Recent Blog Posts

For your business? data and operations to remain secure, you will need to take a two-pronged approach?both teaching your team to avoid phishing and evaluating them on their overall preparedness through simulated attacks. How a Phishing Attack is Carried Out To start, let?s review the overall process that the average phishing attack tends to follow: Posing as someone else, an attacker sends a message. This message can be written in a few different ways, framed as an enticing offer, a very unremarkable email, or a serious alert. Whatever the case may be, the user is encouraged to react by opening an attachment or following a link. Because these elements are what introduces the actual threat, these emails can often bypass security protocols and reach the unsuspecting target. This?and the fact that a phishing attack against you is practically guaranteed to happen at some point?is precisely why it is so important that your team is prepared to spot them as they come in. Elements to Identifying a Potential Phishing Attack Have Your Team Think Like a Hacker Hackers and scammers are unfortunately very crafty when it comes to their schemes, often tying in current events to add some perceived legitimacy. The past year has seen no shortage of COVID-19-themed phishing attacks, seeming to offer updates and information. Hackers rely on user panic and impulsive reactions, so reinforce the importance that your users take an extended look at them before acting on them. Demonstrate Risky Links Hackers will also commonly use spoofed links to fool their targets. A spoofed link can take a few forms, but regardless of how it looks, it will direct a user to a website different from the one they expected to go to. Spotting these links can be tricky, so here are a few best practices to follow. Let?s assume that the spoofed link is meant to look like one that directs to the payment application Venmo as we go through some examples: If the email is from Venmo, a link should lead back to venmo.com or accounts.venmo.com. If there is anything strange between ?venmo? and the ?.com? then something is suspicious. There should also be a forward slash (/) after the ?.com.? If the URL was something like venmo.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb: venmo.com – Safe venmo.com/activatecard – Safe business.venmo.com – Safe business.venmo.com/retail – Safe venmo.com.activatecard.net – Suspicious! (notice the dot immediately after Venmo?s domain name) venmo.com.activatecard.net/secure – Suspicious! venmo.com/activatecard/tinyurl.com/retail – Suspicious! Don?t trust dots after the domain! vemno.com ? Suspicious! Be careful to pay attention to the spelling! As you can imagine, some of these tricks are easier to spot than others, so extra diligence will be called for here. Provide Your Team with Approved Links To be particularly cautious, you could also consider giving your team the safe versions of the URLs they are to use. That way, they can seriously investigate the validity of an email without exposing themselves to risk. Maintain Secure Password Standards Finally, you need to ensure that your team?s passwords are secure enough that your business isn?t vulnerable that way?because if passwords are too easy to deduce, there isn?t going to be any need for phishing in the first place. Your team should […]

BDR (or backup and disaster recovery) won?t necessarily prevent any disasters, mind you. What it will do is help prevent any disasters that do strike from halting your operations indefinitely. The fundamentals of a successful BDR include the following: Your data is saved in a minimum of three places: the original copy on your network infrastructure, along with additional copies in an on-premises backup and a cloud-based backup. Backups are automatically updated in increments throughout the day, not just after the day ends. Your cloud backup can take over for your on-site infrastructure, enabling you to continue operations if your local solutions were to fail. This provides your business with some significant benefits. Reliability and Flexibility With data being so particularly critical to a business? success, it is important to keep it protected against all kinds of situations. With the BDR solution, data will be kept safe?and with the BDR also capable of acting as a server for you, downtime can be mitigated. Simplicity The whole point of the BDR is to keep your business? data safe in case of disaster, so it only makes sense to keep this process as simple as possible. In exchange for a predictable monthly fee, your data remains protected and accessible to you even if something were to happen to your original copy. Restoring your data from the BDR is also a very simple process, whether it is stored in the cloud or your on-site backup. Cost Efficacy Finally?and arguably, most importantly?maintaining a BDR is one of the most effective means of controlling your investments. Because BDR is billed as a service, it is considered an operational expense and requires no additional investments into the hardware and software required. Interested in finding out more about BDR and other means of protecting your business? data? Give us a call at (603) 889-0800 today.

Let?s discuss this means for your business? security. The Discovery In mid-January, a team of cryptography researchers published a report that detailed their findings after closely examining the security measures that were implemented in modern mobile devices. Their study, entitled Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, sought to determine three things: What security measures are currently in place to help deter unauthorized access to user data How unauthorized access is obtained on modern devices How mobile security can be improved to prevent unauthorized access moving forward After an in-depth analysis of both platforms, the results were clear, but could still surprise a loyalist to Apple and their reputation for untouchable security. While both operating systems performed admirably, neither Android nor iOS had extensive enough security preparations?enabling anyone who had the right equipment, so to say, to access the operating systems. While the report did state that the researchers were able to ?find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption? in iOS, these tools simply were not used consistently enough to sufficiently secure these devices. Android?s issue laid more in the diversity of phones and manufacturers that Android can be found in, with lacking communications between Google and phone developers, slowly implemented updates, and differences in software architecture leading to inconsistencies in the platform?s security and privacy controls. Both platforms share a weakness where their data is synchronized with cloud services. Mind you, these are all vulnerabilities in the physical device and its software infrastructure itself. In the rest of the report, the researchers detailed the specific vulnerabilities that each platform presents. Apple-Specific Weaknesses Apple enables users to securely store their data in its iCloud cloud solution, but according to these researchers, that?s not all the data that Apple takes possession of. When the service is initially activated, a ton of other user data is sent to Apple, where it is remotely accessible by lawbreakers and law enforcement alike (although one of these parties would need a subpoena for it). Adding to the security concerns, the defenses that Apple had included in their devices against unauthorized use even seem to be less effective than originally thought. Based on analysis of available evidence, the research team hypothesizes that a tool has existed since 2018 that enables an attacker to bypass these protections and effectively guess a user?s passcode. Android-Specific Weaknesses Android presented some serious problems in its local data protection measures. One glaring example can be found in Android?s equivalent of Apple?s Complete Protection encryption (which removes decryption keys from the device?s memory after it is locked). The big difference between Apple?s solution and Android?s solution is that Apple?s solution exists, whereas Android retains these keys?making them easily capturable. Hence, why the Federal Bureau of Investigation can access either platform without assistance. What Does All This Mean? Frankly, while these discoveries are unwelcome, they aren?t all that surprising. It is never wise to assume that data is inherently safe, just because it happens to be stored on a particular brand of device. There is no such thing as impenetrable security, so you need to do everything you can to make sure the data that your business possesses?that your users might have access to from […]

Social Media If there is one hot-button issue surrounding technology, it would be about social media. Once viewed as the next great technology that will connect all humankind, it is now largely looked upon as big tech that is trying to mine your profile for data, intercept your communications, and even fuel insurrections. All of this is true, by the way; but for every negative situation social media has put society in, it has delivered dozens of positive ones. Not only has it connected people in ways that weren?t possible before, it also expands the ability for people to learn, to work, and to involve themselves in society. In fact, social media has done more to civilize the world than it does to rip it apart.  Businesses of all types have been able to grow their organizations through the engagement made possible through social media. News and current events are delivered within seconds of an event. Millions of opinions are shared, conversations are had, and resolutions are found faster than ever possible. Social media has been behind the rise and fall of world leaders, the push to combat climate change, and many more political and social issues.  In the future, social media will expand, with more and more people utilizing services offered by SM companies. Educational opportunities will continue to increase. Social media will continue to be some of the most important marketing platforms available to businesses. Social media will likely become mobile commercial hubs that provide opportunities for businesses to expand further by using free services that can be accessed anywhere at any time.  Sure, social media has its cons, but the pros outweigh them by a wide margin.  Infrastructure For decades technology has been making transportation safer, but humankind is on the precipice of a giant shift in the way that technology is accessed. Not only are we only years away from widespread use of autonomous vehicles, there is technology being developed, led by billions of Internet-connected devices to make our cities and villages more efficient and more effective at sustaining an improved quality of life. Infrastructure is the backbone of any society, and today’s infrastructure is being developed with the Internet of Things. This means that public works, which largely depend on continual maintenance and human assessment, will be built with AI-fueled systems. Public water, traffic, electricity, Internet-delivery, will all be automated to build buildings, streets, and whole cities that are smarter and much more efficient. A society where human error and corruption is marginalized will only be better for the people who live in it.  Mobile Communication Communication technology has been evolving for centuries. Today, with a global pandemic forcing our hands, we?ve established new baselines for communication. Not only is a vast majority of communication conducted with the use of mobile devices (a notion that seemed unlikely only three short decades ago), but today with the use of video conferencing technology, we can be about anywhere in the civilized world and see who we?re talking to regardless of their position to us. The technology we use today is right out of 2001: A Space Odyssey.  It doesn?t end there. Today?s businesses use this technology to move faster, do more, and extend their authority past the confines of their brick and mortar office. Each year, new […]

Introducing Confidential Mode in Gmail We?ve all seen the spy movies where an agent?s briefing contains instructions to destroy the message inside to ensure that the details it contains are never leaked?sometimes, the message itself is rigged to take care of the destruction on the agent?s behalf. Think of Gmail?s confidential mode as a digital version of that: you can send an email to another user (regardless of the email client they use to read their messages) that will expire after the amount of time you specify. You can even add an extra layer of security by sending your recipient a passcode via text message that they must provide to read the message at all. Let?s go over the process for creating such a message in Gmail. How to Use Gmail?s Confidential Mode First, there?s the obvious step: accessing Gmail. Start your message by clicking the Compose button at the top-left of the page. In the window that appears, you?ll find a row of icons next to the Send button, one of which appearing as a padlock and clock. This is the button to Turn confidential mode on/off. Clicking it will pull up the Confidential mode window. There, you can set the message?s expiration date to meet various options, ranging from a day to five years, and even require the user to input a passcode that Google will generate, either sending it to their email or via SMS. If you do require a passcode, you?ll be prompted to provide the phone numbers for both you and the recipient. The mobile version of Gmail also offers confidentiality, with a very similar process. To compose a confidential message, open the triple-dot menu and?selecting Confidential mode?set it to your preferences. While any information sent over the Internet cannot have its safety guaranteed, encrypting your more sensitive emails is certainly advisable. For more handy IT tips, security best practices, and the like, make sure you keep coming back to our blog!