If Your Password is On This List, Change It Now

The annual list of the worst passwords in use during 2018 has just been published by SplashData.

This year’s list features a number of the usual suspects, but there are also a few new entries.

Here are the ten worst passwords in use, according to the data:

• 123456
• password
• 123456789
• 12345678
• 12345
• 111111
• 1234567
• sunshine
• qwerty
• iloveyou

Other notable entries include “welcome” at #13, “football” at #16, “Donald” at #23, “password1” at #24, “freedom” at #29, “hello” at #68, “test” at #88, and “whatever” at #91.  Obviously, if you see a password you use anywhere on this list, you should change it immediately, as these are incredibly easy to guess, which makes breaching your system a trivial matter.

The rankings for the passwords were derived via an analysis of more than five million passwords leaked o the internet over the past year.

SplashData’s CEO Morgan Slain described the persistent entries on the latest report as being “a real head scratcher,” especially in light of the fact that there have been so many high profile data breaches over the last few years.

It’s not like people are unaware of the risks and dangers. Yet, the message just isn’t getting through to a majority of users.  Year after year, we see the same easy to guess passwords showing up on the list.  It’s an even mix of frustrating and dangerous.

From an IT Security Manager’s or business owner’s perspective, the key issue is this:  It doesn’t matter how extravagantly you spend on data security if your employees are using passwords like this because hackers can simply circumvent your expensive security solutions.

Sadly, based on the statistics, it’s overwhelmingly likely that more than a few of your employees are making it laughably easy to breech your system.

Today’s Small Businesses Lean Heavily on Remote Workers

Are you are among the 55.3 percent of employees who took their work devices on the road this past holiday season? Chances are you took work home with you over the holidays just to make sure you didn’t fall behind, even if you did manage to get all outstanding work completed before you signed “off” for the duration. Unfortunately you may have exposed your important company data to unnecessary risk, just for the chance to get a little extra work done.

A survey from ObserveIT asked several questions about the real threats that face businesses when it comes to remote workers and mobile devices, and the results they found were quite disturbing. Just about anyone–even the best employee–could pose a potential risk to your business if they are unaware of the dangers their mobile device usage presents. We’ll dig into the details and share some of the important takeaways of the survey, as well as what you can do to make sure your organization doesn’t fall victim to these threats.

Using Unsecured Networks is Dangerous
While it might be convenient to use any unlocked Wi-Fi network while out of the office, it’s not the most secure way of accessing the Internet. This is because anyone on the network with the right tools can see what you are doing, as well as steal or intercept data while it’s in transit to and from it. 77 percent of employees use these networks to access the Internet on their devices.

Furthermore, the number of employees using these networks to access their email and other company data while unsecured is somewhat surprising. About 63 percent of employees do this, and it puts your business’ sensitive information at risk.

Employees Use Unapproved Devices to Access Data
Sometimes devices used by your employees aren’t as secure as they can be. For example, someone might bring a tablet that doesn’t adhere to a Bring Your Own Device policy to the workplace. Any unsecured devices that aren’t company-approved could expose your network and data to danger. It’s estimated that just over half–54 percent–of employees use these devices to access company data, whether it’s email or other important files.

A Virtual Private Network Helps Tremendously
Of course, the best way to make sure your business doesn’t expose data while you’re using devices outside the safety of the office is to use a virtual private network, or VPN. A VPN works by masking the data while it’s traveling to and from your device, encrypting it so that it remains as safe as possible from any and all threats. While the data is encrypted, if it is stolen or spied on, the interloper will only be able to see a jumbled mess of data rather than anything concrete, protecting the integrity of it. While businesses are starting to see the sense in using a VPN, only about 55 percent of users are currently doing so. This is a number that can be improved on if you can emphasize the importance of cybersecurity awareness with your staff.

Net Activity can help your organization stay as secure as possible while out of the office, no matter where your business takes you. To learn more, reach out to us at 216-503-5150.

Don’t Get Scammed with Gift Cards

It’s the holiday season, and shoppers are flocking to stores to find the perfect gift for anyone; the gift card.  However, these handy plastic cards may not be so perfect after all…this year they’ve been a key component to a business email compromise scam that has been popular in the past few months.

Why Gift Cards, and Why Businesses?

Let’s look at the situation for a moment.  You spend most of your time around your team.  You’ve more than likely developed some kind of familiarity with them, or at least have been roped into an office gift exchange. If you aren’t familiar with all of your coworkers or employees, you may have a rough time selecting the right gift for them.

In light of this, it starts to make sense to gift them something that they can pick out for themselves, as gift cards enable you to do. This probably explains why gift cards are such a popular option for so many.

Unfortunately, this also practically hands scammers the opportunity to make a lot of money.

The Scam in Action

Using spoofed emails and social engineering tactics to their advantage, a hacker can scam a company’s users by posing as an authority figure, like the president or the CEO. Under this guise, the scammer can instruct the user to purchase gift cards for the staff and to pass along the redemption codes to the scammer.

Since these instructions “come from above,” the employee complies, not realizing that they are sending company funds to a cybercriminal in an effectively untraceable form of currency.

How to Avoid this Scam

Awareness is key to protecting your business’ interests, resources, and funds–and this awareness needs to be on all levels of your organization. Each and every member needs to be educated on how to spot these scams, and how to confirm them.

This confirmation is another crucial component to your business security. If your employees don’t develop the habit of confirming requests like this through a secondary line of communication, the company is left vulnerable to this scam and similar ones. Sure, fielding confirmation requests from your employees may get old, and fast, but it will almost certainly be preferable when compared to being scammed.

When all is said and done, scammers are going to keep trying to take advantage of you, your employees, and your business at large. Net Activity can help to protect you. Give us a call at 216-503-5150 today.

Five Gadgets for the Techie in Your Life

With the holiday season in full swing, finding good gifts for the technology lover in your life may actually be more frustrating than you’d think. Since there are so many options, people will often get paralysis from trying to find the right gift and end up going the gift card route. Let’s take a look at five great gift ideas for the technology fan in your life.

Amazon Echo Spot Smart Hub
Like the Echo and the Echo Plus, the Amazon Echo Spot Smart Hub features the useful Amazon personal assistant, Alexa. The difference is, however, that the Echo Spot is designed to be an alarm clock. Instead of just being a speaker like the Echo Dot, Echo, and Echo Plus the Echo Spot has a small screen that shows the user what time it is and what the weather is like by default. It is a more compact version of the Echo Show, and looks great on a nightstand. Some of the features the Echo Spot offers include:

• Amazon’s Alexa personal assistant
• A customizable clock (analog & digital with many customizable options)
• Amazon Prime streaming
• Video chat with other Echo Spot/Show users
• Smart speaker and microphone

The Amazon Echo Spot is available for a reasonable $129.99 and can be found anywhere where major electronics are sold.

Roku Premiere
By now, most people have heard of the Roku, the device that allows people to stream video to their televisions with the use of an HDMI-connected interface. The Roku Premiere has a very attractive price point ($39.99) and allows the user to stream 4K video. Other popular streaming media players like the Amazon Fire Stick 4K and Apple TV 4K now allow for 4K streaming, but they typically come at a higher price point. The gift is perfect for the cord-cutter in your life who still wants to experience the premium content offered by today’s major media services.

iRobot Roomba 690
It is the rare individual that enjoys vacuuming the floor. Like raking leaves and shoveling snow, it is a repetitive, and relatively not-fun way to spend time. The people at iRobot understand our disdain for it and have created the Roomba line of robot vacuums to help make people’s houses cleaner. While Roomba is the most popular robot vacuum on the market, and offers several models to choose from, many people veer away from purchasing one because they are skeptical about the machine’s cleaning effectiveness. The 690 model is firmly in the center of their offerings. The company advertises its “Dirt Detect” technology that senses how dirty an area is as it goes about its regular cleaning, and focuses more time and attention on the dirtiest spots on the floor. The Roomba 690 is currently available for $374.99.

TP-Link Wi-Fi Range Extender
Wi-Fi is extremely important for almost everyone these days, and sometimes it just isn’t possible to get a strong signal throughout a house. If someone is constantly complaining about their Wi-Fi problems, TP-Link has introduced a range extender that is super simple to use. The TP-Link Wi-Fi Range Extender plugs into a wall outlet and does what its name suggests, giving you more range on your router’s wireless Internet. The AC1750 model can be had for $90, with several more affordable options available.

Tile Mate
Designed for the person that can’t help but misplace things, the Tile Mate is a great solution. The Tile Mate is a small disk that fits on a keychain or any other small object. When the item is out of view, simply use the app associated with the device and it will make a ringing noise. Even neater, if you have something with a Tile Mate attached to it, you can double-press the tile button on the device and make your phone ring, even when it’s on silent. A four-pack of Tile Mates can be purchased for as low as $70, with single Tile Mates going for $25.

The holiday season is a great time to give the people you care about the newest technology. What technology items are you looking to purchase for the people on your holiday shopping list?

6 Gmail Tips You Should Be Using Now

Twenty-four hours seem to pass by in the blink of an eye, especially if you’re a small business owner. In order to stand a chance against the competition, the last thing you should do is bury yourself in a pile of endless emails. With the following Gmail tips and tricks, you’ll spend less time with your inbox and more time driving business growth.

Undo Send

We’ve all had an email or two we wish we could take back. Gmail has a neat feature that gives you a short period of time to recall a mistakenly sent message. Simply click the Undo link that appears to the right of the “Your message has been sent” notification.

Canned Responses

Dubbed as “email for the truly lazy,” Canned Responses is a new feature that allows you to save time and reuse an email that you designate as a Canned Response. Similar to an email template, it saves copious amounts of time since you won’t have to retype the same responses over and over again. It comes in handy for businesses that send plenty of routine emails. To do this, go to Settings, open the Advanced tab, and enable Canned Responses (Templates).

Send large attachments with Google Drive

With Gmail, users can easily send attachments up to 25 MB. But say you have a huge zip file for a photo shoot that a client wants to review — you’re going to need more space. If you use Google Drive with your Google account, you can send larger files in Gmail.

Copy the large file to your Google Drive, then click Compose in Gmail and type your message. When you’re ready to attach the large file, click the Google Drive icon (next to the emoji icon that looks like a smiling face). Insert the files you want to attach and send your message.

Turn on Priority Inbox

Priority Inbox organizes your messages by their importance using machine learning. You’ll be able to divide your inbox into five sections, where the messages will be displayed in the following order:

1. Important and unread messages
2. Starred messages
3. [Customizable section]
4. [Customizable section]
5. Everything else

To enable Priority Inbox, hover your mouse over the Inbox button in the upper left corner of the screen until a dropdown arrow appears. Click on it, and choose Priority Inbox.

Back up your messages

If you ever need to back up or migrate your Gmail messages, Gmvault can help. It’s an open source solution that can back up your entire Gmail directory or just a handful of messages. The email data is then available whenever you need to restore or recreate your Gmail folders. You can also use it to migrate messages from one account to another.

Enable advanced settings

Configuring Gmail’s Advanced Settings is an excellent way to increase email efficiency. Some of these features include Multiple Inboxes, Preview Pane, and custom keyboard shortcuts. Access them by going to Settings and clicking on the Advanced tab.

Spending the right amount of time with emails while managing other crucial business areas is a balancing act many business owners find difficult. If you have questions or need further assistance regarding Gmail or IT in general, feel free to contact Net Activity today.

Not All Hackers are Cybercriminals

Newspaper headlines and Hollywood movies have shaped our understanding of computer hackers, but in the real world it’s not so simple. Some hackers are making massive contributions to the field of cybersecurity, it just depends on which hat they’re wearing that day. Take a few minutes to learn about white, black, and gray hat hackers.

A complicated history
In the 1950s, the term ‘hacker’ was vaguely defined. As computers and the people who worked with them became more accessible, the word was used to describe someone who explored the details and limits of technology by testing them from a variety of angles.

But by the 1980s, hackers became associated with teenagers who were being caught breaking into government computer systems — partially because that is what they called themselves, and partially because the word hacker has an inherently aggressive ring to it.

Today, several of those pioneering hackers run multimillion-dollar cybersecurity consulting businesses. So what should you call someone who uses their knowledge for good?

“White hat” hackers
Sometimes referred to as ethical hackers, or plain old network security specialists, these are the good guys. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs or working as full-time technicians, white hat hackers are just interested in making an honest buck.

Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.

“Black hat” hackers
Closer to the definition that most people outside the IT world know and use, black hat hackers create programs and campaigns solely for causing damage. This may be anything from stealing information using malware to forcefully shutting down networks using denial-of-service attacks.

Kevin Mitnick was the most infamous black hat hacker in the world. During the 1990s, Mitnick went on a two and half year hacking spree where he committed wire fraud and stole millions of dollars of data from telecom companies and the National Defense warning system.

“Gray hat” hackers
Whether someone is a security specialist or a cybercriminal, the majority of their work is usually conducted over the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking.

For example, Marcus Hutchins is a known gray hat hacker. He’s most famous for testing the WannaCry ransomware until he found a way to stop it.

During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has been arrested and branded a “gray hat” hacker.

The world of cybersecurity is far more complicated than the stylized hacking in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t give small businesses a pass. If you need a team of experienced professionals to help you tackle the complexities of modern cybersecurity, call Net Activity today.

Get the Most Out of Office 365: Here are a Few Tricks

Does your organization need to optimize its migration and provision of Office 365? Here are 6 strategies for managing and making the most out of your subscription to Microsoft’s premium cloud-based productivity suite.

Declutter your inbox

If you’re having trouble managing the overwhelming amount of emails in your inbox, then using Office 365’s “Clutter” feature can clear up some space. To enable this feature, go to Settings > Options > Mail > Automatic processing > Clutter then select Separate items identified as Clutter. Once activated, mark any unwanted messages as “clutter.” After learning your email preferences, Office 365 will automatically move low-priority messages into your “Clutter” folder, helping you focus on more important emails.

Ignore group emails

Want to keep messages from an email thread you don’t want to be part of out of your inbox? If so, simply go to the message and find the Ignore setting. Doing this will automatically move future reply-alls to the trash so they never bother you again. Of course, if you ever change your mind, you could un-ignore the message; just find the email in your trash folder and click Stop ignoring.

Unsend emails

In case you sent a message to the wrong recipient or attached the wrong file, use Office 365’s  message recall function. Simply open your sent message, click Actions, and select Recall this message. From here, you can either “Delete unread copies of this message” or “Delete unread copies and replace with a new message.” Bear in mind that this applies only to unread messages and for Outlook users within the same company domain.

Work offline

Whenever you’re working outside the office or in an area with unstable internet, it’s a good idea to enable Offline Access. Found under the Settings menu, this feature allows you to continue working on documents offline and syncs any changes made when you have an internet connection. Offline access is also available in your SharePoint Online document libraries.

Use Outlook plugins

Aside from sending and receiving emails, Outlook also has some awesome third-party plugins. Some of our favorite integrations include PayPal, which allows you to send money securely via email; and Uber, which lets you set up an Uber ride reminder for any calendar event. Find more productivity-boosting plugins in the Office Store.

Tell Office applications what to do

If you’re not a fan of sifting through menus and options, you can always take advantage of the Tell Me function in your Office apps. When you press Alt + Q, you bring up a search bar that allows you to look for the functions you need. Suppose you need to put a wall of text into columns on Word but can’t find where it is specifically, just type “column” in the search bar and Microsoft will help you with the rest.

These tricks and features will definitely increase productivity. And fortunately, there’s more coming. Microsoft is continuously  expanding Office 365’s capabilities, and if you truly want to make the most out of the software, don’t be afraid to explore its newly released features.

For more Office 365 tips and updates, get in touch with Net Activity today at 216-503-5150.

Those Irritating Spam Calls May Not Last Much Longer

While the phone is still a useful communication tool, it lately has been the cause of a large amount of stress from businesses and users alike. While caller ID was once also a useful tool to help stop spam calls, we now cannot trust the numbers it provides. Letting personal calls go to voicemail to check them is one thing, but a business shouldn’t do that. What can they do?

With any luck, it won’t be long before they won’t have to do anything.

These kinds of scams are terribly familiar by now.

At this point, most people have encountered this scam in one of two ways.

Many have been a recipient of a scam call. They’ll have their phone ring, and habitually checked the caller ID. Seeing that the call came from a local number, and possibly even one they knew, they’ve answered with a “Hello?” However, instead of a familiar voice returning the greeting, they are answered with a brief pause, followed by a prerecorded message.

Only one thing is certain: that call didn’t come from a local number, much less someone the user knew.

Many have also received unexpected calls from furious people, spitting fire as they rage about being called, repeatedly, from “this number!” even though no calls were ever made.

How often have you experienced either, or heard that it happened to someone you know?

You aren’t the only one to fall for this scam, perpetrated by clever scammers.
These calls have exploded in popularity, as scammers have found some way to cheat the system and leverage its flaws. This has enabled them to defy the controls put in place by the FCC (the Federal Communications Commission).

The FCC has already tried to end these calls by utilizing the 2017 Call Blocking Order. This order gave telephone providers the ability to block calls that they identified as fraudulent, judged based on assorted criteria. These criteria included invalid numbers and numbers that weren’t assigned to a service. Unfortunately, these rules didn’t impede robocall scams for nearly as long as we would have liked.

Instead, now we have neighbor spoofing, which has proved to be a very real annoyance to a huge segment of the population. Chances are, you’ve been involved with one of these calls, and if you’ve been lucky enough to avoid them, someone close to you have experienced their effects.

Of course, before we continue, it would help to explain what “neighbor spoofing” is.

Caller ID is a common enough thing now that many people have gotten in the habit of checking the number before they answer the phone. The rule of thumb essentially dictated that a local number was safe to answer.

Unfortunately, neighbor spoofing has broken that rule, and makes it feel like our thumbs are broken with it.

Spammers have largely abandoned calling from fake numbers, and now make their calls utilizing an actual, in-service number from the target’s area. In some cases, people have thought their neighbors were calling them, but it turned out to be another instance of neighbor spoofing. Of course, this tactic has had the added effect of people receiving actual, angry calls from people, raging about the calls they have repeatedly received from the person’s number, that person’s number having been spoofed.

Some people have even seemed to have their phone call itself, supposedly as the phone company’s method of reaching them to “verify a hacked account.”

Neighbor spoofing is now immensely popular because the protections currently enacted to stop scam calls are effectively fooled, just like a human target would be, and renders the Do Not Call list ineffective.

While some apps may help, they don’t come without concerns as well.

Smartphone application developers have released titles that are meant to stop robocalls in their tracks. RoboKiller, one of these apps, takes a twofold approach.

RoboKiller’s first step is to block all calls that come from the application’s list of confirmed spam numbers. It goes a step further by actually analyzing the audio ‘fingerprint’ of the call, and with a patented process, compares it to the fingerprints of known spam calls. No matter where this call originates, Robokiller steps in. If it wasn’t for the app’s notification, you’d never know about it.

Robokiller goes one step further by taking over the spam call itself, occupying the scammer and wasting their time with a prerecorded message.

Using the app, you can then go and review the blocked calls by listening to a recording that RoboKiller saves. If one turns out to be a false positive (like a friend’s number that was spoofed by a robocall, for instance) the user can whitelist that number by pressing Allow.

Going another step further, RoboKiller allows users to add numbers to a permitted callers list. This means that these calls will always come through, whether or not they were spoofed, so you won’t risk blocking an important call just because that number had been spoofed before.

RoboKiller ($2.99 per month, $24.99 for an annual subscription) describes itself thusly: “With RoboKiller, you don’t stop neighbor spoofing. You take action in the fight against the robocall epidemic.”

This doesn’t mean that this method of fighting robocalls doesn’t bring up some additional worries.

Let’s consider the cost of admission, first – and this isn’t in reference to the $2.99 price of the app. Instead, it’s referencing the need of the much larger cost of a smartphone. Many people with a mobile device still don’t use smartphones, especially among older generations. It isn’t as though these users can download the app.

Even some of the smarter devices that people still use may not be compatible with the requirements that an app presents – and even if they are, some groups may not fully understand how an app works.

These all could prevent someone from usefully utilizing an application, but with any luck, it won’t be a concern for very much longer.

It’s gotten bad enough that the US federal government is stepping in further.

Shortly after the release of the 2017 Call Blocking Order, the attorneys general from 40 states assembled into the Robocall Technologies Working Group. This bipartisan commission intended to work alongside service providers so that robocalls could be better understood and ultimately neutralized.

35 of those attorneys general signed a letter to the FCC on October 8th. This letter made it clear that law enforcement would not be capable of stopping the abuse of spam calls alone. They outlined their position with some facts that provide a better look at the actual size of this problem:

• In 2017, there were a total of 30.5 billion illegal robocalls placed, up from 2016 estimates of 29.3 billion.
• Projections for 2018 place the total at year’s end to be close to 40 billion.
• $9.5 billion was stolen through phone scams in 2017.
• In August of 2018, there were 4 billion illegal robocalls placed, 1.8 billion of them being scam attempts.

Clearly, these calls are a big problem. Big enough that the Federal Communications Commission has delivered an ultimatum to mobile providers: come up with a standardized system to stop these calls within the next year, or we will.

In the letter that introduced this, FCC Commissioner Ajit Pai demanded that the telecoms create a system that used call authentication to stop any illegitimate calls, with source verification stopping all spoofed calls in their tracks. This system was even given a title by the FCC: the SHAKEN/STIR network (Secure Handling of Asserted information using toKENs/Secure Telephone Identity Revisted).

These demands were sent to the press, as well as to the CEOs of 14 telecom companies, some of which being:

• John Donovan, of AT&T
• John Legere, of T-Mobile
• Sundar Pichai, of Google
• Brian Roberts, of Comcast
• Tom Rutledge, of Charter
• Hans Vesterburg, of Verizon

The attorneys general approved of these actions, urging the FCC “to implement additional reforms, as necessary, to respond to technological advances that make illegal robocalls and illegal spoofing such a difficult problem to solve.” They went on to state the following:

“Only by working together, and utilizing every tool at our disposal, can we hope to eradicate this noxious intrusion on consumers’ lives.”

Luckily, this won’t exactly hurt businesses, either.

In the meantime, the robocalls will have to continue, just as other detriments to your business’ productivity and security will. However, as far as those other detriments are concerned, there is another option to help stop them. Net Activity has the solutions and experience using them to help you achieve and retain optimal operating conditions, including the security to keep most threats out. Call us at 216-503-5150 to learn more.

7 Key Steps to Building Your 2019 IT Budget Plan

As your company prepares for 2019, and the daunting task of budgeting begins to close-in, there are a few worthwhile considerations to be made around next year’s IT budget.

Small and mid-sized business owners are accustomed to drawing up an annual budget for overhead and other operating expenses, but when it comes to IT planning the procedure is not always as straightforward. Technology can be a difficult line item because it combines current IT maintenance with longer-term planning, and business necessities with business development.

In order to produce a reliable IT budget, it’s critical that your organization lay out an IT investment strategy that aligns with the specific short and long-term goals of your organization. Aligning these goals with the basic budgeting priorities that lay in front of you can be a challenge; here are suggested steps to keep in mind throughout the process. These steps will help you determine the best technology investments for the near-term, (we have a few suggestions), as well as keep your long-term investment strategy front and center.

First, make sure you have a clear picture of where you want to take your business, and what steps you need to take to get there. Start by looking at your business strategy over the next two to three years and determine which areas you plan to grow, change, or improve; this will help simplify the IT budget decision-making process, and make it easier to identify what new technologies and upgrades are the best fit for your organization.

Now that you have outlined a strategy for moving foward, designate a member of your team to track IT trends and opportunities that might be available to your company.  Meet with this person regularly to discuss the key areas where your organization may need technological upgrades or changes.  Sit down regularly with this team member and list the key technology areas they should be monitoring based on your business needs. Are there new applications available that might enhance your business, or new web or wireless services to consider? What about your data warehousing?  Building this list allows you to assess what technologies are likely to impact your business and what growth opportunities they might provide. This list of technologies and opportunities is a way for you to narrow down your technology requirements and come up with a well-thought-out investment plan.

Once you have decided on a new IT spending plan, make sure to speak with a trusted IT consultant and run a cost/benefit analysis.  An expert can help you determine if your technology budget plan is realistic and whether or not there might be more appropriate solutions available to you. The 6-7% average budget mentioned above is a basic guideline, but the final number will depend on your company’s individual needs and goals.  Keep revisiting your IT budget every year, taking into account the cost of maintaining and supporting the technology you already have in place. It would be a huge mistake to use the same budgeting model year after year, without considering new technologies or current changes in the IT landscape (advancements in in computers, phones, tablets, POS systems, cloud storage, data backup, software etc.).  It’s critically important to monitor the newest in tech advancements to ensure that your company is making the best technology investments to promote profitability and productivity.

Next, create a list of those IT investments that you can not only afford, but will also help you achieve your stated business goals. Every business is different, and the technology that your organization decides to use should fully meet the needs of individual departments while still being flexible enough to integrate new technologies as needed, without compromising daily business operations. This is where your assessment and planning can really pay off, helping you determine where to best spend your technology dollars. Key areas you might consider for further IT budget and investment are cloud and mobile computing, Internet of Things (IoT) and advanced cybersecurity protection.

• Cloud Computing. These days, most businesses rely on cloud applications for streamlined operations. Cloud computing allows you to set up what is essentially a virtual office to give you the flexibility of connecting to your company anywhere, any time. Cloud technology is still relatively new and comes with its own set of risks – security, compliance, privacy. But the advantages are paying off as organizations from all different industries migrate away from the traditional IT model. With the growing number of web-enabled devices used in today’s business environments, access to your data is easier than ever. Cloud computing offers potential reduced overall IT costs, scalability, business continuity, collaboration efficiency, flexibility of work practices, access to automatic updates, and much more.
• Internet of Things. Despite being in its early stage, the Internet of Things (IoT) is already demonstrating a significant impact on the budget and technology planning decisions in all business sectors, and more than half of all businesses have made some investment in IoT devices. According to Gartner, Inc. more than 20.4 billion connected devices will be in use worldwide by 2020.  This explosive growth in IoT devices offers your business new opportunities to track and measure how your customers are consuming products and services, as well as track inventories, minimize system downtimes, and monitor facility and maintenance performance. By adopting IoT technology as early as possible, you’ll be giving your organization the ability to mine useful data from systems and devices that will become critical to future growth. For smaller businesses, starting small is a good first step.

• Mobile Computing & Devices. Many organizations and their employees are spending IT dollars on premium smartphone and tablet devices, as PC replacement rates continue to fall. During 2018, well over 200 million Americans will use a smartphone. And that number is projected to grow to over 80% in three years (Statista). Most cell phones and tablets have the capability of performing many tasks that a computer can. This allows for flexibility and availability, keeping employees and managers from being glued to a computer desk to perform their work. Another investment to consider in mobile computing technology is responsive optimization of your website(s). Without mobile optimization, most websites look and act unwieldy and make it a hassle for potential customers to use, potentially even driving them away from using your services altogether. Your website is the first impression of your business and its optimization is an invaluable and necessary investment.
• Advanced Cybersecurity Protection. As reliance on IoT and cloud technologies increases, so will cybersecurity budgets.  Within IT departments, a premium is being placed on security spending. Fifty-three percent of respondents said security will be a top priority in the 2018 budget.  This isn’t terribly surprising after high-profile 2017 breaches like the WannaCry, or WannaCrypt, attacks and the Equifax consumer data breach.  A Gartner study predicts that global expenditure on information security will grow to $96 billion in 2018, up from $86 billion last year. So, what should all this money be spent on?   As a small business or organization, you don’t want to lose customer data or let malicious groups take over your systems. Cover all the basics, including safeguarding sensitive business data and minimizing the risk of malware attacks.

Once you’ve decided on investment in a new IT project, do a proper risk analysis. When investing in any new technology project take the time to do a complete risk analysis. The project that offers the greatest benefit may also be the one that requires the most time, money, and staff, and investing in one large project may mean you don’t have the resources to invest in others. Make sure you have identified the likely risks associated with the project, quantified the cost of these risks, prepared an appropriate response, as well as documented the analysis and plan. By performing this analysis and planning for possible overruns, you’ll have a more realistic idea of the costs and delays you could be facing. If the project comes in on time and on budget, it will be a pleasant surprise!

Finally, continue to update your IT budget and investment plan and monitor new technology developments. The last thing you want is an aged IT strategy that misses out on the current opportunities in the marketplace. Keep in constant communication with your trusted IT advisor, and once you embark on a project, update your investment plan with new deadlines or cost estimates.

As a small business owner or manager, its critical to remember that your IT expenditures are an investment into the operations and flow of your organization, rather than a cost of doing business. Instead of looking at the budget solely as an administrative process, regard it as a validation and support tool for your IT strategy. If you don’t have a formal or informal IT strategy in place, the budgeting process is as good a place as any to start investigating areas for improvement that will be cornerstones of your first attempts at more strategic IT management.

Need help building the right 2019 IT strategy and budget plan for your organization? At Net Activity, we are here to assist you in making the most of your IT assets and investment planning; let’s build your new IT strategy together. Download our workbook to get started.

Ransomware Getting Much More Targeted

Ransomware has now been a major threat to businesses and other organizations for a couple of years, and 2018 is no different. For those who don’t know, ransomware is a form of malicious software (malware) that threatens the elimination of hijacked and encrypted data if a user doesn’t pay a ransom. It is known to be one of the most prolific and pervasive threats seen on the Internet today. We will take a look at how ransomware has evolved over the past several years, what the future of ransomware looks like, and what you can do to protect yourself against it.

Ransomware
Unlike most other malware threats, ransomware isn’t designed to gain access to a system to steal data. It’s also not really a con, as anyone that is inundated with ransomware is in a real threat to lose their data (or their money). Ransomware is basically one of two types of malware. Some are computer viruses that target the CPU. These are called “locker” ransomware. The other prevalent type, called “crypto” ransomware, target and encrypt access to file systems.

Whichever strand you get (and there are dozens of different strands) the basic premise is the same. After it is unpackaged to the user’s machine (or network) it encrypts access to data/processing/both and gives the system’s user instructions on how to proceed. The user then has a decision to make, pay the ransom or try to restore the data from their backup platform.

Ransomware is such a departure from normal malware in that most strands of malware tries to camouflage itself inside a user’s system or network. Ransomware makes sure you know it’s there. The past few years has seen a huge uptick in the amount of ransomware that has been deployed, both in variant, and in frequency. These attacks have hit many municipalities, businesses, and other organizations, with one purpose, to extort money.

With the litany of ransomware attacks conducted on very public forums, it has led people to start to ask, “How are these attacks carried out?” The answer may surprise you.

Delivery
You may think that such a devastating computer virus would have to be delivered by those black hat hackers who sit in a basement someplace carrying out some well-concocted scheme to defraud your company. Or maybe it’s sabotage by a disgruntled former worker who didn’t get his/her 25% raise and inexplicably still had access to the network. The truth is that, while it could be either one of those examples, it is most likely the result of an honest act of negligence by someone who has access to your network.

The majority of ransomware attacks are perpetrated by hackers that try to spoof legitimate company’s emails. Since these emails seem to be coming from a legitimate place, unwitting end-users click on links or download attachments from these emails, resulting in the malware attached being deployed on the system. The code then goes to work encrypting files or the hard drive.

User View (and What They Don’t See)
Once the ransomware has inundated the system and the file (or drive) is encrypted, the server will send a message to the victim. Typically, the user will get a notice that their files/computer has been encrypted and the only way to get the file back is to follow the instructions given in the notice. This includes payment arrangements and the dreaded countdown meter. If the user doesn’t meet the demands outlined in the notice, their data will be deleted forever, or their computer will be locked. This, of course is a terrible situation.

What the user doesn’t see, however, is that the hacker, who has control over this data or infrastructure is probably not letting this end-user off the hook. The ransomware is bad enough, to exacerbate things for this foolish user, the hacker can now do what they please with that machine. Sometimes they will include directions that will allow the hacker to steal the victim’s credentials. Even if the ransom is paid, and the files/system is returned to user as agreed upon, many of these attackers will load additional malware onto the system, allowing them to further persecute a person whose only mistake was clicking on a link they thought was a legitimate source.

How to Avoid Ransomware
Firstly, it is important to have enough security on your machine/network to ensure that any potential threat is eliminated before it can be a problem. A Unified Threat Management tool is a great solution to mitigate network problems. Not only does it have a firewall and antivirus, it comes with a spam filter that can help users from being exposed to emails rife with malware in the first place.

Secondly, training your staff on how to determine the legitimacy of any message is important. Ransomware can be deployed through email, messaging services, and social media, so educating them on how to avoid these situations is an integral step in keeping these threats off of your organization’s network.

Lastly, having a powerful and up-to-date backup of your organization’s data can be a life-saver in situations like the one outlined above. Net Activity’s BDR solution provides any organization the data protection they need through redundancy. Not only is your data backed up at regular intervals locally, it is also backed up in an offsite data center. Having up-to-date backups on hand could save your hide in several different situations.

For more information about ransomware, what you have to do to keep from experiencing it, and how to protect yourself from all manners of online threats, call us today at 216-503-5150.