Stop Your Tech from Stalking You

by

Unless you’re a reality television star, you probably don’t like the idea of being watched at all times. So, why would you want your technology to know all about you? With digital technology today, it’s far too easy for our devices to turn creepy. Here are some suggestions to stop the stalker-like tendencies of the technology you rely upon.

Today’s marketing and online communications are all about customization and personalization. If you like a friend’s picture of an Art Deco door in Belgium, you see many more posts featuring similar designs. Or if you view an area rug on a website, you’re suddenly bombarded with ads for rug stores when you next go online.

This can add convenience, but it is also unsettling. What companies online know about you could be more detailed than what your friends know. Take the following steps to regain control of what your computer, phone, and apps know about you.

Review your privacy settings

Whether going online from a phone, laptop, desktop, or tablet, get to know the device’s privacy settings. Some important settings to review include:

  • email tracking – this can let people know if you opened their message or not;
  • location tracking – personalizes recommendations but also tells search engines where you are;
  • voice recordings – manufacturers use these to train virtual assistants, but pause this to keep your conversations to yourself;
  • purchase history – this helps feed the machine so that businesses know how to target you in the future.

Opt out or block ads

Opting out of ads limits the information collected from your browser or device. The site or business still receives basic information about you, but you will no longer receive targeted, interest-based ads any longer. Apple’s iOS 14 allows app blocking, and you can also express your choice on Android devices.

Otherwise, use browser ad blockers, such as AdBlock Plus, or JavaScript blockers, such Ghostery, to limit ad tracking. Also known as content blockers, these software programs prevent ads from showing on websites you visit. You can find ad blockers for Chrome, Firefox, Opera, Safari, and Internet Explorer.

Check your permissions

Watch the permissions you give apps. We have already talked about checking device settings, but you can also limit the permissions you give to apps. For example, social media accounts have privacy settings that allow you to control what’s logged about you.

Plus, check permissions for other apps. Clash of Clans doesn’t need location services, for instance. Or you might not want to give Slack access to your microphone and video recordings.

Use webcam covers

Covering your webcam stops someone from potentially seeing and recording you. If you think you’d see the light come on to show the webcam is in use, know that hackers can disable that. A simple sliding webcam cover closes the webcam when you are not using it to avoid a cybercriminal having access.

Covering your webcam can also come in handy in all those online meetings you’re having. A covered camera means you don’t run the risk of your colleagues catching you unprepared.

Limit information you provide

Social media has created a culture of oversharing. There are probably many things you’ve seen about friends online that you would rather not know. You’re also sharing more than you need to with the companies that you interact with online.

If you’re filling out a form for a download, you might fill out only the required fields. When you add an app, be stingy with your personal details. Think about it from a need-to-know perspective. For instance, that home design game you love to play doesn’t need to know where you went to high school or with whom you bank.

Need help keeping the privacy-busting algorithms at bay? We can help. Our IT experts can configure device settings to limit information gathered about you online.

Contact us today at (515)422-1995!

What to Do If You’re a Ransomware Victim

by

You’ll know if you’re a victim of ransomware. Often you’re met with a red screen telling you your business files are encrypted. You won’t be able to do anything on the computer, although the cybercriminals will provide helpful instructions for how to pay up. How nice. Here’s what to do instead if you’re the victim of a ransomware attack.

Cybersecurity Ventures predicts ransomware will impact businesses every 11 seconds in 2021. Yes, you read that right. That’s up from every 14 seconds in 2019. Another research company reported ransomware increasing 485% year-over-year in 2020.

Know that it’s widely considered a bad idea to pay the ransom because you’re rewarding the cybercriminal. Plus, you can’t even be sure that they will provide the encryption key needed to regain the use of your files. What! You were going to trust the bad guys?

The Important First Step

The first thing you’ll want to do is make it all go away. Yet wishful thinking is not going to get the job done. Instead, you’re going to have to turn immediately to your disaster response plan, because, of course, you have one of those already. Really, don’t underestimate the value of planning in advance for IT infrastructure compromise. Doing it proactively means calm, considered decisions rather than reacting in a crisis.

Step one is going to be identifying the systems involved and isolating them. Once you detect a compromise, limit the spread of infection by disconnecting the devices affected. Ideally, you take only a few computers offline or disconnect an individual network. Even in a large-scale compromise, remove all affected devices from the network to contain the malware.

As part of the isolation, don’t forget to disconnect any connected devices such as storage drives. The ransomware infection will even seek out USB thumb drives.

Power down only the affected devices if you are unable to disconnect them from the network. Why? Because turning them off means you might lose potential evidence.

Malicious actors may be monitoring your business communications. So, move offline to coordinate your response. Phone calls or text messaging will work, or personal email accounts.

Don’t attempt to restore critical systems until you have identified and isolated them. After that, your business can move into triage mode. Prioritize what to restore, and recover using your data backup (again, of course, you have one of those, too). Consider how critical each system is for health and safety and revenue generation. Then, get to work restoring systems in an efficient, organized fashion.

Minimizing Ransomware Risk

Ransomware is a major threat to every business sector, and you don’t want to become the next victim. Common best practices include:

  • preventing an attack with anti-virus and anti-malware tools;
  • installing email filters to keep phishing emails from reaching your employees;
  • making frequent backups and keeping them separate from your network;
  • keeping up with ransomware and other cybersecurity threats.

Businesses that partner with a managed services provider have someone supporting their efforts to cut ransomware risk. Plus, if the worst happens, the MSP’s IT experts are ready to identify and isolate. They can find the samples needed, determine the malware strain you are dealing with, and report the attack.

Your data backup should have recent copies of all information up to (or close to) the time of infection. So, once the MSP has removed all ransomware, they will wipe your systems and storage devices. They can swiftly reformat the hard disks and reinstall everything from scratch.

An MSP can help you plan ahead to contain the damage from a cyberattack. Let our IT experts install best practices, set up safe backups, and track the activity on your network. Contact us today at (515)422-1995.

Lessons Learned from an Oil Pipeline Ransomware Attack

by

Your business may not be supplying oil to the United States, and you may not even be in the critical infrastructure business, but don’t think that means ransomware can’t happen to you, too. This article shares lessons learned from a headline-grabbing event, and they’re applicable to businesses of all sizes in all industries.

First, what happened? The May 2021 ransomware attack crippled a 5500-mile gasoline pipeline. The Colonial Pipeline serves up nearly half of the gasoline used by the East Coast of the United States. The attack thought to be the largest ever on US oil infrastructure, encrypted almost 100 gigabytes of data. Russian hacker group DarkSide took the systems hostage, demanding an undisclosed ransom. The pipeline was offline for days, and the disruption plagued the country for weeks.

The lesson learned? Businesses cannot underestimate the importance of being proactive about preventing cybercriminal attacks. The Colonial Pipeline attack originated in Russia and attacked the US, but the motive was financial. The majority of cyberattacks come down to money. That means your business could be at risk, too.

Lesson #1: Educate employees

Avoid falling victim to a devastating ransomware attack by educating employees about cybersecurity. Train your employees to recognize phishing emails and other scams, teach them about the importance of strong passwords, help them understand the potential dangers of using unsecured wireless networks or unencrypted devices, and prevent their downloading unsanctioned apps onto work computers.

Lesson #2: Use firewalls and email filtering

Configure firewalls to protect your network and block access from malicious IP addresses. Geo-fencing can reduce traffic from foreign actors in known cybercrime hubs.

Additionally, set up advanced spam filters. These help identify and stop phishing emails before they even get to your employees.

Lesson #3: Limit access

You’re thinking you’re doing that already with firewalls and filtering, but this refers to limiting access for the people who work for you. Configure credentials so that employees can access only what’s needed to do their job. Limiting administrative access makes it more difficult for bad actors to do damage.

Also, limit permissions to reduce access. One employee may need to read certain files but have no need to edit them. Configure the file and directory access accordingly.

Lesson #4: Monitor and patch

Even if you’re not online at all hours of the day, you should be monitoring IT 24/7. Set up alerts to identify any suspicious activity. You want to know as soon as possible if there is a vulnerability so your business can limit its exposure.

Also, patch: don’t ignore update notifications from your software providers or operating system manufacturers. Every piece of technology in your office could be an entry point for a bad actor. Cybercriminals are always finding new modes of attack and vulnerabilities. You have to be vigilant and keep your systems updated to cut your risk.

Lesson #5: Have a backup plan

If cybercriminals take your system hostage, you don’t want to have to pay a ransom. It’s costly, and you can’t guarantee you’ll get a functional system back. You will still suffer downtime and a damaged reputation from the attack.

Having several system backups, tested regularly for accuracy, helps protect you from catastrophe. We recommend a 3-2-1 approach. That’s three separate copies of the backup on two different storage types, and at least one of them should be off-site.

Customize your backup plan around the specific needs of your business. One company might be fine backing up daily, whereas another may suffer if it loses even a few hours of data.

Cybersecurity doesn’t have to be complicated

Ransomware attacks are expensive and time-consuming. Partner with a managed service provider to keep an eye on your systems. Our IT experts can configure protection, track activity, and provide backup solutions. Take preventative action to protect your business against ransomware and other cyberattacks. Work with professionals to install a layered IT security strategy today. Contact us now at (515)422-1995.

What to Do If Your Data Is Included in a Leak

by

Data breaches are now daily occurrences and can happen to any business. The April 2021 leak of 533 million Facebook records was one of the largest known data leaks, but even if you weren’t affected by that one, you may still be at risk.

There is no easy way to know if your information has been leaked. When a business is hacked, it typically sends a notification letting you know, but this isn’t guaranteed. And you can’t go in and check the Dark Web. It is difficult to find and dangerous to access, and that is why the bad guys like it.

It’s a good idea to navigate to https://haveibeenpwned.com to see if your email address or phone number is on any data breach files. This isn’t conclusive, but it can help.

Even, if you’re not sure if you’ve been a victim of a data leak, you’ll want to take action.

There are several smart strategies to follow immediately.

#1 Limit your social sharing

It is simple to share on social media – that is part of the fun. You share the pictures of your wedding day or anniversary, or your new house with its address. You’re filling in family and friends in your life, right?

Well, if you are using any of that information to create access credentials, you are sharing too much. Someone with a beloved cat called “Petunia” in every photo who uses the feline’s name as a password gives hackers an edge.

You might think you are sharing harmless information, but those birthday party photos posted on the big day are a clue to your identity that hackers can exploit.

#2 Use Unique Passwords

Would you believe people still use “12345678” and “password” as their passwords? If you are one of them, stop now. We’ve said it before, and we’ll say it again and again: use unique passwords for every one of your accounts. Yes, it is more to remember, but it helps cut the risk of a data breach at one site snowballing to disastrous consequences for you.

You might use a password keeper such as 1Password or LastPass to manage your many passwords. This is more secure than the password manager offered by your Web browser, although those are better than revising passwords or trying (hopelessly) to memorize them.

#3 Add Two-Factor Authentication (2FA)

Enabling two-factor authentication (2FA) makes it more challenging for the bad actor. Now, they will need to obtain access not only to log in credentials but also to your personal device. However, since phone numbers are often included in a data leak, this isn’t the best solution. If the hacker has your name, address, and birthdate from the Dark Web, they can take over your phone number, too. They call the company and say, “I lost my phone. Can I get another SIM card.” Then, they are the ones to get those verification codes via message, not you.

Better still, use a 2FA app to confirm your identity. Authy or LastPass are good authenticator apps. After you attempt to log in, you will need to enter a time-sensitive code generated by the app to complete access.

#4 Stop Signing into Other Sites Using Social

Sure, it is convenient to use your Facebook or other social media account to sign in to connected applications, because you have fewer passwords to remember. Some of your data is automatically transferred, so signup is streamlined, too. Yet you are increasing the risk of account compromise.

The hacker may access the third-party application and use that as a stepping stone to get into your social account. That’s where the trove of data is.

#5 Develop an Alternate Ego

It all sounds super spy, but you might have one email account you open to be a burner account for social media. You could also use a fake birth date, a fake alma mater, and other alternative facts to fill out the social profile.

Don’t fabricate personal details for an employer, or a financial or educational institution. But you might use a fake identity for entertainment, gaming, and social sites that bad guys may mine for personal data.

Need help securing your social media or other online activity? Our experts can help. Contact us today at (515)422-1995!

Is Your Instagram Account Safe?

by

Why would someone want to target your Instagram account? You share what you ate, maybe the books you read, the shoes you bought, or that really cool image of the sky above. How is that going to help a hacker? Read on to learn more.

OK. Your obvious love of chicken and waffles isn’t going to mean a lot to a cybercriminal, not unless your password is “chicknwaffles.” But there are people who make a living from Instagram. Influencers can make millions by posting a pic of their latest smoothie or the new pair of socks they love. Their IG accounts are their business. A hacker gaining access could destroy an influencer’s reputation, their livelihood.

Businesses, too, are moving to IG as a way to reach a targeted audience with vibrant visuals. They can’t afford to have their accounts taken over by an ill-intentioned hacker. That could lead to lost customers and brand damage.

Then, there’s you, the “average” IG user. Yes, the cybercriminal might still target your Instagram account. For one, they might use your IG handle to reach out to your friends and say, “I’m stuck overseas. I need some money.” Caring friends, not knowing it’s not you, could end up a victim of a scam.

How to Protect Your Instagram Account

#1 Go Private

Instagram lets individuals, influencers, and businesses show creativity. However, you want to control who sees what you post. You may not want everyone to see your photos. Limit your content visibility to friends and family in the Instagram profile window:

  • Click on the three dots in the right corner.
  • Scroll to the bottom of the options.
  • Turn on the Private account setting (the button should turn blue).

You can also block followers you don’t know. Click on your Followers list, and tap on the users you don’t recognize. Tap on the menu button and choose “Block User.”

#2 Disable cross-app sign-ins

Using your IG account to sign in to other applications is convenient, because you have to remember only your IG access credentials. Still, by streamlining your sign-in you are also making it easier for a hacker to compromise your accounts. Now, they can get access to one account and use that as a way into the other connected accounts.

Log in to your account and review all connected applications. You can do this by visiting the Authorized Applications tap under the Edit Profile tab.

#3 Don’t overshare

Sure, that’s the golden rule of social media. Still, we’re talking here about reviewing personal information you share on Instagram. Take a look at your profile information and review whether all those details really need to be there. A hacker could use anything specific you write in your Bio to verify your identity elsewhere. Reconsider posting your birth date, alma mater, anniversary, favorite sports team, etc.

#4 Turn off location services

Instagram’s location services can let you check in at a particular place. But by doing this, you’re giving thieves extra information they can use against you. Instead, go into your phone’s Privacy settings and turn off location services for IG.

You also don’t want to cue criminals that you’re away for a vacation with posts from the beach. You might want to share that sunny sand pic. Then, you regret it when you come home to a burgled home.

#5 Enable two-factor authentication

Of course, the starting point is to pick a strong, unique password for your Instagram account, but Instagram has added two-factor authentication for an added layer of security.

In Instagram’s mobile app you click on the Options icon at the top right to get to a menu offering this option. You will get a short link to click on. Do so, and turn on the two-factor authentication. You’ll set it up using your mobile phone. Then, in the future, you’ll have to log in with the added security of a unique code sent to your phone via text message.

#6 Review your login activity

Keep an eye out for illicit use of your account by reviewing Login Activity. This is under Settings on the desktop app and shows a list of locations from which you’ve logged in. So, if you’ve never been to Thailand, but your IG account has, that would be a red flag. If you do spot locations you don’t recognize, log out from your device, and change your password.

Need help securing your Instagram account or other social media channels? Our helpful IT pros have the expertise you need. Contact us today at (515)422-1995.

What Is Shadow IT, and Why Is It an Issue?

by

An old-time radio show used to start with the promise “The Shadow knows!” Yet when it comes to shadow IT, the problem is the exact opposite. Shadow IT is the stuff employees download onto a business system that IT doesn’t know about, and it can be a big problem.

You may have an IT policy telling employees not to download unsanctioned applications, but they want to boost their productivity, or perhaps they prefer to work with an app they already know and love. So, they get a tool or service that meets their needs without telling IT.

The employee may have the best of intentions. They want to work better for your business. They don’t see the harm in adding that convenient app to their computer. Or they don’t think it’s a big deal to use their own device to complete their work (even if unsanctioned). Maybe they want to be efficient, so they use a personal email account to conduct your business.

Any of these examples are part of Shadow IT, and it’s running rampant. In Frost & Sullivan research, 80% of employees admitted they had used non-approved software. Even 83% of IT workers were using non-vetted Software as a Service (SaaS) applications. So, what’s the big deal? We’ll cover that next.

The Potential Pitfalls with Shadow IT

First, if your business is in a regulated industry, Shadow IT could put you at risk of noncompliance. That unsanctioned device may not be encrypted. Sharing business data over a personal email would be a big no-no in a healthcare or banking space. Shadow IT certainly undermines audit accountability.

It can also drive up IT costs. Say accounting doesn’t know that the business has already paid to use certain software. So, they pay for it again out of their own budget.

If IT is unaware of the Shadow applications or devices, they can’t manage the vulnerabilities. The business doesn’t know customer data or personal identification information about employees is at risk.

And there is greater threat of a data breach or ransomware attack. Employees downloading a third-party app could inadvertently give a hacker access to your network.

Additionally, the business risks losing productivity. The work someone does on a shadow app, for example, could be lost to the company if that employee moves on. IT wouldn’t have access to that account to retrieve the information or files. They don’t even know it is out there on that unknown app or device.

Shine a Light on Shadow IT

Because this IT lingers in the shadows, it can be challenging to coral. Still, there are several steps you can take.

Educate employees about cyber policies.

Create and communicate acceptable use guidelines, and make sure your workers know what your policies are regarding:

  • SaaS downloads;
  • use of personal devices (e.g. mobile phones, laptops, USB flash drives, portable data storage devices);
  • emailing from personal accounts or using messaging apps;
  • online document sharing;
  • online voice or meeting technology.

Establish clear information classifications distinguishing between public, private, and confidential data. This can help employees recognize they are putting important data at risk when they disregard use policies.

Do a dive to discover Shadow IT.

IT needs to get to know what technology is in use at the business (both on- and off-site). This is more challenging now with people working from home due to COVID-19. Still, a survey of employees and their devices can help gather information about unknowns.

Determine the value of IT discovered.

Don’t overreact. You don’t want to necessarily ban all Shadow IT that you discover. Some of the services could have value. Vet the applications or devices found or reported. Review their connection to private or confidential data or essential network systems. If several employees use an unsanctioned app, you may want to invest in it. With a professional version, your IT team can safely manage the app.

Deliver the IT your people need.

Why are people circumventing your IT policies? Are they are under pressure? Are they are looking to meet an unmet need? Are they are more comfortable with a familiar app or device? It’s important to understand what the employee is aiming to accomplish or why they’ve turned to shadow IT. This can help you identify IT needs and areas where you need to improve.

Shadow IT is data or applications that are outside your business protection. IT can only watch what it knows about. Shadow IT is unsafe and unpredictable.

What You Need to Know about Web App Security

by

There’s an app for that! Even for business purposes, you can bet this is the case. Yet a small business may be using online applications without understanding the risks. Here’s help.

Most businesses no longer have all their technology and software solutions on-site. The old cybersecurity perimeter around the IT premises is no longer going to be enough, not with so many applications available to you online and in the cloud.

Think of it this way: a firewall perimeter is like a moat around your business castle. No one could get in without crossing the drawbridge. That worked well before to secure your locally hosted server and desktop computers. Now, though, companies are relying more on cloud vendors and Software as a Service (SaaS), which means hackers could get in without using the drawbridge or crossing the moat. It’s like an alien invasion: cybercriminals teleport in without you even knowing it.

This is a big challenge for cybersecurity. Web apps are different from what you host in your secure company environment. Information is transmitted online. The solution itself is often hosted in the public cloud.

The big breaches so far of 2021 are examples of this threat:

In Ubiquiti’s cloud service for networking equipment and IoT device vendors, a data breach risked untold numbers of usernames, emails, phone numbers, and passwords.

A Microsoft Exchange server breach left more than 30,000 American companies scrambling. The computer giant had to hurry to patch an exploit believed to have originated in China.

An exploit of SolarWinds’s network management platform, Orion, is attributed to Russia. The breach targeted the U.S. Secretary of State and the government departments of Homeland Security and Commerce, plus the Treasury. Microsoft, Intel, Cisco, and Deloitte were also affected.

How to Amp Up Your Web App Security

Step 1: Inventory Your Web Apps

You need to know what you are using to fortify your defenses. This can also mean surveying employees about their use of unauthorized apps (known as Shadow IT). They likely mean no harm, but by downloading third-party apps IT doesn’t know about, they put your protection at risk.

The size or type of Web app doesn’t matter. IT needs to know every application the company and its employees are using.

Step 2: Enhance Security Measures

Turn on multi-factor authentication (MFA). Two-factor authentication (2FA) or similar provides an added barrier for the bad actor. Done right, you can cut the user experience friction and stymy the cybercriminal.

Step 3: Backup Your Data

If the worst does happen, you want immediate access to a backup of your important systems, as it can reduce your downtime. A current backup can also reduce the risk of your having to give in to a ransomware demand.

With cloud-based apps, business owners forget to backup data that was generated in the cloud. You will either want a third-party service to back up the data on your cloud services or to download a copy to a local computer.

Step 4: Track Third-Party Vendor and Cybersecurity News

With the inventory you completed in step 1, you’ll know what apps to follow. You might set an alert for announcements about those brands and “breach.” Also, make sure that your contact information with the third-party vendor is current. That way, you are sure to get any notifications they might make. Plus, immediately install any patches and security updates they provide.

Working with an IT company can help you beef up your security measures. Consider us the brave knights on the barricades helping to keep an eye out for attackers. A managed service provider can inventory your apps and make sure you are working safely. Contact us today at (515)422-1995.

How to Protect Your Proprietary Information

by

Proprietary information makes your business special, whether you’re a tech startup with a smart algorithm or a food manufacturer with a secret sauce. Regardless of industry, business gains a competitive advantage from distinct practices or unique data. The last thing you want is someone with ill intent getting their hands on your differentiators. Here’s how to protect your proprietary information.

We all know cybercriminals are trying to gain unauthorized access to your computers. Most attention is on hackers stealing personal data, or malware attacks that render computers useless unless a ransom is paid. Other prime reasons bad actors seek out technology vulnerabilities are for corporate espionage or to make a buck selling your proprietary information to the highest bidder.

Trade secrets, business strategies, or product designs could all be at risk. The very future of your business could be at stake if you don’t control and protect your proprietary data. These strategies can help.

#1 Limit Access on a Need-to-Know Basis

It sounds very cloak and dagger: “you don’t have clearance for that.” Still, limiting access based on roles builds a stronger perimeter around proprietary data.

The front receptionist doesn’t need the same level of access to technology or data as the founder. Keep accountants and product development team members on their own systems, too.

