruption while ensuring up-to-date data. Yet this is too important a process to leave unattended.

Things change. The automated backup is set up for the technology configuration when originally installed. A lot can happen in the meantime as the IT environment evolves.

Blindly trusting automated backup could leave you unaware of problems such as:

  • an unplugged backup device;
  • an altered device letter, which means it isn’t found;
  • moved folders;
  • software updates that might have changed what needs to be done and how;
  • the original plan not accounting for new servers or migration from on-premises to the cloud;
  • insufficient capacity for the backup.

If no one is monitoring that backup, your business could assume it went smoothly. Then, when you need that backup, you could find out the hard way it didn’t go as planned.

Keeping an eye on automated backup

It’s not that you can’t automate backup, and there is convenience in doing so. Automating the backup of a computer, network, or IT environment can save time and money.

Yet you need someone to pay attention. Monitoring backups ensures that the process is running smoothly.

A managed service provider (MSP) will take a hands-on approach to your automated backups. If there is a failure, they have the skills to address the issue quickly and alert you of any bigger issues. Plus, with an MSP in your corner, you gain IT experts skilled at data recovery, too.

The MSP’s techs can even run data-restore drills, helping you to prepare for challenges such as ransomware attacks or accidental data deletion.

Process automation helps businesses, but don’t rely on it unattended. Optimize data backup by adding a human element. An MSP can ensure quality and fully protect your business. Contact us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy