Tuesday, September 27, 2022
Monday, September 26, 2022
Tuesday, September 20, 2022
Monday, September 19, 2022
Tuesday, September 13, 2022
Monday, September 12, 2022
Thursday, September 8, 2022
There are two types of people…which one are you?
- The frustrated, constant updater: You find yourself having to constantly click on “Forgot My Password” and verify your account, check your texts, scan a finger (give a pint of blood…maybe not that one) so you can reset your password. And it’s probably a brand-new one because you can’t use one you’ve used before, so this situation will happen again and again and again.
- The weary optimist: You use the same password for every site, even though you know you shouldn’t because you’re tired of dealing with the above situation. This makes it SUPER-easy for hackers because chances are your password is available for sale on the dark web right now. But…you HOPE this doesn’t happen to you or you think you’re too small to worry about this because they only care about the “big fish.”
If you’re Person Type 2, it’s only a matter of time before you’re hacked, and it doesn’t end with you but can affect any business computers you use that lead to access of client, customer or patient records, and the results can be a total disaster.
But there’s a simple solution. A password manager.
A password manager is like a digital vault. Your passwords, addresses, payment info and logins are encrypted in the software. You will have one master password you use to “unlock the vault.” If the password manager gets breached, your data is not at stake because your master password is either stored on a server and encrypted or it’s stored locally on your computer.
What’s the difference between using a password manager and one that’s included on your web browser, such as storing that information in Chrome or Safari? The biggest difference is that browser storage cannot be shared with others. For those who work in an office and need to collaborate with teammates, most password managers let you encrypt the data to pass along if someone else needs to access a site. If you have data stored on your browser and then, for instance, decide to make a purchase through the Instagram app, that credit card data will not pass through since it’s outside the browser.
Tuesday, September 6, 2022
Monday, September 5, 2022
Tuesday, August 30, 2022
Monday, August 29, 2022
Tuesday, August 23, 2022
Monday, August 22, 2022
Monday, August 15, 2022
How can we help you be more proactive about identity & access management? Reply if you'd like one of our experts to reach out to discuss your goals and the solutions we offer to address them — including @Microsoft Entra.
Tuesday, August 9, 2022
Monday, August 8, 2022
Tuesday, August 2, 2022
Monday, August 1, 2022
Tuesday, July 26, 2022
Monday, July 25, 2022
Tuesday, July 19, 2022
We love to celebrate 👏our customers' successes. RT to share yours. Reach out to a @Microsoft #Azure Arc expert at NetWerks Strategic Services, LLC for next steps.
Have you considered #Azure Arc? RT if you're interested in learning more. A provider of Microsoft Security solutions, the experts at NetWerks Strategic Services, LLC can give you a one-on-one walkthrough.
Monday, July 18, 2022
Tuesday, July 12, 2022
We're here to make technology accessible to all. RT if you think that's worth celebrating.👏 #MicrosoftTeams #Azure
Monday, July 11, 2022
Tuesday, July 5, 2022
How can NetWerks Strategic Services, LLC help you plan a smooth, successful migration? Contact us to book a meeting with one of our @MSFTDynamics365 experts. #Dynamics365 #cloud
Monday, July 4, 2022
Tuesday, June 28, 2022
Monday, June 27, 2022
Your first line of defense against cyberthreat is a good security posture. How often do you assess yours? 🤔 Reply to have an @msftsecurity expert from NetWerks Strategic Services, LLC reach out about an assessment. #BeFearless
Tuesday, June 21, 2022
Monday, June 20, 2022
How can NetWerks Strategic Services, LLC help your company address its cybersecurity concerns? Get in touch with one of our @msftsecurity solutions experts for a free consultation. #MicrosoftSecurity @msftsecurity
Tuesday, June 14, 2022
What results can you gain by migrating @Microsoft Dynamics to the cloud? Contact us for an assessment. #MSDyn365
Monday, June 13, 2022
Wednesday, June 8, 2022
Tuesday, June 7, 2022
What is your approach to evaluating ERP solutions? Contact us to set up a meeting with a @MSFTDynamics365 expert from NetWerks Strategic Services, LLC. #MSDyn365
Monday, June 6, 2022
Wednesday, April 6, 2022
You’ve been hijacked!Has it ever happened to you that you opened the web browser on your PC and it looked a bit off? Then you perhaps did a Google search for something or tried to access your email only to have a dozen ads popping up or to be redirected to some other URL. Well, it means your web browser was hijacked. Browser hijacking is one of the most common cyber crimes out there today.
