How to Spot Email Spoofing

by

The number of emails we get daily can be overwhelming. We could be excused for not looking at them all closely – well, almost. Except that not taking care to review emails for signs of spoofing could be a real risk to your business. Learn about email spoofing and how to avoid it in this article.

First, what is email spoofing? Don’t confuse this with the foreign prince’s plea for money. Email spoofing is much more nuanced; it’s still a cyber bad guy at work. They try to get you to download malware, enter personal credentials, or give money. Yet now they are mimicking a reputable company or source of an email. The email will, at a hurried glance, appear to be legitimate, and that’s how it works. The spoofer takes advantage of our lack of attention to accomplish their aim.

With email spoofing, the scammer tries to trick you into thinking they are a source you recognize. This might be a supervisor, a colleague, a vendor, or some other entity you work with regularly. Their goal is to get you to take an action you would not otherwise do.

The email will usually look convincing. The would-be attacker will duplicate design elements and mimic the sender’s style. So, you need to be aware.

How to Identify Email Spoofing

There are several signs to look for to identify a spoof email. First, you’ll want to check the email header information. This is a good place to look for tracking information about the message.

To view headers:

  • In Gmail, open the email you want to check headers for. Next to Reply, click the three dots and choose “Show Original”.
  • In Apple Mail, open the email you want to see headers for, and click View > Message > All Headers.
  • In Outlook, open the email you want to check, and then click File > Properties.

Check to see:

  • if the “from” email address matches the name of the person displayed as the sender;
  • that the “reply-to” address is the same as the sender or the site that the email purports to be from;
  • that the “return-path” is the same as the reply-to – you don’t want to think you are replying to “John Doe” when your response will go to “Scammy McScammer”.

The email header is a good starting point, but you’ll also want to ask yourself about the content of the message. If you weren’t expecting a message from that individual or organization, think twice. Also, look out for spelling or grammatical errors. A difficult-to-read message could indicate an unsolicited email from someone with a limited grasp of English.

If the email is pressuring you to act quickly or making an emotional plea for you to do something, be wary. Scammers often rely on urgency or our desire to help. That’s how they trick people into clicking on links or open attachments.

Better Safe Than Sorry

If you aren’t sure about an email’s legitimacy, slow down. Before you act, go to your contact list and send a direct message to that sender’s address to confirm the request. Or call the sender or company the sender apparently represents to verify that the email is a real one.

A managed service provider (MSP) can help you better manage email safety. Ask our IT experts to help set up email filtering and monitoring to avoid malware infection. Learn more today at (515)422-1995!

3 Reasons to Avoid Signing in With Facebook or Google Accounts

by

Nine out of ten times today when you visit a website you’re asked to sign in. To add convenience, many sites offer the ability to sign in using a Facebook or Google account. Sure, it’s simpler, but this article will share three key reasons why you might want to avoid this easy route.

It’s estimated that we each have an average of 100 passwords. That’s a lot to remember, especially as we need unique logins for every site to lower our risk of cyberattack.

At the same time, every website wants us to set up an account. It helps them get to know their users. This can help them to target marketing and product development efforts. They might also share the information with third parties as another source of income.

Still, the website wants to keep its users coming back, so they allow you to sign in with Google or Facebook accounts to streamline the process. Weigh the value of that added convenience against these three considerations.

#1 Youre giving away more data

By using Google or Facebook to sign in on other websites, you are giving the sites greater access to information about you. Now, they not only know what you do on their sites, but you’re also allowing them to build out their picture of you with data insights from the shared sites.

Google and Facebook have powerful tools to dig deeper into your online activity, and other websites can also extract data from your Facebook and Google accounts. If you don’t read the privacy policies, you may not know what sensitive data the platforms share.

#2 You could lose access

You may join those who are deciding to quit Facebook or leave Google in favor of another platform. If you do so, and you have used that account to access other sites, you’ll have to create new logins.

Even if you’re not ever going to do away with your Facebook or Google account, you could still lose access. If there’s a major outage at one of those two sites, you won’t be able to log in at any of your connected sites either. The other websites won’t be able to authenticate you until Facebook or Google is back up and running.

#3 Your attack surface gets bigger

If you have one, unique login credential for a website, you risk your data there only if that site gets hacked. However, if you use Facebook or Google login, and bad actors compromise that account, they can access any shared sites.

Think of it like dominos. The Facebook or Google account is the first to fall, but all those other accounts you “conveniently” login to using those credentials will come tumbling down soon after. Don’t think the attacker won’t bother looking for other connected accounts. All they have to do, once they breach one account is go into your settings to see what you have connected.

Social media accounts are also a prime target. Don’t believe us? Bet you’ve seen a post from a Facebook friend (or ten) telling you to ignore strange activity due to a hacked account.

Protect your online identity

Account compromise is a top cause of data breaches worldwide. Protect your online identity by following best practices for cyber hygiene.

Need help with password security? Our IT experts can set you up with a password manager or provide other online security help. Contact us today at (515)422-1995!

How to Safely Retire Old Devices

by

It’s inevitable that we’ll retire old devices to upgrade to the latest and greatest. A new laptop, desktop, or phone is exciting. Yet, before you get too distracted by your shiny, new device, take the time to safely retire the old one.

When buying the new device you may take trade-in value. Otherwise, you may let that old iPad sit in your drawer for another couple of years. Either way, it’s important to take some key steps to protect the data on that old device before moving on.

Backup the old device

Most devices today have a backup feature installed. Be sure to use it before you retire an old smartphone or tablet. This ensures you’ll have continued access to your photos, texts, and contacts. Settings and apps are typically automatically backed up for download to a new device.

When retiring a computer or storage device, backups protect against critical information loss. You may also need evidence of device decommissioning to meet regulatory requirements.

Reconfigure your 2FA

Two-factor authentication (2FA) protects you in case someone gains access to your password. Typically, this is an email or text notification sent to your phone. You might also have a 2FA code generator on your phone to strengthen your security. Either way, you’ll need to set up a fresh 2FA app on the new device or you risk getting locked out of all your accounts.

Wipe the old device

Whether you decide to sell the device or not, you still want to secure your data by wiping that device clean. Deleting a file is not enough. Even if you go to the recycling or trash bin of the device and delete the item “permanently,” that’s not enough. Reinstalling the operating system is not enough either.

You need to actually overwrite the data so that it cannot be recovered. Otherwise, hackers with use software to search the drive for sensitive information.

Know where your old devices are

Don’t get sloppy with your old devices. You could leave a treasure trove of data available if that device gets lost or stolen. You’re less likely to notice the device is gone if you put it up on that shelf in the office supply closet. So, be sure to put any old devices, already wiped, in a safe place.

Consider destroying your hard drives

When it comes to securing old hard drives, many businesses will actually destroy them. This means literally breaking them down so that data is almost impossible to recover. Destroying the hard drive renders the hardware completely unusable or repairable.

Let a pro help

When you’re upgrading to new devices, get an IT expert to help. We can migrate all your necessary information to the new device and securely destroy data on the old one. Contact us today at (515)422-1995!

Computer Down? You Need it Now. Now What?

by

Ever met someone who responds to computer downtime with applause or relief? Neither have we. When a computer goes down, the individual inevitably needs it fixed fast. Yet, depending on your repair model, it could take longer than you hope. This article compares break-fix to managed services.

The break-fix model is a short-term one. Maybe you have someone you turn to on a consistent basis, but you may still have to wait. If you’re calling for help when it’s needed (and let’s hope it’s not that often), that IT repair guy might not be available. If they’re backed up, you’re going to be waiting.

If you don’t have someone you’ve used before, you’ll need to ask around. Look at reviews to find someone with expertise with your apps, services, or network. Then, you’ll probably need to make many calls until you find someone who can come out now.

But does their immediate availability mean they’re reliable? Bringing in external IT support means trusting someone else with your computer, which often entails letting them know your passwords. A business has good reason to be wary of giving that kind of access to someone they are hiring on a one-off basis.

On the other hand, the managed services model is a long-term one. When you work with a managed service provider (MSP), they get to know your setup and business needs. Yes, in the event of computer downtime their focus is on getting you up and running now, but they will pursue approaches that fit your specific overall objectives.

Why MSPs Make More Sense

In fact, your computer may not have suffered the downtime in the first place. After all, the MSP’s focus is on avoiding any technology disruptions. One of their jobs is to proactively monitor your systems. They want to help identify any issues before they happen.

If something does go wrong, your business has the peace of mind of knowing:

  • You are a priority customer as part of your contract with the MSP.
  • They can remotely access your systems to get started ASAP.
  • You don’t have to pay a premium for rush services. You’re covered by a fixed monthly fee (offering financial predictability, too).

The MSP will also have the advantage of already knowing your business systems and what you need them to do. As a trusted advisor, already supporting your tech, they can find the problem more quickly. They don’t have to learn your IT setup from scratch; they may even have set it up in the first place!

Your MSP partner will take precautionary measures when they know you’re coming up on a busy season. Knowing your tech needs to perform at its peak, they can test systems to ensure resilience. Alternatively, they’ll know when your business slows down, so they can schedule any time-consuming updates or system upgrades more conveniently.

Taking the Long-Term Approach with an MSP

Working with an MSP has benefits beyond dealing with downtime issues, too. When you partner with a reputable MSP, you’re gaining an IT partner invested in your business success.

A break-fix consultant is focused only on what’s gone wrong. The MSP can offer valuable input to improve your productivity and streamline processes. We can also help find budget efficiencies.

Don’t wait for a downtime disaster to seek out someone to get you back in business. Instead, partner with an MSP to avoid those problems in the first place. Enjoy many other benefits, too. Contact us today at (515)422-1995!

Tech Tips for Small Business Owners in 2022

by

A new year is a chance for a fresh beginning. To that end, try these tech tips for small business owners to kick 2022 off right.

First, launch a successful new year for your business by going mobile. Agility is one of the key differentiators of a small business. Be more flexible than larger competitors by taking full advantage of cloud computing. Use Microsoft 365 (MS365) as an all-in-one solution for communication, collaboration, and more. When you’re cloud-based, you and your employees can operate from any location with ease.

You’ll also want to focus on security. Don’t think that you’re safe because of your small size. Every business is a target. An automated bot isn’t going to differentiate between a company with six employees and those with 60 or 600. It is simply going to find that vulnerability and attack. Don’t risk losing time and money to a data breach or ransomware. Instead:

  • Secure your email.
  • Put a disaster recovery plan in place.
  • Backup data in more than one place.
  • Educate employees about the importance of unique passwords.
  • Prohibit third-party apps on work devices.
  • Set devices to notify remote workers when they may be connecting to unsafe networks.

Also, make sure you’re leaving room in the 2022 budget to invest in IT. This is one area where you don’t want to be cutting corners. Unreliable internet service could cause downtime that hurts productivity and loses you clients. Skimping on software or hardware upgrades could lead you vulnerable to safety issues.

New Year, New Your Business

Another smart move? Get a professional email address. Using you@gmail.com or you@yourISP.com doesn’t make a great professional first impression. Instead, have a you@yourbusinessname.com email address. We can set up reliable business-grade emails from MS365.

Do an information and communications technology audit as well. Take stock of your current technology and how it is performing. This check-up can help you identify opportunities to streamline processes. You might consider adding a customer relationship management tool. This will centralize your customer information and help you personalize pitches. An enterprise resource planning system could improve accounting, human resources, and operations workflows.

Now is also a good time to hire a managed service provider. Partnering with an IT professional helps you make good technology decisions. You may have a lot of people with opinions, but you want to get input from industry experts who understand technology, security, and optimizing IT resources.

Contact us today at (515)422-1995 to learn more about what we can do to help your business meet its goals in 2022 and beyond.

The Unexpected Benefits of Password Managers

by

The main advantage of a password manager is obvious to anyone with more than one account online (i.e. everyone). Instead of remembering all 100 usernames and passwords, the password manager autofills them. It’s a boon. But it’s not the only reason to use a password manager. This article shares several more unexpected benefits.

Password manager programs generate, manage, and store many different passwords. You may be concerned about whether a password manager is safe to use. But, the cybersecurity industry consensus is “yes, it is.”

A password manager uses top-notch encryption to protect passwords. Plus, they take a zero-knowledge approach. They can’t actually see the passwords they store and prefill on sites. The password is encrypted before it reaches the manager’s server and can’t be deciphered. This is why you need to be so careful not to forget your master password!

That said, the password manager offers more than a vault for encrypted credentials.

More Benefits of Password Managers

For one thing, many password managers have apps for download onto mobile devices. Then, you can use the password manager to prefill forms on those, too. This gives you the advantage of convenience not only on your desktop computer but also on the go.

Some password managers offer added security benefits, as well. They might:

  • warn you of weak password and login credentials;
  • remind you to change your passwords;
  • notify you if your passwords may have been compromised in a breach;
  • advise you against repeating access credentials if you’re about to do so.

Another advantage is that you can conveniently share passwords with others. Maybe you want to give family members shared access to streaming accounts or allow a work colleague access to applications you’re using remotely. A managed password sharing feature can allow them to see selected passwords. You aren’t showing everything: you can pick what you make available. Plus, when you change your credentials, the password will change on their end, too. This doesn’t need to be permanent either. You can easily revoke password sharing.

You can also use a password manager to secure other important information. You might store things such as credit card numbers or other personal identifying information. Keeping that kind of data in an unencrypted note on your desktop or mobile device is unsafe, but you can take advantage of password manager encryption to safely store those precious details.

Secure your passwords with a manager

You can’t expect to remember all your unique passwords. Yet the days of writing down passwords on Post-it notes are over. Use cloud-based password management to secure your passwords and do more.

Contact our IT experts today to find out more about password management. We’re happy to suggest the best solution for your needs and set it up, too.

Call us now at (515)422-1995!

6 Top Tech Small Business New Year Resolutions

by

As the new year approaches (already?), it is a good time to take stock and plan some small business resolutions. Join the millions around the world determined to make the best of January’s fresh start. Try these suggestions for top IT resolutions to better your business.

#1 Embrace digital transformation

The business world is going digital. Ideally, you’ve already made the move to some extent, but always be looking for new ways to streamline your business processes.

You might embrace document scanning to move all your paperwork online. It’s easy to search digital documents for keywords. That saves time spent looking for the right piece of information, plus, you’ll do away with file cabinets and bankers’ boxes of paper.

Find more cost savings and business efficiencies migrating to cloud computing. The big benefit? Every user can access the same applications as colleagues or peers online. Plus, the software doesn’t need installation on every individual’s device. Meanwhile, IT can manage upgrades and security patching on the cloud-based server.

During COVID-19 you probably added more business collaboration tools to support remote work. These continue to advance and evolve, so don’t get complacent with existing solutions.

#2 Improve cybersecurity

Presumably, you are securing your business against cyberthreats year-round. Still, the start of the new year is a good time to ensure that you are following best practices such as:

  • upgrading all software and hardware and keeping security patches up to date;
  • setting up several data backups in case of a breach or disaster;
  • testing your technology for any vulnerabilities hackers might leverage;
  • planning for business continuity and disaster recovery;
  • educating employees about cyberthreats and encouraging a culture of cybersafety.

#3 Encourage workforce engagement

Keeping your IT current is one great way to improve employee morale. With the best tools available, your workforce can enjoy greater productivity. Don’t lose people during a staffing shortage due to frustrations with the tech they use every day at work. Offering online learning also encourages workforce engagement, as people feel more respected.

Retention isn’t the only advantage. Attract new employees with the tools to support flexible work hours. Using technology to simplify onboarding can make a great first impression on new hires, too.

#4 Enhance customer service

There are many ways IT can support enhanced customer satisfaction. For one, converting phones to Voice over Internet Protocol (VoIP) can ensure every call gets answered. You’ll also empower customers to reach the right people when they need to.

Adding an online scheduler expedites booking and avoids doubling up on appointments. Microsoft Scheduler allows people to book on a calendar of your available time slots, meaning there’s no back and forth. Online schedulers can also send follow-up and reminder emails.

#5 Explore automation

Sure, this is a component of digital transformation, but it’s cool enough to get its own resolution. Try enterprise content management software to automate workflow. Your team can more easily capture information and access documents while more quickly delivering content when and where it’s needed.

Leverage process automation to identify and address bottlenecks within and across departments. Your software’s bot can warn you if a task is stuck, or it can do things such as sending an invoice straight away or notifying someone when information is missing.

#6 Work with an MSP

One resolution we recommend for every small and midsized business? Resolve to partner with a managed service provider. For a consistent, monthly fee you gain IT experts on call. We can monitor your network, manage hardware and software, and consult on the best tech.

The break-fix model is costly in the long run. Select an MSP with expertise in your industry to free up resources to drive the business bottom line. Contact us at (515)422-1995 for more information!

The New PC TuneUp

by

How exciting! You got a new computer for Christmas. It’s sleek, shiny, and so much faster than what you had before. That’s great, but it doesn’t mean you should leave it untouched. This article shares several steps you might take to secure your data and keep that new device in tip-top shape.

First things first. Before even logging into a personal email or other top sites, you’ll want to update the operating system (OS). Yes, most computers come out of the box with Windows, but you can’t know when that item was boxed. There could be important updates that you don’t want to miss.

You’ll also want to install the latest drivers. Different hardware on your computer can need specialized drivers from the manufacturer. Gamers, for instance, may want to ensure they download the latest to boost performance. Just make sure you get any new drivers from a reputable site, not some generic driver updater site that will package in malware!

While you’re doing all this uploading and upgrading, also look to remove the junk that may have come on the computer. It’s no longer as common, but manufacturers can reduce costs to the consumer by pre-installing software.

You might not have any need for the tools that come already installed. Meanwhile, they slow down your computer. Remove the clutter to improve your computer’s processing. Head to your PC’s Control Panel and look to uninstall programs and utilities that you don’t want. Be careful, though. Just because you don’t know what it is doesn’t mean it’s not serving a valuable purpose.

Starting out on a new computer is also a great time to set up the free software. For many of us this includes:

  • Google Chrome – the internet browser;
  • VLC – a multimedia player;
  • FoxIt Reader – to create, edit, sign, and secure PDFs;
  • 7Zip – used for archiving files.

Involving an IT expert

If you had a great sales experience, you may not want to seek IT help with your new computer. Still, it can prove useful.

Your new computer may also need BIOS updates. Again, the hardware was current when your computer was boxed up but may be lacking the latest by the time it gets to you. A note of caution: this is not an update to do alone. BIOS updates don’t add new features, security patches, or performance improvements, but they may fix a bug with a piece of hardware or add support for your central processing unit (CPU). These updates can be risky if done incorrectly, so work with an IT tech.

Talk also with an IT tech about the best data backup plan for your needs. You’ll be creating important documents, downloading sensitive data, and uploading valued images. Don’t risk their security by failing to back up.

IT support will also suggest the best security tool for you to use to protect against malware. With so many free and fee-based third-party alternatives to Windows Defender, you may want help deciding on the best one.

We’re here to help you get the most out of your new computer. Or, if you’re not sure yet which one to buy, we can consult with you on that, too. Contact us today at (515)422-1995!

To Delete or Archive Email, That Is the Question

by

An email inbox can get overwhelming. It’s estimated we send 306 billion emails daily; not you personally, of course, although it may feel that way. So, you have to come up with strategies to corral the communications, one of which is deciding whether to delete or archive an email. This primer will help.

First, let’s consider the drawbacks to having all those emails sitting in your inbox. You may think it doesn’t matter, as you work only at the top of the screen with the newest communications. Yet those old emails are more than clutter. If it’s locally hosted, they can also slow down your email platform, and, if it’s remote and you’re paying for storage, they can be costly, too.

You have alternatives: deleting the emails or archiving them.

Deletion v Archiving – The differences

You should already know what it means to delete an email. You click on the little trash can icon and the email disappears from your inbox. Yet, for at least a certain time frame, you can still find it in your trash bin. If you realize you need to recover that email, you can, but deleting that email marks it for removal from existence entirely.

Unless you’re a double-deleter. If your business imposes mailbox size limits, you may be in the habit of going to the trash and deleting emails there, too. After all, when you delete an email from your inbox and it moves to trash, it continues to take up space.

Another option is to archive the email message. This also takes it out of your inbox but puts it on a different path. The email is indexed and put in a protected storage area for you to access in the future. The indexing preserves the information in a smarter, more searchable way.

Meanwhile, you’re able to revisit those emails using the mail archive’s search function. This allows you to search body content, sender or recipient, and attachments, and it’s all done quickly.

Email archiving can help shorten audit response, keep information for litigation, preserve intellectual property, and help with business continuity. You can also use archiving to check employee communications aren’t violating any policies.

Special Considerations

Your business could be in an industry where it needs to keep records for compliance and regulation reasons. In that case, you won’t want to delete emails until you know it is acceptable to do so. You’re going to need to archive instead. In the U.S., five Wall Street brokerages had to pay $8.25 million in fines after deleting customer transaction emails.

Still, you don’t want to get into the habit of archiving everything “just in case.” Honestly, how often do you need to revisit that funny meme from Sally in accounting? And you can’t take advantage of a discount offer from a pet store once it has expired. Deleting makes sense!

Another strategy to avoid having to answer the archive-or-delete question in the first place? Unsubscribe. It takes a moment to click on “unsubscribe” at the top or bottom of an email from a mailing list. This action saves you from having to make yet one more choice in your day.

Need help wrangling your email inbox? Our IT experts can help. We can set up an email management system to help make the decisions about archiving or deletion. Contact us today at (515)422-1995!

Prepare Your IT for the Holiday Season

by

We all know about the Grinch who ruins Christmas for Whoville. Don’t cast IT as the Grinch of this holiday season. Prepare your technology and systems to reduce downtime risk. You’ll avoid disrupting your customers’ holiday season or employees’ seasonal fun.

Update and upgrade IT

Expecting an uptick in online shopping for the holidays? Apply system updates ahead of time. You’ll want to complete any hardware or software upgrades early to avoid unplanned downtime.

Test your technology infrastructure to ensure that it can handle more traffic. Review system integrations to make sure front- and back-ends can communicate smoothly. Identify any issues or bottlenecks in advance to be able to upgrade or update any IT that needs help.

One in three customers will leave a beloved brand after one negative experience, per PwC. You don’t want to risk a downed website or other IT challenges. Even a few hours of disruption can be costly. In 2019, American retailer J. Crew lost an estimated $775,000 in online revenues over only five hours.

If you do need major IT upgrades or system changes, postpone them until after the holidays. Don’t mess with what works right now if you don’t have to do so.

Safeguard business data

The holiday season means employees will be distracted by festivities or out of the office, yet the cyber bad guys don’t take breaks. In fact, they ramp up for the holiday season. In 2020, the greatest number of daily DDoS attacks in Q4 were on December 31, when 1,349 attacks were recorded globally. So, take cybersecurity action.

Make sure you are protecting systems, detecting threats, and defending against attacks. A security assessment can help determine what you are doing well and could be doing better. This can be internal or done by an external party (with greater objectivity). If you face compliance or regulatory concerns, try an external IT audit.

Test backup and recovery

Ensure IT resiliency by testing your backup and reviewing your business recovery plans.

We recommend data backups in three places as best practice. Back up to a local, on-site computer, to a remote device that requires separate access, and to the cloud, giving you access anywhere, regardless of office conditions.

Test your backup to:

  • confirm data accuracy;
  • ensure you can effectively access and use the data;
  • gauge the time it takes to perform a backup;
  • identify and address any issues that arise during recovery.

According to the Ponemon Institute, business continuity management policies can nearly halve the mean time to recover and improve cost savings by 50%. That’s more money to spend on the staff holiday get-together! So, call a meeting of your business continuity planning team. Discuss any changes that might be needed and make sure everyone knows their roles. If someone is going on vacation, get someone else up to speed on their responsibilities.

‘Tis the season for IT

Every season you’re going to need IT, yet the holidays see your customers and employees wanting to get things done and get back to family and friends. Keep your technology in tip top shape, and you’ll have a happier holiday season.

Need help maintaining and securing your IT or looking for data backup and business continuity? Give us a jingle at (515)422-1995!

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy