Ways to Cut Spam from Your Inbox

by

No matter how many times a day you may check your email inbox, there are probably still messages in there. You may have hundreds, even thousands of messages in your inbox. Getting spam doesn’t help you stay ahead. That’s why we’re sharing these tips to keep your inbox clear of spam messages.

To start, migrate your email to one of the big-name providers. Google Suite and Microsoft 365 work hard to filter out spam before it even gets to your mailbox. Google says its AI-enhanced spam blocks nearly 10 million spam emails every minute. Local internet service providers are unlikely to have that level of anti-spam sophistication.

If you own your domain name, set up catchall email addresses to help filter messages. You might own joesmegashop.com. Instead of having everything go straight to joe@joesmegashop.com, you assign addresses for certain sites. For Facebook communications, you would set up facebook@joesmegashop.com as the address. You’ll still get the emails, but you’d know it’s from Facebook. Or you’d know Facebook sold your email address to someone else. You can also still block any email that you didn’t want at facebook@joesmegashop.com.

Even if you don’t own your domain, you may still be able to use the catchall-address approach. Gmail is a popular service that allows you to put a plus after your email name. So, you could protect your joe@gmail.com address by using joe+facebook@gmail.com. Gmail ignores everything after the plus, so it’ll still go to joe@gmail.com. But, now you’ll know who leaked your Joe+facebook address. You can block any emails going there if it becomes a problem.

Blocking E-mails

To block a sender in Gmail, open the message and click on More in the top right. Click on “Block [sender]” in the dropdown. To do the same on Microsoft 365, right-click on the sender’s message, and then click “Junk” and “Block Sender.”

If you change your mind about any of your blocked senders in the future, you’re able to unblock them on either platform.

More Ways to Limit Spam

On your own business website, don’t list your email as plain text. To avoid exposing your email address to anyone online, you could use a contact form. If you don’t want to add a hurdle for legitimate contacts, show your email address as an image instead of text. This stops website-scraping bots from reading and adding your email address to spam databases.

When you do get a spam email, block that address and report the email as spam to your provider. This helps them to boost their filtering.

It’s also worth the few seconds it takes to unsubscribe from unwanted mailing lists. Look at the top and bottom of the email you’ve received for an “Unsubscribe” link. You should be a simple click away from one less mailing in your already crowded inbox.

If you do get a suspicious email, delete it. Don’t reply to an email that asks you for personal or financial information, and don’t click on any links in that message.

Need help corralling your inbox and strengthening your security? Our experts can help protect your business from spam and malicious cyberattacks. Contact us today at (515)422-1995.

Tackle These Four False Assumptions about Cyber Attackers

by

There’s one big assumption about cyber attackers that we regularly refute: “It can’t happen to me.” At this point, most businesses do recognize the serious nature of the cyberattack threat. Yet other assumptions about cyberattackers may also make your business vulnerable. Educate your employees about these four main misconceptions. Raising their awareness can help secure your systems against social engineering attacks.

Start with the assumption that any technology is 100 percent safe. This is as misguided as the idea that your business won’t be a victim of a cyberattack. Some employees may believe that Google and Microsoft activity is always secure. That’s not the case.

Google and Microsoft have massive market shares, and it makes sense that bad actors target their cloud storage and content distribution. Once they’re in, they have ample opportunity to scam people.

Another false assumption is that threat actors go in blind with a scatter-shot approach. In fact, many social engineers do their research first. They learn what they can about your employees, your org chart, and what your business does. This helps them to develop more credible attacks.

Cybercriminals take the time to build rapport before initiating an attack. They may send unassuming conversational emails first, which helps them lull your people into seeing them as a trusted source. After establishing false security, criminals make an urgent request or plea for help.

Counter these misconceptions too

Cyberattackers may also make their play over the phone. So, don’t assume that your online interactions are the only thing to protect. There are hundreds of thousands of “vishing” threats every day. The bad actor may send an email without any malicious links or attachments, but there’s a number to call. If your employee calls in, they’ll talk with a convincing criminal. The bad actor might act as a call center or customer service agent.

Also warn employees against the assumption that responding to an existing email is always safe. It is much easier than they might think for someone to hijack a colleague or client’s email inbox. Then, the criminals use a pre-existing email thread to send a malicious attachment or URL, or use the connection to ask the employee to perform some action for the threat actor.

Finally, emphasize the point that anything is fair game. Cybercriminals will attack anyone, in any way they can. This includes leveraging current events, pop culture, and even international health crises. One campaign exploited victims by offering early access to Season 2 of the streaming success “Squid Game”, and during COVID lockdowns, hackers offered free masks or free tests to get people to download infected files.

There is money in cybercrime – a lot of it. The bad guys are highly motivated and always looking for new ways to exploit human weaknesses. Discuss cybersecurity assumptions with your employees and put protective measures in place to secure your IT. Our experts can help. Contact us today at (515)422-1995.

Pros and Cons of Employee-Monitoring

by

Employee-monitoring is a phrase that generates discomfort. It sounds very Orwellian, or as if you’ll have all sorts of cameras on your people as if they’re in a reality TV show. When thinking of installing software on work computers, consider both pros and cons.

The pandemic sent many people home to work. Businesses that were reluctant to support hybrid and remote workers had to do so. But the concern about whether people are actually working remained.

Many IT departments answered by installing software on employees’ computers. Remote monitoring can track keyboard and mouse activity, websites visited, and app usage.

It’s the best of both worlds, right? The business gets increased productivity and improved employee morale through remote work. Plus, the software allows you to keep an eye on the off-premises work environment.

Your employees may not agree, however, and that’s only one of the considerations when deciding whether to monitor people working off-site.

Pros of employee-monitoring

Employee-monitoring allows you to see what people are doing during work hours. This helps management to identify time-wasters. Additionally, letting employees know that you’re watching can cut their time wasting.

Not all time-wasting is intentional either. So, this software can help you to see that certain tools or processes are eating up too much employee time. You can identify where new technology is needed, or put new processes in place to simplify workflow.

Monitoring employee time can also make client billing simpler. Add transparency with data about how long each individual works on a certain project.

Cons of employee-monitoring

Trust is a key component of employee engagement. Employees who feel trusted are likely happier and more willing to go above and beyond. Employee-monitoring can jeopardize the employee–employer bond. In fact, you may even lose employees who would rather work elsewhere than be monitored.

At the same time, you may be monitoring activity without gauging whether they are working. You can put software on their devices, but that won’t track everything. They could be using their brains for your business in some other important yet offline way.

You also run the risk of legal ramifications. Employee consent may be required to install the software on personal computers. You’d also want to let employees know if you’re monitoring them through the camera on their work devices.

Making the monitoring-employees decision

Monitoring often prompts employee concerns for their privacy and complaints about disrespect. Still, it may prove worthwhile for your business. If you do take the decision to install remote monitoring software, do so carefully. You should have clear goals for the software and communicate these to your employees. This lets them know how you will use this monitoring tool and what you will do with the information.

Looking to install remote-monitoring software for your business? Contact our IT experts at (515)422-1995. We can help you decide on goals, select the software, and implement a plan that works for you.

Don’t Give Up on Password Managers

by

Seeing a major password manager breached, it’s hard not to throw up your hands and say, “it’s helpless.” Still, don’t give up on all password managers. Used properly, they are still better than a password spreadsheet or sticky notes of your credentials. Plus, it’s definitely smarter than reusing the same password to access more than one account.

According to LastPass, the December breach affected 30 million users and 85,000 businesses. Threat actors stole a large amount of data, including encrypted customer vaults. Industry experts are not enthusiastic about the breach handling or why it happened. So, leaving LastPass may make sense.

Yet abandoning password managers may not help you secure your sensitive data. Instead, prefer a cloud-based password manager that has no way of decrypting your data. This is a zero-knowledge password management architecture, which means that you are one with the secret key needed to access your encrypted data. That way, if the data is stolen or lost, the threat actors would still need to decode your key.

This means, of course, that you need to protect your secret key. Also, you need to make it complicated enough that the bad actors can’t hack it. So, using “password123” as your secret key would not be secure. Many security experts now recommend using a passphrase instead of complicated passwords.

Enforce Multi-Factor Authentication

Multi-factor authentication (MFA) helps stop bad actors by making access more difficult. They can’t get in with a username and password alone. You add another variable for confirmation before they can compromise your account.

You’re likely already familiar with two-factor authentication. It’s typically done through a text message or an email to another account, but these can both be compromised as well.

Biometric MFA is typically best (e.g. fingerprint or face identification). If that’s not available, prefer an authenticator app (e.g. Microsoft authenticator) or a Fido 2.0 key (e.g. YubiKey).

A Fido 2.0 key is a USB device that you keep in your physical possession to provide passwordless MFA logins. Instead of having an authentication code sent to you, you press a button on your key. It sends your code to confirm your identity. When your unique code is received, the system logs you in.

Worried you’d lose the physical key? That’s not ideal. That’s why it’s a good idea to get two. Meanwhile, the Fido 2.0 key doesn’t store identifiable usernames or any of your passwords. So, anyone finding that lost key would have no way of knowing what you use it to authenticate.

Ultimately, it’s best to prepare for any service to be breached. Cut your risk by keeping up with the latest technology for protecting your data. We can help. Contact our experts today to help you put appropriate security measures in place. Call us at (515)422-1995.

What Is Co-Managed IT?

by

To be successful in business today you need technology and the expertise to manage it. Yet recruiting and retaining internal IT experts is challenging. Those who know how to support, secure, and scale technology assets are in high demand. That’s one reason many take advantage of co-managed IT.

Co-managed IT sees your internal teamwork alongside a managed service provider (MSP). Together, you improve agility and better manage complex IT environments.

You choose what roles and responsibilities stay in-house and outsource the rest. This is useful if you have an understaffed or overworked internal IT team or when you’re struggling to staff up.

The co-managed IT approach offers several advantages:

  • increased efficiency
  • external expertise
  • improved business offerings
  • cost-effectiveness
  • enhanced end-user experience
  • better retention of internal IT staff
  • security gains

We’ll discuss each in more detail next.

Increased efficiency

Co-managed IT service providers can take on a range of technology tasks. This includes upgrading software, backing up and protecting data, and troubleshooting. They can also add or provide security, support cloud migration, and maintain servers.

You might also turn to co-managed IT to help with regulatory compliance or to manage remote locations. This route is also an expeditious way to support a growing company and meet an immediate need.

When you have specialized requirements, adapt quickly by partnering with an MSP with those skills. This saves you the time and effort needed to learn that new area or to hire new people.

External expertise

Having another set of IT experts supporting your objectives can help you succeed. You don’t risk the tunnel vision of only internal people validating each other’s decisions; you get the benefit of an outsider’s perspective. Plus, the MSP experts can bring varied backgrounds. They’ll also have experience with many different clients, which could help identify fresh opportunities.

Improved business offerings

Established MSPs focus on cost-effectiveness and operational efficiency. They keep current on emerging technology trends and the ever-evolving threat landscape. Their insights can help you install best practices. You can learn how to streamline processes and improve outcomes.

You also gain an IT partner that wants to take the pressure off your internal team. This can help you achieve a competitive advantage.

Cost-effectiveness

Instead of a break-fix model or a project basis, co-managed IT is typically long-term. This can provide cost savings with a consistent budget line item that you can plan around.

You also expand IT resources without having to recruit, train, retain, and pay benefits.

Enhanced end-user experience

When someone else is handling routine tasks, your IT can install top technologies. Giving your internal team freedom to innovate can also bring greater access to time savings and real-time insights for end users.

Co-managed IT can also provide your users with 24/7/365 support. There is a support system in place when your own internal IT staff members are sick or go on vacation.

Better retention of internal IT staff

By sharing IT responsibilities, you free your people up to focus on what matters most. Co-managing IT also provides a relief valve to take pressure off of overworked teams. Aligning with a partner to achieve goals can also enhance IT staff satisfaction.

Security gains

MSPs can help improve your cybersecurity posture by identifying unnecessary complexity. They provide a fresh look at your systems. Co-managed IT experts can monitor networks and install system protection, and they can handle security patches as well as software and hardware upgrades. These experts can also put preventative measures in place to avoid downtime, handle data backup, and prepare a disaster recovery plan.

Want to learn more about co-managed IT services? Talk to our experts about the role we can play in your business success today. Call us now at (515)422-1995.

Watch the Little Things in Cybersecurity

by

Author Richard Carlson tells the world, “Don’t Sweat the Small Stuff” in his popular book. Yet he’s not in the cybersecurity realm. When it comes to protecting your business, you do want to watch the little things. Avoiding small matters could bring big risks.

You’re already keeping an eye on the big things such as ransomware or data breaches, and you’ll also be ensuring have a data backup and disaster recovery plan in place. But don’t overlook the small issues that come up – they can be just as vital to your cybersecurity.

For one thing, don’t undervalue physical security for your business technology. In America, there have been reports recently of attacks on power stations, but these aren’t sophisticated cyber hacks. Attackers with guns are breaching the physical premises and shooting transformers. It goes to show that you focus on preventing cyber threats at the expense of perimeter protection.

This also means reminding employees not to let unknown personnel into the building and telling them to take down those post-it notes on their PCs with their passwords on them.

Allowing your people to work on software that’s past its support date could also be a bigger deal than you think. The “if it ain’t broke, why fix it?” mentality could leave you open to attack. Hackers seek out vulnerabilities tied to outdated systems. They can leverage small openings to wreak havoc on your business.

Small steps can make a big difference

Similarly, don’t fall for the idea that cybersecurity effort needs to be complicated to do the job. There are small steps your business can take to protect itself.

Cyber hygiene is a good starting point. Ensure your people aren’t reusing weak passwords across accounts. Make keeping track of complex passwords easier by using online wallets such as LastPass.

Keep computers updated and software patched. Manufacturers keep up with threats and upgrade their code to address known vulnerabilities. All you need to do is allow the update when it’s offered. It can be an inconvenience, but agreeing to that update can save you a big problem down the road.

Educate employees about using public Wi-Fi networks. They may think they are being productive by logging in while in line at the coffee shop, but that public access point could be putting your systems at risk. One big problem is that an attacker could be set up on that hotspot to intercept sensitive data.

Encrypt data. This helps you protect data wherever it may be, not just on-site. A hacker intercepting that data would still need decryption capabilities to get access.

Multi-factor authentication also helps to protect your business. After all, a criminal could get access to an employee’s username and password from a phishing attack. If you don’t add a second layer (at least) of authentication, they can easily log into your network and do damage.

Need help with cybersecurity issues? We can help you with the big and the small. Contact us today at (515)422-1995.

Leave that USB Drive Where You Found It

by

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the car park of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don’t do it. Risks abound.

Consider this jaw-dropping example. That’s how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the car park.

From there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network.

Risk of thumb drive attack

Now, you might be thinking, “but I’m not an Iranian nuclear facility.” But that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact, one study found that 60 percent of people were likely to connect random thumb drives found near their building. If the business logo was on the drive, the number went up to 90 percent.

USB stands for Universal Serial Bus. Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors.

Hackers can pre-program USBs to act maliciously once connected to the network. They might:

  • steal a user’s data;
  • gain access to the user’s keyboard;
  • monitor the user’s screen;
  • encrypt user data in exchange for a ransom;
  • spread infection.

Most of these can happen without the user even knowing it, as the malware runs in the background.

Avoid USB drive attacks

How do you keep your business safe from infected USB drives? First, don’t insert unknown flash drives. Hackers will try to take advantage of human curiosity or their desire to help.

It’s also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

We’re here to help. Call us at (515)422-1995 to contact our experts if you suspect a security threat or want to update your security posture.

Stop Using Windows 8.1 and Windows 7 – Do It Now!

by

Few of us are big fans of change. It can be easier to keep on going down that same path or use that same computer software; it’s comfortable and familiar. As of January 10, 2023, however, Microsoft has stopped providing support for Windows 8.1, which means you need to make a change.

It’s time.

If you’re still on Windows 7, it’s really time. Microsoft stopped providing security updates and technical support for that in January 2020. Microsoft did launch an extended service update (ESU) period for Windows 7, but that’s over, and there’s no ESU program for Windows 8.1.

Microsoft recommends moving to a new device that can run Windows 11. They warn against “performance and reliability issues” with older, unsupported operating systems. Another option? Upgrade your current device and install a newer operating system on it.

Now, you might be suspicious, thinking, “they just want more of my money,” but the manufacturer has already been providing support for both of these tools for ten years. Plus, computing is changing enough that they need to keep up with new iterations of Windows. Then, they focus their attention on keeping the latest releases updated and secure.

Benefits of upgrading to Windows 11

According to Statcounter data in 2023, Windows 11 is only on 15.44 percent of Windows systems right now. Windows 10 has the majority (over 70 percent), but if you’re one of just under 10 percent of users still on Windows 7, make the change now.

Cybercriminals know that people will wait to make the change, and they find ways to exploit the weaknesses of unsupported software. You are particularly vulnerable when relying on Windows 7 or Windows 8.1.

Windows 11 is the latest Microsoft offering. They have worked to reduce risk from the latest cybersecurity threats. With Windows 11 you can better protect your files and cut the risk of today’s viruses and malware.

The new operating system is built to be more efficient. Microsoft has tweaked the Windows layout and navigation to help users find what they need and perform tasks more easily.

Not sure what version of Windows you’re using? In the bottom left of your screen, click on the Start Menu and press the Windows button on your keyboard. Then, type “system”. Click either the System or System Information icon. You’ll see your Windows version listed at the top of the window that opens up.

Upgrading to Windows 11 from 7 or 8 isn’t free. Only Windows 10 users can upgrade at no cost. Also, to upgrade to a Windows 11-compatible device, you’ll need to make sure you get a security chip called TPM 2.0. It’s unlikely you’ll find that chip on a computer more than four years old.

Need help with your Windows software? We can help. Contact us today at (515)422-1995.

IT Services Agreement or Block Hours Support: Which Is Best for a Small Business?

by

There are many types of IT support available for a business, and the two most common are “managed services” and “block hours support.” In this article, we’ll look at what these are, the advantages and disadvantages of each, and which one might be right for you.

What Is Block Hours Support?

With block hours support, you pre-pay a single provider for a certain amount and type of service. It’s usually a “block” or fixed number of hours, but it can also be a fixed dollar amount or an amount for a specific project.

What Are the Advantages of Block Hours Support?

Block hours support is usually cheaper than hiring your own staff. The provider has skilled staff with up-to-date training, so they can quickly and efficiently handle your needs. Your provider can also give you a bulk discount when you purchase more hours at a time.

And with a block hours agreement, you pay only for what you need. For example, you can save money by maintaining only the infrastructure and staff you need when you need it. That allows you to avoid a closet full of expensive hardware that you thought you were going to need or staff that don’t have enough to do.

What Are the Disadvantages of Block Hours Support?

Block hours support is what’s called a “break/fix” type of service. In other words, your provider isn’t usually involved until you have a problem. You wait until something goes wrong, and then call your provider to fix it.

That doesn’t give you the advantage of constant monitoring and management that can prevent problems before they start. That’s especially important for things such as cybersecurity, where it’s best to detect an attack and prevent damage instead of trying to fix it.

In addition, everyone’s IT operations are unique, so it helps to have someone who’s familiar with your setup when you need help. But a block hours support provider usually can’t guarantee that you’ll always get the same technician or even the best technician for your job. That means your service might be slower or less effective than a more comprehensive approach.

Reacting to a problem after it occurs also means you could experience more downtime. It could be hours before your provider can respond to your call and fix the problem. If you can’t afford to wait, you probably need a more proactive solution.

What Are the Advantages of a Managed Services Agreement?

With a managed services agreement, you typically have the option of more comprehensive services. For instance, instead of just reactive troubleshooting, your provider can continuously monitor and manage your processes such as cybersecurity.

They can also provide more “premium” services, such as more comprehensive management and even strategic planning.

What Are the Disadvantages of a Managed Services Agreement?

Compared to “block hours support,” the main disadvantage of a managed services agreement is cost. Your contract will usually be a fixed monthly fee, which you pay regardless of whether you use any services. Typically, larger organizations use more services, so this isn’t an issue for them, but for smaller businesses, it could be that contracting for managed services is overkill that could cost you money.

Which Solution is Right for You?

Block hours support works well if you don’t have a very large or complex operation, and you can afford the downtime you might experience when a problem arises.

Larger organizations can take advantage of premium services to help them save more on their operations.

Want help assessing your outsourced IT needs? Give us a call at (515)422-1995.

Making Smart IT Purchases with an MSP

by

There is no shortage of business technology out there to choose from. The sheer volume of options is overwhelming, and it can be challenging to identify the right solution for your business. This article provides ideas to help you make smart IT purchases.

You want to get the most out of your IT budget in 2023, but these common factors can derail smart IT purchases:

  • Many small and medium-sized business owners don’t have a lot of technical expertise.
  • Making buying decisions based only on a budget can lead to getting tech that won’t suit your needs.
  • People get drawn in by marketing appeals or salesperson charisma.
  • Buyers want to simplify their lives, so it seems to make sense to go with the same supplier or brand. But that’s not always the best answer.

All this means that even the best-intentioned buyers can choose the wrong technology. Maybe that new system isn’t compatible with existing software and hardware. You make things more difficult for your employees instead of improving productivity. Or you can end up wasting money on something you don’t need, or getting the perfect product but at an exorbitant price.

Strategies to Support Better Tech Purchases

When it’s time to buy technology, several strategies can improve your results.

Establish your requirements

This is more than thinking, “I want X to do this and that.” Map out your current technology to see what might already meet those requirements. Plus, learn what compatibilities will be essential to effectively use the new tech.

Talk to your employees

Ask about what they would change and what they like best about the tech you’re replacing. They’re the ones who are going to be using your tech purchases on a daily basis. Buying decisions made in isolation could saddle staff with IT that frustrates them.

Think long term

This can prevent you from getting caught up in glitzy marketing or salesperson enthusiasm. Yes, it’s human to want that cool, shiny gadget with all the bells and whistles, but it may not be what your business needs, either today or down the road.

In fact, if you’re oversold technology, you could face IT budget woes in the future. On the other hand, you don’t want to buy something that you’re going to have to replace soon. That’s setting yourself up to do this all over again. You want to make a choice that is the right fit for your current requirements but that can also scale with you.

The Solution to Tech Purchase Miscues

Of course, all this takes time – a long time if you lack IT expertise. That’s time away from running your business and revenue-generating activity. Partner with a managed service provider (MSP) to simplify the process. We can look at your existing setup and learn what you need. Then, we’ll use our experience and vendor connections to get you the best deals on smart tech purchases. Call us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy