5 Tech Travel Tips You Can Use

by

Traveling soon? For most people, this also means making sure your tech is packed and ready for the adventure. Smartphones, ebook readers, tablets, laptops and smartwatches are now so light and portable that you’d never think of leaving them behind, plus they can add a ton of value your experience.

Here are a few tips to consider before you hit the road.

1. Backup to the cloud

While you’re jet-setting around, relaxing on a beach or hiking your way to freedom, your tech is always going to be exposed to a level of risk. This might range from accidentally leaving your laptop at a cafe to having it stolen from your bag, but either way the problem is the same – your data is now gone. If you’ve backed up your devices to the cloud (eg Evernote, Microsoft OneNote or Google Drive) you’ll be able to access your files easily and securely from anywhere.

Hot tip: Scan or save important documents like itineraries and passports to the cloud.

2. Pack the right cables

Begging random strangers for a loan of their cable isn’t much fun, so remember to bring the exact cables and chargers you’ll need. Most smartphones and tablets use universal plugs like Micro USB, USB C or Apple Lightning, so you can get away with only packing one cable. Many locations now offer powered USB ports but be wary of what you plug your device into. It is possible for a hacker to set up a malicious charger that can try to infect your device when plugged in. It is best to bring and use your own chargers.  If you’re traveling overseas and the socket is different, remember to pack a plug converter, and depending on your destination, you might even find the voltage is different. It’s a good idea to check whether you also need a voltage converter before you try and charge.

3. Download offline data

It’s no secret that global roaming can give nasty bill shocks. The easy access data you normally use over Wi-Fi or get included in your cell plan has us all accustomed to being connected. While traveling, you might find yourself in a location where data costs a fortune or it’s not available at all. Download any files you might need, including important documents like itineraries and bookings, and offline maps so that you can access them even without a connection.

4. Update and scan

Just like you’d make sure you’ve got the right vaccinations and travel gear, make sure your tech is ready to travel too. Set aside a few minutes to run updates for your operating systems and apps, as well as your anti-virus. Go one step further and run a manual anti-virus scan too. The last thing you want to deal with one your trip is a cyber attack! While you’re doing your pro-active thing, turn on PIN or password protection for all devices so that only you can unlock them.

Hot tip: Use make sure your devices are encrypted so if you do lose them, the thieves have no access to sensitive data.

5. Mark your territory

Almost exactly the way it sounds, let everyone know this tech belongs to you. Write your cell number on portable devices in case you get separated so whoever finds it can give you a quick call and save the day. Don’t want to use permanent marker on your shiny tech? Grab some sticky labels you can peel off when you get home.

You can also get little Bluetooth tracking tags to stick to your gear, so that if you ever lose something you can chase it down. Similarly, you might like to consider enabling the ‘find my feature on Apple devices. Having this feature switched on also means you can disable your device remotely, an excellent security option if it’s been stolen.

Need help preparing your tech for travel? Give us a call at 515-422-1995

Should You Pay for a Ransomware Attack?

by

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone.

Personally, I don’t recommend paying a ransom. It encourages the criminals to keep doing what they are doing. However, as a small business owner, I could definitely see the desire to pay the ransom, get my files back, and make this all go away. I am adamant with all of my clients to have a good offsite backup just as we do. Not all have chosen to go that direction, but hopefully, you do, as it is just a matter of time before it is needed. Now, should you pay the baddies? Here’s what to consider.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable cryptocurrency, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date, or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?

More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Why Your Business Needs Unified Threat Management

by

Sounds scary, doesn’t it? Almost like a swat team dressed in black is going to swing in and start yelling orders. While just as effective at disabling the bad guys, Unified Threat Management (UTM) is a special kind of IT solution focused on proactive protection. Consider it more like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.

With the increasing number of connected devices in your business network and the different ways your employees now connect, it’s more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here, and exactly what they can do for your business.

Robust Firewall

Put simply, a firewall keeps an eye on all the data coming in and out, looking for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall as an aging rent-a-cop with a flimsy baton, while the UTM is an ex-special forces soldier with a 10th-degree black belt in judo and a very large gun. It exists solely to make sure the data entering your network is safe, that it’s not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.

Anti-virus Where it Matters

With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door. It’s the first layer of defense that doesn’t allow malware to even make it through to your employees, so the risk is reduced. Clearly that’s the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.

Spam Blocking for On-Premise Mail Servers

Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware is released into the network to wreak havoc. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with, or even seem to be from other employees.

If you have an on-premise mail server, your UTM is going to be able to mitigate these threats. It strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.

Your employees never see the attack, so they can’t accidentally fall for it. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.

Web Content Filtering

In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via these websites. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to productivity vampires like Facebook or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.

You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.

Why Periodic Security Assessments Should Be Your New Normal

by

By now you know that building up your cyber security is just as important as building up your cash flow. Both are essential to your success, but while most businesses keep an eye on the financials, they tend to think cybersecurity is something they can set and forget.

Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today. Instead of reacting to breaches and taking on the costs of downtime, lost files, and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these problems, you’re able to proactively set up adequate protection before cybercriminals strike. It’s best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that would otherwise be missed.

Regulations change – Are you affected?

Many businesses are kept to strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. HIPAA is a great example of this. While it has always been required of covered entities, most doctors have regarded it as optional for some reason. Well, in the last year or so the HHS has stepped up their efforts maintain compliance with random audits. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you’re safe.

Security patches and updates are vital

It’s so easy to fall behind on your security patches, after all, it seems like there’s a new update every week and each one takes precious time to apply. What we’re seeing though, is that cybercriminals are targeting any business running late, and it’s basically easy pickings for them. If you’re unpatched where it counts, it’s like inviting them in. It is highly recommended to have a patch management plan in place to automatically take care of these updates. If there’s an issue that’s placing you at risk now, impacted you in the past, or will in the future, the bad guys will eventually find it.

Viruses are always evolving

Just like the human variety, computer viruses are nothing to welcome into your workplace. They’re constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include checking that you have the latest anti-virus, it includes identifying where you’ve had the most breach attempts and where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed

As your business has grown over the years (or shorter if you’ve experienced a recent surge), your entire setup has changed. More employees, expanded remote access, additional vendors, supplementary locations…the list really is endless. With each change has come a new risk, particularly if your security has been growing around you. It might be that your password policies haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. An expert will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.

What to do with your assessment results

While many experts might present you with a long list of problems and leave you feeling overwhelmed, a good assessment and workplan ensure you have a benchmark for progress. You’ll know exactly what you need to do, and perhaps most importantly, which actions take priority. Moving ahead, future security investments will be smarter as you focus on the high-payoff areas. You’ll also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

The True & Unexpected Costs of Being Hacked

by

There are the normal costs everyone associates with a breach, like getting your own server and computers fixed up, with maybe a little downtime. But really, most businesses view the possibility of getting hacked as more of an inconvenience than a bottom-line cost. For those who’ve come out the other side though, it’s a very different story. They know the hidden and ongoing costs of a data breach can be crippling, and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close after a cyber-attack. Here are a few of the hard, but common realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack gets into your system, things get expensive, and the longer the attack goes, the more it costs. Latest stats reveal most breaches aren’t identified for around 191 days, then it can take on average another 66 days to contain the damage. During this time you’re cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fee for experts to fix everything up, all the new tools and software they insist you have, and all the hours/days/weeks when your business is struggling with downtime, you’ll exhaust your emergency funds very quickly.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. Having any medical data or legal files leak is a particularly messy scenario with fines coming from multiple sources. In any case, new privacy laws mean businesses are liable for massive fines if they don’t disclose a data breach, even if only email addresses were stolen. Where this gets even trickier is that the burden is on your business to know exactly what data has been stolen/illegally accessed, so you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you still need to hire an expert who can identify exactly what the hackers took, from where and when.

Customer retention measures

In a double-down crush to your bottom line, not only does your business have to bear the cost of the hack, your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to engage PR experts, spend more on advertising, and go all out to ensure they survive to fight another day. Even so, your breach disclosure will still come up in search results for many years. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have Pentagon level secrets to protect, your business does have information that you’d like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. Think Coca Cola recipe, Big Mac Secret Sauce or 11 Herbs & Spices…While those corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret. It may not be a secret recipe, but your proprietary methods and databases have a black-market value all of their own.

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. That means no need to raid other department budgets in a panic, pay crippling fines, make embarrassing public announcements, or fight to retain your competitive edge.

We can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians can build a virtual fortress around your business that keeps the bad guys out while letting you thrive, and even monitor security with early warning systems. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe while keeping your IT costs low.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

by

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments. Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

3 Essential Steps Before You Fire an Employee

by

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless it’s a responsibility every business owner must face at some point. While your accounts team will no doubt be on top of stopping their paychecks, it’s important to take the same proactive stance to strip their system access.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage hand-over to their replacement so your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion. While you’ll have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Set your business up for success

There are many different ways to set up your business in terms of technology, but there is also a right way. Certain considerations need to be made when choosing how your employees interact with your data and systems. Access to important information should NOT be dependant on one certain person and that only they may know. For instance, are they using company provided computers or their own? They may not let you get your data off a personal computer if they leave on bad terms. Or, are they allowed to put e-mail on their phone, and if so how can that be removed if the device is not available to access? Also, something as simple as accessing a vendor account (ie Staples, Amazon, Mediacom, or Centurylink) after they have left can be very difficult if your employee was using a personal e-mail address. Have a plan and policies in place to prevent these sorts of problems and the departure of an employee will MUCH easier and less damaging to the company.

Have a plan ready

I know from experience, a termination can happen at the worst times. Then, you are scrambling to try to remember what needs to be done in what order…all while trying to handle the daily business of that employee plus your own. You need to have a termination plan figured out and ready. How do you change passwords? What services do you need to stop first? Do they have a personal device that you need to remove company e-mail from? All of this needs to be written out in a document that you can use to handle the situation quickly and efficiently, without missing a step in the heat of the moment.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented the entire business on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed. A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps.

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee is fired, if at all. Unfortunately, this is the one type of delay your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially as they leave to start their own business or work for a competitor. It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change passwords fast – even before your employee knows they’re fired. This lessens the chance of revenge attacks and opportunistic access. Also, make sure that accounts are set up with recovery addresses that you control. I have seen very important vendor accounts locked after the employee left, even though the password was changed because the employee had their personal e-mail address as the password recovery address.

Use a password manager

If you have good password manager like LastPass, reducing your risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text. Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they’re fired, you can use the dashboard to see who is having access to what and add/revoke at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

3 Internet Habits To Keep Kids Smart and Safe

by

How can you make the internet a safer place for your children? It’s a common concern as all parents want their kids to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones as they stare delightedly at the NickJr or PBSKids site, but the risks increase greatly as kids get older and more independent. As a father of three boys, I have had to start thinking about this very concern. Hopefully, this post will help others in keeping their little ones safe online.

You’ve probably heard the term ‘cyber safety’ before, but safe internet usage goes beyond reminding them not to talk to strangers. With the evolution of the internet and the way it’s now woven seamlessly into our lives, the focus needs to be on ingrained habits. That means ensuring your children have the tools and predefined responses to online events so that no matter what happens, they’re not placing themselves (or your family) at risk. I’ll start with a few general ideas and concepts to teach and then finish with some actual methods to help protect your kids and computers.

Downloads are a no-go

Most kids can’t tell the difference between a legitimate download and a scam/malicious link. It’s not their fault, the online world is full of things that will trick even the savviest adult. The difference is that kids tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to. They want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ – purely so it goes away. Unfortunately, that single ‘yes’ may have just opened the doors to malware and viruses that will ruin their computer. Set a family rule that they need to ask permission for all downloads (and an adult will check it first), and to never click a popup. When you’re called over to give download permission or check a popup, talk through exactly what you’re checking and why. As your child matures, get them involved in this process so their safe habits extend outside the home.

Critical thinking is a must

Most youngsters think the internet is a magical place and can’t imagine their life without it. To them, the internet is on the same level as oxygen! With that acceptance though, comes unwavering trust that the internet would never lie to them, never trick them and never hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust. The best way to keep kids safe is to teach them to approach every aspect of the internet with critical thinking. That includes teaching them to question the motives of other people online. Is that person really a kid? What do they really want? Unfortunately, all kids do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and come straight to you.

The internet is forever

Kids have an overwhelming drive to contribute to the internet, they don’t think twice about recording a video, jumping in a chat room or onto social media. The world really is their playground! But what they don’t understand until they’ve been burned, is that anything they upload, write or say is on the internet forever. Even if they delete it or use a platform where content self-erases, someone can still screenshot and send it right back out. Many cyber-bullying cases are based on this exact type of blow-back. Once your kids know that everything they post is permanent, they’ll be more likely to pause and think.

OK, now that we have identified the dangers, how can you actually help prevent this from happening? No matter how much you tell your kids not to click on a link, I know from experience that they aren’t always going to listen! While there are some things we can’t prevent, there are still steps we can take to help.

Lock it down!

There is a hard rule when it comes to the relationship between security and convenience. The more you have of one, the less you have of the other. Most modern systems try their best to strike a balance between the two but often err on the side on convenience. Take Microsoft Windows for example. After 15 years of historically being the LEAST secure operating system, it still defaults to your user account having full administrative permissions! This means that you can install any program and change any setting with only the click of the ‘OK’ button. Kids aren’t going to know what this means, they are going to click OK…and now you have a virus. What can you do about this?

  • Make a new Windows account for your kids that does NOT have administrator rights. Then, put a password on your account that they don’t know. Now, whenever they are prompted to install something or change a setting they will be unable to continue without you typing in the password. Of course, this means that you need to not leave your computer unlocked all of the time. So, turn the screensaver on and make it require a password on wake. This way, your kids can instead log into their account and do what they need to do.
  • Install a parental control application. There are a plethora of parental control programs out there that claim to keep your kids safe. And for the most part, they do effectively keep the kids out of things they shouldn’t be in. However, don’t for a second think that there aren’t instructions on how to bypass that program freely available online! Use these as a stopgap, but don’t put all of your trust into them. NOTE: I have limited experience with these applications, so I can’t really vouch for one. They all come with their benefits and drawbacks so make sure to try it before buying.
  • Get rid of Windows. What I have done with my boys is eliminate the whole risk of Windows to begin with. Instead, I purchased inexpensive Chromebooks for each of them. These allow fully compatible access to the internet (which is filtered as I will cover soon) but have no vulnerabilities to infections. They are cheap, durable, and last forever on battery. Also, they are familiar to children because most schools have Chromebooks in the classrooms these days. They can’t run Windows apps, but to be honest that doesn’t really matter as pretty much everything they do these days is online or available as a Chrome App.

OK, but what about porn?

No longer do kids have to scrummage through the basement for their dad’s box of playboys. A simple Google image search can turn up stuff that no kid should be exposed to. What do we do about this? Well, nothing is perfect, but by far the most effective thing I have found is to use a maintained filtering service on your entire home network. This way, even if your child is using a device that does not have parental control software they are protected. The one I use at home is OpenDNS.

The free home version does take a little setting up, but once in place, it allows you to selectively block any of 58 categories of content. It also can help protect against malware, botnets, and phishing attacks all for free! If this setup is a little past your pay grade, we can do this for you or you can utilize the ‘Family Shield’ version of the service which is preconfigured to block adult content. All you need to do is set your main router’s DNS to 208.67.222.123 and 208.67.220.123. Click the previous link for instructions.

That all being said it is possible to override OpenDNS or any other filter if you know what you are doing. A mobile device on cellular data or just at a friends house will still allow them to visit any site. But, these methods should suffice for the younger kids.

Why Spam is a Small Business Nightmare

by

15 years after the world united to crack down on spam emails, we’re still struggling with overloaded inboxes. All that unwanted email continues to flood the internet, much of it targeted to small businesses, and the impact goes wider than you might think. Here’s the full breakdown of how modern spam works and how it’s hurting your business.

What is spam? Generally speaking, spam is any unwanted message that lands in your email, comes via text, social media messaging, or other communication platforms. It might be sent to your main business account, eg your ‘contact us’ email, or directly to your employees. Most of the time, spam is annoying but relatively innocent messages from another business inviting you to buy/do/see something. They’re newsletters (!), reminders, invitations, sales pitches, etc. You may know the sender and have a previous relationship with them, or they might be a complete stranger. Occasionally, spam may even be part of a cyber attack.

Why you’re getting spammed. Maybe you or your employee signed up for a newsletter or bought a $1 raffle ticket to win a car. Perhaps you got onto the mailing list accidentally after enquiring about a product, not knowing that simply getting a brochure sent through would trigger a spam-avalanche. Often there’s fine print that says they’ll not only use your details to send you their marketing, but they’ll share your details with 3rd parties so they can send you messages too. That single email address can be passed around the internet like wildfire, and before you know it, you’re buried under spam. Sometimes, and more than we’d like to think, your details are found illicitly, perhaps through a hacked website for example, like the recent LinkedIn or Yahoo leak. More often though, your email is simply collected by a computer ‘scraping’ the internet – scouring forums and websites for plain text or linked emails and selling them as prime spam targets. It’s easy to see how individual office employees receive an average of 120 emails daily, over half of which are spam!

More than annoying. We all know spam is annoying, but did you know it’s also resource hungry? Your employees are spending hours each week sorting their email, assessing each one for relevance and deleting the spam. Too often, legitimate emails from clients and customers get caught up and are accidentally deleted. Add in the temptation to read the more interesting spam emails and productivity drops to zero. On the other side of the business, your email server might be dedicating storage and processing power to spam emails, occasionally to the point where inboxes get full and real mail is bouncing out. While most spam is simply an unwanted newsletter or sale notice, there’s also the risk that any links may be a cyber-attack in disguise. After all, one click is all it takes to open the door to viruses, ransomware, phishing or other security emergencies.

Spam is a HUGE vector for Infections. Past being just annoying and wasting your time, e-mail spam has become a very effective vector for spreading malware or otherwise stealing information. You may be aware that you shouldn’t open unsolicited attachments, but that is not the only way to cause problems. Lately, I have seen a lot of messages that contain no malware, and don’t even link to a virus. This way, they can’t even be caught by spam or virus scanners. What they do however is take you to a fake login site like Facebook or Google that then asks for your credentials to log in and see a shared document…These can look very convincing but DON’T FALL FOR IT!

How to stop the spam. The 2003 Can Spam Act (a global set of anti-spam laws) requires all marketers to follow certain rules, like not adding people to mailing lists without permission, and always including an ‘unsubscribe’ link. So firstly, make sure you’re not accidentally giving people permission to email you – check the fine print or privacy policy when you sign up for a service. Next, look for the unsubscribe link at the bottom of the email. If the message is from a reputable company (Amazon, Facebook, Little Dog Tech…), it is best to use this unsubscribe link rather than mark it as spam. Unfortunately, not all of them include the link, or they hide it somewhere impossible to see. In that case, mark it as spam! I practice this daily and as a result only 1 or 2 spam messages a day.

Some other advice for avoiding spam:

  • Business e-mail should NOT be a free service such as Hotmail, Yahoo, AOL, or even Google. Not only are they not as secure as most businesses need, those are known domains and regularly attacked and spammed. If you set up a custom domain (like littledogtech.com), you are instantly creating an address that is completely unknown and new. Spammers can’t send mail to a domain they don’t know about! Setting up a custom domain is not as hard or expensive as it used to be.
  • Once you have that custom domain, format your business e-mail addresses to NOT have common names like ‘admin’ or ‘sales’ or ‘support’. These are easily guessed and added to lists. Also, include more than just the first name of your employees to make the address harder to guess. Use Robert.Johnson@company.com rather than bob@company.com.
  • Utilize a 3rd party mail filtering service to scan and categorize all mail for viruses or spammy content BEFORE it reaches your inbox. These systems can also filter out potential phishing messages by recognizing that something that may look like it is coming from a co-worker is not. Our clients that are on such a system enjoy GREATLY reduced spam in their inbox.

How to Stay Safe from Scams and Malware on Facebook

by

At last count, Facebook has clocked up over 2.7 billion users, which makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing daily. Here’s how to stay safe on Facebook and stop the spread.

Look out for freebies and surveys

Everybody loves a freebie and for the most part the competition posts on Facebook are legitimate. On the flip side though, when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Do this quick survey and we’ll send you a $50 Amazon Voucher!’ – it’s too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every stop and at the end, you’re asked to share the post so your friends can get a voucher too…except nobody ever gets the reward.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give permissions for it to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you’re giving, you’ll often find they’re asking for a massive amount of personal data; public profile, friend list, email address, birthday and newsfeed. Do they really need ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission.

Don’t friend people you don’t know

Having lots of friends is always nice, but that friend accept could end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them intimate access to your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.

If it’s weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and so on. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Talk to us. Call us at 515-422-1995

Click to see our BBB Report

VISIT US