By: Jake Schulte, Networks Plus IT Manager

Because Information Technology (IT) is always evolving, hardware manufacturers and software developers are always coming out with something new to replace what exists today.  Consequently, hardware gets old and outdated, and software running on the machines needs updated.

If you don’t have a plan in place to maintain your IT infrastructure, now is the time. Instead of being caught unaware and not being sure what to do next, your company will be in the position to allow IT to drive your business forward.

What is considered IT infrastructure?

IT infrastructure refers to the mechanisms required to operate and manage the IT environment. This includes both infrastructure within the organization’s facility and cloud infrastructure. A few examples include Active Directory servers, App servers, firewalls, switches, wireless, computers, backup services, operating systems, and software.  While each component of IT infrastructure has its own unique role, they all work together to deliver performance, efficiency, and uptime to drive business functions.

When it comes to managing business IT infrastructure, companies need to take a holistic approach and think about the big picture, rather than having tunnel vision and only focusing on individual components, such as improving performance. Without all the essentials in place, companies make themselves more susceptible to risks that could halt all business functions.

My recommendation when it comes to setting up and managing IT infrastructure is to consult with an experienced IT Team who can provide the proper guidance and support that’s needed.

Infrastructure’s Role in Business Performance

There are many ways IT infrastructure plays a role in how a business performs by making sure the necessary equipment and software are in place to drive business functions. For example, if a server doesn’t have adequate computing power and storage to fit the requirements of the software applications running, performance will suffer. Each line-of-business application that is used by a company requires resources to operate. If the business fails to meet the system requirements and does not have the needed resources, operating system, or software to make the application work, it can be extremely costly and business performance will be negatively influenced.

Another example is security services that protect your data. If your company is hacked and your data is compromised, the situation can dramatically impact the company’s ability to perform job functions– not to mention its reputation. Businesses need a layered approach to security that includes both a firewall and advanced endpoint security software on their computers.

Leveraging Infrastructure to Drive Business Performance

With IT infrastructure, technology has significantly evolved in recent years. A business shouldn’t continue making decisions today based off of what made sense 5 or 10 years ago. There are likely better, more cost-effective options available. Explore all the options, both on-premise and cloud solutions, prior to making IT decisions.

Take time to assess all your options. Just because an infrastructure solution works well for one company, does not mean it’s the right fit for your organization. It’s best not to rush into any decisions when considering purchasing or replacing existing infrastructure.

Furthermore, do not make decisions based off of up-front costs alone. Consult with an IT Team that can give the proper guidance to make sure you’re getting the infrastructure you need to run your business, while also not overspending on things that are not needed.

Networks Plus provides services for all aspects of IT Infrastructure. We recognize that every organization is unique in what they have to offer, and we treat IT infrastructure the same way. There is never a “one-size-fits-all” solution.  We consult with our customers to put them in a position to make well-education decisions for what makes the most sense for them.  Our role is to identify all possible solutions, the costs and benefits associated with each one, the risks associated with each solution as it relates to the customer’s business, and share that with the customer so they know what they’re getting and what to expect of it.

When it comes to IT Infrastructure, my recommendation for all businesses is to plan ahead and budget appropriately. IT budgets are not solely for enterprise organizations. All small and medium-sized businesses should have a plan in place to understand what they need, why they need it, and the budget resources to make it happen.

By: Nathan Brown, Managed Services Lead/Advanced IT Technician

Web browsers are the gateway to the internet. You are likely familiar with the most popular browsers, but you may not know their differences. Let’s take a look at the pros and cons of some of the more well-known web browsers.

Google Chrome

Pros:

• Probably the most popular browser on the market, Google Chrome has thousands of extensions, which are small software programs that add new features to your browser and personalize your experience. One such extension allows Chrome to automatically translate pages that are not in the native language specified by the browser.
• Another advantage of Chrome is its ability to load Web pages faster than other browsers.
• Chrome’s tabs allow you to work on several tasks at the same time.
• Chrome is compatible on all major operating systems and devices. It also synchronizes easily across multiple devices and platforms.

Con:

• The primary drawback of Chrome is that it is very RAM intensive. To give the user the benefit of more tabs and extensions, Chrome uses more memory.

Mozilla Firefox

Pros:

• Over the years Mozilla Firefox has made several upgrades and is one of the faster browsers out there with an easy-to-use interface.
• Firefox is compatible with Windows and Mac OS, as well as Android and iOS devices.
• Allows users to get pretty specific when managing privacy and security settings.

Cons:

• It is more privacy-centric than Chrome, but not quite as expansive.
• The landing page can contain a lot of recommended links and ads, which users may not appreciate.

Internet Explorer

Pro:

• Perhaps the biggest – and only – pro for IE is that many people are familiar with it, as it hasn’t changed much over the years.

Cons:

• IE is not getting any more major upgrades because it has been replaced by Microsoft Edge.
• It is SLOW.
• Bottom line: don’t use IE unless you absolutely have to.

Apple’s Safari

Pros:

• Safari works very well with Apple devices as the native browser built into MacOS and iOS.
• It does not record any user data and thus, is very good at protecting the end user’s information.
• Safari works across all Apple devices seamlessly.

Cons:

• There is no Windows or Android support.
• Safari offers very few add-ons.
• With very few updates, Safari is not as secure as other major browsers.

Microsoft Edge

Pros:

• Microsoft Edge is built on Chromium, which is essentially an open source version of Google Chrome. 
• This is the default Windows 10 browser and is very well-integrated with the operating system.
• Edge is much faster than its predecessor and may consume less memory than Chrome.

Cons:

• Edge lacks available extensions because it is essentially in its infancy.
• It is not backwards compatible with older versions of Windows.

Which browser is best?

In my opinion, there is not really a clear winner for “best” browser when it comes to business or personal use. Personally, I swap between Chrome as my primary browser, and Edge as a secondary browser on my computers. When it comes to my iPhone, I actually prefer Firefox. When it comes to what’s “best”, I say it’s a personal preference based on how easy the user finds a browser to use and navigate. 

Try out all browsers compatible with your operating system and see which one you prefer. My only caveat to that advice is to steer clear of Internet Explorer because it is effectively retired by Microsoft. And did I mention how much SLOWER it is compared to other browsers?

While I can’t tell you exactly which browser you should use, I will tell you that no matter the browser, be sure to install an ad blocker. This will minimize your risk of exposure to malicious pop-ups. It’s not full-proof, but it will make your life and your friendly IT people’s lives better.

Networks Plus offers managed IT service, IT consulting, and a host of other services to help keep your systems running smoothly and your business performing at the highest level. Give us a call to see how we can support you.

By: Adam Boyle, Business Account Consultant

Data is both the lifeblood of 99% of businesses today, and a valuable commodity for cyber security attackers.

Phishing and password attacks aren’t the only way hackers try to get to your company’s information. Sometimes they simply call and convince you to give it to them without realizing what is happening. 

A local business recently received a call from a person claiming to be a member of the QuickBooks support team. The hacker was connected to an employee in the accounting department. 

The caller told the employee that they noticed an issue with the business’ QuickBooks system and needed access to their computer to make the necessary fixes. To do this, the caller told the employee to visit a specific web address, which the employee did, giving the caller access to the employee’s computer. The phony QuickBooks caller was able to get into the business’ security protocols and remove nearly every security measure they had, which left the business unprotected. 

Unbeknownst to the employee on the phone, the undercover attacker then exported all their QuickBooks information off-site, including client names, addresses, credit card information, and social security numbers. The caller deleted all the information locally and encrypted it, then told the employee the problem was fixed and got off the phone. The employee was none the wiser. A short time later, the office received an email from the attacker letting the business know what they had done: the attacker now had the business’ information and it was no longer on the company’s site. As proof, they screenshotted some of the information they’d stolen and demanded the business pay a certain amount of bitcoin for the return of the client information. Bitcoin is a common demand in ransomware because it is untraceable.

Cleaning Up After A Cybersecurity Hack 

The business called Networks Plus to explain what happened and ask for advice on what to do. The good news is that the business had invested in an off-site backup service with Networks Plus, so they were able to restore the data that was lost. 

The bad news is that the damage was done; the bad guys had their clients’ information and the cleanup from the attack was extensive. The business had to notify clients of the breach, handle certain legal requirements as a result, and the incident delivered a blow to the business’ reputation.

How do you help keep your business from becoming a victim of one of these attacks?

The first, and arguably most important, step to cyber safety is to prioritize employee education. Unfortunately, the #1 target of any cyber attack is employees. This makes employee education a key component of any business’ cyber safety. It’s so important, we even wrote a blog about why companies should make education part of their cybersecurity strategy. (Check it out.)

Knowledge is power. In situations like this one, the employee should have told the caller that before they did anything, they were going to verify with the caller’s company (i.e. QuickBooks) that the call is legitimate. The employee should have called QuickBooks directly to confirm. Most of the time, companies like QuickBooks will not reach out to a business directly about an issue. Generally speaking, users need to call them when an issue is detected.

It’s also important to understand the security measures your business has in place and what they do. Because this particular example was not of a software attack, it would not have been noticed by antivirus software, which is what this business had. This type of attack is known as spear-fishing: a targeted attempt to steal sensitive information through voice solicitation. 

The attacker knew they wanted the accounting department and that they wanted to use QuickBooks as their point of entry. This type of attack is difficult to protect against. Other than employee education, your best bet for protection may be Advanced Endpoint Security. This software offers real time threat detection and response by learning user behavior. In the example above, the advanced security software would have known that this particular employee does not usually get into security settings and it would have stopped the action once it detected security protocols were changing. This red flag would have sparked a call from Networks Plus and could have prevented the attacker from exporting client data.

Food for Thought

Don’t get stuck in the trap of thinking your business is too small or that something like this couldn’t happen to you. We see small businesses get hit all the time with things like this. Five to ten years ago, hackers were targeting big companies, but those companies are better guarded. Today, hackers realize smaller businesses may not have the budget to protect themselves against this kind of attack, making smaller businesses an easier target.

Another lesson learned from this experience is to make sure your data backups are sufficient. Had this company not had a best-practice solution in place, the damage inflicted would have been even worse since there’d have been no way to retrieve up-to-date data. It’s important to verify that you’re saving and backing up current information.

For businesses that aren’t sure what protection they have or if current protections are adequate, I recommend a free security best practice assessment. 

Call Networks Plus and we’ll discuss your current structure, strategy, and worries, etc. After that conversation, we can make recommendations for what we believe the business could or should be doing. From security awareness training for office staff, to layered security and data backups, to Advanced Endpoint Protection, Networks Plus offers a wide range of ways to help keep your business and its data safe and secure.

By: Brad Jepsen, Master IT Engineer

What protects you from hackers, viruses, malicious or unsavory content? Have you ever wondered what it takes for the doctor’s office to keep your online medical information protected, or your favorite online retailer to keep your credit card information from being stolen?

The first line of defense is a firewall.

Firewalls provide security for a network, monitoring traffic coming in and out of an organization, determining the type of traffic, and whether or not it’s allowed to pass through. I liken firewalls to a lock on the door of your home. It may not prevent a break-in, but it will deter someone driving by testing door knobs. In short, a firewall’s purpose is your first defense to keep those “bad guys” (i.e. hackers and viruses) on the internet out of your network.

How it works

Firewalls work similarly to a security checkpoint for your network. Imagine you are entering an airport to board a flight. All of the potential passengers, such as yourself, represent different IP addresses: from websites to emails to applications. Before you get to your flight gate and board the airplane (our hypothetical network), you must go through security, where they will check a variety of information before determining whether or not you’re allowed to pass through. A firewall will analyze the data of incoming traffic and keep out any that carries information that has been pre-determined to be worthy of blocking, or unsecure. This includes certain words or phrases, known malicious websites or IP addresses, viruses, and even applications (i.e. Pandora or Spotify). Many employers do not allow social websites, like Facebook, to be accessed on their network and can have them blocked by the firewall. Your firewall vendor can also group blocked content by category, with keywords like “gambling” or “lottery”.

The level of control depends on what type of firewall you choose. Networks Plus can help you determine what the best fit is for your needs.

Perhaps as important as choosing the right set-up is managing it. Setting parameters can be tricky, and obviously not fool-proof. Say you block “gambling”, but eventually that leads to blocked communication on a new project or client. Parameters would need to be adjusted. Ideally, a firewall would be monitored daily, but at minimum monthly or quarterly check-ins suffice for most users. These check-ins will show if there’s questionable inbound and/or outbound traffic, and where more attention may be necessary. This also helps ensure, in most cases, that a problem doesn’t go on for too long without detection.

It can seem daunting for some organizations to add this process to their workload, so Networks Plus offers a managed firewall solution to help take care of monitoring the firewall and making adjustments as needed. Using either a software firewall program or firewall hardware – or both – you can really monitor network traffic in a variety of ways.

Why it’s important

A firewall is your first basic step of security in monitoring what’s allowed in or out of the IT side of your organization. Without a firewall it would be pretty easy for someone to steal data, for example. It also helps mitigate viruses, which could easily cause a pain for the organization, not to mention a loss of productivity.

Ensuring reliability

How do you know if your current set-up is reliable? Knowing you have a firewall is a good first step. Knowing everything it’s doing can be difficult if you’re not monitoring it day-to-day. It’s a good idea to call a professional, like Networks Plus, to look at your current firewall and give you the details on what it is and what it’s capable of, then they can make recommendations from there.

For those in need of setting up a firewall from scratch, have a company that knows what they’re doing come in and set it up to ensure optimal security. Networks Plus partners with network security vendor WatchGuard to offer award-winning, easy to deploy security solutions.

By: Craig Williams, Master IT Engineer

As quickly as companies find ways to fend off a cyber threat, cybercriminals find new ways of launching an attack. And many times, the employees are their target.

For a business, there are multiple layers of protection that need to be put in place. This includes a strong firewall, data back-ups and other forms of protection.

But educating employees is one layer that is often overlooked.

At Networks Plus, we believe the best defense against hackers and other cyber threats is an educated employee. They are the most dynamic part of your business, so it’s important they are alert and aware of what an attack can look like. It’s the organization’s responsibility to ensure their employees know how to keep the network and data secure.

Keep Current With The Latest Threats

Because of the ever-changing nature of cybercrime, giving one cybersecurity training during new hire orientation isn’t going to cut it. The most common cybersecurity threats to employees change frequently.

Right now, phishing is the greatest threat observed, because the payoff can be high. But as security measures adjust to stop these threats, attackers change tactics.

Threats can come in any form of communication: email, phone calls, text messages, and even calendar invites.

One new scheme that’s emerged is cybercriminals sending you an invite and to get an appointment on your calendar. Then you click the link and “calendar invite” installs malware on your PC.

This is just one of the newer methods being used. It’s important to stay updated and aware of what threats exist, and make sure your employees are aware as well.

All of the cyber protection technology in the world won’t help you when an employee receives a phishing phone call and unknowingly gives sensitive information to an attacker. Educate your employees to help keep your organization more secure.

How Networks Plus helps organizations train employees on cybersecurity.

• Expertise – We use our experience, leveraging what we have seen in regards to cyberattacks and vulnerabilities, to help education how employees should be protecting their accounts.
• KnowBe4 – We partner with KnowBe4, the world’s largest security awareness training and simulated phishing platformto test your employees. Once the test is complete, an actionable report can help cater training based on an organization’s vulnerability risk.
• Lunch & Learns & Webinars – Networks Plus offers these informal training opportunities to give customers a look into potential emerging threats and how they can protect their information from such attacks.
• Personalized Training – Bring our Technology Director, Jerry Horton, right into your staff meeting with personalized training to meet your needs. We offer personalized training via an online interactive webinar format, or even on-site as needed. Contact your account consultant at consulting@networksplus.com for more information.

By: Kelly Gillespie, Business Account Consultant

As many of us have experienced recently, the traditional brick-and-mortar office isn’t the only viable option for performing our jobs these days. In the wake of the pandemic, business leaders have needed a more open approach to remote work, and the IT/Cybersecurity folks have made a mad scramble to have the right equipment, security, and applications to make the experience feel seamless.

So now you need to be prepared for more remote work. The gear you hurriedly assembled to get it done during the last few months sufficed under the circumstances, but might not be the best long-term solution. Not to worry – we have guidance on the “what” and “how” to set up a remote or a mobile office! Let’s start with the basics: equipment.

What are you using and why?

This sounds so obvious that you will roll your eyes (at first), but it is the very essence of setting up remote access. Examining the functions of your job will help you determine your equipment needs. Allow me to expand…

Desktop PC

While a desktop PC is the most powerful and least expensive option, it is not necessarily the right one, especially if you are a road warrior in sales or field service. If you’re a power user who does database work or graphic design, for example, you may need a desktop.

Laptop

Everyone loves the laptop, but is it the right tool for the job all the time? Since laptops are essentially miniaturized versions of desktops, they generally lag behind in processing power and storage technology. They can have significant limitations, such as memory, input/output ports, operating system support, and power. If you are a field service engineer, a laptop is usually a must-have, but many other jobs don’t require the full function of a laptop.

Tablet

With the rise of Software-as-a-Service (SaaS) adoption, a tablet can typically cover the bulk of most job functions – email, productivity suites, and web interfaces, including remote desktop access, to most SaaS line of business applications. The downsides are lack of support for dashboard accessories, such as secondary monitors, full size keyboards or mouse, and enhanced security software.

A few essentials for the home/mobile office

Here are a few items you need in order to make your remote work life much easier. Let’s assume that you have a dedicated workspace with a decent desk, chair, and lighting – all important and essential items – and focus on the gadgets and more to round out your remote office.

Internet Bandwidth

It should go without saying, but your home internet connection may not be sufficient to the needs of supporting a home office. Check with your IT folks to see what kind of bandwidth you need to operate remotely.

Monitors

Regardless of your computing platform, monitors are key to being able to do it without ruining your eyes or happy thoughts. At a minimum, desktop or secondary monitors should:

• Be at least 21” diagonal screen
• 16×9, high definition (at least 1080 pixel) configuration
• Support HDMI connection as most newer laptops have native HDMI ports

You should have at least two monitors (one can be a laptop screen). Productivity software works best when you have extended screen real estate to work with, not to mention using multiple web browser windows.

You also may want to consider a monitor mounting system to improve your viewing angle and ergonomic comfort, not to mention gaining some of your desk space back.

Adapters/Docking Stations

If you are using a laptop or tablet, one of the essential accessories should be a docking station. This will provide multiple ports, including connections for monitors, USB, and even Ethernet. Otherwise, you will need to buy separate adapters for each device type you want to connect and you will likely only be able to use one at a time on ultra-slim laptops or tablets.

Extra Power Supply/Cable/Charger

Who hasn’t gotten to the client meeting or presentation and realized their laptop/tablet was almost out of battery and the power supply wasn’t in the bag? Keep one on your desk and one in your bag. Same with your phone charger. ‘Nuff said.

