Are You Banking Online Safely?

by

Banks and credit card companies are making it easier for us to get money on the go. We can check account balances, pay bills, and transfer funds online. We no longer even have to go into a bank or visit an ATM to deposit checks. But are you banking online safely?

In the past, all we had to do was protect our PIN number (and remember it). Now, we need a mobile account password, too. The first precaution you can take is to have a strong, unique password. Can you believe that “password,” “123456,” and “letmein” remain common access credentials? Don’t do it! Also, avoid using things that a cybercriminal might guess or be able to learn from your social media. This eliminates anniversaries and birth dates, pets, and children’s names.

Don’t reuse your banking password anywhere else. Sure, if you duplicate the password, it’s easier for you to remember, but, a bad actor could access your credentials for another site. Then, they have that same email and password combo to use to try on your banking or credit card site, too.

It’s also not a good idea to write down your passwords or keep track of them on a note in your phone. If you’re worried about remembering all your passwords, consider a password manager. A high-quality password manager can be a safe way to keep your passwords secret yet available. Top password managers use secure encryption for your access credentials.

Make sure you’re only banking using your own, secured devices. This means don’t check your balance or whether a payment cleared while in line at the coffee shop or in the airport. Don’t risk banking using a public Wi-Fi network that a hacker could be accessing to steal sensitive data. You also want to avoid using shared computers to login to your financial data. A cybercafe or library computer could have a keylogger that tracks your login details for criminal use.

Watch out for phishing emails that look like they come from your bank, credit card company, or a tax agency. Criminals send urgent emails warning of strange activity or that you’re being audited to get you to react.

Don’t click on any link or download any attachments in an email that appears to be from a financial institution – they don’t send private data directly in emails these days. They will send you to a secure inbox on their site. Always type the institutions’ Web address into the address bar. Otherwise, you might go to a fake, mirrored site that looks legitimate but will rip you off.

Added security for online banking

Two-factor authentication can help protect your financial accounts. Various banks will set it up differently, but you should definitely take the time to set this up. You might have to identify an image you selected besides using your password. Or you might need to enter a code sent to another device (such as a text message to your phone).

The second level of authentication can be an annoyance in our convenience-first society. Still, it keeps your accounts secure, even if cybercriminals access your password.

You work hard for your money, and you don’t want a cybercriminal taking control of or emptying out your financial accounts.

Worried about securing your online activity at home or on mobile devices? We can help. Contact us today at (515)422-1995 for expert support securing your financial data.

Hey You, Get Off the Public Cloud!

by

The Rolling Stones sang, “Hey you, get off my cloud,” yet businesses might want to think instead about leaving the public cloud. Weigh these possible public cloud concerns against the advantages of alternate cloud solutions.

When most people think of the cloud, they are thinking of the public cloud. Apple users are on its iCloud. Others may be storing files on Dropbox, OneDrive, Google Cloud, or other services. These all typically have a free level of service. You can pay a monthly fee to upgrade based on the resources you use.

Cloud data is easy to store and access. This can enhance business productivity and efficiency. Added advantages of hosted cloud services – public or private – include the following:

  • Speed. Hosted cloud services come on demand or self-service. It’s possible to have cloud resources up and running in a matter of minutes.
  • Performance. Cloud providers focus on running secure data centers with the latest infrastructure. It’s their job to worry about hardware setup, software patching, and network reliability.
  • Scalability. Add cloud capacity without buying equipment or software, or training employees.
  • Mobility. Employees can access the cloud from anywhere, on any device.
  • Disaster recovery. Providers build in redundancies to ensure uninterrupted service.
  • You don’t need to invest in on-site equipment, maintenance, and management.

Yet there are some drawbacks to the public cloud. The public cloud is affordable because businesses share resources. The cloud service provider relies on economies of scale. They bring many businesses together for the same services, and it all adds up. But if you’re in an industry with high compliance requirements, the public cloud is a risk.

Advantages of the Private Cloud The private cloud offers the same benefits as the public cloud – and more.

A private cloud solution is dedicated to your business: yours is the only data on the server. This is a more secure solution offering greater visibility and infrastructure control.

A private cloud can be on- or off-premises. On-premise, your IT team sets up, manages, and maintains the cloud infrastructure. Off-premises, a cloud services provider customizes a dedicated and secure cloud.

The private cloud is appealing to regulated industries, government agencies, and tech companies needing strong controls. It is more expensive but allows businesses to easily access data, applications, and backups, and with reduced security risks.

Cloud Flexibility with a Hybrid Option A third alternative is the hybrid cloud. The business takes advantage of both public and private cloud solutions. You decide which apps and data workloads need more security. Meanwhile, the public cloud is available to offer cost savings and efficiency, plus, it can be a backup for sporadic traffic spikes.

The hybrid option, though, requires strong integration between private and public cloud deployments. Managing the mix of architectures can prove challenging.

Understanding the difference between these cloud offerings can help you choose the best for your business.

Need help migrating to the cloud or changing your cloud solution? Our IT experts can help you weigh the tradeoffs and determine the best one for your needs. Contact us today at (515)422-1995!

Why You Need Both Software and Hardware Firewalls

by

A firewall sounds like a pretty intense thing – unless you’re an action-movie stuntman. Yet when it comes to internet security, you may not have as much firewall protection as you need.

Many internet security products bundle antivirus and firewall software, and many users think this is enough. But first, let’s be clear about what a software firewall actually does:

  • It regulates data through port numbers and applications.
  • It allows you to block incoming traffic from certain locations.
  • It distinguishes between computer programs allowing data to one program while blocking another.
  • It blocks traffic attempting to leave a device to access other devices on your network.

There are drawbacks, though. Software firewalls work only on the computers on which they are installed, and you’ll need to buy multiple licenses to protect several computers.

You also need expertise to administer the firewall to keep up with changing threats. And there are security threats. Bad actors target software firewalls. They’re right there on the computer they seek to exploit.

Beefing Up Your Firewalls

Many businesses also use hardware firewalls to add security. A hardware firewall around your office network acts as a perimeter boundary. The hardware firewall is like the border guard keeping an eye out for dangerous traffic. The firewall inspects incoming internet traffic to protect you from malware and cyberthreats.

IT experts can set up firewalls to pass only safe data. This adds a layer of protection to your network and also secures network-connected devices. Workstations, printers, digital equipment, and telephone systems often don’t have software firewalls.

So, combining firewalls protects both local computers and other devices on your network. The hardware firewall checks traffic coming in from and going out to the internet, whereas the software firewall secures what’s coming into or out of the computer, even from internet sources.

Think about it this way: A cybercriminal is trying to access your systems. They take many approaches, one of which is trying to breach your network perimeter. Another is sending targeted communications to sucker someone into clicking on a virus-laden email. The hardware firewall could stop the perimeter attack, but the software helps stop the malware infection spreading from the user’s computer to others in your office.

Partner with a Firewall Expert

Firewalls can give your business tremendous control over:

  • how users connect to the internet;
  • what information is retrieved from the internet;
  • whether files can leave the company over the network;
  • what devices are accessible and from where.

Yet both software and hardware firewalls need the right expertise to install correctly. Firewalls must be regularly monitored and managed, because threats are constantly changing.

Combining firewalls adds protection but only if you configure them to minimize weaknesses. You’ll need someone to identify compatibility issues and avoid blocking legitimate data.

Partner with an IT expert. We know how to work with firewall rules, and understand what they mean and how to react to alerts generated. Have you heard of a breach that compromised Target’s point of sale systems? That fiasco involved ignored firewall alerts! Don’t let it happen to you.

We can help you set up and maintain the firewall protection you need. Contact us today at (515)422-1995!

The Trouble with Trusting Your Online Friends

by

Trust is the foundation of a good relationship – you trust friends to be loyal, sincere, and honest. But when you blindly trust online friends, you could be opening yourself up to cyberattack.

When you hear about a big data breach on the news, you may think you don’t need to worry. You may think, “I don’t do business with that company, so the crooks can’t steal my identity.” Or “my email address and password weren’t involved, so it’s not my problem.” Yet it could be.

One of your friends or family members’ personally identifying information may be hacked. Then, cybercriminals could use that as a stepping stone to get to you.

Think you’re safe when you interact with friends and family on Facebook or Instagram? Those aren’t the sites breached! Again, think twice.

Many people reuse their username and password on more than one site. Imagine the bad guys get hold of an individual’s credentials from a malware attack on a major retailer, or they buy that person’s credentials for a banking site on the Dark Web after a breach. The crooks might try the credentials on those sites to see if they can gain access, but they are also likely to try those same credentials on other sites, too.

What to Watch Out for Among Friends/Family

Hackers prey on our impulse to trust others. They have greater odds of success impersonating a Facebook friend asking for help. If a Nigerian prince emails out of the blue and asks for money, most of us know by now to delete the message immediately. But if Aunt Peggie does the same thing via Facebook, you’re more likely to fall for it.

The same thing happens with malicious content. We all know not to click on attachments from people we don’t know and trust. After hacking a social media account, cybercriminals email all that person’s friends. They might say something appealing such as, “you’ve got to check out this latest hilarious video of my son!” We want to see our friend’s son being funny, so we click, and the trouble starts.

One more note: be wary of whom you accept into your “friends” circle online. Adding your niece’s best friend or your work colleague’s husband may seem like a good idea, but, that’s one more possible vulnerability.

Impersonations of people you trust aren’t only happening on social media. You might get emails that appear to be from companies you trust, vendors you know, or work colleagues. For instance, you might get an invoice from your housekeeping service. It looks like usual, with the same services listed, but the banking details are different. If you don’t catch on, you’ll be paying the crooks instead of your cleaners.

Or you might get an email from a “co-worker” asking you to remind them of a password or account number. It seems like a simple request from someone who can afford to be casual about security with you. But don’t fall for a “hey, what was that password again?” request.

Another area of daily life that cybercriminals target is online selling sites such as eBay. They might hack an account with solid feedback to post items for sale. They’ll accept your payment but never deliver the goods.

Ultimately, don’t rely on that browser lock suggesting a site is secure or the fact that you already know so and so. You may not be actually dealing with that individual. Always confirm, using another method of communication, before sending sensitive info or money.

A managed services provider can help you secure online interactions and home computing networks. Want to learn more? Contact us today at (515)422-1995

Don’t Let Crooks Hijack Your Domain

by

Doing business today you are as likely to give out your website address as your email or phone number. Your Web domain is your business identity on the internet. Don’t risk falling victim to the cyberthreat known as domain hijacking.

You build up a business site to represent your brand online. Every bit of content, and all the fonts and images you selected, reflect your business. You probably also have email addresses at the domain name (e.g. sales@yourbusinessname.com). So, imagine the pain of finding out that someone else has stolen your domain.

When your domain gets hijacked, you lose control of your website, its email addresses, and all associated accounts. And it’s not easy to recover them.

The Infosec Institute shares examples:

An advertising agency spent US$15,000 and 19 months recovering its stolen domain.

The owner of ShadeDaddy.com lost US$50,000 and had to lay off six of its eight employees. He said domain name theft is “like your house got stolen.”

How does a domain get stolen?

There are several ways this can happen to a business or individual.

The simplest is that your domain name expires, and you don’t know it. Domain registrars must send notice one month and one week before the domain expires. But the reminders might go to an email address that is no longer active or to the Web company that set your site up years ago and with whom you no longer communicate.

Once your domain rights lapse, the site gets disabled. After that, the domain name goes back into a pool of domain names for anyone to buy.

There are people who make money from purchasing domains. They hope to make money off your company’s desperation to get its domain back. Or they profit from redirecting traffic from your reputable Web address to their own.

Then there are the hijackers. These cybercriminals also want to profit from Web traffic redirects or to access your domain emails to send false invoices. They might intercept emails sent to your domain to learn proprietary information. They could change the content on your site or redirect traffic to a hub for online gambling, or worse.

The hijackers might steal your domain by gaining access to the email account you used to set up the domain. Cybercriminals might use phishing emails to obtain the access credentials. They use the password reset mechanism to take over your account and transfer the domain to a different registrar.

Your domain registration company could be compromised, too. It helps to pick an accredited registrar for your domain registration.

Any of these scenarios can have a serious, lasting impact on your business. Once someone else has access to your domain address they can do whatever they want with it.

Protect Against Domain Hijacking

The first step is to protect your access credentials. Leveraging two-factor authentication can also help prevent hijackers from stealing your domain. A registry lock can also help. It requires more communication if someone tries to change domain registration. This lets you know of suspicious activity and gives you some time to react.

It’s also important to know who is managing your domain name and how it is being managed. A Managed Service Provider can take care of this ongoing process for your business. Reach out to our Web experts today! Call us at (515)422-1995

Recovery Test Your Data Backups

by

Most businesses are aware of the need for data backup. Without it they risk losing important files in the event of a hard drive failure or cyberattack. Yet having a backup in place isn’t enough: it’s important also to test that backup. Ensure that you are able to restore that essential data when you need it.

The many reasons to establish data backups include:

  • protecting against natural or man-made disasters (including hacker or insider attack);
  • ensuring compliance with tax, financial, and other industry standards;
  • preserving relationships with clients;
  • reducing downtime;
  • improving productivity;
  • establishing credibility with customers, investors, and employees.

We recommend backing up in three places. You might have one on a local, on-site computer. You’d also have a backup on a remote device and another in the cloud. The cloud option gives you the most flexibility. It can be accessed from anywhere, regardless of conditions in your particular environment.

Yet while many people know they need backups, too few do recovery tests. The worst time to find out there’s a problem with your backup solution is when you need it the most.

Testing Data Backups

Regular data backups can offer peace of mind, but you’ll really know you are ready to go if you regularly test your ability to recover your system from a backup.

Testing your backup lets you verify the necessary data is available for recovery. Plus, testing helps you learn how to actually implement recovery following a data loss. If a backup test fails, you can take the steps needed to ensure you don’t actually lose valuable information. Otherwise, you’re throwing money at storage space and backup services that are no help, and you’ll find out too late.

Regular monitoring helps you keep track of any software or hardware changes that may have an impact on data backups. Via testing, you might also learn some staff members are storing data somewhere that isn’t being backed up, and you can now intervene with those employees or extend your backup protocols to prevent that data getting lost.

Scheduling data backup tests can also help you to identify a misconfiguration in the backup software or ways in which you’re not adequately addressing your backup needs. For instance, you might not have set up a complete backup in the first place. This might mean you’re backing up the data but not the settings. Most backup software will send error messages if there was an issue backing up. Still, they’re easy for an overworked IT team to miss.

Actively testing backups allows the business to confirm fallback data accuracy and effectiveness. Additionally, you’ll be able to gauge:

  • how long it takes to perform the backup;
  • any issues that arise during recovery;
  • what steps need to be taken to address those problems.

All of this is something you want to consider proactively. Some people say they work best under pressure, but most of us think more clearly and perform better if not in the midst of a data catastrophe.

A managed service provider can help your business with data backup and recovery testing. Our IT experts can monitor for failures and make any changes needed to get the backup running properly again. You’ll be glad you did recovery testing in advance when things run smoother and quicker in the midst of your disaster recovery.

Give us a call at (515)422-1995 to correct your backups, make sure they are working the way you want to, and set up regular backup restore tests.

Protect Your Home from Technology Fire Risk

by

You love your technology and probably have a lot of it at home. You might not think of computers, smartphones, printers, or routers as a fire risk, but they can do real damage.

Microwaves, laundry machines, and air conditioners are the top sources of residential fires, but computer equipment is also responsible for fires that injure and kill homeowners.

So, what should you do? Keep in mind that your technology generates heat when it’s switched on; that’s why it’s designed with venting. But desktops, laptops, routers, modems, and printers can all overheat.

Desktop computers have fans to push out the air, but they can get clogged with dust or blocked. Often, we’ll see computers pushed up again a wall, covered with papers, or kept in a small alcove that gets no airflow.

Laptops can also overheat. People often sit with their laptops literally on their lap, or on a blanket or pillow. If you’re blocking the device’s exhaust port, the laptop can’t cool down.

Air also needs to get into the device to cool it, but that won’t happen properly if dust or pet hair clogs the vents. Your precious technology could overheat and cause a fire or stop functioning effectively because it has to work harder all the time.

Other Tech-Related Fire Threats

A rat’s nest of cables represents a fire risk. You should always try to avoid overloading your circuits with too much electrical load. You can also upgrade your electrical wiring and go with heavy-duty extension cords.

Charging cords and overheated batteries are another issue. You’ve probably heard of airlines banning certain smartphones because they have been known to spontaneously combust.

