Protect Your Business From the Dangers Of Shadow IT with Office 365

The term “Shadow IT’ refers to apps and devices used as work that operate outside your company’s sanctioned policies and protocols.

Shadow IT takes many forms, like conversations on Facebook Messenger, Google Hangouts, Gmail or Skype.  It can include software from Excel macros to cloud-bases storage apps such as Dropbox, Google Docs and Evernote.  Or collaboration spaces like Slack, Asana and Wrike.  And then there are devices: ISB sticks, smartphones, tablets and laptops within your network that you have no control over.

Robert J. Moore, CEO of RJMetrics, relates how companies like Slack and Dropbox craft their pricing models to encourage rapid proliferation.  One day, a few of his engineers were using Slack, then all the engineers, then the whole rest of the company was using it. “We’ve reached a point of no return and paying for it was pretty much our only option.”

What are the hidden dangers of shadow IT?

 When users on your network adopt apps and devices outside your control, protocols aren’t followed, systems aren’t patched, devices get infected without people knowing it and data breaches happen…As a result, confidential information can be exposed, accounts taken over, websites defaced, goods and services stolen, and precious time and money lost.

Not only that, you end up with siloed information in unknown places, data compliance and missed opportunities for bulk pricing.

The obvious solution would be to crack down and forbid use of all but company-approved devices and apps.  Unfortunately, that tends to slow things down, stifling productivity and innovation.

 So how can you protect your business from the risks of Shadow IT?

1. First, find the Shadow IT in your organization. Start with surveying your employees. Ask them what software and services they use regularly. You’d be surprised how many unauthorized tools you’ll uncover, simply because the employees don’t realize they’re practicing Shadow IT. Second, track network traffic. Using the right scanning techniques will help you identify unauthorized software and systems that are using your network.
2. Cut loose the “control” mentality. It’s no longer feasible to simply ban certain apps.  If you don’t give employees the software they prefer, they just start using their own. They can easily access a vast and growing variety of apps, all without your help-or control.
3. Recognize the delicate balance between risk and performance. Evaluate risk on a case by case basis.  Then take control of high-risk situations and keep an eye on the rest.
4. Foster open communication. Get employees involved in creating intuitive policies.  You can turn them from your greatest risk to your greatest asset by leveraging their input and ownership of protective protocols.  This helps maintain security while keeping practical needs for performance in mind.
5. Develop a fully tested plan. Even if it’s only 70% complete, a tested plan will be far more useful when the need inevitably arises than a 100% complete plan that’s not fully tested. Most managers underestimate the confusion that occurs in the first few days following a breach. Unfortunately, that confusion can create a defensive rather than constructive atmosphere centered on discovering how, when and where the breach occurred. A comprehensive incident response plan can go a long way toward achieving a speedy resolution, and keep an otherwise manageable event from turning into a full-blown business crisis.
6. Find the right balance. Focusing only on security and asset protection can drag down business performance quickly. However, balancing risk with performance enables you to maximize your return from investments in detection and response. It also helps you become more adept at adjusting as the security landscape changes. By developing your organization’s ability to recognize threats and respond effectively to incidents, you can actually take risks more confidently and drive business performance to a higher level.
7. Make sure you know what applications your employees are using with a software package like Microsoft 365 Cloud App Security.  This tool will enable you to discover all cloud use, authorized or unauthorized, that is occurring on your network. Unapproved activity can be monitored and a risk assessment provided for the application.

Remember that, while monitoring Shadow IT can be a time-consuming process, the use of unauthorized applications is not necessarily the enemy.  It can in fact be an opportunity for you to discover business needs and empower employees via technology. Download our guide to learn more.

Now We Know…2018 Was A Record-Breaking Year For Data Breaches

We knew fairly early in the year that 2018 was on track to beat 2017 and set a new record for the number of data breaches in the year.

Afterall, 2017 had shattered 2016’s record the year before. Now that the final numbers are in though, we can see just how big an increase we’ve seen in the number of data breaches from one year to the next.

The numbers aren’t pretty. With 12,449 reported data breaches in 2018, we’ve seen a staggering 424 percent increase year over year. 2019 is already shaping up to be another record-breaking year. All that to say, our problems with hackers and data security are getting worse, and there’s no end in sight.

As with last year, the United States leads the pack in terms of the total number of records exposed by data breaches. Although in terms of raw numbers, the US’s total was fairly modest. It’s simply that all of the year’s biggest breaches occurred here.

At least part of what’s driving the phenomenon of the steadily increasing number of breaches is the fact that there are a staggering number of user login credentials for sale and re-sale on the Dark Web. These are purchased for modest sums and used by hacking groups all over the world to try their hand at breaking into various networks.

Unfortunately, given the sorry state of password security, it’s often months before a hacked account sees its password changed. That gives nefarious elements plenty of time and loads of opportunities to inflict whatever damage they will, and they’re only too happy to comply.

With the grim statistics above firmly in mind, it’s time to make data security at your firm your top priority. Based on the numbers, it’s not a question of whether you’ll be hacked. It’s only a matter of when. Download our free Self Assessment and find out how where you stand with network security.

6 Must-Have Chrome Extensions

Google Chrome is the most popular and most used browser in the world. And because of its unparalleled speed, user-friendly interface, and powerful performance, it’s also touted as the best browser. But did you know that the Chrome Web Store is full of extensions you can install to add extra features to your browser? Here are some extensions you should definitely try.

StayFocusd

As the name suggests, StayFocusd helps you stay focused. This is a perfect tool for people who work on computers all day to stop themselves from getting distracted by the many wonderful things on the internet. Essentially, it’s an extension that restricts your time on websites that can cause your productivity to dip, particularly social media sites like Facebook, YouTube, and Twitter. Once you’ve reached the time limit, StayFocusd blocks access to those sites, reminding you to focus on your work.

AdBlock

AdBlock claims to be the most popular extension for Chrome. It has over 10 million active users, and for good reason. In a virtual world full of advertisements, AdBlock offers a break by blocking most ads from showing on Chrome. It’s also bound to improve your experience and increase the speed of your browser, since it blocks shady advertisements on the web, some of which are designed to trick people into downloading something that could harm their computers.

LastPass

Remembering passwords can be quite a headache; good thing there’s LastPass. While Chrome already has a built-in password manager, LastPass is a better option when it comes to password management. Instead of trying to memorize countless passwords for your online accounts, LastPass can generate new and secure passwords every time you log in to a website and sync your passwords whenever you need them. With LastPass, you can easily gain access to your accounts, enter credit card details, and fill out online forms with just a few clicks.

Evernote Web Clipper

Never lose anything on the internet again by storing web pages on Evernote. While you can mark sites by using Chrome’s built-in bookmarks option, Evernote is a more powerful option. The extension allows you to quickly and easily save web content from Chrome and transfer it straight into your Evernote account. With the press of a button, you can grab an image from the web page, make annotations, create summary links, and save a distraction-free version for later use.

Pocket

Pocket is another way to keep track of your favorite web content. With Pocket, you can save articles, videos, and any other web pages for later viewing. Simply hit the Pocket extension button when you come across something interesting and that page will automatically be synced to all your devices, so you can view it at any time, even without an internet connection. With Pocket, you can set things aside when you have important work at hand. If you can’t read the content now, Pocket it for later.

Momentum

Momentum is an alternative new tab page that replaces the default Chrome landing page. Equipped with a personalized dashboard that features a beautiful scenic background, a daily inspirational quote, the weather report, a to-do list, and quick links widgets for your favorite sites, Momentum could just be the dose of inspiration you’re looking for.

Learn more about the different productivity apps the Chrome Web Store has to offer. Get in touch with our experts today.

Boost Your Productivity with these Outlook Tips

Microsoft’s development team continues to improve and update its Outlook email application, which means some users have a hard time keeping up with the new and exciting features that show up. If you want to stay updated on the latest productivity-boosting tricks, this article is for you.

Clean Up your inbox

No matter how meticulously organized your Outlook inbox is, there’s always room for improvement. For a little computer-assisted help, try the ‘Clean Up’ feature.

From your Inbox, click the Home tab and choose from Outlook’s three Clean Up options:

• Clean Up Conversation – Reviews an email thread or a conversation and deletes redundant text.
• Clean Up Folder – Reviews conversations in a selected folder and deletes redundant messages.
• Clean Up Folder & Subfolders – Reviews all messages in a selected folder and any subfolders, and deletes redundant messages in all of them.

Ignore (unnecessary) conversations

An overstuffed inbox is often caused by group conversations that aren’t relevant to you. The Ignore button helps you organize your inbox and focus on relevant emails.

• Select a message, then click Home > Ignore > Ignore Conversation. You can also do this by opening a message in a new window and clicking Ignore under the Delete function. To recover an ignored message, go to the Deleted Items folder, and click Ignore > Stop Ignoring Conversation.

Send links instead of a file copy

Help your colleagues save storage space by sending a link to a cloud version of a file instead of the file itself. This is particularly useful when sending massive files. You can also set permissions to allow recipients to edit and collaborate on linked files in real time.

• Upload the file you wish to send on OneDrive and send it to your recipients. From the message box, click Attach File > Browse web locations > OneDrive.

Improve meetings with Skype and OneNote

Outlook allows you to combine Skype’s HD video and screen-sharing features with OneNote’s organizational and project planning functions. It’s easy:

• Go to the Meeting tab in Outlook, then click Skype meeting and send the link to the participants. After the meeting has started, select Meeting Notes (under the Meeting tab) and choose whether you want to Take notes on your own or Share notes with the meeting.

Tag contacts

To get the attention of a specific person in a group email message, use the @Mention function. This works particularly well for emails sent to multiple recipients or if you simply want to convey the urgency of your message.

• In the email body or meeting request, type the ‘@’ symbol followed by the first and last name of the person you wish to tag (e.g., @firstnamelastname).
• To search for emails you’re tagged in, select Filter Email from the Home tab and choose Mentioned, then choose Mentioned.

These are just a few strategies for getting more out of Microsoft’s email platform. To unlock Outlook’s true potential, you need the support of certified IT professionals. Give us a call today.

Windows 7 End of Life: 6 Crucial Questions Answered

Social Media Is Big Business For Criminals

The rise of Social Media has been a game changer for businesses around the world, creating opportunities for customer engagement that were previously unimaginable. Unfortunately, business owners aren’t the only ones reaping the benefits of Social Media. The hackers of the world are in on the game too, and for them, Social Media represents a giant piggy bank that they’ve only begun tapping into.

Even now in the early stages of cybercriminal attacks on Social Media, the payoffs have been enormous. Social media attacks have been netting them a staggering $3.25 billion dollars a year. As shocking as that figure might be, it’s important to remember that cybercrime on Social Media is a relatively new phenomenon. Between 2013 and now, the number of cybercrime incidents involving social media has quadrupled.

The attacks take many forms, but one way or another, they come down to abusing the trust that is so essential for a functioning Social Media ecosystem.

Some attackers set up scam pages hawking illegal pharmaceuticals. Others gravitate toward cryptomining malware, while others still ply the Social Media waters intent on committing digital currency fraud or feigning a romantic connection to get money and personal information from their victims. Even if you’re one of the rare companies that doesn’t have a significant Social Media presence yet, that doesn’t mean you’re safe from harm.

Gregory Webb, the CEO of Bromium, recently spoke on the topic, outlining a danger that many business owners are simply unaware of.

“Social Media platforms have become near ubiquitous, and most corporate employees access Social Media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals. Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets.”

In light of this, it’s probably well past time to sit down with your employees and make sure they’re aware of the risks they’re exposing you to when they access Social Media accounts at work.

How Secure is your Messaging App?

Messaging applications have carved out a foothold in businesses, clearly proving their operational benefits. However, it simply isn’t responsible to leverage a solution without making sure that the solution is secure. There are a few criteria that you should consider to determine how secure your chosen application really is.

The Criteria
When evaluating your messaging solution, ask yourself:

• Are my messages encrypted (and how encrypted are they)?
• How transparent is the application to scrutiny?
• How are messages deleted?
• How much metadata is kept?

We’ll review why these questions are the important ones to ask.

Are my messages encrypted (and how encrypted are they)?
Encryption is a method of scrambling data so that it is incredibly difficult to interpret, accomplished through an algorithm known as an encryption key. Without going into too much detail, this makes any data that has been encrypted extremely secure.

Most major messaging applications use encryption today, but not all of them follow the most secure practices.

For instance, applications like Google Hangouts and Skype encrypt the messages that their users send… but also retain a copy of the encryption keys. This is so they can access the messages sent and collect data to power advertising. This also means that your data is left vulnerable if a cybercriminal makes their way into the application’s servers, or if the government waves a search warrant at them.

More common, fortunately, are apps that utilize end-to-end encryption, where the application only holds the keys that encrypt the data, accessible by the users. The users, on the other hand, hold the keys that decrypt the data again. As a result, not even the company hosting the messaging application can access the contents of their users’ messages, never mind cybercriminals or law enforcement. WhatsApp and Signal are two apps that now leverage this approach. In fairness, Skype does offer this capability as well in its Private Conversation feature, but it isn’t enabled by default.

How transparent is the application to scrutiny?
Taking the developer at their word is one thing… it’s quite another for independent and impartial experts to be able to confirm the claims that are made about an application’s security. For this reason, applications based on open-source code are generally more trustworthy, as they are scrutinized by experts who discover and report any vulnerabilities.

A few applications provide their source code openly, including Signal, Telegram, and Wickr, while WhatsApp and Facebook Messenger don’t quite qualify but are based on the open-source Signal protocol.

If an application is closed-source, like iMessage is, a user is entrusting the developer completely to maintain the security of the messages sent.

How are messages deleted?
While sending a message securely is key, the security of the message once it reaches its destination should not be overlooked. After all, if someone without authorization gains access to the device later, encryption isn’t going to do squat to protect your data. However, if you are able to delete the message after it is delivered, security is suddenly much more likely.

Skype, Telegram, and Signal all allow a user to do so. In fairness, so does WhatsApp, but it needs to be deleted within 13 hours.

Some apps feature self-deleting messages, described under various names, that destroy themselves after so much time has elapsed. Signal has “disappearing messages” with a customizable time. As we have established previously, not all apps offer the same functions, and this does nothing to delete any screenshots of your message that the recipient may have taken.

How much metadata is kept?
In addition to the contents of your messages, you want to know that your chosen application is also protecting your security via the metadata it stores. Metadata can contribute to security issues through user profiling, as it includes things like the identities of both sender and recipient of a given message, when communications were made (and for how long), IP addresses, and even the kinds of devices used. In short, it can say a lot about you.

This is precisely why you want to make sure you know what data your messaging application will collect, as well as what it will preserve. This site offers a handy breakdown of many popular applications, broken down side-by-side.

Hopefully, this information will enable you to make the best choice for your business. For more assistance with your business’ security and operations, Net Activity has the IT solutions that you need. Call 216-503-5150 for more information.

How Good is your Disaster Recovery Plan?

You may think you know all about disaster recovery plans (DRP) from attending conferences or reading up on the subject. But one of the best ways to learn is by example, and the following real-life case offers valuable lessons. Learn about the DPR audit of a state government office and the knowledge gained from it.

Hosting certain types of data and managing a government network legally bind you to maintain DRPs. After an audit of the Michigan Department of Technology and Budget, several failures led to a trove of helpful tips for small- and medium-sized businesses attempting to create a bulletproof disaster recovery plan.

Update and test your plan frequently
What was one of the first and most obvious failures of the department’s DRP? It didn’t include plans to restore an essential piece of their infrastructure — the department’s intranet. Without it, the employees are unable to complete even the most basic of tasks.

The reason for the oversight? The last time the plan was updated was in 2011, leaving out more than six years of IT advancements. If annual revisions sound like too much work, just consider all of the IT upgrades and improvements you’ve made in this year alone. If they’re not accounted for in your plan, you’re destined to fail.

Keep your DRP in an easy-to-find location
It may seem a bit ironic that the best way to store your top-of-the-line business continuity solution is in a binder, but the Michigan Department of Technology and Budget learned the hard way that the alternatives don’t work. Auditors found the DRP stored on the same network it was meant to restore. Which means if something had happened to the network, the plan would be totally inaccessible.

Your company would do well to store electronic copies on more than one network in addition to physical copies around the office and off-site.

Always prepare for a doomsday scenario
The government office made suitable plans for restoring the local area network (LAN), but beyond that, there was no way for employees to get back to work within the 24-hour recovery time objective.

Your organization needs to be prepared for the possibility that there may not be a LAN to go back to. Cloud backups and software are the best way to keep everything up and running when your office is flooded or crushed beneath a pile of rubble.

Your DRP is more than just a pesky legal requirement. It’s the insurance plan that will keep you in business when disaster strikes. Our professionals know the importance of combining both academic and real-world resources to make your plan airtight when either auditors or blizzards strike. Contact Net Activity today to learn more about bringing that expertise to your business.

Troubleshoot your Wi-Fi with ease

Here’s How to Protect Your Personal Data When Using Social Media for Your Business

Social media is a great tool that your business can use to communicate with clients and prospective customers, but in an age where you can expect your employees to have their own accounts, it can be devastating to overlook the security issues associated with it. Today, we’ll examine how you can protect your organization from its employees’ social media use.

Most social media sites require that you create an account to represent your business, but in order to do this, Facebook and LinkedIn require you to have a personal account prior to creating a business page. To this end, we’ll be providing tips on how to keep your personal accounts safe from other users, thereby protecting your business.

Facebook
First, you’ll need to create a personal profile. Facebook doesn’t allow Pages to be created without having a personal profile. Once you have done this, you can use the blue bar at the top of the page to find the feature to Create a menu item. From these options, select Page. From here, select the Business or Brand option to fill in the requested information.

You can hide the personal information on your profile page by accessing the Settings via the drop-down arrow at the top-right of the window. From here, you can navigate to the Privacy sub-menu.

To lock down your account, set Who can see your future posts to Only me. You can also limit past posts.

Furthermore, you should take these actions.

• Under the How People Find and Contact You area, you need to select Friends of Friends for Who can send you friend requests.
• Set Who can see your friends list to Only Me.
• It’s important that you set Who can look you up using the email address you provided to Friends and do the same for the option Who can look you up using the phone number you provided.
• Uncheck the box on Do you want search engines outside of Facebook to link to your profile, too.
• Next, you’ll want to click on the Timeline and Tagging option on your left. Change the option for Who can post on your timeline to Only me.

With all these settings configured in this way, only your Facebook friends will be able to see your account.

LinkedIn
LinkedIn also requires you to make an account before creating an official business page. Once you have an account set up, you can create a business page by clicking on Create a Company Page + under the nine-dot menu and following the prompts given.

You can hide your LinkedIn profile by accessing Settings & Privacy. Under Privacy, you’ll see several options allowing you to customize the information that LinkedIn shares with others.

While social media can lend a considerable amount of visibility to your business, it shouldn’t come at the cost of security. For more tips on how to be as secure as possible with your business, subscribe to our blog.