Webcam/Microphone/Headphones

As we have all experienced over the last few months, video web meetings are the new norm. Most laptops and tablets have a decent webcam for a single person, but the built-in microphone is not of the highest quality for the best audio experience. Use a USB microphone and headphones if you are doing video meetings with more than just the person seated directly in front of the laptop. An external webcam is also a good investment when displaying a meeting room or larger group.

External Hard Drive/USB Drive

For backups and nothing else. And like your Mom said, don’t ever take USB drives from strangers. You don’t know what has been on that drive and could inadvertently find yourself with a virus.

Miscellaneous Items

You may want to consider a few other items to make your life easier.

• Cable organizers – Because who wants to have to fight cables for desk space?
• Printer – Yep, people still read things on paper and occasionally even send them via postal mail.
• Surge protector/UPS – Even though laptops and tablets run on batteries, you probably want to plug more than one thing into that impossible-to-reach outlet behind your desk. Also, both of these devices can offer some protection against electric spikes to your laptop or tablet.
• Notebook – No, I’m not talking about anything electronic, just plain old paper and pen. Having a pad of paper to jot down the odd note or phone number is just indispensable.

Software you will need, but probably haven’t thought about yet

You have your remote/mobile office all set up and you are feeling pretty smug about it because you can check email, share documents, check inventory, etc. That’s great, but what happens to all of that information when you click a suspicious link or visit the odd website only to find that you are the unhappy recipient of malware?

Virtual Private Network (VPN)

Don’t leave home without it. In fact, use it at home, too. Your IT department may have a specific VPN application that you need to use, so check with them first, but on laptops, tablets, and smartphones, having and using a VPN is essential.

Anti-Malware/Advanced Endpoint Protection

You wouldn’t dream of leaving your house unlocked while you are away, so why would you leave your data unguarded? A good anti-malware program is essential, especially for mobile devices. Check with your IT department first, but make sure all of your mobile devices, including your smartphone, have security software installed.

Backups

Your best line of defense, especially against ransomware or theft of a device, is a regularly scheduled, secure and tested backup. Not only should you backup your laptops/tablets/smartphones, but what about all of that data in the SaaS cloud? You guessed it: that needs to be backed up as well.

Some stuff that doesn’t have anything to do with security

Here are some miscellaneous pieces of software/websites you may find useful when working remotely:

• Binaural Beats – atmospheric music that enhances your creativity, relaxes you, and promotes general wellbeing
• Dragon Naturally Speaking – Tired of typing? Use Dragon’s dictation software!
• IFTTT – Want a way to automate mundane tasks or connect separate calendars? If This, Then That (IFTTT) is your answer.
• RescueTime – This is an app that helps bring some discipline and sanity to your remote work by tracking your screen time between productive and distracting apps and websites, even blocking the distracting sites when you need to focus.

The Tax of Remote Work

Finally, working remotely isn’t just about technology, it is about how you can efficiently and effectively operate outside of the traditional workspace. Here are a few tips.

• Structure your workday just as if you were in the office, no matter where you are.
  • Have a definitive start and stop time.
  • Take breaks, just as if you were in the office.
  • Keep a daily ‘diary’ of your workflow using OneNote, a calendar program, or even a giant old legal notepad.
• Minimize distractions and set boundaries
  • Ditch the personal social media accounts and email during work hours.
  • Roommates, spouses, family, and friends need to clearly understand that even though you are home, you aren’t “home”. Set clear expectations for your workspace and interruptions.
  • Plan your work and work that plan. Lay out the day’s tasks and items that need to be complete, and work through them.
  • Use appropriate music as a background. Instrumental music works best for most people.
• Interact with co-workers on a regular basis. Possibly the most difficult hurdle for remote work is a sense of isolation. Make a conscious effort to connect with coworkers via phone or video.

By: Jerry Horton, Technology Director

We are all shopping online more today, whether we are making purchases or being purchased from. While it is convenient, it can also put you in danger of having personal and financial information stolen. Cyber attackers are always at work, but take full advantage of situations like the current pandemic. Both consumers and businesses need to ensure they are taking the proper safety precautions.

On the Attack

When it comes to online shopping, the internet gives attackers multiple ways to obtain your personal and financial information. Once they have it, they will use your information to make their own purchases, or sell it to someone else. They may target their potential victims through fraudulent websites and emails, including fake shops and charitable organizations. Just remember the old adage, if a deal looks too good to be true, it probably is.

Another way attackers are able to get your information is through intercepting. If a vendor does not use encryption during a transaction, your information is at risk.

Attackers also prey on vulnerable computers. Consumers and businesses alike need to take steps to protect computers from viruses and other malicious code that attackers may use to access personal and customer information. Keep your devices up to date and protected.

Keep Your Info Safe While Shopping

Perhaps the most important way to protect yourself is by doing your due diligence. Here are some ways to keep private information secure:

• Do business with reputable vendors.
• Ensure a secure website – If you are a consumer, make sure you are purchasing from a secure site, which should have a URL that begins with “https” instead of “http” and a closed padlock icon.
• If you are a business that sells to consumers, ensure that your site has been secured and that you are using the proper web security (i.e. web app firewalls, full blown security commerce suite), and maintain PCI DSS compliance in store or online.
• Do not provide sensitive information through email. No reputable business will ask for private or sensitive information via email.
• Use a credit card or prepaid debit card, which, by law, offers some level of fraud protection.
• Use a Virtual Credit Card – How it works: you own a credit card account with the institution that offers the card. When you make a transaction, your account generates temporary, random numbers in place of your actual credit card number. This offers one more layer between you and attackers. Some cons to this method include difficulty returning or denying a purchase, they’re not accepted by all merchants, and not every purchase offers the same fraud protection as with credit cards. There are three major companies offering virtual credit cards: Bank of America, Citibank, and Capital One.
• Check your app settings – Shopping apps should tell you what they do with your data and how they keep it secure. There is no legal limit on your liability with money stored in a shopping app or gift card. Read the terms of service. The pro to shopping through store apps is that it can help avoid clicking a “bad” link to one of those legitimate-looking, but fake, websites.
• Check your statements and accounts – Compare receipts and purchase copies with bank statements for discrepancies. If you think this is a small point, read your neighborhood cybersecurity guy’s personal fraud experience.
• Check privacy policies – Most of us probably skim these, but before entering any personal or financial information, you should understand how your data will be stored and used by reading through the website’s privacy policy.

Collecting Payment as a Business

The same security rules apply for businesses as with consumers: make sure there is a layer of protection in the transaction. I recommend all businesses that are selling to consumers do the following:

• Be set up to take credit cards and debit cards – Look at services like PayPal, Square, Amazon Pay, Google Pay, Apple Pay
• Work with your financial institution – They will help support all that goes into conducting electronic transactions and have knowledge of industry policies.
• Set up with reputable companies that will advocate for both the buyer and seller. PayPal, Amazon Pay, Google Pay, Apple Pay, for example, meet the necessary standards. Check that your organization is PCI DSS compliant. PCI DSS is a stringent set of standards created and policed by the industry itself.

Use Solid Business Accounting Practices

Setting up your transactions for optimum cyber security is one step. Another step businesses must take for their added protection is to set up solid accounting practices. Be sure to have a clear “chain of evidence” – a clear process in place about where an invoice came from, how much it is, and what it’s connected to. Accounts should be charted and set up with vendor and accounting codes. And be sure to separate duties; one person should not be responsible for the entire process. Just as you would frequently check your personal bank statements, keep solid records and look through details, understanding that attackers can steal enough information to make it look like an invoice came from a company.

Unless you’re an enterprise level business, don’t attempt to go at this by yourself. Utilize a reputable dealer and make sure to have a discussion with your financial institution.

The COVID-19 pandemic has accelerated a process that was already in place with attackers/ hackers using their best tricks and tactics to steal consumer information. Something else to consider while online shopping at this time is how to be a socially responsible shopper. if you’re making purchases, support local when possible. Don’t engage in panic buying. And if you see someone else in need, give.

By: Jerry Horton, Technology Director

Having WiFi at your house makes the work at home life many of us are living right now more convenient than days of ethernet or–perish the thought–dial-up. But WiFi by its very nature comes with its own security risks. Make sure your work is secure by practicing safe WiFi usage.

Understanding WiFi

A WiFi network connects devices together using radio waves, as opposed to a physical medium such as cable or fiber. Whereas fiber is immune to hacking (outside of physically splicing a device into the fiber strand), WiFi is comparably easy to hack because it’s a radio transmission designed to remotely connect multiple devices simultaneously. Once someone is “inside” the network, it becomes easy to gain access to any equipment sharing that network – allowing hackers to control devices, steal data, and implant viruses where and how they see fit.

A Cautionary Tale

In October 2016, the entire Eastern seaboard lost internet for 16 hours in what is called a distributed denial of service attack, which disrupts service by consuming all available bandwidth to knock users offline. Called the Mirai botnet, the attack was initially designed by an undergraduate student at Rutgers trying to profit off of Minecraft players. The botnet–somewhat more successfully than anticipated–implanted malware in all manner of wireless devices it encountered and proceeded to transmit and clog traffic. Any unsecured devices are susceptible to this kind of compromise.

Methods of Securing WiFi

You may be familiar with networks using open authentication. As the name implies, this method allows a device to join a network as soon as it sees the SSID – Station Set Identifier without requiring a password. 

Another method is WEP – Wired Equivalence Privacy – which has somewhat fallen out of favor as it offers minimal security, but is still available on most routers. WPA – WiFi Protected Access – encrypts traffic, making it a bit more secure than WEP.

WPA2 is the best WiFi option because it uses algorithms and advanced encryption systems to make traffic on the network harder to infiltrate and disrupt. Don’t worry if you feel like you’re floating in alphabet soup–we nerds love our acronyms.

Getting to Work

Cyber criminals, like most criminals, are looking for low hanging fruit. If you’re working remotely with access to sensitive information, don’t use an open public network, because these are highly unsecured. 

Disabling automatic connections to WiFi on your devices will give you more control over what networks they access. Always use a VPN – Virtual Private Network – when connecting to a business network from any remote location such as your local coffee shop. Your IT team should ensure you have this precaution in place.

Never operate as an administrator of your device when joining a business network remotely; use personal user credentials with lower clearance levels to limit the information available to potential hackers, and encrypt any files stored locally on the device. 

When securing your personal WiFi network, use WPA2 and a long, unique password. If you’re not tech savvy, not to worry; router manufacturers are making your life easier with prebuilt passwords at different security levels. Visit the router manufacturer’s website for directions on how to make security changes; most devices are managed from a web app where you can personalize your network settings.

Tips from the Experts

For personal devices, we recommend turning on your local firewall, installing an anti-malware program, and investing in a VPN software and network. When browsing the web, if a site offers multifactor authentication, turn it on. 

Multifactor authentication consists of one of four things – something you know (password or PIN), something you have (token), something you are (biometrics), or somewhere you are (geolocation). And of course, never give out your account passwords to anyone, including (anyone claiming to be) IT personnel – anything they need to access, they can access without asking your credentials.

Wrapping it up

Without a doubt, WiFi makes our lives easier, providing connectivity without cables in almost every home, business, and point of interest, but it is not without security flaws. It is up to you to make sure you are maintaining good cybersecurity practices by using WPA2, personal firewalls, good anti-malware, multi-factor authentication, and a VPN whenever it is possible.

Stay safe and healthy!