Find the latest news and information here.
What We Can Learn from the Robinhood Breach
By: Jerry Horton, Technology Director
Earlier this month, an estimated 2,000 people who use the popular Robinhood stock-trading app had their accounts hacked and looted. Hackers infiltrated trading information, trading account numbers, and bank account numbers.
A New York college student who uses the app said it took just minutes for $4,020 to disappear from his bank account. Another victim in Chicago said she woke up to alerts that her investments were being sold and discovered she was locked out of her account.
Robinhood claims the attack did not stem from a breach of their systems, but was due to compromised email accounts. Because the FTC and SEC will likely weigh in, we don’t have all the details on this breach just yet. We do know that Robinhood is advising clients to step up their account security. Let’s take a look at how each of us should be securing all of our digital accounts to protect ourselves from a cyber-attack.
Improve Your Cyber Hygiene
Cyber hygiene refers to steps taken to improve cybersecurity and prevent common threats. Here are a few of those key steps that will help strengthen your defenses online.
- Password Discipline
- The average online user has somewhere in the vicinity of 130 digital identities. I’d be willing to bet you aren’t using a unique password for each one. When it comes to passwords, length is far more important than complexity. So, to follow this rule and remember your passwords, use a passphrase (i.e. I’m dreaming of a white Christmas). This is easy for you to remember and difficult for others to figure out. From a password cracking ability, brute-forcing is almost impossible. (A brute force attack is when a hacker submits many passwords or phrases, hoping to eventually guess correctly. The longer the password, the more combinations they need to test to guess correctly. More than 15 characters is virtually impossible to guess.)
- To make things even more difficult for them, don’t use the same username (especially email) for every account. This is true for business and personal accounts.
- Pro Tip: Password managers can randomize passwords for your accounts. In addition, if you pay for a good one, you can set up a rescue account, which allows a person of your choosing to have your passwords in case something were to happen to you.
- Turn on multi-factor authentication (MFA)
- When you have the option, turn it on. In fact, as part of their efforts to encourage clients to step up account security, Robinhood is suggesting all users now turn on multi-factor authentication. MFA considers 2 or more of 4 factors: something you have (i.e. a token: one-time password, authentication app push notification, etc.); something you know (password); something you are (i.e. thumbprint, facial recognition, retina scan); or somewhere you are (geolocation).
- Pro Tip: When it comes to using a token for multi-factor authentication, using an app that sends you push notifications for approval authentication is more secure than using a one-time password.
- Keep track of your records, especially when it comes to finances
- Look at transaction logs. Check your credit report occasionally. Check your email on a regular basis for unusual traffic. Make sure that if you have signed up for something you’re not using anymore, you disable or delete that account. In order to be successful as an identity thief, the cybercriminal only needs one entry point. Do not leave any “entry points” hanging out in the cyber world unmonitored.
- Even if you take all these steps and sew everything you have up tightly, that doesn’t mean someone can’t come in through a backdoor and wreck your account. It happens. But, taking all the precautions you can will help minimize your odds of becoming a victim, and help minimize the damage if you do become one.
- Cyber breaches have become a real problem as we have moved toward software–as–a–service and cloud-based services. Most of it is due to people not turning on two-factor authentication. When you realize what bad people can do with information that you have unintentionally left out there to be found, they can wreck your business, drain your bank account, file for loans as you… the possibilities are literally endless. Yes, companies have a responsibility to secure their systems, but we as consumers have a responsibility to track and secure our information.
Your Business Will Be Hacked – Part 1
Part One of a three-part series on Best Practices for Keeping Company Data Secure
By: Jerry Horton, IT Director
“One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation.”
―Stephane Nappo, Global Head of Information Security, Société Générale
Over the last several years, I have written many blogs, presentations, and articles regarding cybersecurity. In each of them, I have stressed that modern businesses live or die based on the digital records we keep and that cybercriminals really are out to get you, one way or another. As you can see from the above quote, cybersecurity is still the topic and I very much agree with Stephane – we have to fix the basics and protect what matters most.
This three-part series will look like this:
- Part 1: We will explore this topic again from the viewpoint of getting those basics covered.
- Part 2: We will move to building up from your foundational basics into more robust defense in depth.
- Part 3: We will discuss how to address security without boundaries, such as work-from-home and a mobile workforce.
Laying your security foundation
It may come as surprise, but the very first brick of the security foundation doesn’t involve technical geegaws, doodads, or wizardry; it is about changing your way of thinking. I cannot count the times I’ve heard phrases such as, “No one cares about hacking my systems” or “I don’t have anything worth taking” or “We are too small of a target”. Let me be perfectly clear – those sentiments are dead wrong. Even if the typical cybercriminal may not be all that interested in your inventory lists, marketing material, current orders and projects, or payroll information, every cybercriminal understands a brutally simple truth: they know that every bit and bite of that information has value to you. Furthermore, they know that you will pay handsomely to get that data back should something happen to it. This is exactly the reason for ransomware going from a brand new phenomenon in 1989 to a $20 billion-dollar criminal enterprise in 2021. Since virtually every ransomware attack begins with a phishing email or some other social engineering technique, a lack of caution or awareness on the part of a human being is directly responsible.
Change your mindset
At the risk of sounding like an old codger, we live in a world that is radically different than the one in which I was born and grew up. Business then was often conducted face-to-face and the transaction completed with a handshake, a result of interpersonal trust that developed naturally. Today, we frequently communicate and do business with people that we never meet in person and may, in fact, not even reside in the same hemisphere. To wax philosophic for a moment, technology that was intended to “connect us faster and more widely than ever before possible” has actually driven a wedge between us because digital identities are easily spoofed, manipulated, or manufactured out of nothing.
What does this mean for cybersecurity and changing my mindset, you ask? Simple. The old adage of “Trust, but verify” has to change to “Trust nothing until vetted. Verify everything.” Even after you can establish a level of trust, you have to be continuously vigilant because digital identities are not 100% trustworthy and security conditions are fluid.
I’m not recommending total paranoia, but a healthy dose of both wariness and skepticism will take you quite a way down the road toward cybersecurity.
They really are out to get you.
The title of this blog states it plainly – you will be hacked. Accept the fact that whether you are specifically targeted or just a chance opportunity for a cybercriminal, they will get to you. Even if your business is locked down tighter than a CDC biohazard lab, you still do business with companies like Target, Home Depot, Marriot Hotels, or Equifax. Hacked, one and all, and every one of these breaches exposed millions of records. Some of that data might be specific to you or your business.
This is not a defeatist rant – rather see it as a wakeup call. You have to take steps in your personal life, business environment, and interactions with other companies to limit your exposure to the best of your ability.
How to stop being your own worst cyber-enemy
It is well-known that the weakest part of any secure system is the human, including the one looking back at you in the mirror. Trust is a deep human need – both needing to receive it and give it; however, building cybersecurity means that you have to limit trust and then constantly check to make sure that the trust given is still valid. There are behaviors that have to be deliberately modified to achieve this goal.
In cyber-geek speak, these are known as administrative controls. This includes policies and procedures, but most importantly, it expresses the core security principles to keep your business, customers, employees, and your personal life as safe as possible by limiting what we ethical hackers call the ‘attack surface’. Here is a list of best practices you should adopt:
- Know what you need to protect – This isn’t just about the computers on desks and servers in the data room; ask yourself:
- What data/systems/people/processes need to be protected?
- Where is it located? Is it in more than one place?
- Who can access it? Who requires access in order to do their jobs?
- What is critical to keep my business operational and my customers secure?
- Know what threats are real – It is impossible to protect against everything, so make sure you are putting your efforts and resources where they will do the most good. Spending money for hurricane insurance makes sense if you live on the Gulf Coast, but not if you are located in Arizona. On the other hand, you should spend money on an emergency generator if you have perishable inventory or operate a life critical equipment.
- Were you aware that your email is the easiest way for a cybercriminal to get to you? According to Verizon, 94% of all malware arrives in your inbox and phishing email is on the rise yet again. Make sure that you can tell phish from foul (couldn’t resist the pun J) by engaging in security education and phishing tests on a regular basis.
- Practice good cyber-hygiene – Cyber-hygiene is about all of the old tropes you’ve heard a million times, but probably still aren’t doing. There is a reason you’ve heard these things a million times – these are the basics of cybersecurity.
- Manage your account identities – According to Dashlane, the average person has 130 accounts to track and maintain. That’s a lot…
- Use a password manager. Don’t be one of those people who use the exact same credentials for every account. That’s just begging for identity theft.
- Delete/disable unused accounts on a regular basis and limit social media accounts. Social media is free and legal intelligence gathering for cybercriminals.
- Use multifactor authentication (MFA) every time it is offered. If you don’t have MFA at work, especially for Office 365, get it.
- Keep your business and personal credentials completely separate. Cybercriminals look for the easy way into businesses and a CEO or secretary or janitor who reuses their business credentials is the easiest.
- Track your financial records and email accounts tied to the various accounts. The only way you will know if something is odd is to look on a regular basis.
- Manage your account identities – According to Dashlane, the average person has 130 accounts to track and maintain. That’s a lot…
- Principle of least privilege – Don’t give access for anything to anyone who doesn’t need it to do their job. That includes the CEO. Just like a janitor probably doesn’t need access to payroll, a CEO probably doesn’t need access to engineering plans or logins for the firewall. This isn’t just for people: don’t give machines more access or services than they need to do what they are intended. Generally speaking, a server doesn’t really need direct access to the internet and a workstation doesn’t need to share files or printers.
- Keep things patched – The manufacturers don’t write updates because they are bored. Those updates fix tons of security vulnerabilities. The latest Microsoft ‘Patch Tuesday’ fixed 87 of them.
- Back it up – Having known good, offline, and offsite backups are often the ‘Hail Mary’ pass that save a business from total loss and bankruptcy. I’m not talking about the ‘whenever I think about, I’ll copy this to my Google Drive’ kind of backup (boy, I really hope that isn’t your backup plan); this means you need a real backup infrastructure. If you aren’t sure what that means, stay tuned as we will go into depth in the next installment.
“The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: “Cybersecurity is much more than an IT topic.”
―Stephane Nappo, Global Head of Information Security, Société Générale
Cybersecurity isn’t a buzzword to sell you goodies, nor is it a fad. It is a way of life that you have to adopt in today’s always-connected world. Our friend, Stephane, gives more great advice in this quote. Today, we’ve scratched the surface of Anticipation and Education, as well as some of the best practices of good cyber-hygiene. I look forward to sharing more with you in Part Two. In the meantime, if you have any questions or want to explore some products and services we offer to help you build your cybersecurity, please contact our Business Consulting Team.
Oh No…I’ve Been Hacked!
So you clicked on a malicious link, now what? Find out in this replay from our September 2020 webinar featuring Todd Sizer, a world-famous security solution strategist. Watch a hack in action and find out what you can do to be preventative so it doesn’t leave you saying, ‘What have I done?’
Watch the replay here.
How to protect your network when employees bring in their own devices
By: Paul Facey, Advanced IT Technician
Remote work became a necessity for many businesses this year due to the COVID-19 pandemic. With much of the workforce using their own devices to do their work, many employers have taken a new look at what is known as a bring your own device (BYOD) environment. This is nothing new – some companies had already enabled a BYOD environment pre-pandemic. As it suggests, BYOD means employees are allowed to use their own devices (i.e. laptops, tablets, smartphones) for work. A BYOD Environment is a compromise between the organization’s needs, the total cost of ownership, and the risks the organization is willing to accept or mitigate.
While this is a good fit for some organizations, it is not for all. For others, a combination of the two is what works best. In any case, a good understanding of how information is secured and stored, as well as the limitations of the applications involved (not all applications support a distributed environment) is critical to developing the organizations BYOD environment, if one is possible.
What to Consider
There are benefits and challenges to going BYOD.
- Reduced cost to employer
- User is familiar with the device/equipment (phone, etc)
- Can isolate Corporate data using a Terminal or Remote Desktop Environment (RDP) if primary user portal is a web interface
- Flexibility – employees can work from anywhere with an internet connection
- User-provided equipment may not meet minimum system requirements
- Employers cannot set rules for privately owned equipment
- Active Directory enforcement may interfere with a user’s personal preferences
- There’s risk of mixing personal and corporate data, unless users are using RDP or Terminal Sessions (Recommended)
- User may uninstall corporate security features provided by employer
When a company is considering implementing a BYOD policy – whether by choice or necessity, there are several items to consider:
- How are users going to be accessing corporate data?
- Terminal/RDP Local server (more secure)
- Microsoft Azure Environment (many options)
- Direct Access on Local Server (easiest for users to steal/compromise data if using BYOD)
- Web Interface/Portal (most secure for BYOD model)
- What are the security requirements of the data?
- Does data need to be maintained locally?
- Can it be maintained off site either by a vendor (Web Based Apps) or Web Storage (Azure, Amazon Web Services)?
- How much control does the organization want over the user PCs?
- Complete Control (user has direct access to data)
- Minimal Control (users connect through web interfaces or terminal/RDP sessions)
- What are the user’s applications hardware requirements?
- General Data Entry/Web Based Apps – minimal PC requirements $
- CAD / Drafting/Photoshop – more powerful PC requirements $$$
When users provide their own equipment, they have the right to install or remove whatever software they choose. The organization cannot control what web sites or apps employees install outside of the work environment or what external devices they connect (HDs, thumb drives, etc).
If a system becomes infected with a virus or other malicious software, how does the organization prevent the user from infecting the rest of the corporate network? Even if the organization provides the user with AntiVirus or Antimalware software, what prevents the user from uninstalling it?
How to protect your network
If an organization is using Remote Desktop Connections (RDP) or Web Based portals, the security risk to the network is greatly reduced (as is the hardware needs of the user devices). These types of connections also lend themselves to working remotely, however, the initial investment to set them up can be significantly higher. In the case of environments like Microsoft Azure, this expense is usually monthly-based as well as usage-based, so the cost can fluctuate from month to month, but resources can be allocated or reduced quickly if needed.
Networks Plus is experienced in setting up and maintaining a broad range of environment types. We support environments that are completely organization-owned, from the user PC to every Server, as well as environments where users provide their own equipment (Laptop / Desktop) and work completely remotely in a cloud-based environment. We also have experience in managing a hybrid environment of the two: some users work remotely while others are onsite using organizational equipment. We are positioned to provide both the onsite needs of the customer as well as to deploy and support cloud-based environments through our Azure partnership.
Give us a call to talk about your needs.
Why managing your IT infrastructure is crucial to driving business performance
By: Jake Schulte, Networks Plus IT Manager
Because Information Technology (IT) is always evolving, hardware manufacturers and software developers are always coming out with something new to replace what exists today. Consequently, hardware gets old and outdated, and software running on the machines needs updated.
If you don’t have a plan in place to maintain your IT infrastructure, now is the time. Instead of being caught unaware and not being sure what to do next, your company will be in the position to allow IT to drive your business forward.
What is considered IT infrastructure?
IT infrastructure refers to the mechanisms required to operate and manage the IT environment. This includes both infrastructure within the organization’s facility and cloud infrastructure. A few examples include Active Directory servers, App servers, firewalls, switches, wireless, computers, backup services, operating systems, and software. While each component of IT infrastructure has its own unique role, they all work together to deliver performance, efficiency, and uptime to drive business functions.
When it comes to managing business IT infrastructure, companies need to take a holistic approach and think about the big picture, rather than having tunnel vision and only focusing on individual components, such as improving performance. Without all the essentials in place, companies make themselves more susceptible to risks that could halt all business functions.
My recommendation when it comes to setting up and managing IT infrastructure is to consult with an experienced IT Team who can provide the proper guidance and support that’s needed.
Infrastructure’s Role in Business Performance
There are many ways IT infrastructure plays a role in how a business performs by making sure the necessary equipment and software are in place to drive business functions. For example, if a server doesn’t have adequate computing power and storage to fit the requirements of the software applications running, performance will suffer. Each line-of-business application that is used by a company requires resources to operate. If the business fails to meet the system requirements and does not have the needed resources, operating system, or software to make the application work, it can be extremely costly and business performance will be negatively influenced.
Another example is security services that protect your data. If your company is hacked and your data is compromised, the situation can dramatically impact the company’s ability to perform job functions– not to mention its reputation. Businesses need a layered approach to security that includes both a firewall and advanced endpoint security software on their computers.
Leveraging Infrastructure to Drive Business Performance
With IT infrastructure, technology has significantly evolved in recent years. A business shouldn’t continue making decisions today based off of what made sense 5 or 10 years ago. There are likely better, more cost-effective options available. Explore all the options, both on-premise and cloud solutions, prior to making IT decisions.
Take time to assess all your options. Just because an infrastructure solution works well for one company, does not mean it’s the right fit for your organization. It’s best not to rush into any decisions when considering purchasing or replacing existing infrastructure.
Furthermore, do not make decisions based off of up-front costs alone. Consult with an IT Team that can give the proper guidance to make sure you’re getting the infrastructure you need to run your business, while also not overspending on things that are not needed.
Networks Plus provides services for all aspects of IT Infrastructure. We recognize that every organization is unique in what they have to offer, and we treat IT infrastructure the same way. There is never a “one-size-fits-all” solution. We consult with our customers to put them in a position to make well-education decisions for what makes the most sense for them. Our role is to identify all possible solutions, the costs and benefits associated with each one, the risks associated with each solution as it relates to the customer’s business, and share that with the customer so they know what they’re getting and what to expect of it.
When it comes to IT Infrastructure, my recommendation for all businesses is to plan ahead and budget appropriately. IT budgets are not solely for enterprise organizations. All small and medium-sized businesses should have a plan in place to understand what they need, why they need it, and the budget resources to make it happen.
Choosing the Right Internet Browser for You
By: Nathan Brown, Managed Services Lead/Advanced IT Technician
Web browsers are the gateway to the internet. You are likely familiar with the most popular browsers, but you may not know their differences. Let’s take a look at the pros and cons of some of the more well-known web browsers.
- Probably the most popular browser on the market, Google Chrome has thousands of extensions, which are small software programs that add new features to your browser and personalize your experience. One such extension allows Chrome to automatically translate pages that are not in the native language specified by the browser.
- Another advantage of Chrome is its ability to load Web pages faster than other browsers.
- Chrome’s tabs allow you to work on several tasks at the same time.
- Chrome is compatible on all major operating systems and devices. It also synchronizes easily across multiple devices and platforms.
- The primary drawback of Chrome is that it is very RAM intensive. To give the user the benefit of more tabs and extensions, Chrome uses more memory.
- Over the years Mozilla Firefox has made several upgrades and is one of the faster browsers out there with an easy-to-use interface.
- Firefox is compatible with Windows and Mac OS, as well as Android and iOS devices.
- Allows users to get pretty specific when managing privacy and security settings.
- It is more privacy-centric than Chrome, but not quite as expansive.
- The landing page can contain a lot of recommended links and ads, which users may not appreciate.
- Perhaps the biggest – and only – pro for IE is that many people are familiar with it, as it hasn’t changed much over the years.
- IE is not getting any more major upgrades because it has been replaced by Microsoft Edge.
- It is SLOW.
- Bottom line: don’t use IE unless you absolutely have to.
- Safari works very well with Apple devices as the native browser built into MacOS and iOS.
- It does not record any user data and thus, is very good at protecting the end user’s information.
- Safari works across all Apple devices seamlessly.
- There is no Windows or Android support.
- Safari offers very few add-ons.
- With very few updates, Safari is not as secure as other major browsers.
- Microsoft Edge is built on Chromium, which is essentially an open source version of Google Chrome.
- This is the default Windows 10 browser and is very well-integrated with the operating system.
- Edge is much faster than its predecessor and may consume less memory than Chrome.
- Edge lacks available extensions because it is essentially in its infancy.
- It is not backwards compatible with older versions of Windows.
Which browser is best?
In my opinion, there is not really a clear winner for “best” browser when it comes to business or personal use. Personally, I swap between Chrome as my primary browser, and Edge as a secondary browser on my computers. When it comes to my iPhone, I actually prefer Firefox. When it comes to what’s “best”, I say it’s a personal preference based on how easy the user finds a browser to use and navigate.
Try out all browsers compatible with your operating system and see which one you prefer. My only caveat to that advice is to steer clear of Internet Explorer because it is effectively retired by Microsoft. And did I mention how much SLOWER it is compared to other browsers?
While I can’t tell you exactly which browser you should use, I will tell you that no matter the browser, be sure to install an ad blocker. This will minimize your risk of exposure to malicious pop-ups. It’s not full-proof, but it will make your life and your friendly IT people’s lives better.
Networks Plus offers managed IT service, IT consulting, and a host of other services to help keep your systems running smoothly and your business performing at the highest level. Give us a call to see how we can support you.
How a Local Business Fell Victim to a Cybersecurity Breach and What You Can Do To Keep It From Happening to You
By: Adam Boyle, Business Account Consultant
Data is both the lifeblood of 99% of businesses today, and a valuable commodity for cyber security attackers.
Phishing and password attacks aren’t the only way hackers try to get to your company’s information. Sometimes they simply call and convince you to give it to them without realizing what is happening.
A local business recently received a call from a person claiming to be a member of the QuickBooks support team. The hacker was connected to an employee in the accounting department.
The caller told the employee that they noticed an issue with the business’ QuickBooks system and needed access to their computer to make the necessary fixes. To do this, the caller told the employee to visit a specific web address, which the employee did, giving the caller access to the employee’s computer. The phony QuickBooks caller was able to get into the business’ security protocols and remove nearly every security measure they had, which left the business unprotected.
Unbeknownst to the employee on the phone, the undercover attacker then exported all their QuickBooks information off-site, including client names, addresses, credit card information, and social security numbers. The caller deleted all the information locally and encrypted it, then told the employee the problem was fixed and got off the phone. The employee was none the wiser. A short time later, the office received an email from the attacker letting the business know what they had done: the attacker now had the business’ information and it was no longer on the company’s site. As proof, they screenshotted some of the information they’d stolen and demanded the business pay a certain amount of bitcoin for the return of the client information. Bitcoin is a common demand in ransomware because it is untraceable.
Cleaning Up After A Cybersecurity Hack
The business called Networks Plus to explain what happened and ask for advice on what to do. The good news is that the business had invested in an off-site backup service with Networks Plus, so they were able to restore the data that was lost.
The bad news is that the damage was done; the bad guys had their clients’ information and the cleanup from the attack was extensive. The business had to notify clients of the breach, handle certain legal requirements as a result, and the incident delivered a blow to the business’ reputation.
How do you help keep your business from becoming a victim of one of these attacks?
The first, and arguably most important, step to cyber safety is to prioritize employee education. Unfortunately, the #1 target of any cyber attack is employees. This makes employee education a key component of any business’ cyber safety. It’s so important, we even wrote a blog about why companies should make education part of their cybersecurity strategy. (Check it out.)
Knowledge is power. In situations like this one, the employee should have told the caller that before they did anything, they were going to verify with the caller’s company (i.e. QuickBooks) that the call is legitimate. The employee should have called QuickBooks directly to confirm. Most of the time, companies like QuickBooks will not reach out to a business directly about an issue. Generally speaking, users need to call them when an issue is detected.
It’s also important to understand the security measures your business has in place and what they do. Because this particular example was not of a software attack, it would not have been noticed by antivirus software, which is what this business had. This type of attack is known as spear-fishing: a targeted attempt to steal sensitive information through voice solicitation.
The attacker knew they wanted the accounting department and that they wanted to use QuickBooks as their point of entry. This type of attack is difficult to protect against. Other than employee education, your best bet for protection may be Advanced Endpoint Security. This software offers real time threat detection and response by learning user behavior. In the example above, the advanced security software would have known that this particular employee does not usually get into security settings and it would have stopped the action once it detected security protocols were changing. This red flag would have sparked a call from Networks Plus and could have prevented the attacker from exporting client data.
Food for Thought
Don’t get stuck in the trap of thinking your business is too small or that something like this couldn’t happen to you. We see small businesses get hit all the time with things like this. Five to ten years ago, hackers were targeting big companies, but those companies are better guarded. Today, hackers realize smaller businesses may not have the budget to protect themselves against this kind of attack, making smaller businesses an easier target.
Another lesson learned from this experience is to make sure your data backups are sufficient. Had this company not had a best-practice solution in place, the damage inflicted would have been even worse since there’d have been no way to retrieve up-to-date data. It’s important to verify that you’re saving and backing up current information.
For businesses that aren’t sure what protection they have or if current protections are adequate, I recommend a free security best practice assessment.
Call Networks Plus and we’ll discuss your current structure, strategy, and worries, etc. After that conversation, we can make recommendations for what we believe the business could or should be doing. From security awareness training for office staff, to layered security and data backups, to Advanced Endpoint Protection, Networks Plus offers a wide range of ways to help keep your business and its data safe and secure.
Firewalls: What They Do and Why Every Organization Needs Them
By: Brad Jepsen, Master IT Engineer
What protects you from hackers, viruses, malicious or unsavory content? Have you ever wondered what it takes for the doctor’s office to keep your online medical information protected, or your favorite online retailer to keep your credit card information from being stolen?
The first line of defense is a firewall.
Firewalls provide security for a network, monitoring traffic coming in and out of an organization, determining the type of traffic, and whether or not it’s allowed to pass through. I liken firewalls to a lock on the door of your home. It may not prevent a break-in, but it will deter someone driving by testing door knobs. In short, a firewall’s purpose is your first defense to keep those “bad guys” (i.e. hackers and viruses) on the internet out of your network.
How it works
Firewalls work similarly to a security checkpoint for your network. Imagine you are entering an airport to board a flight. All of the potential passengers, such as yourself, represent different IP addresses: from websites to emails to applications. Before you get to your flight gate and board the airplane (our hypothetical network), you must go through security, where they will check a variety of information before determining whether or not you’re allowed to pass through. A firewall will analyze the data of incoming traffic and keep out any that carries information that has been pre-determined to be worthy of blocking, or unsecure. This includes certain words or phrases, known malicious websites or IP addresses, viruses, and even applications (i.e. Pandora or Spotify). Many employers do not allow social websites, like Facebook, to be accessed on their network and can have them blocked by the firewall. Your firewall vendor can also group blocked content by category, with keywords like “gambling” or “lottery”.
The level of control depends on what type of firewall you choose. Networks Plus can help you determine what the best fit is for your needs.
Perhaps as important as choosing the right set-up is managing it. Setting parameters can be tricky, and obviously not fool-proof. Say you block “gambling”, but eventually that leads to blocked communication on a new project or client. Parameters would need to be adjusted. Ideally, a firewall would be monitored daily, but at minimum monthly or quarterly check-ins suffice for most users. These check-ins will show if there’s questionable inbound and/or outbound traffic, and where more attention may be necessary. This also helps ensure, in most cases, that a problem doesn’t go on for too long without detection.
It can seem daunting for some organizations to add this process to their workload, so Networks Plus offers a managed firewall solution to help take care of monitoring the firewall and making adjustments as needed. Using either a software firewall program or firewall hardware – or both – you can really monitor network traffic in a variety of ways.
Why it’s important
A firewall is your first basic step of security in monitoring what’s allowed in or out of the IT side of your organization. Without a firewall it would be pretty easy for someone to steal data, for example. It also helps mitigate viruses, which could easily cause a pain for the organization, not to mention a loss of productivity.
How do you know if your current set-up is reliable? Knowing you have a firewall is a good first step. Knowing everything it’s doing can be difficult if you’re not monitoring it day-to-day. It’s a good idea to call a professional, like Networks Plus, to look at your current firewall and give you the details on what it is and what it’s capable of, then they can make recommendations from there.
For those in need of setting up a firewall from scratch, have a company that knows what they’re doing come in and set it up to ensure optimal security. Networks Plus partners with network security vendor WatchGuard to offer award-winning, easy to deploy security solutions.
Why Educating Employees On Cybersafety Should Be Part of Your Cybersecurity Strategy
By: Craig Williams, Master IT Engineer
As quickly as companies find ways to fend off a cyber threat, cybercriminals find new ways of launching an attack. And many times, the employees are their target.
For a business, there are multiple layers of protection that need to be put in place. This includes a strong firewall, data back-ups and other forms of protection.
But educating employees is one layer that is often overlooked.
At Networks Plus, we believe the best defense against hackers and other cyber threats is an educated employee. They are the most dynamic part of your business, so it’s important they are alert and aware of what an attack can look like. It’s the organization’s responsibility to ensure their employees know how to keep the network and data secure.
Keep Current With The Latest Threats
Because of the ever-changing nature of cybercrime, giving one cybersecurity training during new hire orientation isn’t going to cut it. The most common cybersecurity threats to employees change frequently.
Right now, phishing is the greatest threat observed, because the payoff can be high. But as security measures adjust to stop these threats, attackers change tactics.
Threats can come in any form of communication: email, phone calls, text messages, and even calendar invites.
One new scheme that’s emerged is cybercriminals sending you an invite and to get an appointment on your calendar. Then you click the link and “calendar invite” installs malware on your PC.
This is just one of the newer methods being used. It’s important to stay updated and aware of what threats exist, and make sure your employees are aware as well.
All of the cyber protection technology in the world won’t help you when an employee receives a phishing phone call and unknowingly gives sensitive information to an attacker. Educate your employees to help keep your organization more secure.
How Networks Plus helps organizations train employees on cybersecurity.
- Expertise – We use our experience, leveraging what we have seen in regards to cyberattacks and vulnerabilities, to help education how employees should be protecting their accounts.
- KnowBe4 – We partner with KnowBe4, the world’s largest security awareness training and simulated phishing platformto test your employees. Once the test is complete, an actionable report can help cater training based on an organization’s vulnerability risk.
- Lunch & Learns & Webinars – Networks Plus offers these informal training opportunities to give customers a look into potential emerging threats and how they can protect their information from such attacks.
- Personalized Training – Bring our Technology Director, Jerry Horton, right into your staff meeting with personalized training to meet your needs. We offer personalized training via an online interactive webinar format, or even on-site as needed. Contact your account consultant at firstname.lastname@example.org for more information.
Remote Work: Not Your Parent’s Work Environment
By: Kelly Gillespie, Business Account Consultant
As many of us have experienced recently, the traditional brick-and-mortar office isn’t the only viable option for performing our jobs these days. In the wake of the pandemic, business leaders have needed a more open approach to remote work, and the IT/Cybersecurity folks have made a mad scramble to have the right equipment, security, and applications to make the experience feel seamless.
So now you need to be prepared for more remote work. The gear you hurriedly assembled to get it done during the last few months sufficed under the circumstances, but might not be the best long-term solution. Not to worry – we have guidance on the “what” and “how” to set up a remote or a mobile office! Let’s start with the basics: equipment.
What are you using and why?
This sounds so obvious that you will roll your eyes (at first), but it is the very essence of setting up remote access. Examining the functions of your job will help you determine your equipment needs. Allow me to expand…
While a desktop PC is the most powerful and least expensive option, it is not necessarily the right one, especially if you are a road warrior in sales or field service. If you’re a power user who does database work or graphic design, for example, you may need a desktop.
Everyone loves the laptop, but is it the right tool for the job all the time? Since laptops are essentially miniaturized versions of desktops, they generally lag behind in processing power and storage technology. They can have significant limitations, such as memory, input/output ports, operating system support, and power. If you are a field service engineer, a laptop is usually a must-have, but many other jobs don’t require the full function of a laptop.
With the rise of Software-as-a-Service (SaaS) adoption, a tablet can typically cover the bulk of most job functions – email, productivity suites, and web interfaces, including remote desktop access, to most SaaS line of business applications. The downsides are lack of support for dashboard accessories, such as secondary monitors, full size keyboards or mouse, and enhanced security software.
A few essentials for the home/mobile office
Here are a few items you need in order to make your remote work life much easier. Let’s assume that you have a dedicated workspace with a decent desk, chair, and lighting – all important and essential items – and focus on the gadgets and more to round out your remote office.
It should go without saying, but your home internet connection may not be sufficient to the needs of supporting a home office. Check with your IT folks to see what kind of bandwidth you need to operate remotely.