What is browser hijacking?Browser hijacking is when a malware enters your system and takes control of your browser. It then makes changes to your browser settings and while it seems innocuous, the consequences can be serious. Your browser is the gateway to the internet. By hijacking your browser, the malware will be able to steal your data including private information, log-in credentials and more.
How does a browser hijacker gain access to your system?Browser hijacking malwares can enter your system in various ways. Generally, they gain an entry when you click on a malicious link or accidentally download the malware onto your computer.
How to determine if your browser has been hijacked?When your browser is hijacked, you will notice that most probably, your homepage setting would’ve changed. Your default search engine may have been changed too, and when you click on links, multiple, unrelated pages will open up. You will also notice that you are bombarded with pop-up ads and are barely able to navigate the web. You may also find new add-ons or toolbars installed on your browser automatically.
Safeguarding against Browser HijackingInstalling a good anti-malware software program is one way to protect your browser from being hijacked. Firewalls can also help, as they will restrict access to suspicious sites. Apart from installing firewalls and anti-malware, you also need to follow basic cybersecurity best practices such as not opening suspicious emails, not downloading attachments without scanning them with the antivirus software on your computer, not installing any software program unless you are 100% sure of its authenticity and also, by being vigilant when it comes to links in emails or the web, in general. Remember, a simple browser hijacking seems more like a nuisance than a big threat to your data security, but it could turn out to be much more than that.
Wednesday, March 30, 2022
Your employee quit your organization. Make sure your data hasn’tWhen someone new joins your organization, how do you manage their onboarding? Chances are, you already have processes in place for everything. The employee paperwork is taken care of by the HR, the on-floor assistance and other training is probably provided by a senior team member or the training and development team, and your IT team or MSP handles their IT/computer setup. But, what happens when they are leaving the organization. Is your off-boarding process just as meticulous?
Businesses pay a lot of attention to data safety and security when employees are handling their data, but often overlook the same when it comes to outgoing employees. But, outgoing employees can be a threat to your organization’s data security.You never know when a disgruntled employee may actually go out of their way to intentionally harm your business by stealing (and later misusing or selling) or destroying your data. Even if an employee is parting ways with your company on good terms, and you trust them, there’s still a need to ensure your data security is not compromised at the time of their off-boarding. Some ways to do this are
- Revoke access to any company accounts that the outgoing employee may have. This includes email addresses, applications and software used for work purposes, server, shared drives/folders etc. You can revoke access, restrict access to their user ID or delete their account.
- Change any shared passwords
- Inform vendors and other organizations that they have been dealing with on your company’s behalf, that they will no longer be working with you, so they shouldn’t be entertaining any requests for data or access, and also let them know of the person who will be taking over their role
- Take charge of their computer and other devices and perform an audit to ensure there has been no unauthorized data sharing or transfer
- Ensure they are not leaving the premises with any hardware such as pen drives that may contain sensitive information
- Monitor your IT network for any unusual activity
Wednesday, March 23, 2022
VPN 101: Remote access and safetyAs we know, the Coronavirus pandemic has brought about a paradigm shift in the way businesses function. Home is now, ‘The Office’. With WFH taking root, companies and employees alike are experiencing so many benefits that it looks like it is here to stay. This has given a boost to various technologies that enable businesses to operate smoothly in the WFH environment. Examples include video conferencing applications such as Zoom, Microsoft Teams, Google Meet, Cloud data storage options, VoIP, etc., In this blog, we discuss one such technology, Virtual Private Networks, more commonly known as VPN.
A VPN or virtual private network is a mechanism to connect to private IT networks using the internet. This gives you the ability to access private networks remotely, yet safely. Thus VPNs play a key role in the remote operations model. Using remote access VPN, employees can access their ‘work computers’ using the remote desktop mechanism. Plus, using VPNs to access data adds an additional layer of security. Here’s how-
- VPNs don’t allow third parties to track the user’s IP, location from which they are accessing or their online activity
- Unlike the regular browsers, VPNs don’t store browsing history, recent activity logs, log-in credentials, etc.,
- If there is a glitch in the secure connection offered by the VPN, the connection is automatically cut instantly, instead of allowing the user to browse unsafely
A word of caution, though. There are many VPN services available in the market, and a lot of free ones too. While some are genuine, there have been cases where cyber criminals have masked a malware to seem like a VPN application and used it to steal sensitive information. So, make sure you do your research before downloading a ‘Free VPN’ application for personal use. If you are a business owner, then you should absolutely opt for a paid, trusted VPN service. Your MSP will be able to recommend one that’s right for you.
Wednesday, March 16, 2022
System & software updates: Why you shouldn’t be skipping them for laterWe all know how annoying it can be when you get a pop-up asking if you’d like to update it or worse still, your system starts to update itself. The general tendency is to put it off until the next time you log onto your device, when you put it off again. We have all experienced it at some point or another, when we are on that important call or have to reply to an urgent email and decide a system update is just not worth the time. But, did you know that it is important to update your computer’s operating system in a timely manner? And that’s not just for your computer, the same applies to your mobile phones, iPads and other tablets too. In fact, there are updates for various software programs and apps that should be installed too.
System and application vendors such as Microsoft, Apple, Adobe, etc., release security updates and patches almost every month, and sometimes, several times during a month.
What are the benefits of installing these patches/system updates?Safety and security of your data
Cybercriminals are constantly on the lookout to exploit any weakness that software programs may have, to gain entry into your IT network or system. Vendors, on the other hand, have teams that are constantly on the lookout for such weaknesses and work on developing security patches that plug these gaps, so your device/network remains safe and secure. Skipping system/software updates can make you vulnerable to cyber attacks and compromise on the safety and security of your data.
Ensures your device is working at its best
Apart from the security patches, there may also be bug-fixes and enhancements that may be released as a part of the software/system update. Not installing bug-fixes and enhancements means your device won’t be performing at its optimal level and may crash or slow things down. It may also result in compatibility issues when it comes to other programs or applications.
As a business it can be difficult to keep up with software updates, security patches and upgrades, and implement it across your entire organization. Having a service level agreement with an MSP will ensure that all your business devices are updated, patched and secure.
Wednesday, March 9, 2022
A “Free” Covid Vaccine can give you a virus (and infect your IT network)With the pandemic still raging in most parts of the world, cybercriminals have come up with yet another novel technique to lure unsuspecting victims and steal their data--the free Covid-19Vaccine scam. This is how it typically works.
You get an email or a text message that says you are eligible to receive the vaccine for Covid-19 free of cost. The message will have a link which will take you to a form, where you may be asked for your personal information. Once you fill that in and hit submit, cybercriminals have access to your PII (Personally identifiable information) and can virtually wreck havoc now.
There have been some variations of this message, one being a rebate offer, where you are asked to “book” or “preorder” your vaccine by paying for it online, with a promise of credit/rebate/refund in a week. Not only will your card be charged for the “cost of the vaccine”, your card details may also be stolen using secret key loggers, and the damage to your credit may be much more than the amount you were actually billed for.
Why should you be wary of this, as a business?So, if the scam seems to target individuals, why is it important for businesses to be aware of this? Well, for the simple reason that you need to alert your employees to this. With the pandemic having almost completely changed the typical office set up and more and more people working remotely, using their own devices for work purposes, there’s a chance that an employee who falls for the vaccine scam may end up compromising your company’s data unknowingly. If a cybercriminal gets access to their device, chances are high that they will most likely have a gateway to your IT network and subsequently, your data.
What can you do?Data safety is not just about getting the best antivirus software, it is also about people who have access to your data. Apart from installing anti-malware software programs and firewalls, educate your employees about the COVID-19 vaccine scams that are in play. Help them identify phishing scams and conduct mock drills and tests to assess their understanding of the concept.
No time to do all this by yourself? NetWerks Strategic Services, LLC is an experienced Managed service provider with extensive experience in cybersecurity. We can help you keep your data safe by deploying the latest technology and also by training your employees to identify hacking and phishing attempts BEFORE they become a victim.
Wednesday, March 2, 2022
Cyber Security training basics: Password best practices & phishing identificationAs a business you know the importance of ensuring that your data is safe from the prying eyes of cyber criminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cyber criminals. This blog offers a list of what you should cover in cybersecurity awareness training.
Password best practicesThis should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know
- Not to share passwords
- How to share passwords safely (if at all it has to be done)
- How to set strong passwords
- The importance of changing passwords often
- Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it
PhishingTrain your employees to identify phishing attempts. Phishing is when cyber criminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with malware. Though anti-malware software programs generally identify such communication and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is very important, because even a single email that slips through the crack can result in a huge disaster.
Remember this is not a one-time thing. Cybercriminals are always at work devising new strategies to steal your data. You need to train new employees as they join your organization and update your existing employees with any new cybercrime modus operandi. You can offload this task to an experienced managed service provider who specializes in cyber security. Being a part of the industry, they would generally be up-to-date with the latest risks and advise you and your team accordingly.
Wednesday, February 23, 2022
What does cyber insurance typically cover?Pandemic or no pandemic--cyber insurance is a must-have. And, not just that, some of your clients may insist that you have cyber insurance coverage before they trust you with their data--especially if you are operating in the B2B market. Cyber insurance can break the fall in case you become the victim of a cyber attack or some gross malfunction that causes data loss. Here’s a list of things cyber insurance policies typically cover.
Forensic analysisAfter a cybersecurity attack, you need to conduct a root cause analysis to identify what went wrong and where, so you can take corrective action to prevent the possibility of it repeating.
Notification expenses, penalties & lawsuitsAlong with data breaches come a lot of liabilities including timely notification, fines, penalties, and perhaps even lawsuits for which you will need legal representation.
Revenue loss--direct and indirectIf your business is a victim of cybercrime, you will likely have to shut down your IT infrastructure for some time even as the issue is being resolved or contained. This downtime can cost you quite a bit in terms of lost sales and also employee productivity. Not to mention the damage to your business’s brand name which will have some effect on your sales revenue for at least a few months to come--and add to that the costs of employing a good PR agency to create some positive buzz around your brand to overcome the bitter taste left by the data breach incident.
Apart from the items covered above, which is more like a consequence of data loss, there are two big risks that cyber insurance policy can protect you against--cyber extortion and fund diversion.
Cyber extortionRemember the WannaCry Ransomware incident that happened in 2017? Cybercriminals used a worm, a form of malware to infiltrate more than 200,000 target computers and freeze user’s access to the data therein. The losses caused by WannaCry are estimated to be in the range of billions of dollars. What would you do if someone held your data hostage or worse still threatened to leak it online? As a business owner, you have no choice but to pay up the ransom amount.
Fund diversionThis is another form of cyber attack, though not as obvious as cyber extortion. Fund diversion is when you or your staff accidentally end up diverting your business funds to a fraudster. For example, your accountant clicked on a phishing link that took them to a clone site of the bank where your company has its account, or they made a payment by clicking on a fraudulent email sent by a cybercriminal posing to be your vendor.
It is important to remember that cyber insurance is still NOT a replacement for cybersecurity. You cannot invest in a cyber insurance policy and not bother about putting data security measures in place. In fact, like any other insurance, cyber insurance will also have exclusions and any laxity on your part in terms of data security can cause your cover to become null and void. This is where a trusted managed services provider can be of help. An experienced MSP can help you pick the right cyber insurance policy based on your needs. They will be able to explain the exclusions clearly to you--in your terms and help you design and maintain the security mechanisms and processes necessitated by the cyber insurance policy.
Wednesday, February 16, 2022
Why does your business need cyber insurance?The WFH model makes businesses much more vulnerable and easy targets for cybercriminals. Some of the reasons include
- A lot of people accessing their work data from home networks, which lacks high-level security
- The inability of businesses to monitor the work-related IT activities of their staff and,
- The use of personal devices by employees for work purposes
- Installing anti-malware software
- Putting in firewalls to safeguard their work network
- Having clear and effective IT policies in place when operations are remote
- Providing staff with laptops or desktops to use for work purposes during the WFH phase
- Training employees to identify cyber threats and steer clear of them
- Educating employees on password hygiene and cybersecurity best practices
Cyber insurance typically covers direct and indirect costs arising from cybersecurity incidents. One malicious attachment could bring the whole IT infrastructure crashing down. And, if there’s a data breach where confidential information has been compromised, then you’d be looking at hefty compensation payouts. That is why you need cyber insurance. Cyber insurance is not something new, but it has never been so important as it is now.
Wednesday, February 9, 2022
WFH means more vulnerability to cybercrime. Here are some methods to stay safeWFH opens up whole new horizons in terms of flexibility, productivity, and cost savings. But, it also opens your business up a little more to cybercriminals, as you can’t have a hands-on approach to cybersecurity, especially if your employees are using their own devices for work. This blog discusses some mechanisms that you can use to mitigate the risks of becoming a victim of cybercrime in the WFH setup.
Multi-factor authenticationInstead of using a single password for data access, multi-factor authentication adds more layers to security. If WFH has your employees accessing their work computers remotely, then you simply cannot skip multifactor authentication. Multi-factor authentication works by confirming the identity of the user across 3 areas
- What they know: Examples include asking for User IDs, passwords, answers to ‘secret questions’, verification of their date of birth, etc.
- What they have: This includes physical tokens, access cards, OTPs sent via text or email, etc.
- Who they are: This authentication mechanism includes biometric authentication such as retina scan, fingerprint, or voice recognition.
The CloudUsing the Cloud to store your files presents a lot of advantages in the WFH environment. It certainly saves time and effort as files don’t have to be mailed back and forth, eliminates version control challenges, and ensures timely access to data. But, did you know that you can also leverage the Cloud to thwart security threats presented by the WFH scenario? The Cloud lets your employees work safely from anywhere and offers more safety than local data storage mechanisms. Any data in the Cloud is encrypted, which means it is not that easy to access confidential information as it would be when someone hacks a PC. Plus, the chances of data loss are almost zero. Unlike your employees storing work files on their computer, which can be lost or misused if their device malfunctions or is stolen or hacked into, any data put on the Cloud stays there.
Employee TrainingDid you know that lack of knowledge is one of the major reasons behind companies and individuals becoming victims of cybercrime? All it takes is one wrong click to open the floodgates, and the only way to stop that from happening is to train your employees on cybersecurity best practices. Training will not only provide them with a clear set of do’s and don’ts but also help them identify situations where they may be a possible target. Training on cybersecurity best practices can cover a wide range of topics, but here are a few that should not be missedPassword hygiene
- What does a good password look like?
- Why is password sharing an absolute no-no?
- How to identify phishing attempts?
- Why is it important to install software updates and patches on a timely basis
- Data storage best practices
- The risks associated with public WiFi such as those at malls, coffee shops, or airports
An experienced MSP can help you overcome the cybersecurity challenges propelled by the WFH scenario. They can put your mind at ease by taking care of everything--from anti-malware solutions to employee training, and beyond.
Wednesday, February 2, 2022
Data security in a WFH setupDo you have staff working from home? With the pandemic still around, the answer to that question is most likely a “Yes”. And, that makes sense too, why risk the safety of your staff when you can operate equally well or even better with them working from the safety of their homes. But, did you know that the WFH model can put your data at risk? When you have your employees work remotely, inadvertently your data is more vulnerable to cybercrimes. However, there are solutions that help ensure the WFH environment is safe--for both your employees and your data. Let’s take a look at 2 of the most recommended ones.
Anti-malware toolsAny discussion about data security has to start with anti-malware applications. These applications keep your computers safe from viruses, worms, adware, and other malware. When your employees are working remotely, they are most likely to use their own devices such as their laptops or the desktop computers at their home. Plus, with the working schedules blurring, and the trend to “be there '' 24/7 catching on, personal devices used for work include smartphones and tablets as well. It could so happen that your employee’s devices are not up-to-date on the latest anti-malware software. These software programs do not come cheap and so your employees may not have them at all or maybe using an outdated or free version of the tool, which may not be of much help. So, one of the first things you should do as a company is to provide the latest version of powerful anti-malware software to your staff to install on their devices. Again, if they are using personal devices, you may not be able to make this mandatory, but considering it safeguards their private data as well, most will happily take advantage of this offer.
FirewallsFirewalls protect your data by monitoring network traffic and allowing/blocking data exchange based on preset rules. For example, a firewall lets you dictate what websites can or cannot be accessed from a particular device, or what software programs may be installed, etc. Sounds great, doesn’t it? Using a firewall you can weed out the risk of your employees compromising your data security unwittingly by visiting unsecured places on the web. Firewalls also generate alerts for the system administrator if there’s an attempted breach. For example, someone tries to visit a site that has been firewalled. But, there’s a caveat. You can only install a firewall on company property, that is, if you are providing your employees with laptops or desktops to use for work purposes. You can’t Firewall your employee’s devices that they are using to access work files when operating from home.
As you can see, deploying data security software in a WFH environment can be tricky. Consult with an MSP who specializes in cybersecurity, data protection, recovery and backup to learn what are your options and how best to implement them.
Wednesday, January 26, 2022
The challenges in establishing data security best practices in a WFH environmentThe COVID-19 pandemic changed the landscape of the corporate world drastically by making WFH, mainstream.. What does that mean for your business data? How does it change your business’s cyber risk profile? Download our whitepaper, The WFH environment & associated data risks, a new perspective, to find out.
Restrictions on installing firewalls, antivirus, system/software updates, and security patchesWhen your employees are in the office physically and using your computers, you can install firewalls and access control mechanisms. For example, you can block non-work-related sites or sites with 3rd party cookies, or set up password policies for them to follow when using the device, etc. But, if they are working from home, and using their own devices, there’s no way you can install firewalls or have access restrictions like that in place at the system level. Similarly, you can ensure your work computers are up-to-date in terms of security patches, system updates, and software upgrades, but you can’t force an employee to install security patches or antivirus on their PC at home!
Keeping your data safe after an employee quitsWhen your employees are working from home using their own devices, how can you be sure you recovered all your data and erased them permanently from your former employee’s devices? How do you ensure they don’t have a copy of the sensitive information stored somewhere that could be misused intentionally or unintentionally cause a data breach.
Safeguarding access to your data in case of unexpected events such a device theft or breakdownIf your employee is using their personal device for work and it gets stolen, how do you handle the data loss and any data compromise that could possibly follow. Similarly, if something goes wrong with their device, how do you ensure your data is not lost and your work is not stalled? Also, if the device goes into repair, how can you be sure of the security of your data then?
Challenges brought on by device sharingIf your employees are using their own devices for work purposes, you can’t stop them from sharing their devices with friends and family. But, device sharing can put your data at risk of being stolen.
Remember WFH is not necessarily just WFHWhen we use the term, WFH, the first image that comes to mind is of a person sitting in their living room or home office desk and working on a laptop. But, remember that’s not necessarily true. When you follow the WFH model, it enables your employees to work from anywhere! The recent ‘workation’ (work+vacation) trend that’s catching on quickly is a testimonial to this fact. For all you know, your employee may be working from the Starbucks two states away, or they may be at the airport sending that last report in before they take off for a vacation, or they may dial into that important meeting from the resort they are staying at--all instances where they may be using public Wi-Fi networks, compounding the risk to your data from cybercriminals
Let’s face it! The WFH environment coupled with the BYOD (Bring-your-own-device) makes organizations much more vulnerable to cybersecurity threats than the traditional office setup. However, that doesn’t mean there’s no solution. As a company, you can still put various mechanisms in place to ensure the safety and security of your data. You should also train your employees on how to safeguard themselves and your data from cybercriminals. A managed service provider (MSP) specializing in cybersecurity, data back, and recovery can help you with both of these. They would know what tools you can use to keep your data secure even in the WFH scenario and they will also be able to train your employees on the common mistakes that people make unwittingly which often leads to major data breaches.
Wednesday, January 19, 2022
WFH is here to stay. Are you ready?The COVID-19 pandemic brought about tremendous, unimaginable changes across the world. Lockdown, shelter-in-place orders, ban on gatherings for safety purposes and national and international travel restrictions meant the world, and businesses couldn’t function as they were doing in the pre-pandemic times. Tradeshows went online, meetings happened from the couch in the living room, company parties meant saying cheers and sharing a glass of wine over a Zoom call with your video turned on. The transition to this work-from-home (WFH) culture on such a large scale and at this level was unforeseen, but it has happened nevertheless. While initially there were talks of this transition being short-lived and people resuming ‘normal’ lives in a couple of weeks, now it is clear that this trend is here to stay. Organizations and employees alike are seeing the numerous benefits of working from home.
From the company perspective,three big benefits stand out: they include saving significantly on real estate expenses--with staff working from home they don’t have to spend as much on renting office space, an increase in productivity and a drop in absenteeism and employee turnover.
From the workforce perspective, a lot of people are happier working from home as it helps cut the travel time to work and also supports better work/life balance. There’s a lot of flexibility, which is appreciated by employees with children or elderly parents who require caregiving.
In light of these benefits for both parties, it is highly unlikely that we will ever go back to the traditional office setup. What is more likely to take shape is a mixed environment where employees are mostly operating remotely and perhaps stepping into the office once in a while for catch-up sessions. As homes expand to accommodate office space, traditional office spaces will shrink to include probably just a conference room for in-person meetings. While this makes perfect sense, there’s something here that you can’t ignore- Data security. WFH may keep your staff safe during the pandemic, but it may put your data at risk and jeopardize your data security *if* you don’t take the right precautions. Why? Because WFH often involves employees using their own devices for work purposes and that blurs a lot of boundaries. It also raises several questions from the data security perspective which makes it imperative that you have mechanisms in place to mitigate possible data loss, leaks, or misuse before you allow employees to use their own devices for work purposes.
In light of these challenges, it makes sense to sign up for a service level agreement with a managed services provider, an MSP who specializes in data security, recovery, backup and cybersecurity, They will help you put security mechanisms, prepare IT policies to define the boundaries and regulations when your staff is operating from home and also train your staff in IT best practices and to identify malware infiltration attempts.
Wednesday, January 12, 2022
How the Coronavirus crisis is the gateway to the other kind of virusTo say the COVID-19 pandemic gave the whole world a tough time would be an understatement. Economies collapsed, joblessness rose, people lost their loved ones and livelihoods to the disease. Adding to this situation was the need for social distancing and self-isolation which took a toll on mental health of millions across the world. 10 months into the pandemic or perhaps even before, people started growing tired of it and just when it seemed like humankind will give up collectively, there was a light at the end of the tunnel--Vaccines.
While the news of the first vaccine being approved and then administered in December 2020, was a huge victory for humankind and rightly welcomed with claps and cheers, cybercriminals were cheering too. For cybercriminals, this was a great opportunity to exploit the eager, mentally fatigued and vulnerable populace. Emails were sent with phishing links disguised as genuine which urged the recipients to fill a form to access their vaccination schedule and vaccine information. Some emails were made to look like it came from the FDA, United States CDC or the NHS (UK). Some had attachments that required recipients to download them and run exe (executable) files that planted malware into their systems. “E-commerce” sites were created overnight on the dark web and enticed people into ‘placing orders for vaccines’ at $250 each, in the ‘Black market’.
The point is, this is not the first organized cybercrime modus operandi and certainly won’t be the last. So, how do you protect yourself? Here are a couple of tips.
- Do not download or open attachments or click on links from unknown, unverified sources or a source that you don’t trust.
- Sometimes, the email or message may seem to be from someone you trust, but their account may have been compromised and used to send out the malicious link or attachment to you. Or, there may be a slight variation in the email ID (spelling), so while you get the impression it is a genuine email, the reality is different.
- If something doesn’t add up, or if it doesn’t feel like the message was in fact written by the person you know, either ignore or call and verify if they did indeed send it to you.
- Install firewalls that have the capability to identify and block dangerous sites, so you will be alerted of possible security threats and inadvertent clicks won’t take you to dubious clone sites
- Make sure your antivirus software is up-to-date
Wednesday, January 5, 2022
Your employee’ social media account was hacked. How does it affect you?Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why. Social media accounts hold A LOT of personal information including name, email ID, date of birth, place of birth, place of work (your business!) high school attended, names of family, friends and pets, anniversaries, and more...which means, they are basically gold mines of Personally Identifiable Data (PII). Plus, if you play games and have your credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. All of this data can then be used to hack into other accounts of the user, including financials. So, hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.
But, how does it matter to you, as a business? If your employee’s personal social media account is hacked, it shouldn’t affect you, as a company, right? Wrong...here’s how it can affect you.
- If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may be having clients who follow your business account on social media. The whole situation can result in a lot of damage to your business and brand reputation and also result in penalties and possible lawsuits.
- Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PII to try and pry open a small entryway into your IT network.
- Training your staff on social media and cybersecurity best practices including advanced privacy and permission settings for social media accounts
- Ensuring your employees are able to identify and steer clear of phishing and social media frauds
- Helping your employees understand the importance of practicing good password hygiene across all their online accounts--social, work or personal.
- Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
- Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime