5 Modern Cyber Threats You Need To Know About in Your Business

Cybersecurity is a critical part of managing any business. This is especially true nowadays when there are countless individuals and organizations formed specifically to steal credentials and sensitive information from your organization. Today we will be dedicating some time to how your business can reinforce proper cybersecurity practices.

Shadow IT
Time is money, and people will go to great lengths to keep themselves productive throughout the workday, even if it’s not sanctioned by your business. While you might have certain preferences for solutions, your employees might have other ideas. This is called Shadow IT, where your employees will download and use a piece of software that hasn’t passed the test of your company’s IT department. Most of the time, the employee who downloads the off-brand software isn’t doing it out of spite for the organization–only for their own convenience. In fact, 80 percent of employees use software that hasn’t been selected, tested, and released by the IT administrator. These applications are more vulnerable than those that would be implemented by your business.

Cryptojacking
There are over 1,500 kinds of cryptocurrency out there, and cryptojacking was a popular method of cybercrime in 2018. Cryptojacking is when a malware will use a target’s computer resources to mine for cryptocurrency. Due to how resource-intensive cryptojacking is, it affects the computer’s effectiveness and longevity. Most studies that have been performed as of late show that cryptojacking will get much worse in 2019, as the value of cryptocurrency has fallen considerably over the past year. This means that more machines are needed to mine cryptocurrency, which means more attacks will be needed to create the same level of profit. You should take measures now to learn about these attacks and how to keep them from becoming a problem for your business.

Ransomware
Ransomware might be on the decrease since 2018, it’s still important to keep a lookout for it, primarily because it’s such a huge danger to network security. Ransomware is capable of encrypting all of the files located on a computing system. It then demands payment to unlock access to the files. Ransomware tends to target organizations that have a lot of sensitive files who are likely to pay up in the event of an infection. Others might have operational technology systems that are critical to maintain at all times, making restoration a priority–even if it means paying up.

Unsecured Internet of Things Devices
The IoT is only growing larger, and you know what that means: more devices that could potentially create a disaster scenario for your business. It becomes incredibly important to keep your network safe from any and all devices connected to it at any given time, whether it’s from employees or visitors. Even a simple unsecured IoT device with smartphone connectivity could become a major network vulnerability. To be fair, there have been improvements to IoT security, so you’ll have plenty of options over how to utilize IoT devices securely and effectively.

Phishing
All businesses see a phishing email at least once in a while. It’s estimated that an average of 156 million phishing emails are sent every day, making it a very common method of hacking. Basically, since most accounts are secure enough that they cannot be hacked through conventional means, the hacker will instead directly reach out to whoever owns the account to get the information they need to infiltrate it. One specific example of this is business email compromise, which targets specific members of an organization and can cause up to $12 billion in losses all over the world. Most phishing messages can be stopped with powerful spam filters, but it’s also important to educate your employees on what to watch out for in a phishing email. In fact, some scams will use text messaging, instant messaging, and even phone calls to get what they’re after.

2019 promises to be a great year for business technology, but are you prepared to keep it all secure? To find out, reach out to us at 216-503-5150.

Report Shows 118 Percent Increase In Ransomware Attacks In 2019

Ransomware roared onto the global stage in 2017. Companies and government agencies around the world felt the impact with widespread campaigns like NotPetya and WannaCry.

By 2018, the number of ransomware attacks had begun to fall off while hackers found new tools to attack with, shifting toward cryptojacking, credential theft, and trojan malware.

Granted, ransomware attacks didn’t fade completely from the picture in 2018, but they were overshadowed by the emergence of new attack vectors.  Unfortunately, according to data collected by McAfee Labs, and published in their August 2019 Threat Report, Ransomware is back with a vengeance.

Christopher Beek, a lead scientist at McAfee had this to say about the report:

“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach.”

The dramatic increase in ransomware attacks is being driven primarily by three families of ransomware:  Ryuk, GrandCrab, and Dharma.

Ryuk is a scary bit of code that has been used to lock down entire large corporations and government agencies.  It was originally credited to North Korea, but subsequent research points to the malware as being the work of a highly sophisticated cybercrime syndicate, rather than the product of a nation-state.

GrandCrab is a relatively new arrival on the ransomware scene, first emerging in 2018.  Often described as one of the most aggressive families of ransomware, the original authors of the code have leased it out to other hackers around the world in exchange for a cut of the profits.

Dharma is the oldest family of the big three, first emerging on the scene in 2016.  Originally, it was an offshoot of another, even older ransomware family known as Crysis. However, since branching off, it has become a potent threat in its own right, and the hackers who control the code regularly release new updates and continue to enhance its capabilities.

All that to say, it’s too soon to breathe a sigh of relief where ransomware is concerned.  It’s back in 2019, and it’s back with a vengeance.

Save time with Bookings by Office 365

We all undeniably have hectic schedules, and they’re made even worse with unorganized meetings, impromptu lunch dates, and unscheduled yoga classes. To move or cancel appointments, your clients would generally have to pick up the phone and call someone, which can be a drag. But with Microsoft Bookings, clients can schedule and effortlessly manage appointments. In case one isn’t enough, here are four more reasons to give it a go:

Visibility

Bid adieu to the days of scribbling on post-its and frantically going through your schedule to find out where you’re heading for lunch. Microsoft Bookings provides you with a unique webpage that is compatible on both desktops and mobile devices. Here, customers can select times and dates based on current availability — simply enter the contact information and then book it! The system fully automates the process of managing your appointments.

No more rain checks

Cancellations and missed appointments mean wasted time slots unless you’re able to fill them up with new bookings. Avoid lost income by controlling how much advance notice is required to make a cancellation. With Bookings, appointments appear immediately in staff calendars and can be added or revised by customers in their own personal calendars. Additionally, a confirmation email is automatically sent to the customer, which is then followed by another automatic email reminder before the appointment time. The web page also offers a rescheduling service: customers can simply click on the link on the confirmation email and pick a time that they’re more comfortable with.

Synchronization

Once completed, the booking is then synced to a centralized calendar where businesses are given the option to reschedule, cancel, or reassign the appointment to other staff members as they see fit.

If you do decide to reassign it to staff members, Bookings offers a nifty feature known as “split view.” This shows which staff members are booked at which times, and you can compare everyone’s schedules side-by-side. The appointments are synced not only to your calendar but to the staff members’ calendars as well. Moreover, this versatile system accommodates Office 365, Outlook, and even Google Calendar, so clients and staff can keep whatever calendaring service they prefer.

Double duty

Appointment setting might be the primary goal of Bookings, but the system can also be utilized to build your company’s customer list. Once customers input their information into the system, it automatically creates contact entries for those customers. The contact card contains personal information such as your customer’s name, address, phone number, and email address.

And, as your company grows, you can add more staff members as well as create additional booking pages for free. Furthermore, staff members aren’t required to have Office 365 subscriptions to be a part of the service.

Efficient tech resources aren’t enough to maintain a successful business anymore. To really stand out from competitors, you need comprehensive appointment management. Give us a call if you need any questions answered or issues addressed. We’re more than happy to help.

Microsoft Says Office 365 Users Should Use Spam Filter

Microsoft recently updated their support page and offered additional guidance to network admins as it relates to Office 365’s built-in spam filters.  The gist of the update is that they strongly advise against turning the auto-filters off.

They provided some additional guidelines if you decide to bypass them for one reason or another.

Here are the most relevant portions of the recent update:

“If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through.  Additionally, bypassing should be done only on a temporary basis.  This is because spam filters can evolve and verdicts could improve over time….”

If you decide you want or need to bypass anyway, the company offered the following additional suggestions:

• Never put domains that you own onto the Allow and Block lists
• Never put common domains, such as Microsoft.com and office.com onto the Allow and Block lists
• Do not keep domains on the lists permanently, unless you disagree with the verdict of Microsoft

You and your IT staff are likely already aware of this. If not, Microsoft maintains a living document on their support website where they keep a comprehensive list of security best practices for Office 365.  If you haven’t seen it before, or if it’s been a while since you reviewed it, it pays to take some time to look it over.

On a related note, the company recently sent out a bulletin advising all Office 365 customers and admins to report junk email messages for analysis using the Microsoft Junk Email Reporting add-on. This is in order to help reduce the number and effect of future junk email messages.  If you and your team aren’t already in the habit of doing this, now is an excellent time to start.

Tweak Your Mindset to Achieve Success in the Cloud

The cloud is not like some magic beans that’ll sprout sky-high stalks overnight and lead you to a castle full of riches. Don’t be misled by shiny words such as “increased productivity” and “collaboration” — your organization won’t realize these benefits unless everyone actually puts in the work to make the cloud work. If you want to use the cloud successfully, you might have to change your mind about a thing or two before you migrate to the cloud.

Consider cloud value over costs
When considering the cloud, too many entrepreneurs get hung up on costs. Instead, as a business owner, think about how the cloud impacts your business and saves you money. You must look at the cloud as no different than any other investment you made to grow your organization.

To help you make the proper shift in thinking, ask your IT leaders just how the cloud will benefit your business. They’ll mention how the cloud will provide you value, such as easier team collaboration and the ability for anyone in your organization to work anytime, anywhere.

Think “strategy” before migration
Once you’ve considered the value the cloud provides, you’ll likely come up with goals you’ll want it to accomplish for your business. If you haven’t, do it now, before signing up for the service.

Let’s say you want to gain the productivity benefits of letting your staff work remotely without sacrificing cybersecurity. Therefore, prior to rolling out the cloud in your company, have the specific goal of increasing the use of vetted mobile devices among employees.

Clearly define your cloud goals beforehand, then work with your IT staff to come up with the nuts and bolts of the plan for accomplishing that goal. By having a plan instead of just winging it, you’ll have a better idea of what you want to achieve, have the ability to recognize when you’re getting off-track, and be more prepared to make adjustments in case things don’t go as expected.

Learn to love the quickly evolving nature of the cloud
Compared to other IT tech, the cloud is still relatively new and subject to rapid change. New updates, features, and enhancements are rolled out regularly, so if you want to get the most out of your cloud, it’s best to keep up. Of course, this is a scary idea for many business owners and IT managers alike as fast-paced flux can feel like instability and chaos.

Some cloud services make it easier than ever to keep up with changes. Let’s take Office 365, for example. Adding users and implementing new changes can take mere minutes. Yes, adapting can be frightening, but just remember that Microsoft and your IT managers are in your corner. If you still have some bad memories of long and frustration-filled transition periods after updating your legacy technology, rest assured that updates to cloud-based services nowadays often only require a small learning curve. Most new features are intuitive by nature, making adjustment to these changes painless and problem-free.

One of the best ways to assure your cloud updates go as smoothly as possible is to have a cloud enthusiast who’ll be up to date on the newest features and enhancements and can quickly tell you whether or not an update will benefit your business.

Moving to the cloud is pretty much an all-or-nothing business decision. If you adopt it, the cloud will become an integral part of your business, and you and all of your staff will interact with it on a daily basis. So be prepared for a big transition and a big payoff of higher productivity and connectivity for your entire company.

Are you ready to embrace cloud solutions? Give us a call to learn more about how we can help you migrate to the cloud and realize its full potential for your business.

Apple Is Launching Their Own Credit Card Soon

Apple has partnered with Goldman Sachs and their long-awaited “Apple Card” begins rolling out in limited fashion. The card becomes available to all iPhone owners in the United States toward the end of August.

According to CEO Tim Cook, a random selection of people who signed up to be notified about the Apple Card are getting an early-access sneak peek.

However, the company has been tight-lipped about exactly how many people are being invited into the preview group.

If you’re one of the lucky winners, know that the sign-up process will involve upgrading to iOS 12.4 and entering your address, your birthday, income level and the last four digits of your Social Security number.  That information is sent on to Goldman Sachs, which will approve or deny your credit application in real time and in under a minute.

Note that part of the approval process also involves a TransUnion credit check, so if you have that information locked, you’ll need to unlock it (at least long enough to get approval).

Once you’ve been approved, your card will show up in your Apple Wallet immediately and be available for use.  If you want one, you can request a physical card from Apple for free during the setup and it will arrive in the mail in a few days.

The cool thing about the physical card is the fact that it has an NFC tag on it, so you can activate it simply by tapping the phone against it.

Also note that you’ll have three different credit card numbers associated with your Apple Card:

• The number assigned to your phone
• The number assigned to the physical card
• A virtual number you can access in the app for online purchases where the vendor doesn’t accept Apple Pay.

Also note that unlike the other credit cards in your wallet, this one has no expiration date or security code. You can lock the card at any time from the app, though.  Welcome to Apple’s Brave New World!

Safeguarding your Social Media from Hackers

Social media phishing is on the rise. Facebook is one of the most commonly impersonated brands in phishing attacks. Hackers now employ more sophisticated tactics, so you must strengthen your privacy settings to keep them away.

Lock screens exist for a reason

Lock all your computing devices as soon as you stop using them. This way, you are safe from the simplest hack of all: someone opening a browser on your computer that has your social media login saved.

Strong passwords are never out of fashion

Unlocking your phone may be limited to a six-digit passcode, but you’ll need something much more complicated for your account password. Create a password that you don’t use for any other account because with the regular occurrence of data breaches, hackers probably already have a long list of your favorite passwords from other websites and platforms.

It is best to use a password manager like an app or online service that allows you to generate and retrieve complex passwords.

You can also enable two-factor authentication, which requires a secondary verification step such as a code sent to your phone. Even if hackers have your password, they won’t be able to log in without your phone.

Make use of social media features

Facebook can help you keep tabs on who’s accessing your account and from where. Click on the down arrow located at the upper right corner of your Newsfeed and select Settings. Then click Security and Login to get more information. If you sense an imposter, click the right-hand icon so you can log out remotely or report the person.

From there, turn on Get alerts about unrecognized logins to get notifications via Facebook, Messenger, or email if someone is logged into your account from an unrecognized browser. Unfortunately, Twitter doesn’t have the same option (which makes two-factor authentication extremely necessary).

Hackers can also barge into your Facebook and Twitter accounts through third-party services that you’ve given access to your profiles, so make sure to double-check what you have approved.

• Facebook: Go to Settings > Apps and Websites to view and manage outside service with access to your account
• Twitter: Go to Settings and Privacy > Apps to check and edit the list

Lastly, be sure to check the permissions Facebook and Twitter have on your smartphone or tablet.

• Android: Go to Settings > Apps > App permissions
• iOS: Go to Settings > Privacy to manage which service can access which parts of your phone

Less personal info, fewer problems

These steps are just the beginning of what you should be doing. You should also limit the personal data you input into your social media accounts. Avoid oversharing.

By following these tips, you can prevent Facebook and Twitter hacking.

Cybersecurity is a sprawling issue and social media privacy is such a small sliver of what you need to stay on top of. For 24/7 support, call our team of experts today.

5 Reasons Dashboards are Vital to your Business

People are visual creatures, which means we interpret visual data better than written words. That’s why most businesses turn to dashboards as an intelligence tool to present data in a way that’s easy to understand. Dashboards have become a critical part of the analytics process. Here are some common uses of dashboards across various business functions.

Marketing insights

An organization’s marketing department typically analyzes a significant amount of data from various channels. Whether the purpose is to forecast monthly sales, predict trends, or build marketing strategies, marketing officers use dashboards to compare, sort, and analyze raw data to churn out meaningful information presented in an easy-to-understand format. This allows key decision makers to easily call the shots using that information.

Tracking sales opportunities

Sales dashboards are perfect for tracking products and services. They help you identify sales opportunities by monitoring top-selling products and comparing the growth in revenue on a periodical basis. They sync to your raw data, so your charts are always up to date, thus eliminating the need to spend hours manually entering and preparing sales reports and charts.

Social media management

Social media management is more than just posting regularly on your business’s social media accounts. In most cases, your social media platform’s default dashboard doesn’t give you deep insight into your social media campaigns. What’s more, managing multiple social media accounts can quickly become a cumbersome process since you have to use several login credentials. Instead, you can manage your accounts all at once through a comprehensive social media dashboard, saving you valuable time and effort.

Financial reports

Presenting financial data is so complex that it often leads to misinterpretation and misunderstanding of critical data. Dashboards make creating financial reports much easier, and financial analysts can take advantage of dashboards to display sensitive data in a comprehensible graphical format — be it customer invoices, progress toward revenue goals, or business expenses.

Project collaboration

Businesses of all sizes require their employees to collaborate on projects, whether on-site or online. Project supervisors need to get their teams together to give them project requirements, deadlines, and responsibilities, and to get progress updates. With the help of project collaboration dashboards, members will see the complete workflow, allowing for a more efficient and collaborative working environment.

Dashboards eliminate the complications of presenting complex business data and make your team more efficient. If you’re looking to implement dashboards and other cutting-edge tools to make your job easier, contact Net Activity today.

Are You a Security Threat to your Business?

Just like you can form habits to be more productive, you can also form habits that expose your organization to risky situations, namely security problems. Your employees in particular are likely to have picked up a couple of nasty habits over time, so it’s up to you to address them and keep them from becoming an issue in the long term.

Habit 1: Password Security
This habit means that your employees create weak passwords, then continually reuse them for multiple accounts. We get it; nobody likes to remember multiple passwords–especially complex passwords–but they are way better for network security than your standard fare. You should by all means avoid using words like “password” or strings like “123456.”

It’s critical that you hold your staff to this higher standard, as failing to adhere to the bare minimum could expose sensitive information in the event of a data breach. Furthermore, you should update passwords regularly, as well as use a password manager to help your employees keep track of everything.

Habit 2: Sharing Passwords
It might seem like employees are being efficient by sharing passwords, but it’s more like cutting corners. Sure, it might save a second or two, but it will really stink when you whack your elbow on the wall. If they are company-owned accounts that are set up, like company social media accounts or shared resources, that’s another thing entirely, but these are generally managed by the company, not the individual.

Basically, you need to be cognizant of the dangers displayed by sharing passwords, as well as have the ability to react to these issues in a timely manner.

Habit 3: Using Personal Storage for Company Files
Cloud computing is a great way to increase the value and utility of technology services, but only when it’s used properly. Employees might use their own personal cloud storage solutions to store company files, which is a major red flag. While they might be doing it for convenience, you still need to address it. These files will be stored in a location that isn’t as secure as your company’s network, and while the employee might have good intentions, the repercussions could potentially be catastrophic.

Habit 4: Shadow IT
Any software or hardware that is installed or implemented on your business’ solutions without approval from IT is considered “shadow IT,” or IT that can’t really be controlled or regulated by your IT department. Often times employees will look for ways to get around the challenges that face their particular work role, and while they are doing it to make themselves more productive, the end result is a less secure overall network and less solid policies regarding the governance of these solutions.

Habit 5: Careless Use of Email
Email is frequently used for both correspondence and file sharing, but without proper discretion, this comes at the detriment of your organization. Consider how bad it could be for your business if you send the wrong attachment or the wrong information to someone who isn’t supposed to see it. With such a great solution available, you need to take proper precautions to make sure that data doesn’t leak to the wrong recipient.

Habit 6: Insufficient Training
This isn’t so much a habit of your employees; rather, it’s one for employers in general. Employees need to understand the security threats that they face on a day-to-day basis, and without you there to guide them, they likely won’t take action to keep your business safe. Security training is integral to the success of any business model, and it should play a significant role in the onboarding process. You should then supplement this training with frequent phishing tests, team discussions, and further training as needed.

This might sound overwhelming, but it doesn’t have to be. Give Net Activity a call at 216-503-5150 and entrust your security to our professionals.

How Secure is your Office 365 environment?

Microsoft’s Office 365 is one of the most powerful business productivity tools today. This cloud-hosted suite lets users work anywhere and collaborate easily. Although it’s undoubtedly useful, Office 365 may present a few security challenges that businesses must address.

Vulnerabilities in SharePoint
Businesses typically use SharePoint Online and on-premises SharePoint sites to store sensitive data like personally identifiable data. Failing to secure SharePoint content against unauthorized users is one way to expose data and your business to malicious actors. And for companies that have to comply with regulatory authorities, there are serious consequences to data privacy non-compliance. To prevent this, limit administrator-level privileges and enable encryption. Set the necessary security restrictions per user for every application.

Unprotected communication channels
Launching phishing attacks and installing malware are two of the most common ways to hack into a system, but there are other paths of attack. Office 365 features like Skype for Business and Yammer, both of which connect to external networks, may serve as a medium for ransomware and other types of attacks.

Train your staff to identify potentially malicious files and URLs. Offer guidelines on how to handle and route sensitive files and communication to safe locations.

Security risks in dormant applications
Organizations using Office 365 won’t use all applications in it. You may use one or several programs like Word, Excel, and SharePoint but rarely use One Drive. Businesses and users that have not been utilizing specific programs should note that some dormant applications may be prone to attacks. This is why it’s crucial to identify the apps that aren’t being used, and have an administrator tweak user settings to restrict availability on such apps.

File synchronization
Like Google and other cloud services providers, Office 365 allows users to sync on-premises files to the cloud such as in One Drive. This useful feature is not without security risks, however. If a file stored in an on-premises One Drive is encrypted with malware, One Drive will view the file as “changed” and trigger a sync to the OneDrive cloud, with the infection going undetected.

Office 365 Cloud App Security, a subset of Microsoft Cloud App Security, is designed to enhance protections for Office 365 apps and provide great visibility into user activity to improve incident response efforts. Make sure your organization’s security administrators set it up on your systems so you can detect and mitigate dangers as soon as possible.

Cybercriminals will continue to sharpen their hacking techniques, and your organization must keep up to protect your systems, apps, and devices. Call Net Activity’s team of IT experts now if you want to strengthen your business IT security.