20% of Organizations Provided No Cybersecurity Guidance to Users Making the Shift to Working from Home

At a time when cyber risk is at its highest levels, new data shows how little organizations have done to ensure employees are prepared for cyber attack while working from home.

It’s somewhat understandable; when COVID-19 struck, organizations were scrambling to get themselves operational and weren’t focused on ensuring the same levels of corporate governance and cybersecurity. But, it’s still surprising to find out that little emphasis was put on educating users on the need to be vigilant.

According to security vendor Morphisec’s 2020 WFH Employee Cybersecurity Threat Index report, the majority of users (75%) are ready and willing to follow whatever security guidance is offered by IT, but half or less of employees are provided it:

• 56% of users were told to be wary of suspicious emails, attachments, or pop-ups
• 48% were told to make sure AV is running
• 46% were told to update software
• 20% weren’t told a single thing

So, at best, we have a little more than half of users being ever-so-slightly educated on cyberattacks, leaving the other 44% to fend for themselves and rely on their endpoint AV (which 52% weren’t told to check to make sure it’s running!).

This data jibes with similar reports detailing the complete lack of security awareness education for remote workers. At a time when users present one of the greatest risks to an organization, now is the time to invest in security awareness training that makes your logical perimeter (the user at their home, on their insecure WiFi, using their personal device) more secure.

Give Net Activity a call today to get started.

3 Critical Cyber Security Protections EVERY Business Must Have In Place NOW To Avoid Being Hacked

Five years ago, you might have had state-of-the-art security protecting your business and network. You had the latest malware protection, highly rated firewalls and a great data backup plan. Maybe you even had a handbook on how to address cyberthreats. You were set. But then you forgot to do one crucial thing: you didn’t stay up-to-date with your IT security policy.

This is a trap countless businesses fall into. They invest in great cyber security once. Five years ago, this was fantastic. The problem is that cyberthreats are constantly evolving. Methods used by hackers and cybercriminals have come a long way in the past five years. Criminals stay on top of what’s going on in the IT security industry. They are always looking for new ways to steal your data and make a quick buck at your expense.

What can you do to stay up-to-date in an ever-changing digital world? Here are three things every business must do to protect itself.

Understand The Threats

It’s easy to assume that hackers are trying to get into your network the “old-fashioned” way. You might picture them hacking your network trying to get your passwords and usernames or breaking through your firewall protection. While some hackers will do this (it’s easy for them if you use simple passwords), many of today’s cybercriminals rely on social engineering.

The most common form of social engineering is the phishing scam. The criminal sends you or your employees an e-mail, hoping someone will click a link or open an attached file. Cybercriminals have gotten VERY sophisticated. These e-mails can mimic the look of a legitimate e-mail from a legitimate business, such as the local bank you work with or another company you buy from (or that buys from you). Social engineering is all about tricking people.

This is why you need a cyber security handbook – one that is regularly updated. It’s something you can reference. Your team needs to know how to identify a phishing e-mail, and you need to have procedures in place for what to do if a questionable e-mail shows up. This helps keep your employees from becoming the weak link in your security setup.

Update, Update And Update

From software to hardware, you must stay updated. There is no such thing as “one-and-done” when it comes to network security. Something as simple as a wireless router can DESTROY your security if it’s not regularly updated. Hackers are always looking for vulnerabilities in both hardware and software, and when they find them, they WILL exploit them.

What happens when a piece of hardware (like a router) is no longer supported by the manufacturer? This occurs all the time, particularly as hardware ages. Manufacturers and developers drop support for their older technology so they can focus on their newer products. When they drop support for a product you use, this is a good indicator that you need to replace that piece of hardware. The same applies to software.

You might balk at the cost of buying new technology, but in the long run, the cost is well worth it. Think of the cost of buying a new router versus the cost of cleaning up after a data breach. Some small businesses never recover after a hack – it’s just too expensive. Keep your malware software updated, keep your firewall updated, keep your cloud backups updated and keep all your devices and software UPDATED!

Invest In Proactive Network Monitoring

When it comes to the security of your network and overall business, being proactive can make a huge difference. Proactive monitoring means your network is being watched 24/7. Every little ping or access to your network is watched and assessed. If a threat is found, then it can be stopped.

The great thing about proactive network monitoring is that you can customize it. Want to know about every threat? You can request a real-time report. Only want updates once a day or once a week? That can be done too! This approach means you have one less thing to think about. Someone is always keeping an eye on your network, making sure the bad guys stay out.

You might think, “How am I going to do all this?” You don’t have to go it alone – and you shouldn’t. Work with an IT services firm. Work together to find the best solutions for your business. When you work with IT specialists, you can rest assured your team will be updated on today’s threats. You’ll know your network – and everything connected to it – is updated. And you’ll know someone is watching over you. That’s the ultimate peace of mind.

Employees Are Letting Hackers Into Your Network …So What You Can Do To Stop It?

Cyberthreats are everywhere these days. Hackers, scammers and cybercriminals are working overtime to break into your network – and the network of just about every business out there. They have a huge arsenal of tools at their disposal, from automated bots to malicious advertising networks, to make it possible.

But there is one “tool” that you may be putting directly into their hands: your employees. Specifically, your employees’ lack of IT security training.

While most of us expect hackers to attack from the outside using malware or brute-force attacks (hacking, in a more traditional sense), the truth is that most hackers love it when they can get others to do their work for them.

In other words, if they can fool your employees into clicking on a link in an e-mail or downloading unapproved software onto a company device, all the hackers have to do is sit back while your employees wreak havoc. The worst part is that your employees may not even realize that their actions are compromising your network. And that’s a problem.

Even if you have other forms of network security in place – malware protection, firewalls, secure cloud backup, etc. – it won’t be enough if your employees lack good IT security training. In fact, a lack of training is the single biggest threat to your network!

It’s time to do something about it. Comprehensive network security training accomplishes several things, including:

1. Identifying Phishing E-Mails Phishing e-mails are constantly evolving. It used to be that the average phishing e-mail included a message littered with bad grammar and misspelled words. Plus, it was generally from someone you’d never heard of.

These days, phishing e-mails are a lot more clever. Hackers can spoof legitimate e-mail addresses and websites and make their e-mails look like they’re coming from a sender you actually know. They can disguise these e-mails as messages from your bank or other employees within your business.

You can still identify these fake e-mails by paying attention to little details that give them away, such as inconsistencies in URLs in the body of the e-mail. Inconsistencies can include odd strings of numbers in the web address or links to YourBank.net instead of YourBank.com. Good training can help your employees recognize these types of red flags.

2. Avoiding Malware Or Ransomware Attacks One reason why malware attacks work is because an employee clicks a link or downloads a program they shouldn’t. They might think they’re about to download a useful new program to their company computer, but the reality is very different.

Malware comes from many different sources. It can come from phishing e-mails, but it also comes from malicious ads on the Internet or by connecting an infected device to your network. For example, an employee might be using their USB thumb drive from home to transfer files (don’t let this happen!), and that thumb drive happens to be carrying a virus. The next thing you know, it’s on your network and spreading.

This is why endpoint protection across the board is so important. Every device on your network should be  firewalled and have updated malware and ransomware protection in place. If you have remote employees, they should only use verified and protected devices to connect to your network. (They should also be using a VPN, or virtual private network, for even more security.) But more importantly, your employees should be trained on this security. They should understand why it’s in place and why they should only connect to your network using secured devices.

3. Updating Poor Or Outdated Passwords If you want to make a hacker’s job easier than ever, all you have to do is never change your password. Or use a weak password, like “QWERTY” or “PASSWORD.” Even in enterprise, people still use bad passwords that never get changed. Don’t let this be you!

A good IT security training program stresses the importance of updating passwords regularly. Even better, it shows employees the best practices in updating the passwords and in choosing secure passwords that will offer an extra layer of protection between your business and the outside world.

If you or your employees haven’t updated their passwords recently, a good rule of thumb is to consider all current passwords compromised. When hackers attack your network, two of the big things they look for are usernames and passwords. It doesn’t matter what they’re for – hackers just want this information. Why? Because most people do not change their passwords regularly, and because many people are in the habit of reusing passwords for multiple applications, hackers will try to use these passwords in other places, including bank accounts.

Don’t let your employees become your biggest liability. These are just a few examples of how comprehensive IT and network security training can give your employees the knowledge and resources they need to help protect themselves and your business. Just remember, you do not have to do this by yourself! Good IT training programs are hard to find, and we are here to help.

5 Ways to protect against VoIP threats

Few companies today would survive without effective, cost-efficient collaboration tools like Voice over Internet Protocol (VoIP) solutions. But like any piece of technology, VoIP systems are fast becoming an easy target for attackers. Here’s how to protect your company’s internet-based communication devices from numerous threats.

What many companies don’t realize is that valuable information moves across VoIP networks just like sensitive data is shared via email. In some cases, internet-based calls are more vulnerable to fraud, identity theft, eavesdropping, intentional disruption of service, and even financial loss. With numerous VoIP-based attacks, it’s crucial to implement these security measures now.

24/7 monitoring

VoIP security breaches usually take place outside operating hours. Attackers make phone calls using private accounts or access call records with confidential information on the sly. Contract outsourced IT vendors to monitor network traffic for any abnormalities to avoid these security breaches.

Virtual private networks

Virtual private networks (VPNs) create a secure connection between two points, as if they belong in the same closed network. It’s like building a safe secret tunnel between you and the person you’re calling. Using a VPN can also help overcome complications involving Session Initiation Protocol trunking, a recommended VoIP feature.

VoIP firewalls

Firewalls specifically designed for IP-based telephony curb the types of traffic that are allowed into your network. They ensure that every connection is properly terminated at the end of a session and identify suspicious calling patterns. Virtually every VoIP vendor provides these protocols, but you should always consult with your IT services provider as to how these protocols will be managed within your organization.

Encryption tools

Due to lack of encryption, VoIP systems can be easily broken into by even inexperienced hackers who can download and deploy tools to eavesdrop or intercept your calls. Some services claim to have built-in encryption, but companies still need to be vigilant and investigate how effective these are.

Using encryption ensures that even if hackers successfully download audio or video, they still can’t decode the file unless they have the decryption key.

Password protection

Using passwords to authenticate your access to private information is not as secure as it once was. Hackers can easily guess a password and use it for cyberattacks. This is why protecting the passwords themselves adds a great layer of protection against threats.

Employees should never divulge any compromising information during a VoIP call, as eavesdropping is one of the easiest and most common cyberattacks against VoIP networks.

VoIP is as important as any of your other network security considerations. It requires a unique combination of protection measures, and we’d love to give you advice on these. Give us a call today to get started.

It’s Time to Rethink your Password Strategy

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. Recently, however, the institute reversed its stance. Find out why and learn what their new recommendations are for creating strong passwords.

The problem

The issue isn’t that the NIST advised people to create easy-to-crack passwords, but their previous advice inadvertently made people create weak passwords using predictable capitalization, special characters, and numbers, like “P@ssW0rd1.”

Such a password may seem secure, but the strings of characters and numbers could easily be compromised by hackers using common algorithms.

What’s more, the NIST also recommended that people change their passwords regularly, but did not specify how and when to change them. Since many people thought their passwords were already secure because they’ve included special characters in them, most only added or changed one character.

The NIST essentially forced everyone to use passwords that are hard for humans to remember but easy for a hacker’s algorithm to crack.

Eventually, the institution admitted that this can cause more problems than solutions. It has reversed its stance on organizational password management requirements, and is now recommending banishing forced periodic password changes and getting rid of complexity requirements.

The solution

Security consultant Frank Abagnale and Chief Hacking Officer for KnowBe4 Kevin Mitnick both see a future without passwords. Both security experts advise enterprises to implement multifactor authentication in login policies.

This requires a user to present two valid credentials aside from a password to gain access to an account. This could be a code sent to the account owner’s smartphone, a login prompt on a mobile device, or a facial or a fingerprint scan. This way, hackers’ login efforts are futile unless they fulfill the succeeding security requirements.

Moreover, Mitnick recommended implementing long passphrases of 25 characters or more, such as “recedemarmaladecrockplacate” or “cavalryfigurineunderdoneexalted.” These are much more difficult to guess and less prone to hacking. As for the frequency of changing passphrases, it will depend on a company’s risk tolerance.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to crack.

You should also enforce the following security solutions within your company:

• Single sign-on – allows users to securely access multiple accounts with one set of credentials
• Account monitoring tools – recognizes suspicious activity and locks out hackers

When it comes to security, ignorance is your business’s kryptonite. If you’d like to learn about what else you can do to remain secure, just give Net Activity a call.

What Your IT Documentation Needs to Include, and Why

It is important that you have a handle on the technology that your business utilizes, which will require you to maintain comprehensive documentation regarding it and its support. Here, we’ll go through what a managed service provider includes in this documentation, as well as how it is used.

What Does This Documentation Include?
In short, everything there is to know about every piece of technology you rely upon to function. This can easily be divided between your hardware and software resources:

Hardware

This documentation covers all the information about the physical devices you use.

Serial/Model Numbers — This allows for simple identification of the technology that needs support, as well as the kind of device it is for your support team’s benefit.
Purchase Dates — Knowing when a piece of hardware was acquired can help you to make decisions when weighing the cost benefits of repairing or replacing it if something were to go wrong.
Warranty Information — Knowing whether a piece of equipment is still under warranty can also help the above decision-making process. After all, why buy something new if you can get it replaced or repaired for free?
Installation Dates — Again, like the purchase date of a piece of hardware, knowing when it was installed can help with the troubleshooting process if it were to need support.
Physical Locations — Knowing where a piece of IT is located not only helps your support team to service it more easily, it enables you to keep better track of where your assets are.
Device Names — Standardized technology deployments can make it challenging to confirm if the right device is in the right spot. Naming the device helps to differentiate it from the others just like it.
IP Addresses — Much like it helps you to know the physical location of each device, knowing the IP address simply helps you to identify a device on your network.
Support Information — Finally, keeping your hardware documented makes it easier to locate the appropriate support information, should it ever be needed.

Software

Meanwhile, this documentation covers all the critical information about the software you possess.

Product Licenses — This is effectively the same as the serial number on a hardware solution. This tells you the individual identification number of the copy (or copies) of the software you are able to use.
Purchase Dates — Again, knowing when you acquired something is an invaluable data point concerning its support, as it helps define if your solution is under warranty and other important variables.
Install Dates — Similarly, knowing when a software solution was installed can provide a variety of important information, particularly involving any weaknesses in its programming.
Subscription Details — Or, in other words, how many of a software’s capabilities are you able to use, and for how long? This is vital to know if you want to keep these tools available to your users.
Usernames — Speaking of your users, you need to define who can access each software title with their username. This will help you keep track of each user’s capabilities and permissions.
Version History — Finally, keeping track of the current version of each of your software will allow you to know if an update is called for, or if there are any vulnerabilities that you need to be concerned about.

Of course, you should also maintain documentation on the proper procedures to maintain all these solutions, as well.

What is the Benefit of All This Documentation?

With the help of a managed service provider like Net Activity, these in-depth records immediately become worth the effort. In addition to simply keeping this documentation up-to-date, an MSP will also refer to it as a resource.
Let’s assume that one of your hardware solutions begins acting up. It doesn’t really matter which, as the MSP working with you has up-to-date records of all of them. So, as your desktop/router/server is acting up, the MSP not only has a historical record to help them shape their approach, they have additional data to help guide their decision.
For instance, if this piece of technology has required you to spend excessive time on it over a given timeframe, you will have that data tucked away in your documentation. As a result, the next time an issue arises, you will be able to determine if it is more economical to replace said technology than it would be to continue repairing it.
In many ways, documentation simply serves as a better alternative to relying on memory.

If you’re interested in learning more about how working with Net Activity can benefit your business processes through improved documentation and so many other means, give our team a call at 216-5-3-5150.

4 Reasons to upgrade to a Dual Monitor System

Small businesses are always seeking ways to ensure their employees make effective use of computers. But before you go out and buy bigger hard drives and faster processors, you should consider upgrading your desktops to a dual monitor system. Read on to find out about the advantages of using two monitors per desktop.

Enhanced productivity

A survey by Jon Peddie Research shows that working with dual monitors increases overall productivity by 20–30%. Computer programmers, for example, can use one screen for source coding and the other for programming. By using dual monitors, they no longer need to toggle back and forth between tabs. This frees up time to complete more projects.

Better multitasking

Efficient multitasking requires adequate screen space to keep multiple applications simultaneously visible — a view that single monitors alone simply cannot accommodate. With a dual monitor setup, workers like customer service reps and web designers would no longer waste time scrolling up and down and resizing windows to fit the limited space. Instead, the enhanced visibility that dual monitors bring lets them focus on completing their tasks accurately and efficiently.

Easier layouting and image and video editing

With dual monitors, the days of stacking numerous editing tools on top of the newsletter, slide presentation, image, or video you’re working on are long gone. Instead of your screen looking like a game of Mahjong, you can position the editing tools on one screen and use the other monitor for the file you’re working on. With better visibility, you’re less likely to commit errors and more likely to accomplish the task faster.

Effortless product comparison

Imagine that you want to buy a camera, and you have two models in mind. Of course you want to look up and compare their specs before making a final decision.

If you had only one monitor, you’d need to go back and forth from one tab to another. But if you had two monitors, you could view the models side by side to help you clearly see their differences and make an informed purchase.

Want a dual monitor setup for your employees? We can help you roll it out. Contact us today to get started.

Microsoft Considering Adding Meet Now Button For Online Meetings

The Coronavirus pandemic has changed a number of things about how the world works.

One of the bigger and more noticeable changes is, of course, the fact that so many people are working from home these days. They’re relying on video conferencing software in lieu of face to face meetings.

This year, Google and Microsoft have seen tremendous growth in the use of their videoconferencing services. However, it is plucky upstart companies like Zoom that have been the real trailblazers, leaving the tech giants to play catch-up.

The tech giants might have been a bit slow to respond to the changing paradigm, but they’ve got the resources to do it right. Recently, Microsoft has made changes to Skype that indicate the company is ready, willing and able compete head to head with Zoom.

Among the recent changes the company has rolled out is the new “MeetNow” feature in Skype, which is a new icon that resides in the system tray of Windows 10, allowing for one touch convenience when setting up a new video call. No need to log in, just click the button and you’re off and running.

The new feature is generating a lot of buzz for Microsoft, and if you’d like to see it in action and test it out for yourself, and if you’re a Windows Insider, just grab a copy of Windows 10 Build 20221 and install it. Be sure to check out the company’s blog post about the build, which contains a complete list of newly enhanced functionality as well as a list of known issues with the new services.

In a related vein, Microsoft has also recently added a new feature to its “Your Phone” app, which allows users to pin important notifications to the top of the notifications feed. A small change, but a very good one.

In any case, Windows Insiders can get a sneak peek at the new functionality right now. The rest of us will have to wait until some future build to see what the company has been up to on the videoconferencing front.

Microsoft Edge Browser Is Included With Latest Windows 10 Updates

Do you use Microsoft Edge? Unfortunately, Microsoft doesn’t care whether you do or not, they’re force-installing the browser on Windows 10 systems as part of their updates.

Ostensibly, this is because the company is retiring their older versions of Edge and replacing them with the new Chromium-based edge.

In order to make sure that all of the old versions are expunged, the company has declared the latest OS update to be mandatory, and it includes the latest rendition of the Edge browser.

Although the company’s explanation makes perfect sense, it is nonetheless raising the hackles of a significant portion of the Windows user base, who doesn’t use, or even like the Edge browser. In any case, like it or not, use it or not, you’re getting it.

To be clear, Microsoft is actually pushing out a pair of updates designed to do the deed. The first and most impactful of these is KB457654, which is designed to replace the legacy version of Edge on Windows 10 versions 1809, 1903, 1909, and 2004.

The second update is KB4576753 and is designed to specifically target Windows 10 build 1803.

While it is possible to prevent the updates from being installed, honestly, it’s more trouble than it’s worth. There’s no fighting city hall, and the company has made the decision. You’re better off just letting the update happen and then, if you decide you don’t want the new Edge browser, just go in behind the update and uninstall it. It’s not a perfect solution, but to do anything else will cause you to miss out on important security patches. Eventually, the company will find a way to retire the legacy browser and install the new Edge anyway.

It’s frustrating for some users, but that’s the lay of the land. Just be aware, and if you don’t use Edge, remove it when the update makes the switch.