Posted on

The Importance of Cybersecurity for Businesses in 2019

feature image for the importance of cybersecurity in businesses in 2019 post

Cybersecurity is a vital part of every business that deals with any type of sensitive data. With online threats becoming more diverse every day, and the increasing regulations like GDPR. It is imperative that businesses stay on top of the latest cybersecurity developments for 2019.

Here are the most important things to consider when looking for ways to improve cybersecurity for businesses:

Hacking Is an Industry Now

Hacking has become a lucrative industry, with certain types of data being more valuable than others. Medical records, for example, are worth ten times more on average than credit card details.

Because there is so much money involved in hacking, it is not surprising that hackers are launching highly sophisticated attacks that are hard to detect and can be disruptive not only to normal business operations, but also to wider government-operated systems, like power grids for example. As such, hacking threats should be taken seriously, because a data breach can easily bring your business to a halt or end it altogether.

It’s Harder to Detect Breaches

Ponemon’s 2018 Cost of Data Breach Study states that it takes 197 days on average to detect a breach. After that, it takes another 69 days on average to contain a breach. This is a very long time for a breach to go undetected, costing businesses millions. For smaller companies, such a devastating breach could mean the end of their operations. Larger companies have an easier time to recover, but it still takes months or years.

A breach doesn’t just cause loss of revenue, but also reputation, customers, and missed opportunities, as well as any damages that have to be paid after the breach.

Third-Party Apps and Vendors Are Common Vectors of Attack

With cloud computing being the new norm, it can be hard to confine sensitive data within an isolated data centre in your office. The majority of data today is stored in the cloud, with many businesses sharing data no only internally, but also to external third-party vendors or applications.

If these apps or vendors do not take adequate security precautions resulting in a data breach, the business can still be held accountable for the loss of sensitive data. Make sure then to check all third-party vendors your business deals with.

Data Protection Is More Important than Ever

Businesses who don’t invest in cybersecurity should be held accountable. It doesn’t really matter whether it was just an oversight or due to negligence – if the someone steals valuable data, there should be serious consequences.

Lawmakers are becoming aware that cybersecurity is an important aspect that needs to be regulated seriously. We are already seeing the adoption of stricter laws and regulations – the General Data Protection Regulation (GDPR) is just one of them.

Not only do such laws and regulations force businesses to improve their security, but they also help protect users against predatory practices like selling data to third parties without the user’s explicit consent.

Any business who is serious about what they do should have transparent data collection and usage policies. They should have adequate security and encryption for their data.

AI Helps Companies Protect Against Attacks

Advancements in AI and machine learning have made predictive analytics an ally against cyber attacks. Businesses have more overview of their real-time security than ever before. And predictive analysis helps them promptly detect anomalies in their operations. This is especially beneficial for the financial sector such as banks, and other businesses will reap the benefits as well.

As a business owner, you should be aware of the cyber threats lurking about. Know also that no target is too small for hackers. Make sure to update all your software regularly and educate your employees. Ensure that any third-party vendors or applications you deal with are taking cybersecurity seriously too.

Posted on

7 Ways to Protect Yourself From Social Engineering Hacks

7 Ways to Prevent Your Social Media Being Hacked

Human interaction is the element that makes social networks so great, and businesses use it to connect with their user bases on an individual level. This human connection is also a vector used by hackers to get access to classified information, as well as access to internal networks and data. Such techniques are known as social engineering hacks.

Social engineering hacks is when hackers present themselves as trusted and friendly individuals or businesses to get their targets to disclose privileged and sensitive information. This tactic requires lots of research on the target to be successful, and the attack if often specifically aimed at individuals who have low-level access within their organisation, as this is enough to get access to everything else once they are in.

Research and reconnaissance include scanning the targets online behaviours and patterns, and social media accounts are a treasure trove of information. This is why it’s so important that all employees keep their social media accounts secure. The following seven tips will help keep social media accounts safe from hackers:

#1 Avoid Taking Part in the Things that Have Your Personal Details

Do you know all those various quizzes that “analyse” your social media account to tell you which “Game of Thrones” character are you most like, or tell you what kind of salad you are? How about some extensive personality tests that ask you to disclose super specific information about yourself to tell you what type of personality you are?

Always make sure to check what type of information you reveal and authorise access to. Many of them will require you to allow access to all your online images, your whole friend list, or your bio and personal information that might include phone numbers and emails. Only use such things if you can be 100% sure that the information you share will be used solely for marketing purposes and not compromise the security of your account.

Do you remember the story about an Android flashlight app that just asked for too much access? This is exactly how your data could become available to hackers and used against you.

#2 Increase Your Password Security

Password strength is what makes or breaks the security of your social media accounts. First of all, make sure to use a strong password. The holy trinity of strong passwords is a combination of the following:

  • Lower- and uppercase letters
  • Numbers
  • Special characters

Have at least 8 or more characters in your password, and never use personal details and information like your kid’s names or birthdays in your passwords, as this makes access easier. To minimise the risk of being hacked, change your password regularly and never use the same password for multiple accounts. If you have trouble remembering all your passwords, use a trustworthy password manager instead.

#3 Understand Your Privacy Settings

Once something is on the web, it stays there forever. Your online behaviours can be tracked, and most people don’t think they are valid targets to be tracked online, so they will reveal too much on too many public places.

Imagine sharing your personal or work email, where you live, or images of your kids and your home to any stranger you meet on the street. It would be quite reckless, wouldn’t it? This is exactly what many people are doing online when they don’t think about their privacy settings and post publicly on their social media accounts.

When using Facebook or any other social media site, make sure to limit your posts and images to your friends only. If you wish to share something publicly, always ensure that it can’t be something used to get access to your accounts or to follow your actions online. Also be wary of friend requests from people you don’t know. Chances are, at least one of them might just be trying to get access to your information.

#4 Up Your Account Security

A strong password is just a first step towards a safer account. Wherever possible, use additional security in form of two- or multi-factor authentication (2FA or MFA) – they will ask you for an additional code that’s generated just for you once you type in your login credentials. This way, if someone manages to crack your password, they will not get any further because they won’t have the code they need.

#5 Use Quality Antivirus Software

Make sure to have good antivirus protection on your PC. Your antivirus must not only regularly scan your PC, but also monitor your online activity. Such suites will immediately let you know if there’s an infected link or attachment in your emails. It can also scan social media messages and quarantine it before you could click on it by mistake.

#6 Only Install Apps from Trusted Sources

Since there’s limited access to good antivirus software for mobile phones, stay safe by only installing apps from trusted sources. Examples of trusted sources are Google Play and Apple’s App Store. Apple, in particular, is very strict when it comes to what apps are allowed on their store. They do a full scan and inspection of every app before it can be approved and published in their store.

#7 Log Out of Devices and Close Old Accounts

If there are some accounts you are not using anymore, it doesn’t mean they are safe from hackers. Always close all old accounts you are not using anymore. This way, you make sure hackers don’t get access to them and use them without your knowledge.

Also, make sure to log in on trusted devices and on trusted networks only. Make it a point to log out of all your active sessions regularly. This will help those services recognise anomalies in your login patterns and detect a possible breach easier.

Have a proactive approach towards your social media security and you will be a very hard target for anyone trying to get access to your accounts. It will be a challenge for anyone to launch social engineering hacks against you.

Have more questions? Check out our Smiley Geeks IT Help Membership from only $69 a month!

Posted on

6 Hospitality Businesses Who Faced Data Breach Fines

hospitality data breach fine

Contrary to popular belief, the hospitality industry is an excellent target of cybercrime because of the sheer amount of personal and sensitive data held. In fact, there are several businesses that have already faced data breach fines.

Every day, hotels, hostels, and restaurant chains handle credit cards, emails, contact preferences, home addresses, and other sensitive data from millions of customers, and hackers want to get their hands on that information.

A data breach can go undetected for quite a long time, as some of the cases below demonstrate, which would only increase the GDPR fine nowadays!

Here are 6 hospitality businesses who have recently faced data breach fines, and the cybercrime that caused them.

1. Hilton Fined $700,000 After Taking 10 Months To Notify Customers of Data Loss.

Back in 2014, Hilton hotels were a victim of a data breach, followed by another breach during 2015, which resulted in the data loss of over 360,000 customers. The data that was stolen held sensitive information like credit card numbers, names, addresses, and more.

The biggest issue is that Hilton failed to inform its customers about the breach in a timely manner. It took them ten months after they learned about the breach to inform their customers. This resulted in a $700,000 fine for lack of adequate security and failing to inform customers about the breach. If this had happened recently, their fines would be much higher under GDPR –  they would probably have to pay around $420 million.

2. Radisson Hotels Face Potential GDPR Fine

Radisson Hotel Group faces fines under the newly adopted GDPR. The breach was discovered in 2018, with Radisson claiming to have promptly informed the EU regulators within the 72-hour timeline. It was detected in the Radisson Rewards database, and some members of their Rewards programs were compromised.

Apparently, credit card or passwords were not stolen. Stolen data included names, addresses, email addresses, company names, Rewards member numbers, and frequent flyer numbers. As a result, the hotel chain might be facing a €10 million fine.

3. Trump Hotels Pay $50,000 After Not Informing Customers About Breach

Even Trump hotels aren’t spared of data breaches. The hotel chain suffered a data breach back in 2014 when over 70,000 credit card numbers and other personal data were stolen via the payment processing system that was infected. The now president Trump agreed to cover the $50,000 fine that was issued because the hotel chain didn’t bother to inform their customers about the breach even though they knew about it for months.

4. Wendy’s $50 Million Settlement

Restaurant chain Wendy’s had to pay a hefty fine because of the data breach that happened in 2015 and 2016 when 1,025 POS systems used at their locations were infected with malware that led to a lot of stolen credit card info. It is reported that over 18 million cards were compromised in the breach.

Many of these cards were used to commit fraudulent online purchases. As a result, Wendy’s had to face a class action lawsuit from affected financial institutions and consumers. Wendy’s reached a settlement that required them to pay $50 million by the end of 2019.

5. Zippy’s Restaurant $725,000 Data Breach

Zippy’s restaurant chain based in Hawaii suffered a data breach in November 2017. They first discovered the breach in March 2018. All cards used during that time might have been affected. The compromised information included credit card numbers, expiration dates, names, and security codes.

There is no information about how many customers were affected, but a class action lawsuit was filed against FCH Enterprises, the owner of Zippy’s Restaurant. It’s worth noting that not only the restaurant chain was affected. The other franchises held by FCH – Napoleon’s Bakery, Kahala Sushi, Pearl City Sushi, and Pomaika’i Ballrooms. FCH reached a settlement and agreed to pay $725,000.

6. The $915Million GDPR Marriott Case

Probably the case that got most traction is the large data breach that occurred with the Marriott hotel chain. Personal data and credit card details, even passport numbers and dates of birth of more than 500 million of their customers were stolen. The Marriott group includes hotel chains such as Sheraton, Westin, W, Le, Meridien.

The breach was first discovered in September 2018, while detailed investigation revealed ongoing unauthorized access dating back to 2014. They did encrypt sensitive data such as credit card information. However, the group stated they cannot be sure that encryption keys were not stolen too.

The most concerning part is that this was ongoing for four years, meaning security monitoring profoundly failed. The fine: $3.5 billion dollars plus $915 million from ICO GDPR.

With the rising risk of data breach and rising prices of fines, make sure you protect your customers’ sensitive data. This is especially true with the GDPR in place. By doing so, you avoid fines and ensure your guests rest easy knowing their personal information is safe with you.


Posted on

5 Reasons Hospitality Businesses Get Hacked

hospitality business hacking

The last several years have revealed that hospitality businesses are vulnerable to cyber attacks. Many major hospitality players being victims of cybercrime that was in some cases undetected for years. In a separate post, we have cited six hospitality businesses that faced data breach fines resulting from hospitality business hacking.

Hackers are becoming increasingly innovative in ways they gain access to secure hospitality systems. In contrast, the hospitality sector is lagging behind in security measures. Businesses often don’t treat cybersecurity as a priority but prefer to focus on customer experience only, which can have far-reaching consequences in case of a breach.

The most common factors that contribute to hospitality business hacking and data breaches include the following:  

#1 The Number of People Involved

It is the nature of the hospitality industry that makes hospitality businesses such targets – there are so many customers and staff involved that hackers easily benefit from those numbers.  Sooner or later, somebody will make a mistake and click on a malicious link delivered into their inbox from a spoofed email address, and that one click is often enough to get access to everything.

Once inside, hackers will easily find employee credentials to get access to sensitive information, such as customer names, emails, addresses, current residence, credit card information, loyalty programs and points, and more, and use all that information for monetary gain or to sell it on the dark web.  

Another big issue that contributes to the high vulnerability of the hospitality sector is the current hospitality retention rates. Retention rate in the hospitality industry is quite low in comparison to averages or other industries. In the UK, the annual staff retention level is just over 70%, which is concerning since the average retention is usually around 85%. Not only are staff usually less interested in the long-term protection of the business, but frequent changes of users and passwords often leads to bad practices like sharing or logging in for each other.

#2 Unsecured Networks Result in Hospitality Business Hacking

One of the easiest ways hackers are able to access guest and employee data is through Wi-Fi networks that are poorly secured and unsecured. While it’s hard to make sure a Wi-Fi network is 100% secure against attacks, hospitality businesses can do a lot to minimise the risk.

First of all, a network should never be unsecured. While it might seem like a great perk – use your network easily without having to ask for a passcode – this also means that anyone can access it, hackers included. The passcode should always be complex to avoid hackers simply guessing it. Businesses should avoid setting up “12345” or the business name as the passcode.

In addition to the right encryption settings for all the networks, it’s important to separate them too. Guests should always have a separate network for all their devices. Sharing the same network for business devices and guest devices is a recipe for disaster. Some of your guests may not be as innocent as they appear. They may be accessing your internal systems and data whilst also enjoying your coffee.

#3 Lack of Understanding

Another fault of many businesses in the hospitality industry is their lack of understanding of cybersecurity. Hotels are now interconnected digital systems that compete for customers by introducing new digital experiences. As such complex systems, they have a large number of endpoints – like the above-mentioned Wi-Fi networks, but also HVAC systems, Points of Sale (PoS), electronic door locks, smart devices – through which customer data is accessed and stored.

It’s true that they do adopt new technology and software to streamline their operations. But their outdated security measures don’t cover new security threats. You see, each of the endpoints used can also be an entry point for hackers to steal data. Sometimes, it’s enough to delay updating your PoS system for hackers to get a successful entry.   

Because hospitality businesses deal with such a large amount of sensitive data daily, it’s of utmost importance that they also understand the risks that come with the benefits of new software and tech solutions.

#4 Cybersecurity Isn’t Their Focus

Most hospitality businesses will agree that customer satisfaction and the overall experience with their brand is what matters most. The competition is fierce, and it’s very easy to lose customers. In their battle to retain customers, they will often prioritise to spend their money on user experience. As a result, they streamline all their internal operations towards this goal.

Providing a seamless experience in every single one of their locations require interconnection of all hotels from the same chain. For this reason, they are able to easily share their data on customers between locations. This way, the customer’s preferences when it comes to rooms and suites and other data that help make them feel welcome is accessible at any time, no matter which of their hotels the customer walks into. Such data sharing happens within the hotel chain national network, which all hotels have access to.

This interconnectedness can have far-reaching consequences – just one breach into a single hotel from the whole chain is enough for hackers to quickly gain access to their whole system and steal information from central data points.

#5 Lack of Education Lead to Hospitality Business Hacking

With a lack of understanding of why security systems are crucial for all the digital systems in the hospitality industry, cybersecurity is often put into the back seat. This, in turn, results in a severe lack of education for staff members and partners.

If employees working in hospitality do not know how to spot risks, the chances of hospitality business hacking skyrocket. Not all employees are tech-savvy or IT professionals. Some of them don’t know how to spot a phishing attempt. However, with the right training, you can greatly reduce the chances of being hacked.

The best approach here would be to have cybersecurity staff that will take proactive measures to keep all systems secure. Therefore, it’s not a bad idea to appoint a Chief Information Security Officer (CISO) who would oversee all security-related operations. The CISO ‘s responsibility includes setting up a plan in case a breach happens.

The Right Measures Help Detect a Breach Quickly

The hospitality industry will remain a high-risk target for cyber attacks, and there will always be a risk. However, taking the right countermeasures will minimise hospitality business hacking. This ensures that if a breach does happen, there are rules in place that will help detect it quickly. Consequently, businesses take the right course of action.

Posted on

IT Managed Service Providers vs In-house IT Teams For Hospitality

IT Managed Service Providers vs In-house IT Teams For Hospitality feature image

As businesses are undergoing digital transformations, IT is becoming a critical part of their business success. With consumers expecting hospitality to match the digital era with new customer experiences, it’s often one of the things that are left behind!

So whilst basic IT knowledge goes a long way in hospitality, having a dedicated IT expert is still the best solution. Most business owners are now faced with a critical decision: to choose between an IT managed service provider vs in-house IT team.  How are they different? Which one is better? How safe is it to let someone else take care of your IT needs?

The choice between an IT managed service provider vs in-house IT team often boils down to the size of the company and its specific needs. Here’s a rundown of the pros and cons of each option.

In-House IT Team: Pros and Cons

In-house IT staff usually handle day-to-day IT operations and requirements. Startups and small and medium businesses will often start with a single IT expert who will handle their IT needs. As they grow, however, they will also need more than one IT expert to keep track of everything.

Pros

It’s not that in-house teams are without benefits:  

  • They will have intimate knowledge of your operations and know your infrastructure in and out.
  • They can be immediately available when you need them.

On the other hand, having a full in-house IT team is often limited to large enterprises only. A full IT team when you’re a small or middle-sized business is just not possible financially. Not only would they eat up resources but you need a place to put them day-to-day too!

Cons

The cons of in-house teams seem to be more prevalent when it comes to IT requirements of most hospitality businesses:

  • The costs run high: They will be your full-time employees, meaning you will have to cover their salaries, benefits, training, NI, and other expenses.
  • The emergencies increase costs even more: The cost of intervention often goes up considerably in case of emergencies that happen overnight, and you have to pay overtime.
  • Team members are not bound to your company: If they decide to leave for what they think is a better opportunity, they are free to do so. When they leave, they will take all their expertise with them and you’re stuck with tech you don’t know how to run, unless you employ a team – which is even more expensive!
  • In-house teams can rarely keep up with all the latest IT developments or industry trends, meaning that parts of your IT infrastructure will inadvertently become outdated. It’s their job to keep things running, not constantly innovate!
  • Often limited to reactive interventions instead of proactive IT strategy development.

Is an IT managed service provider better than in-house IT teams? Let’s see what they can offer.

IT Managed Service Providers: Pros and Cons

Business owners are often wondering how is an IT managed service provider better than in-house IT teams. It seems logical that hiring a third-party provider to take care of your IT needs would be less efficient.

But this is a common misconception.

Managed service providers actually improve efficiency. They deliver higher quality services because IT is their speciality; it’s all they do. They are experts who continuously improve their knowledge by following the latest developments.

Pros

When a business hires an IT managed service provider, they will reap the following benefits:

  • Paying a lower price for hiring them than you would for keeping an in-house team. Their services are available for a flat monthly rate, which makes budgeting for IT super easy. You benefit from economies of scale here, because ultimately, you won’t be the service provider’s only client – but that means they are more affordable!  
  • They are available around the clock and can monitor your systems at all times.
  • Your operations will rarely be disrupted: Managed service providers have service level agreements (SLAs) that are legally binding. They guarantee to provide the highest possible uptime and service quality. It also means that should you move to someone else, they should provide you with all the procedures and documentation necessary to ‘hand-over’ your day-to-day.
  • Managed service providers also have access to the latest technological solutions, software, and industry contact. This means that all your IT needs will be up to date as soon as there’s one available.

Cons

Of course, there are also some disadvantages of managed service providers:

  • Finding the right fit for your business needs takes time. Sometimes, trial and error is the only option to find a managed service provider who has everything you need.
  • Sometimes, service packages can be arranged in such a way that you might need to pay for some services you don’t really need. Still, many managed service providers will happily let you make a fully custom package.
  • The biggest concern is their on-site availability. Your MSP should always be able to provide some level of physicality! Particularly for 1st line support which often involves users directly.

IT Managed Service Provider vs In-House IT Team: Who Wins?

Is an IT managed service provider better than in-house IT teams? Our verdict is a big fat YES because they can offer everything an in-house IT team does, and more! Ultimately, you pay for a ‘service’ rather than a person when it comes to an IT managed service provider and therefore you know you’re always covered!

Comparing an IT managed service provider to an in-house IT team shows that you will ultimately save more money by opting for a managed service provider.

Having up-to-date software is also a crucial point – it ensures you are well protected against cybersecurity threats and attacks that are becoming more elaborate over time. Your IT managed service provider will make sure all your security definitions are up to date, that they never expire, and that your business and customer data is secure.

IT managed service providers free up the time you would otherwise spend on the challenging tasks related to your IT. They are not just your IT support, they are the technological catalyst for your business. Working with you to develop the right strategies to acheive your your long-term goals.

Posted on

Why It’s Safer to Tether Your Internet Than Use Public Wi-Fi

Why It’s Safer to Tether Your Internet Than Use Public Wi-Fi feature image - picture of a pineapple

You’ve probably been in a situation where you desperately need an internet connection for your devices while you’re out and about. Most public places offer free internet. Public Wi-Fi, however, is risky business, and it’s best to avoid it.

The Risk of Public Wi-Fi

Coffee shops, airports, hotels, and restaurants offer their Wi-Fi without a second thought, but most lack proper security measures. Those networks are often the prime spots for hackers to execute their attacks and get access to sensitive information or spread malware. One of the most concerning ways they do this is with a device called Wi-Fi Pineapple.

Primarily, Wi-Fi Pineapple is used by companies specialised for penetration testing networks of various businesses. Even though the original use of the device is to audit wireless networks and test for vulnerabilities, hackers realised they could use it too.

How Hackers Use Wi-Fi Pineapple

Because Pineapple is so cheap (the whole kit costs about $100/£75), hackers use it to get access to sensitive information or spread malware.

  • They set it up as a fake Wi-Fi hotspot (known as a rogue access point –rogue AP), which enables them to do an attack called “Man-in-the-Middle” (MitM).
    • They fake a network SSID (name) that sounds reputable, like a hotel name, by changing one letter in the name, and then wait for unsuspecting users to connect their devices.
    • Once connected, they will intercept all communication between devices and the web.
  • Another way they can get your device to connect automatically is to spoof the SSIDs saved by your device.
    • When you have Wi-Fi on, your device will actively scan the surrounding for networks that you have saved and enabled auto-connect.
    • Your device does this by actually broadcasting the SSID of all saved networks.
    • Wi-Fi Pineapple can read those broadcasts, rename its SSID to match one of your saved networks, and your device will automatically connect to it.

It’s always better to tether your internet connection from your phone to avoid those risks.

Advantages and Disadvantages of Tethering Your Internet

Tethering is easy to set up –basically, you use your phone’s data plan to get an internet connection. It can be done via Wi-Fi, Bluetooth, or USB.

Advantages of Tethering

  • Safer than using public Wi-Fi
  • Your personal hotspot; nobody else can use it
  • Safe to browse all sites and log in to sensitive websites too (like a bank account)

Disadvantages of Tethering

  • Some carriers block this option, and you might have to pay extra fees to use it.
  • Can drain the phone battery quickly if the phone is not connected to a power source.
  • Can use up your data plan if your connected devices are not set up to treat the connection as a metered one.

Even so, battery drain or a small one-time fee is acceptable when compared to the risk of losing your personal information or business accounts because you used public Wi-Fi.

How to Tether Your Phone

ANDROID

For Wi-Fi tethering, you should go to:

  1. Settings > Wireless & Networks > Portable (Wi-Fi) Hotspot > Set Up Wi-Fi Hotspot.
  2. Enter SSID (name) of the Hotspot.
  3. Choose a security option – always go for WPA2 PSK (safest encryption).
  4. Set up Password.
  5. (Optional) Choose an AP Band – 2.4 GHz is the default, but you can go for 5GHz too if your devices support it.
  6. Turn on HotSpot, find it with your device, and connect to it.

For USB tethering, you should:

  1. Connect the phone to your device via USB.
  2. Disable Wi-Fi.
  3. Go to Settings > Wireless & Networks > More… > USB Tethering and activate it.

iOS:

  1. Go to Settings > Cellular or Settings > Personal Hotspot.
  2. Turn on Hotspot using a slider.
  3. You can choose to connect your devices via Wi-Fi, Bluetooth, or USB.
    • For Wi-Fi, you will have to set up Wi-Fi Password first (under Personal Hotspot).
    • Bluetooth connection only works with Macs, PCs, and third-party devices;to connect other iOS devices, you need to use Wi-Fi.
    • For USB, you will need the latest iTunes on the device you want to connect.

Keeping your personal and business data safe wherever you might be should always be your primary concern. Particularly in this day and age.

Even though public Wi-Fi networks are convenient, you are at high risk every single time you connect to them, even if it’s just for a few minutes. Tethering your internet is simple, convenient, and gives you your very own personal and secure hotspot.

Posted on

11+ Ways to Improve Your Email Security Today

finger pointing to a padlock - improve your email security tips

Email accounts are used as the most common point of entry by hackers to get access to networks and either disrupt services, steal information, or spread malevolent software to more accounts. But, if you improve your email security, you can prevent this!

So, What Is Email Security?

Put simply, email security is a term that encompasses all the measures taken to secure access to an email account and contents of all emails of that account.

15 Ways to Improve Your Email Security

Email accounts are fairly easy to hack, simply because of the sheer number of email accounts there are. With everybody having at least one account, a simple error like clicking an infected link is often enough for them to gain access.

Coupled with a lack of knowledge, some people are easy targets, and can be the weak link for businesses or home offices to get a malware infection or lead to a security breach.

This is why it’s important to be up to date with email security measures and be able to spot hacking attempts.

Here are some of the ways you can improve your email security and help keep your personal and business data safe.

1. Use Strong Passwords

Weak passwords are one of the simplest ways to get access to an email account.

Often, people use simple passwords out of convenience, but this makes them more vulnerable. Most services won’t even let you have generic or weak passwords anymore and demand that passwords have at least eight characters, must include upper- and lowercase letters, at least one number, and one special character.

Our tips for strong passwords include:

  • Avoid using meaningful passwords – like the name of your spouse, children, or pets, birthdates, and similar. It’s best to use everyday items that don’t have much meaning. For example, look around your room or office and pick an item or two, then use them to make a password.
  • Change your password every 3-6 months. Set a reminder on your phone or work calendar to do so.
  • Avoid leaving all of your accounts logged in on multiple devices ALL of the time.
  • Don’t write your password down and stick it to your desktop screen! (it happens more often than you think!)

Think it’s hard to steal your password? Read this:

2. Use Two-Factor Authentication (2FA)

This puts an extra layer of security in addition to a username and password. It makes it harder for attackers to gain access. With 2FA, the user, after putting in their username and password, also has to input additional information, such as an additional PIN or password, or a security token.

3. Avoid Logging In to Free Wi-Fi and then Signing into an Email

While free Wi-Fi sounds great in theory, in practice, it’s chock-full of hazards. Using public Wi-Fi puts you at risk of being hacked, as hackers might be using the same network to gain access to other devices – if you log in to your email account, they can easily get access immediately.

If you truly need internet access out in the public, it’s best to use your phone and tether a connection instead (just make sure you use encryption while doing so).

4. Use Professional/Paid Services and Avoid the Free Ones

While free email services are convenient (for example, Gmail), they don’t have all the features you might if you’re a business. Always opt for professional and paid services (for example, G-Suite email services) as they have priority support and better security features.

5. Educate Yourself

One of the best ways to stay secure is to be aware of all the risks and ways hackers might try to get access to your email. It’s extremely important for businesses to train their staff as well, to minimise the risk of someone accidentally clicking an infected link.

6. Use Anti-Virus That Includes an Email Scanner

Anti-virus software will scan your device for malevolent activity, but it’s not a bad idea to get AV software that also includes an email scanner. Such scanners will actively scan all links and email attachments and alert you about infected items.

7. Don’t Click Links from Emails and Don’t Log In on Email Pop-Ups

If you are unsure about a link from an email, never click on it. The link might lead to a site that downloads and installs malevolent software to your device. Any pop-up window that requires you to log in to your email is likely a scam too. Always log in through the actual service.

8. Check the Original Sender

If you receive an email that seems to be a bit off, always check the sender. Often, the sender name will be spoofed to make you believe they are someone else. You can do so by hovering over the “From” to see the actual email address and not the name of the sender.

9. Help Your Provider

Every time you mark an email as spam or junk and report them, you help your provider filter the emails better in the future. This way, harmful emails will never even manage to reach the inbox.

10. Be Careful Signing Up for Things.

Using the same email for all the services – from those you use regularly to some obscure mailing lists, is always a bad idea. Always have a “throwaway” or temporary email address for services or websites where you only need one-time access.

11. Check Who Has Your Email

Never share your email on just any websites or public places. Also, avoid posting to public forums with your main email address to make sure it’s not collected and ends up on spam lists.

12. Protect Sent Emails

Use encryption services to protect all sent email. Some services even make it possible to see the email only if the recipient has an authentication code, and you can redact access at any time you see fit. We use Microsoft’s Azure Information Protection and recommend it to our clients for automatic email and file encryption.  

13. Be Careful What You Share Online

Avoid sharing personal information that could give hackers an idea on what you are using as a password! And I’ll say it again, don’t use obvious personal information as your password!

14. Run Regular Backups

With so many ransomware attacks happening lately, make sure your data is backed up regularly, just in case!

15. Be Careful About Apps

Avoid installing apps from third-party sites on your computer, browser, or phone. They are often infected with malware. Instead, only download from trusted sources, and always regularly update them.

These are all ways to improve your email security, whether you’re a personal user, have a business account, or are looking for organisational email security! Just remember, the more measures implemented, the higher the security of an email account.  

Posted on

Microsoft Announces Microsoft Threat Protection (MTP), But What Does This Mean For Their Cyber Security Users?

Microsoft Announces Microsoft Threat Protection (MTP), But What Does This Mean For Their Cyber Security Users? feature image

Summary: With Microsoft Threat Protection (MTP), Microsoft has announced big changes coming to their security apps. Focusing on bringing a unified solution that correlates data across their cybersecurity services, they want to offer an end-to-end security solution that will help users stay one step ahead of sophisticated cyber attacks.

With the global cyber security landscape becoming more diverse, it is becoming increasingly difficult to stay protected against cyber security threats. The cyberspace is a new battlefield, and businesses should always assume that someone is attempting to hack into their systems and exploit their environments.

Microsoft Threat Protection (MTP) Is the Answer to New Cybersecurity Threats

Microsoft Threat Protection (MTP) is the most exciting update of the Microsoft Ignite 2018 that was held from September 24 to September 28, 2018, in Orlando, Florida. The Ignite Panel on Microsoft Threat Protection explained a large portion of the changes coming to their cyber security services.

What Is Microsoft Threat Protection (MTP)?

Microsoft Threat Protection is Microsoft’s latest response to the increasing complexity of the digital estate and security issues that come with it.

Anything connected to the internet can be attacked. This not only includes laptops, tablets, phones, but also IoT devices such as smart meters, smart watches, and others – all of them are possible vectors of attack. The endpoints in the environment that are a target of cybercriminals are not just computers or phones, but complex systems like smart cities, sensors, smart cars, and smart energy grids.

These are coordinated and intelligent attacks, and it’s been an ongoing game of cat and mouse, where cybercriminals land a blow, the security experts respond, then cybercriminals find new exploits, and so on.

Microsoft Threat Protection aims to break this cycle and ensure to stay one step ahead by using the power of cloud computing, automated responses, and scaling capabilities to secure everything.

Why Did Microsoft Decide to Develop MTP as an End-to-End Security Solution?

The digital environment is more diverse than ever before, and Microsoft Threat Protection aims to offer a solution that protects enterprises and their digital environment against a growing number of sophisticated cyber attacks.

Once a cybercriminal gets access to any device within a system, they also get access to everything that the device has access to, searching for additional logins on the affected device to move across your whole environment.

Microsoft Intelligent Security Graph

The Microsoft Intelligent Security Graph is the foundation of all the security services included in Microsoft Threat Protection. It gives insight into various attack vectors and shows how many security threat signals are coming in daily from consumers and corporations – 6.5 trillion signals a day. Those signals are gathered from users, corporations, and Microsoft services.

The graph shows just how many signals are detected in various areas, such as Outlook, where over 400 billion emails are analyzed, or from 1.2 billion devices that are scanned each month, where over 5 billion threats are detected in that time.

Every single security alert and signal that is received is part of a larger attack, and it’s difficult (and very expensive) to correlate all signals across all devices. The Microsoft Intelligent Security Graph requires analysis by more than four thousand in-house security specialists, with over $1 billion invested each year into cyber security.

It is virtually impossible for most enterprises to have access to such security skills and budget to correlate all threats to their digital estate. Microsoft, therefore, offers enterprises the ability to use Microsoft’s vast cloud computing capabilities and insights by choosing MTP as their ultimate cyber security solution for all digital devices and assets you have in their environment.

How Microsoft Security Solutions Used to Work…

Before this, Microsoft’s threat protection was divided between their various services, which meant that cyber attacks could happen outside of those areas, in the gaps that were not covered by a specific service.

By bringing all these services closer together and having multiple apps address the different aspects, those gaps are covered and the risk of a breach is lowered.  

What Services Does Microsoft Threat Protection Include?

Microsoft Threat Protection isn’t a single app that covers all cyber security needs. It’s a group of services that work together to ensure all attack vectors are suitably covered from multiple angles.

The Services included in MTP are as follows:

  1. Azure Active Directory – This covers identity and access management.
  2. Azure Advanced Threat Protection (ATP) – This covers detection of advanced attacks across the digital environment.
  3. Microsoft Cloud App Security – This is a Cloud Access Security Broker (CASB) that covers data protection in the cloud environment.
  4. Microsoft Intune – A part of Microsoft Enterprise Mobility and Security, Intune is a cloud-based service that helps you manage mobile devices, apps, and the way workforce accesses and shares company information.
  5. Windows 10 – These are updates to existing security services like the Windows Defender.
  6. Azure Security Center – This is a unified security management system that protects hybrid workloads running in Azure and other environments.
  7. Windows Defender Advanced Threat Protection – Windows Defender is getting new capabilities that include post-breach detection, investigation options, and response.
  8. Office Advanced Threat Protection – This covers malicious attacks found in emails, collaboration tools, and links.
  9. Office Threat Intelligence – These are threat protection capabilities across all Office apps.
  10. Windows Server Linux – This covers Linux based servers.
  11. Exchange Online Protection – This covers email filtering, spam and malware protection, as well as protection against messaging policy violations.
  12. SQL Server – A protection through advanced machine learning.

Those services work in tandem to secure the five pillars of cyber security. This gives them greater coverage of possible attack vectors and in case one service doesn’t address a specific vector, the other will. These are the five pillars:

  • Identities – This pillar includes vectors such as users and admins and is protected by the following services: Azure Active Directory, Azure Advanced Threat Protection, and MS Cloud App Security.
  • Endpoints – This includes all types of devices and sensors that could be possible vectors for a breach. It’s protected by Microsoft Intune, Windows 10, Windows Defender ATP services.
  • User Data – All email messages and documents are protected by Microsoft Cloud App Security, Windows Defender ATP, Office 365 ATM, Office Threat Intelligence, and  Exchange Online Protection.
  • Cloud Apps – All data stores and SaaS solutions/apps are covered by MS Cloud App Security, Office 365 ATP and Exchange Online Services.
  • Infrastructure – All enterprise servers, virtual machines, networks, and databases are protected by Windows Server Linux, SQL Server, and Azure Security Center.

How Do Enterprises Use and Benefit from MTP

A good example of how enterprises benefit from MTP is Telit, who has over twenty years of experience in IoT and offers end-to-end IoT solutions. They use Microsoft’s services to protect everything: from IoT Products, over Services, IoT consulting, and building systems for enterprises.

They realized quickly that by having a unified system, they can address any security issues more efficiently and save a lot of money when compared to using different providers for each aspect of their business.

Your enterprise will benefit because instead of using the top services for each category, the MTP unified system can secure all of the following, and more:

  • Mail protection and encryption
  • Mobile device management
  • Endpoint security
  • Incident response
  • Cloud access
  • Securing data and apps
  • Data classification and governance
  • Data loss prevention
  • Compliance (GDPR)
  • Identity protection and privacy

Microsoft Threat Protection addresses the following cybersecurity pain points and helps enterprises by offering the following:

Integration – All security products should aim to be closer together and better integrated. This improves response and automation and closes gaps is security where attackers often operate.

Intelligence – The power of the cloud can improve security across all apps.

  • For example, businesses can have an overview of each user activity and get alerts on unusual activity or devices for each of their accounts or identities.
  • MS combines machine learning to detect deviations from usual patterns in user/ID/machine behaviour and activity.

Automation – The focus is placed on incidents that are most important, not all of them. This saves time on mundane and routine tasks through automated actions for each type of attack.

  • Alerts are correlated across machines and network to figure out how it happened and whether it’s part of a larger incident.
  • The incident takes X number of alerts and groups them together, shows the timeline of all alerts, and shows affected machines, emails, users what investigations and actions were taken.
  • By combining services to correlate alerts, better detection and response is achieved, and it’s easier to secure all the attack areas, strengthening the overall security.

A User-Centric Approach – Solutions are geared toward how users work.

  • For example, in emails, you will be able to display the underlying URL instead of the text part to immediately see if the link was spoofed. This offers security against threats targeting users (phishing etc) while not undermining the user experience.

EcosystemIntelligent Security Association – Instead of trying to cover every security aspect on their own, Microsoft is working with over thirty leading security tech providers to expand security coverage.

The Purpose of MTP

Microsoft wants to take a more active part in the realm of cyber security, and their threat protection gives them an important role of a cloud security provider. With their Intelligent Security Graph analysis, their Microsoft Threat Protection combines integration, intelligence, and correlation, and gives enterprises access to their computing power and scale.

Ideally, MTP will offer the following:

  1. Protection Against All Attack Vectors – The optimal solution is to stop all attacks, but since this is impossible, it should stop as much as possible from breaching the system.
  2. QUICK Detections When a Breach Occurs – Since some attacks will sneak by, it is crucial that they are detected as soon as possible.
  3. Response and Remediations – Once a breach is detected, adequate action should be taken. Here, automation options help take care of smaller threats by automatically remediating them, while larger threats will be brought to attention and the system will await input on what to do with them.

While MTP will make it easier to protect every aspect of your digital estate, user education and training are important too. Here, MTP wants to help businesses teach their employees about security risks, what they have to understand, and why they might be targets.

Ultimately, Microsoft Threat Protection should reduce complexity, time, and lower costs on incidents by offering an end-to-end security solution that also works with external security providers to truly extend their cyber security reach where it matters.

Posted on

How to Stop an Email Being Forwarded (for Free)

handing a piece of paper off over the table. How to stop emails being forwarded feature image

The risk of a data breach is higher than ever and still, not many people realise that your emails can be a breach of GDPR!  

All it takes is for someone to forward an email containing sensitive data to unwanted 3rd parties and bada bing, bada boom, you’re in breach.

(there are other ways your email can breach GDPR – check those out here)

So, how do you solve this?

GDPR Email Security in the Data Protection Era

Small and micro-business owners or entrepreneurs aren’t exempt from GDPR and they must still find solutions that will make them compliant.

While large enterprises have the means to implement the newest security measures easily, smaller businesses and entrepreneurs just don’t often have access to the right technology.

The simplest way to protect the data is to encrypt your email so you retain control over all data you send. Encryption ensures that only the contents of your email are accessible by the right recipient. If somebody else gets it by mistake or because it was forwarded, they won’t be able to read the contents.

The alternative is having a ‘Do Not Forward’ function on that prohibits the receiver from forwarding the email in the first place. Best case, you have both in place for full protection

How to Encrypt Your Email Messages

You can do this with Microsoft Azure Information Protection (AIP), which helps businesses classify and protect emails and other documents with a labelling system.

This system can even automatically detect sensitive data when configured correctly. With AIP, only the rightful recipient can read the email, and they won’t be able to forward it to anyone.

Unfortunately, this solution can be pricey for smaller businesses and the tool is focused towards the larger enterprises.

Smaller businesses and entrepreneurs need to look elsewhere.

My Protected Mail Helps You Keep Email Data Confidential

This is where My Protected Mail can help you here. This solution is similar to AIP but specifically focuses on providing services to small businesses, micro-businesses, and individuals. My Protected Mail offers encryption services (EaaS – encryption as a service) for your email communication. This benefits business owners because:

  • My Protected Mail not only uses the same principle as AIP but also the same architecture – it’s powered by Microsoft 365 Azure Information Protection.
  • The encryption process is automatic and super easy to use. When emailing through My Protected Mail, it will be encrypted automatically, giving you control over all data you are sending.
  • Each email you send through the system is also automatically flagged as “Do not forward.” This ensures all contents of the email stay with the recipient and cannot be shared with other parties.

 

How to Use My Protected Mail to Encrypt Email Messages

My Protected Mail is a cloud-based solution and doesn’t require any additional software installation on your part; you just need to make a few changes in the way you send your email. Here’s how:

    1. Instead of putting the recipient address into the recipient header, you will put [email protected] in there.
    2. The recipient email address goes to the Subject line instead.
    3. When you have finished writing your email, hit Send, and that’s it!

(Plus it works on whatever device or service you’re using so can work on a MAC too)

Sending Encrypted Email From a MAC

The recipient will get an email that will require an OTP (one-time passcode) to access the email. This passcode is received once the recipient clicks the link “Sign in with a one-time passcode.”

The best thing is you can try it out for free as the Free plan allows you to send up to fifteen emails per month and includes basic reply functionality (meaning you will continue the conversation protected).

Posted on

7 Best Ticketing Software for Managing Tech Support

7 Best Ticketing Software for Managing Tech Support feature image

The best ticketing software helps tech support resolve issues faster and allows managed service providers to offer a better service! Here are seven excellent IT ticketing software solutions that will optimise your IT support:

1. Spiceworks IT Help Desk

Spiceworks is amongst the best ticketing software solutions, and all their products are free!

It’s a full help-desk system with multiple-channel ticket support and network monitoring. All systems are customisable to meet the requirements of any business.

The most prominent features include automatic ticket routing, prioritisation, and notifications for IT teams, as well as a knowledge base for most common issues that can be integrated into a ticket.

2. ManageEngine ServiceDesk Plus

ManageEngine’s ServiceDesk Plus is a solution that helps an IT managed service provider with advanced automation options of many processes.

The project management module supports tracking of any number of IT projects and helps with planning. Ticket routing, prioritisation, and escalation options make it a favorite of many IT teams. The IT ticketing software automatically informs users about any changes to the status of their tickets and reported issues.

The analytical capabilities help link recurring issues to the root cause and eliminate their occurrence permanently. The knowledge base keeps the ticket inbox decluttered through self-service for end users.

Prices range from $10 to $50 per tech per month.

3. Remedy Service Desk

BMC’s Remedy Service Desk is the best option for an IT managed service provider who caters to enterprise users. It provides MSPs with a comprehensive service management suite that can be deployed in the cloud or on-premises.

  • Their incident management with service impact analysis is their best feature. It helps IT staff see how problems and incidents affect business systems.
  • Problem management detects recurring incidents and helps trace the cause.
  • Knowledge management delivers the required information directly to users and staff.

This service desk supports a multichannel report of incidents and issues via email, web service, self-service, social, or chat. Pricing is provided per request.

4. Freshdesk

Freshdesk is a solution that can work for internal IT departments, but it’s actually an IT ticketing software that’s better tailored for an IT managed service provider. Customer tickets are processed in a swift manner thanks to ticket workflow optimisation, routing, ticket response automation options, and service level agreement (SLA) management. The IT team can collaborate on a single ticket and resolve complex issues faster.

There’s a free plan available, while other tiers span from $19 to $89 per agent per month.

4. Zendesk

Zendesk is one of the best-designed ITSM solutions out there. Asset, problem, and incident management are done via a ticketing system that includes all the tools an IT team needs: ticket priority, tracking, and resolving have powerful automation options.

Everything is available from a central interface: on-premise information and third party apps, as well as self-service options and workflows, which makes it one of the best ticketing software designs available.

There’s a free trial and five price tiers that span from $5 to $199 per agent per month.

6. Jira Service Desk

Jira Service Desk is available as a cloud-based or on-premise solution that includes problem, change, and incident management, while the self-service feature helps users resolve tickets on their own by accessing a knowledge base.

The most notable feature includes the ability to link the Service Desk IT ticketing software to software issues, so the required IT experts will be notified about the issue faster.

There are two price tiers: $10 for up to three agents, and $20 for four to five agents, and discounts for larger groups.

7. SysAid

This is a cloud-based IT ticketing software that offers a wide array of features: from help-desk automation and IT asset management, all the way to performance analysis and monitoring.

Their incident report and service request modules, as well as their remote control capabilities, are their strongest features. They help track and resolve issues quickly. Their ticketing system is extensive and includes incident management, knowledge base, and a self-service portal, and incidents can even be reported via email. The tickets can be assigned automatically to the most appropriate IT professional, while escalation rules ensure all tickets are addressed in a timely manner.

The pricing is available from the vendor per request.

The best ticketing software helps resolve IT issues quickly but also plays a proactive role: by analysing incident reports, problems can be eliminated before they cause large-scale issues by tracing the root cause.

If you need help managing your IT support, contact us to discuss a quote.