You can prevent charger and battery damage by choosing brand-name items. Third-party chargers for phones, tablets, and laptops can save money, but they are cheaper because they lack safety features. If your charger sets your room on fire, your cost savings go up in flames.

You might also think about getting an uninterruptible power supply (UPS). This battery backup supplies power if your regular power source fails. It can also prevent power surges and allow for safe shutdown of connected equipment.

Finally, plan to get your computer cleaned annually. You might do this yourself, but many people prefer to hire computer tech help.

Whether its computer cleaning, or setting up safe wiring or a UPS, we can help protect your home. Contact us at (515)422-1995 today about fireproofing your technology!

How to Avoid Online Job Search Scams

by

Cybercrooks are disturbing people. Consider job-search scams. With the world economy reeling, bad actors are capitalizing on people’s desperation. They’re targeting those looking for work. There are steps you can take to filter out illegitimate opportunities.

Cybercriminals like to be timely. Plus, appealing to people’s emotions improves their success rate, so it’s not that surprising that there’s been an uptick in job-listing scams in 2020.

Avoid Job Search Scams Online

The bad guys are betting people will be less cautious when they see an attractive job offer. Don’t be their victim. Take these steps instead.

Read the job description carefully

This means:

  • Looking for grammatical or spelling errors. As with other cyberscams, someone who is not a native speaker of the posting’s language may write the listing.
  • Being wary of phrases designed to communicate urgency or a too-good-to-be-true offer. You wouldn’t expect to see “quick earning potential” or “unlimited money” in a legit posting.
  • Search for specificity. A legitimate listing will list job responsibilities and industry credentials. Someone faking it is less likely to be able to use the industry vocabulary.

Be wary of instant hiring

No matter the industry, few positions are filled immediately. You should expect the recruiting process to take time. If you are being pressured to take hiring steps urgently, that should be a red flag. Get an email congratulating you on earning the position before you’ve met with anyone? Proceed with caution.

Question modes of communication

Job scammers will rely on online chat interviews and email. If you don’t speak in person with someone, it will be more difficult for you to confirm legitimacy. With emails, read the return address carefully. A scam job might use a close approximation to a big brand to add credibility. (You have to look closely to distinguish between nationalbank.com and nationlbank.com.)

A good strategy is to search the company’s website for a job listing. If you don’t see the role you’re interested in posted, investigate further.

Don’t pay for a job opportunity

Don’t pay an upfront fee for a background check, uniform, or some other testing or training. Don’t provide any of your private personal information at the outset either. Don’t send tax or banking details before a formal offer of employment. Even then, be aware that some scammers take it from start to finish, including interview and job offer.

Trust your instincts

If the job sounds amazing, and you can’t believe how perfect it is, scrutinize the posting. A listing posting an exorbitant fee for easy work or telling you about the stupendous success of another candidate is likely a fraud. Confirm standard job expectations and salary with an online search of career listings.

Falling prey to a job or other cyberfraud can leave you vulnerable to more than disappointment. Victims report loss of money, identity theft, or computer hacking, and more. An IT expert can help with security patches and system upgrades to keep your devices and network safe.

Handle with Care: Sending Data Securely

by

In our digital economy, we send and receive information quickly online. The Internet offers immediate communication with colleagues, clients, vendors, and other strategic partners. Yet we shouldn’t prioritize convenience over data security.

What data do you send in a day’s worth of emails? Sensitive data you send might include:

  • personally identifiable information (PII);
  • credit card or payment card information;
  • attorney–client privileged information;
  • IT security information;
  • protected health information;
  • human subject research;
  • loan or job application data;
  • proprietary business knowledge.

The problem is people sending without thinking about the security of the transmission. One way to gauge the need for security is to consider how you might send that same information via the postal service. Would you put that data on a postcard that anyone could read? Or would you send a sealed, certified mailing and require the recipient’s signature?

Transmitting data on the Internet in plain text is like the postcard – anyone can read the information. And before you think that no one can actually see your data in transit, think about where you are sending from. Your office network may be password protected and secure, but what if someone waiting for their coffee at Starbucks opens the message using the free Wi-Fi network?

Anyone can intercept communications on open networks with the right tools. This type of cyberattack is common enough to merit its own name: a “man-in-the-middle” attack.

So, how can you stay safe when sending sensitive data?

Embrace encryption. Encrypting the data is like sending that sensitive information in a locked box. Encryption encodes the information to add a level of security. If encrypted data is intercepted, the scrambled data is unreadable by unauthorized users. Only a user with the correct decryption key can access the text.

Encryption also provides additional confirmation that the information is coming from a reliable source.

Your business should also require Secure File Transfer Protocol (SFTP) for sending and receiving large or numerous digital files. You may have heard of FTP, but this file transfer protocol is not encrypted. SFTP is the secure version of FTP, as it encrypts the files in transit. If a nefarious entity does intercept the files, it won’t be able to read them without the decryption key.

Specifically, encourage your employees to:

  • use encrypted email only (common providers such as Gmail and Outlook support it; others require third-party apps or services);
  • encrypt files before sending to the cloud (in case accounts are breached or services hacked);
  • never open business communications on unsecured Wi-Fi networks;
  • keep good track of laptops and other portable devices and use drive encryption in case – with encryption, a lost laptop or stolen thumb drive is more secure, and criminals will have a difficult time stealing sensitive information, too;
  • control data access – grant permission to view, edit, or send files with sensitive information only to users who need that data for their jobs.

Managed service providers help your business decrypt how to send its sensitive information. Turn to experts in cloud services and IT security to learn how to securely send and receive data.

Contact us today at (515)422-1995!

How to Destroy Data Properly

by

When we accidentally delete something, it feels like the end of the world. If a client file or new presentation is deleted, you may have to start again. Oh no! Yet deleting files is not as permanent as you may think. When it comes to destroying data properly, you’ll want to take a more thorough approach.

Deleting items, or “trashing” them, doesn’t permanently remove them from computer memory. While the data is still stored on your device’s hard disk, it’s possible someone could restore that deleted data.

Data does reach a point at which it’s no longer useful, and you are no longer required to maintain it. Nevertheless, it may still be valuable to cybercriminals. Bad actors can use names, addresses, credit card numbers, banking accounts, or health data. You need a policy to destroy paper records, magnetic media, hard drives, and any storage media.

Your obligation to protect customer and staff information extends to properly destroying all identifying data. Installing a new operating system isn’t going to do it. Encryption doesn’t do the job if the cybercriminal can figure out the password.

Some industries require you to prove you have correctly destroyed all data. Even if you have no compliance standards to meet, carefully dispose of any computer-related device. Whenever you are recycling, discarding, or donating an old computer, disk drive, USB stick, or mobile device, make sure the data is already properly deleted or destroyed. Otherwise, criminals could get their hands on confidential business information.

Fully, Safely Destroying Your Data

So, what do we mean by “properly” destroyed? You know about shredding paper documents. You can actually do the same with some devices. You might send the computer or device to a company with a mega-shredder. When compliance matters, keep a record of the chain of custody of the data throughout the process.

Overwriting the data, often called zeroing, is another solution. No data is properly deleted until it’s written over – that’s where the information is hidden under layers of nonsensical data and cannot be retrieved through disk or file recovery utilities. Think of this as writing three new books over the top of the pages of an erased book rather than just ripping the pages out.

With magnetic devices, you can neutralize the magnetism (degaussing) to break down the data. This scrambles up the data beyond recovery. A strong degausser will turn the device into a shiny metallic paper weight. An ultraviolet erase could be necessary for some erasable programmable memory. You might also need to perform a full chip erase.

If you’re really committed to destroying data, physically destroy the device. There’s the shredding solution, or you might actually pay to have the device smelted or pulverized.

Other Components to Destroy with Data

Don’t forget proper disposal of printers, too. Run several pages of unimportant information (maybe a font test) before destroying a laser p6rinter. With an impact printer (if you still have one!), you’d want to destroy all ribbons, too.

One last element you might think about? Business monitors. You’ve probably seen a computer screen with information burned onto it. Before donating or recycling a monitor, inspect the screen surface and destroy the cathode ray tube.

Now, that’s what we call being thorough about properly destroying data. Need help with proper disposal of computer data or equipment?

We can help. Contact our experts today at (515)422-1995!

Click to see our BBB Report

FOLLOW US

VISIT US