Regardless of your computing platform, monitors are key to being able to do it without ruining your eyes or happy thoughts. At a minimum, desktop or secondary monitors should:
- Be at least 21” diagonal screen
- 16×9, high definition (at least 1080 pixel) configuration
- Support HDMI connection as most newer laptops have native HDMI ports
You should have at least two monitors (one can be a laptop screen). Productivity software works best when you have extended screen real estate to work with, not to mention using multiple web browser windows.
You also may want to consider a monitor mounting system to improve your viewing angle and ergonomic comfort, not to mention gaining some of your desk space back.
If you are using a laptop or tablet, one of the essential accessories should be a docking station. This will provide multiple ports, including connections for monitors, USB, and even Ethernet. Otherwise, you will need to buy separate adapters for each device type you want to connect and you will likely only be able to use one at a time on ultra-slim laptops or tablets.
Extra Power Supply/Cable/Charger
Who hasn’t gotten to the client meeting or presentation and realized their laptop/tablet was almost out of battery and the power supply wasn’t in the bag? Keep one on your desk and one in your bag. Same with your phone charger. ‘Nuff said.
As we have all experienced over the last few months, video web meetings are the new norm. Most laptops and tablets have a decent webcam for a single person, but the built-in microphone is not of the highest quality for the best audio experience. Use a USB microphone and headphones if you are doing video meetings with more than just the person seated directly in front of the laptop. An external webcam is also a good investment when displaying a meeting room or larger group.
External Hard Drive/USB Drive
For backups and nothing else. And like your Mom said, don’t ever take USB drives from strangers. You don’t know what has been on that drive and could inadvertently find yourself with a virus.
You may want to consider a few other items to make your life easier.
- Cable organizers – Because who wants to have to fight cables for desk space?
- Printer – Yep, people still read things on paper and occasionally even send them via postal mail.
- Surge protector/UPS – Even though laptops and tablets run on batteries, you probably want to plug more than one thing into that impossible-to-reach outlet behind your desk. Also, both of these devices can offer some protection against electric spikes to your laptop or tablet.
- Notebook – No, I’m not talking about anything electronic, just plain old paper and pen. Having a pad of paper to jot down the odd note or phone number is just indispensable.
Software you will need, but probably haven’t thought about yet
You have your remote/mobile office all set up and you are feeling pretty smug about it because you can check email, share documents, check inventory, etc. That’s great, but what happens to all of that information when you click a suspicious link or visit the odd website only to find that you are the unhappy recipient of malware?
Virtual Private Network (VPN)
Don’t leave home without it. In fact, use it at home, too. Your IT department may have a specific VPN application that you need to use, so check with them first, but on laptops, tablets, and smartphones, having and using a VPN is essential.
Anti-Malware/Advanced Endpoint Protection
You wouldn’t dream of leaving your house unlocked while you are away, so why would you leave your data unguarded? A good anti-malware program is essential, especially for mobile devices. Check with your IT department first, but make sure all of your mobile devices, including your smartphone, have security software installed.
Your best line of defense, especially against ransomware or theft of a device, is a regularly scheduled, secure and tested backup. Not only should you backup your laptops/tablets/smartphones, but what about all of that data in the SaaS cloud? You guessed it: that needs to be backed up as well.
Some stuff that doesn’t have anything to do with security
Here are some miscellaneous pieces of software/websites you may find useful when working remotely:
- Binaural Beats – atmospheric music that enhances your creativity, relaxes you, and promotes general wellbeing
- Dragon Naturally Speaking – Tired of typing? Use Dragon’s dictation software!
- IFTTT – Want a way to automate mundane tasks or connect separate calendars? If This, Then That (IFTTT) is your answer.
- RescueTime – This is an app that helps bring some discipline and sanity to your remote work by tracking your screen time between productive and distracting apps and websites, even blocking the distracting sites when you need to focus.
The Tax of Remote Work
Finally, working remotely isn’t just about technology, it is about how you can efficiently and effectively operate outside of the traditional workspace. Here are a few tips.
- Structure your workday just as if you were in the office, no matter where you are.
- Have a definitive start and stop time.
- Take breaks, just as if you were in the office.
- Keep a daily ‘diary’ of your workflow using OneNote, a calendar program, or even a giant old legal notepad.
- Minimize distractions and set boundaries
- Ditch the personal social media accounts and email during work hours.
- Roommates, spouses, family, and friends need to clearly understand that even though you are home, you aren’t “home”. Set clear expectations for your workspace and interruptions.
- Plan your work and work that plan. Lay out the day’s tasks and items that need to be complete, and work through them.
- Use appropriate music as a background. Instrumental music works best for most people.
- Interact with co-workers on a regular basis. Possibly the most difficult hurdle for remote work is a sense of isolation. Make a conscious effort to connect with coworkers via phone or video.