This cuts the risk of inadvertent exposure or insider threat, plus, it contains possible damage. If one person’s access credentials are compromised, a hacker will only get so far.

#2 Educate and Audit

Check your control over proprietary data, and regularly audit what critical information you have and who has access to that data.

Also, vet employees to prevent bad actors from getting inside your security perimeter. Ongoing education can also help, as it will keep best practices top of mind with your employees.

#3 Limit Personal Device Usage

Many employees have powerful computers they can’t live without, or they may prefer to use their smartphones, laptops, or tablets. If you’re going to allow Bring Your Own Device (BYOD), you need to establish strict guidelines.

The business should:

  • ask employees to register any personal devices used for work;
  • segregate personal devices from the business network;
  • install remote monitoring to allow you to audit device access and ensure best practices;
  • require up-to-date software and vulnerability patching;
  • create a separate, encrypted drive on those personal devices for work data.

Also, ban the installation of hardware or software on office computers without involving IT. This can avoid someone downloading and installing a program that provides third-party access. The employee or department didn’t mean to cause a security breach, but you want to be safe.

#4 Protect Multifunction Devices, Too

Even with businesses doing more in the cloud, we still use printers, scanners, and copiers. Any of these could have internal storage that stores the data your users send to them. These devices are also attached to your network, and you may never have even changed the default password from the manufacturer.

Shore up security. Give these devices their own network separate from the main system.

#5 Destroy Any Hardware Properly

When you upgrade to new hardware, what do you do with the old technology? In many instances, it will sit unattended in a closet somewhere, or get boxed up and sent to an auctioneer without first clearing the hard drive. Work with a certified data destruction company. They can wipe your technology clean before resale or destroy them effectively.

Plus, keep in mind that paper remains a threat, too. Your employees need to be aware that a messy desk can mean documents go missing or get mixed up, and it is that much easier for a visitor to see and take an important document.

The ways to handle your proprietary information will evolve. Control and protection are key. Our IT experts can help you keep up with the threats and cut your risks. Contact us today at (515)422-1995 about securing your business’s lifeblood information.

The Value of Virtual Machines for Your Business

by

You invest a lot of time researching the best technology for your business. Your Apple computers work well for your needs, plus, the sleek desktops look great in client-visible locations. Yet occasionally, something comes up that you can’t do on an iMac. It doesn’t work on the Mac operating systems (OSs); only on Windows. That’s where a virtual machine can come in handy.

Perhaps you invested in your Mac technology before finding out about this industry-specific software you need to run. You’re not about to buy new computers for every user in your office.

You know that running Windows XP can be more dangerous. After all, there are many more cybercriminals savvy with Microsoft products. The payoff is much bigger for a bad actor who can find a vulnerability in Windows, as there are so many more users.

The answer, then, is to give your users access to a virtual machine. This lets you run that piece of software that only works on Windows, without starting from square one.

What is a virtual machine (VM)? VM software emulates your computer. It allows you to install an operating system, such as Windows 10, on your Mac. The software maps computer processing, memory, storage, and other components to run properly. Then, the virtual OS (or guest OS) acts as if it’s running on a real system. Yet for your purposes, it’s more of an app on your host OS. You open the software, make it full screen, and your computer looks and feels as if it has Windows installed.

One advantage of the virtual machine approach? You need only the software that you use on occasion and the VM software. You don’t have to get more hardware to accommodate that one Windows-centric tool. You can simply click into the software and do what you need to do. Then, when you’re done, you minimize that screen or close the application, and you’re back in Mac world.

Virtual Machines Not Just for Mac Users

Any computer use can also benefit from VM software. Maybe you’ve been a Mac loyalist but want to try Linux? You can install the OS virtually to check it out. Or perhaps you’re developing software and need to test your offering on other operating systems. The virtual OS helps there, too.

Overlapping the VM on top of the existing operating system can also provide peace of mind. If you have legacy software on an old Windows operating system, you continue to use it safely. Instead of connecting a computer with outdated (and unsupported) software to the internet, you can keep it separate, offline.

A virtual machine also offers a way to browse the internet without the risk of compromising the host OS. The original files and data are separate and won’t be at risk of compromise, theft, encryption, or ransomware.

Businesses can also benefit from a VM when they want to clone an existing system. Make a snapshot of the old computer and run it in on a VM on a new machine. This keeps the business running as usual when you’ve lost a software installer or need specific settings. Or use the VM when you want to move the guest OS to a new host computer.

The VM snapshot can also provide you with a backup of the old settings and legacy systems that you can always go back to. Worried about running an antivirus update or installing a new app? Use the virtual machine software to create a snapshot of your current machine’s state. Then, you can quickly restore it if the worst happens.

Real Help with Virtual Machines

Virtual machines offer real benefits. Our IT experts can help you setup an operating system within your VM. We can also connect the software to printers or the network as needed, securely. Contact us today at (515)422-1995!

It’s Who You Know: Verifying Identity at Law Firms

by

Trusting identity is foundational to a law firm's work. In a law office, the documents going back and forth contain sensitive information, and contracts, negotiations, or transactions can't be shared with the wrong parties. The industry needs to be cautious about validating identities.

Legal service providers need to achieve compliance and protect clients and their assets. Techniques are changing as lawyers move from in-person conferences to digital document exchange. This article examines four digital-age areas in which lawyers need to validate identity.

#1 Phishing Scams

Phishing is always a risk, no matter the industry. Paralegals, associates, and lawyers risk inadvertently clicking on malware, especially as this field relies heavily on attached documents going back and forth.

A cybercriminal criminal might steal money copying a vendor's invoices. Everything looks the same, but payment details put the dollars in the crook's bank account. Or they will send an “urgent” message containing a link that goes to a Web page that looks credible. It might seem to be from a bank or the government, but one character in the URL is different. Those who don't notice the difference will enter sensitive account details into a form that goes to the bad guy.

Verification tip: Firm-wide filters can check for malicious attachments before they reach people. Educate employees about always verifying the URL before clicking on a link. Hovering over the highlighted text will show the address where a click will take the user.

#2 Business Communication Email Scams

Business communication emails scams also often target law firms. In one example, Jared Kushner's lawyer exchanged emails with someone imitating the ex-White House aide. Emails from kushner.jared@mail.com prompted the lawyer to share newsworthy information.

Verification tip: At the beginning of an engagement, verify the client's private, secure email address. Always confirm that the sender's email address is the same as you have on file before responding.

#3 Outgoing Email

Email automation can also lead to problems. The associate allows Outlook to auto-populate the recipient's email address from the address book. Too busy typing a quick note, he doesn't confirm that he's sending it to the right person. But Smith, John is a divorce attorney and Smithson, John is a client at a dental firm. They should not be getting each other's filings!

The law firm Wilmer, Cutler, Pickering, Hale, and Dorr sent files detailing a history of whistleblower claims at PepsiCo to the wrong person, a Wall Street Journal reporter. So much for client privilege.

Verification tip: Check and double-check your email address list. Set up your firm's email program to disallow any auto-populating of email addresses.

#4 Multi-Factor Authentication

One other area where you want to verify identity is when staff access your systems and software. Relying on username and password credentials only isn't strict enough. Humans make mistakes. They share information that makes their access credentials easy to guess. Your people may not pick complicated passwords or change their access credentials. Data breaches can put professional accounts at risk when people reuse passwords.

Verification tip: Adding multi-factor authentication makes it more difficult for the cybercriminal. Even two-factor authentication adds another important level of security. Having the access credentials alone isn't enough. The hacker also needs to get their hands on the personal device where the authentication code is sent.

Need help establishing robust digital practices to confirm client and employee identities? A managed service provider can help. Our IT experts can review risks and suggest simple, affordable solutions. Improve your identity experience. Contact us today at (515)422-1995!

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy