Free illustrations of Cybersecurity

What Should You Do to Reduce Risk When Your Mobile Device Goes Missing?

Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more.

The information they hold is more personal than even that which is in your wallet. It’s because of all your digital footprints. This makes a lost or stolen device a cause for alarm.

It’s often not the device that is the biggest concern. It’s the data on the device and access the device has to cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.

There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing.

If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device.

In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.

The Minutes After the Loss of Your Device Are Critical

The things you do in the minutes after missing a device are critical. This is the case whether it’s a personal or business device. The faster you act, the less chance there is for exposure of sensitive data.

What Types of Information Does Your Device Hold?

When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:

  • Documents
  • Photos & videos
  • Access to any logged-in app accounts on the device
  • Passwords stored in a browser
  • Cloud storage access through a syncing account
  • Emails
  • Text messages
  • Multi-factor authentication prompts that come via SMS
  • And more

Steps to Take Immediately After Missing Your Device

As we mentioned, time is of the essence when it comes to a lost mobile device. The faster you act, the more risk you mitigate for a breach of personal or business information.

Here are steps you should take immediately after the device is missing.

Activate a “Lock My Device” Feature

Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down.

What about “find my device?”

There is usually also a “find my device” feature available in the same setting area. Only use this to try to locate your device if you feel it’s misplaced, but not stolen. You don’t want to end up face to face with criminals!

Report the Device Missing to Your Company If It’s Used for Work

If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked.

Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach.

Log Out & Revoke Access to SaaS Tools

Most mobile devices have persistent logins to SaaS tools. SaaS stands for Software as a Service. These are accounts like Microsoft 365, Trello, Salesforce, etc.

Use another device to log into your account through a web application. Then go to the authorized device area of your account settings. Locate the device that’s missing, and log it out of the service. Then, revoke access, if this is an option.

This disconnects the device from your account so the thief can’t gain access.

Log Out & Revoke Access to Cloud Storage

It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection.

They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.

Active a “Wipe My Device” Feature

Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device.

Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data.

Need Mobile Device Security Solutions?

No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

white wooden door with silver door lever

Microsoft Productivity Score Overview

Productivity can be challenging to track, no matter where employees are working. How do you know they’re using their tools as effectively as possible? How can you enable them to adopt best practices?

These are questions that managers often ask themselves. If they’re looking at the wrong things, it can get in the way of empowering their team. For example, you can’t grade productivity simply by “clock in/clock out” times.

In today’s hybrid and mobile offices, the value and work product an employee brings is a better gauge. But you also must look at what may be getting in the way of great employees doing great work.

Technology tools can slow down dedicated workers if they’re not familiar with them. Employees may be doing things the way they always have been, and not realize there is a better way. A faster way.

But productivity can be a tricky area to address. You don’t want to invade a remote employee’s privacy by tracking their every keystroke. Nor would that likely help with positive forward motion.

What’s the answer?

If your company uses Microsoft 365 then you have a tool you can use to find nuggets of productivity gold. This tool is Microsoft Productivity Score.

What Does Microsoft Productivity Score Do?

Microsoft Productivity Score looks at some core areas of your employees’ workflow. It also looks at them in aggregate. Because it’s looking at your team as a whole, you avoid issues with employees feeling personally spied on.

The tool gives you helpful insights that you can share with your staff. These insights help to boost their performance. It also includes hardware-related information. You can use this to see if your company tools are holding people back.

MS Productivity Score looks at the following areas.

People Experiences

This category looks at how people work. Are they using best practices for collaboration or are they doing things the hard way? Do meetings go on forever? Are employees still emailing attachments instead of using shared cloud storage links?

One example of an insight from this category is as follows. Each employee can save an average of 100 minutes per week by collaborating with online files. Productivity Score can show you where your team stands in this metric, and many others.

Saving 100 minutes per week is equal to approximately 86.6 hours per year. That’s over 2 full workweeks!

People experiences
All Productivity Score images are from Microsoft.

The subcategories within people experiences are:

  • Communication
  • Content collaboration
  • Mobility
  • Meetings
  • Teamwork

Technology Experiences

Technology experiences look at the health and performance of your devices. Do you have hardware and software on endpoints that are causing issues? Is it slowing your team down? Are there network connectivity problems? Are apps updated as they should be?

This category will look at the technology that your team works with and let you know of any risk areas. When technology is not functioning well or isn’t secure, it can slow your business down.

You’ll find these three subcategories in the technology experiences area:

  • Endpoint analytics (You need Intune for these)
  • Network connectivity
  • Microsoft 365 apps health

Special Reports

Besides the people and technology experiences, there is more. Microsoft Productivity Score has a special reports area. It provides details on business continuity.

This report can show you how employee collaboration and other activities are changing. It looks at these as your company goes through transitions. Such as when you transition to remote working or back to in-office work. This report tells you how these changes impact your team’s productivity.

Special-reports

How Productivity Score Helps Your Company

Automatic Metrics Tracking

Microsoft Productivity Score tracks your team’s use of Microsoft 365 applications automatically. It then will provide you with helpful information on how staff use their digital tools.

These metrics give you a good picture of whether employees are using best practices. Often, they simply need guidance to learn a more efficient way of doing something.

Insights to Understand the Data

The tool provides you with helpful insights to understand the data. You won’t only get the metrics; you’ll get the context. This allows you to educate yourself. Then you can educate your employees on things that improve workflow and save time.

For example, getting a response quickly to a question saves time. But you may not realize that using @mentions can help achieve that. Productivity Score will tell you how many people use @mentions in team communications. And also, how much this increases the response rate.

Insights to understand the Data

Recommended Actions to Take

The third piece of guidance you gain is what to do about the information. Productivity Score will give you actionable recommendations to improve a metric. This helps you to improve productivity.

The combination of the metric, insight, and recommendation make this a comprehensive tool.

Would You Like to Get Started with Microsoft Productivity Score?

We can help you get your organization started with this great tool. And provide solutions to increase company productivity. Give us a call and let’s chat!


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free illustrations of Upload

Helpful Tips for Keeping Your Shared Cloud Storage Organized

Cloud file storage revolutionized the way we handle documents. No more having to email files back and forth. No more wondering which person in the office has the most recent copy of a document.

Between 2015 and 2022, the percentage of worldwide corporate data stored in the cloud doubled. It went from 30% to 60%. A majority of organizations use cloud storage of some type. Typical services include OneDrive, Google Drive, Dropbox, and others.

But just like the storage on your computer’s hard drive, cloud storage can also get messy. Files get saved in the wrong place and duplicate folders get created. When employees are sharing the same cloud space it’s hard to keep things organized. Storage can be difficult to keep efficient.

Disorganized cloud storage systems lead to problems. This includes having a hard time finding files. As well as spending a lot of extra time finding needed documents. It’s estimated that 50% of office workers spend more time looking for files than they do actually working

Has your office been suffering from messy cloud storage? Does it seem to get harder and harder to find what you need? Review the tips below. They include several ways to tidy up shared cloud storage spaces and save time.

Use a Universal Folder Naming Structure

One person in an office might choose to name a folder by client name. Another person might use the type of industry. When people use different naming structures for folders, it’s harder for everyone. They often can’t find what they need. It also leads to the creation of duplicate folders for the same thing.

Use a universal folder naming structure that everyone follows. Map out the hierarchy of folders and how to name each thing. For example, you might have “departments” as an outer folder and nest “projects” inside.

With everyone using the same naming system, it will be easier for everyone to find things. You also reduce the risk of having duplicate folders.

Keep File Structure to 2-3 Folders Deep

When you have too many folders nested, it can take forever to find a file. You feel like you must click down one rabbit hole after another. When people need to click into several folders, it discourages them from saving a file in the right place.

To avoid this issue, keep your file structure only two to three folders deep. This makes files easier to find and keeps your cloud storage more usable.

Don’t Create Folders for Fewer Than 10 Files

The more folders people have to click into to find a document, the more time it takes. Folders can quickly add up as employees create them, not knowing where a file should go.

Use a rule for your cloud storage that restricts folder creation to 10 files or more. This avoids having tons of folders with less than a handful of files in them. Have someone that can act as a storage administrator as well. This can then be the person someone asks if they’re not sure where to store a file.

Promote the Slogan “Take Time to Save It Right”

File storage can get disorganized fast when people save files to a general folder. We’re all guilty from time to time of saving to something general, like the desktop on a PC. We tell ourselves that we’ll go back at some point and move the file where it should be.

This issue multiplies when you have many people sharing the same cloud storage space. Files that aren’t where they belong add up fast. This makes it harder for everyone to find things.

Promote the slogan “take time to save it right” among the staff. This means that they should take the extra few seconds to navigate where the file should be to save it. This keeps things from getting unmanageable. If you use a file structure that’s only 2-3 folders deep, then this should be easier for everyone to abide by.

Use Folder Tags or Colors for Easier Recognition

Many cloud file systems allow you to use color tagging on folders. Using this can make a folder or group of folders instantly recognizable. This reduces the time it takes to find and store files.

For example, you could color all folders dealing with sales as green. Folders for marketing could be orange, and so on. The brain can make the connection to a topic faster when you look at a color than when reading through text,

Declutter & Archive Regularly

Files get created at a dizzying pace these days. The more files you add to a cloud storage system, the harder it is to sort through to find what you need. This is true even if the file storage is well organized.

Keep older files from making it harder to find new ones. Do this by decluttering and archiving on a regular basis. This involves having an admin delete any unnecessary files once per month. For example, duplicate files or old draft versions of a document.

You should also have an archiving system in place that puts all older files in one big archive folder. This keeps files that aren’t actively used any longer out of the main file path.

Come to Us for Efficient Cloud Solutions

Is your cloud storage doing what you need it to do? Do you have a disconnection between cloud storage and your other apps? We can help. Reach out and let’s chat.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

person holding pencil near laptop computer

6 Important IT Policies Any Size Company Should Implement

Many small businesses make the mistake of skipping policies. They feel that things don’t need to be so formal. They’ll just tell staff what’s expected when it comes up and think that’s good enough.

But this way of thinking can cause issues for small and mid-sized business owners. Employees aren’t mind readers. Things that you think are obvious, might not be to them.

Not having policies can also leave you in poor legal standing should a problem occur. Such as a lawsuit due to misuse of a company device or email account.

Did you know that 77% of employees access their social media accounts while at work? Further, 19% of them average 1 full working hour a day spent on social media. In some cases, employees are ignoring a company policy. But in others, there is no specific policy for them to follow.

IT policies are an important part of your IT security and technology management. So, no matter what size your business is, you should have them. We’ll get you started with some of the most important IT policies your company should have in place.

Do You Have These IT Policies? (If Not, You Should)

Password Security Policy

About 77% of all cloud data breaches originate from compromised passwords. Compromised credentials are also now the number one cause of data breaches globally.

A password security policy will lay out for your team how to handle their login passwords. It should include things like:

  • How long passwords should be
  • How to construct passwords (e.g., using at least one number and symbol)
  • Where and how to store passwords
  • The use of multi-factor authentication (if it’s required)
  • How often to change passwords

Acceptable Use Policy (AUP)

The Acceptable Use Policy is an overarching policy. It includes how to properly use technology and data in your organization. This policy will govern things like device security. For example, you may need employees to keep devices updated. If this is the case, You should include that in this policy.

Another thing to include in your AUP would be where it is acceptable to use company devices. You may also restrict remote employees from sharing work devices with family members.

Data is another area of the AUP. It should dictate how to store and handle data. The policy might require an encrypted environment for security.

Cloud & App Use Policy

The use of unauthorized cloud applications by employees has become a big problem. It’s estimated that the use of this “shadow IT” ranges from 30% to 60% of a company’s cloud use.

Often, employees use cloud apps on their own because they don’t know any better. They don’t realize that using unapproved cloud tools for company data is a major security risk.

A cloud and app use policy will tell employees what cloud and mobile apps are okay to use for business data. It should restrict the use of unapproved applications. It should also provide a way to suggest apps that would enhance productivity.

Bring Your Own Device (BYOD) Policy

Approximately 83% of companies use a BYOD approach for employee mobile use. Allowing employees to use their own smartphones for work saves companies money. It can also be more convenient for employees because they don’t need to carry around a second device.

But if you don’t have a policy that dictates the use of BYOD, there can be security and other issues. Employee devices may be vulnerable to attack if the operating system isn’t updated. There can also be confusion about compensation for the use of personal devices at work.

The BYOD policy clarifies the use of employee devices for business. Including the required security of those devices. It may also note the required installation of an endpoint management app. It should also cover compensation for business use of personal devices.

Wi-Fi Use Policy

Public Wi-Fi is an issue when it comes to cybersecurity. 61% of surveyed companies say employees connect to public Wi-Fi from company-owned devices.

Many employees won’t think twice about logging in to a company app or email account. Even when on a public internet connection. This could expose those credentials and lead to a breach of your company network.

Your Wi-Fi use policy will explain how employees are to ensure they have safe connections. It may dictate the use of a company VPN. Your policy may also restrict the activities employees can do when on public Wi-Fi. Such as not entering passwords or payment card details into a form.

Social Media Use Policy

With social media use at work so common, it’s important to address it. Otherwise, endless scrolling and posting could steal hours of productivity every week.

Include details in your social media policy, such as:

  • Restricting when employees can access personal social media
  • Restricting what employees can post about the company
  • Noting “safe selfie zones” or facility areas that are not okay for public images

Get Help Improving Your IT Policy Documentation & Security

We can help your organization address IT policy deficiencies and security issues. Reach out today to schedule a consultation to get started.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free vector graphics of Website

6 Discontinued Technology Tools You Should Not Be Using Any Longer

One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out. New tools replace those that are obsolete. Discontinued technology can leave computers and networks vulnerable to attacks.

While older technology may still run fine on your systems that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach.

Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a cybersecurity breach.

Approximately 1 in 3 data breaches are due to unpatched system vulnerabilities.

Another problem with using discontinued technology is that it can leave you behind. Your business can end up looking like you’re in the stone ages to your customers, and they can lose faith and trust.

Important reasons to keep your technology updated to a supported version are:

  • Reduce the risk of a data breach or malware infection
  • Meet data privacy compliance requirements
  • To keep a good reputation and foster customer trust
  • To be competitive in your market
  • To mitigate hardware and software compatibility issues
  • To enable employee productivity

Older systems are clunky and get in the way of employee productivity. If you keep these older systems in use, it can lead to the loss of good team members due to frustration.

49% of surveyed workers say they would consider leaving their jobs due to poor technology.

Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use on your home computer or within your business?

Get Rid of This Tech Now If You’re Still Using It

Internet Explorer

Many moons ago, Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers edged it out. Including its replacement, Microsoft Edge.

Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser loses all support beginning on June 15, 2022.

Adobe Flash

Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.

The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.

Windows 7 and Earlier

Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11 are now in widespread use. The Windows 7 OS lost support on January 14, 2020.

While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.

macOS 10.14 Mojave and Earlier

Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.

If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple, and you need to upgrade.

Oracle 18c Database

If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.

The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.

Microsoft SQL Server 2014

Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. And in July of 2024, all support, including security updates will stop.

This gives you a little more time to upgrade before you’re in danger of not getting security patches. But it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.

Get Help Upgrading Your Technology & Reducing Risk

Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues. We can help you upgrade your technology smoothly and do thorough testing afterward. Schedule a technology review today.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free vector graphics of Hack

How Using the SLAM Method Can Improve Phishing Detection

There is a reason why phishing is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email.

Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example.

If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.

Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they’ve learned, and cybersecurity suffers as a result.

Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing identification.

What is the SLAM Method for Phishing Identification?

One of the mnemonic devices known to help people remember information is the use of an acronym. SLAM is an acronym for four key areas of an email message to check before trusting it.

These are:

S = Sender
L = Links
A = Attachments
M = Message text

By giving people the term “SLAM” to use, it’s quicker for them to check suspicious email. This device helps them avoid missing something important. All they need to do use the cues in the acronym.

Check the Sender

It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing.

In this phishing email below, the email address domain is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you, by putting the real company’s URL inside their fake one.

Check the Sender

You can see that the email is very convincing. It has likely fooled many people into divulging their personal details. People applying for a credit card provide a Social Security Number, income, and more.

Doing a quick search on the email address, quickly reveals it to be a scam. And a trap used in both email and SMS phishing attacks.

Scam Email search

It only takes a few seconds to type an email address into Google. This allows you to see if any scam warnings come up indicating a phishing email.

Hover Over Links Without Clicking

Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t contain any dangerous code. Instead, it links to a site that does.

Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam.

Hover over links without clicking

When looking at email on a mobile device, it can be trickier to see the URL without clicking on it. There is no mouse like there is with a PC. In this case, it’s best not to click the URL at all. Instead go to the purported site to check the validity of the message.

Never Open Unexpected or Strange File Attachments

File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar word document and open it without thinking.

It’s getting harder to know what file formats to avoid opening. Cybercriminals have become savvier about infecting all types of documents with malware. There have even been PDFs with malware embedded.

Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening.

Read the Message Carefully

We’ve gotten great at scanning through text as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake.

Look at the phishing example posted above in the “Links” section. There is a small error in grammar in the second sentence. Did you spot it?

It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate.

Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free illustrations of Cyber

Did You Just Receive a Text from Yourself? Learn What Smishing Scams to Expect

How many text messages from companies do you receive today as compared to about two years ago? If you’re like many people, it’s quite a few more.

This is because retailers have begun bypassing bloated email inboxes. They are urging consumers to sign up for SMS alerts for shipment tracking and sale notices. The medical industry has also joined the trend. Pharmacies send automated refill notices and doctor’s offices send SMS appointment reminders.

These kinds of texts can be convenient. But retail stores and medical practices aren’t the only ones grabbing your attention by text. Cybercriminal groups are also using text messaging to send out phishing.

Phishing by SMS is “smishing,” and it’s becoming a major problem.

Case in point, in 2020, smishing rose by 328%, and during the first six months of 2021, it skyrocketed nearly 700% more. Phishing via SMS has become a big risk area. Especially as companies adjust data security to a more remote and mobile workforce.

How Can I Text Myself?

If you haven’t yet received a text message only to find your own phone number as the sender, then you likely will soon. This smishing scam is fast making the rounds and results in a lot of confusion. Confusion is good for scammers. It often causes people to click a malicious link in a message to find out more details.

Cybercriminals can make it look like a text message they sent you is coming from your number. They use VoIP connections and clever spoofing software.

If you ever see this, it’s a big giveaway that this is an SMS phishing scam. You should not interact with the message in any way and delete it instead. Some carriers will also offer the option to delete and report a scam SMS.

Popular Smishing Scams to Watch Out For

Smishing is very dangerous right now because many people are not aware of it. There’s a false sense of security. People think only those they have given it to will have their phone number.

But this isn’t the case. Mobile numbers are available through both legitimate and illegitimate methods. Advertisers can buy lists of them online. Data breaches that expose customer information are up for grabs on the Dark Web. This includes mobile numbers.

Less than 35% of the population knows what smishing is.

It’s important to understand that phishing email scams are morphing. They’ve evolved into SMS scams that may look different and be harder to detect.

For example, you can’t check the email address to see if it’s legitimate. Most people won’t know the legitimate number that Amazon shipping updates come from.

Text messages also commonly use those shortened URLs. These mask the true URL, and it’s not as easy to hover over it to see it on a phone as it is on a computer.

You need to be aware of what’s out there. Here are some of the popular phishing scams that you may see in your own text messages soon.

Problem With a Delivery

Who doesn’t love getting packages? This smishing scam leverages that fact and purports to be from a known shipper like USPS or FedEx. It states that there is a package held up for delivery to you because it needs more details.

The link can take users to a form that captures personal information used for identity theft. One tactic using this scam is to ask for a small monetary sum to release a package. Scammers created the site to get your credit card number.

Fake Appointment Scheduling

This scam happened to a community in South Carolina. They had recently had an installation of AT&T fiber internet lines in their neighborhood. Following the installation, AT&T did a customer drive to sign people up for the service.

During this time, one homeowner reported that he received a text message. It pretended to be from AT&T about scheduling his fiber internet installation. He thought it was suspicious because the address they gave was wrong. The scammer had wanted him to text back personal details.

Get Your Free Gift

Another recent smishing scam is a text message that doesn’t say who it’s from. It says, “Thank you for your recent payment. Here is a free gift for you.” It includes a link at the bottom of the message.

This is a widespread scam that many have noted online. And it’s an example of a scammer using a common fact. The fact that most people would’ve paid some type of bill recently and mistake the text to be from a company they know. It also lures people in with the promise of giving them a free gift.

Does Your Mobile Device Have the Security It Needs?

Smishing scams are very clever and can easily infect your device with malware. Do you have the proper security precautions (mobile antivirus, DNS filtering, etc.)?

If not, give us a call. We can help!


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free illustrations of Security

How Often Do You Need to Train Employees on Cybersecurity Awareness?

You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.

You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.

People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.

So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.

Why Is Cybersecurity Awareness Training Each 4-Months Recommended?

So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus training frequency. It looked at training on phishing awareness and IT security.

Employees took phishing identification tests at several different time increments:

  • 4-months
  • 6-months
  • 8-months
  • 10-months
  • 12-months

The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.

To keep employees well prepared, they need training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy.

Tips on What & How to Train Employees to Develop a Cybersecure Culture

The gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured.

This is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.

The report states the following,

“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Well-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods.

Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:

  • Self-service videos that get emailed once per month
  • Team-based roundtable discussions
  • Security “Tip of the Week” in company newsletters or messaging channels
  • Training session given by an IT professional
  • Simulated phishing tests
  • Cybersecurity posters
  • Celebrate Cybersecurity Awareness Month in October

When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.

Phishing by Email, Text & Social Media

Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams.

Credential & Password Security

Many businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools.

Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager.

Mobile Device Security

Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.

Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.

Data Security

Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.

Train employees on proper data handling and security procedures. This reduces the risk you’ll fall victim to a data leak or breach that can end up in a costly compliance penalty.

Need Help Keeping Your Team Trained on Cybersecurity?

Take training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program. One that helps your team change their behaviors to improve cyber hygiene.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free photos of Computer

Home Security: Why You Should Put IoT Devices on a Guest Wi-Fi Network

The number of internet-connected devices in homes has been growing. It’s increased exponentially over the last decade. A typical home now has 10.37 devices connected to the internet. PCs and mobile devices make up a little over half of those and the rest are IoT devices.

IoT stands for Internet of Things. It means any other type of “smart device” that connects online. IoT devices in a home can be everything from your streaming stick to your smart refrigerator. Smart baby monitors and Alexa voice assistants are also IoT.

There’s also been another change that has happened over the last couple of years. It has been the increase in remote and hybrid work. The pandemic caused a major shift in where we work, turning the standard office paradigm on its head.

Now, working remotely has become the norm for many companies around the world. This has put increased scrutiny on the security of all those IoT devices. They are now sharing a Wi-Fi network with business data and devices.

Here are two alarming statistics that illustrate the issue with IoT security:

  • During the first six months of 2021, the number of IoT cyberattacks was up by 135% over the prior year.
  • It’s estimated that over 25% of cyberattacks against businesses involve IoT devices

Hackers Use IoT Devices to Get to Computers & Smartphones

Smart devices are a risk to any other device on a network. They are typically easier to breach. So, hackers will use them as a gateway into more sensitive devices.

A criminal may not care about the shopping list stored in your smart refrigerator. But they’ll breach that IoT device to see what other devices are on the same network.

The hacker can then use sharing and permissions that are often present on home networks. Through these, they gain access to your work computer or mobile device. These devices hold important data, and access to personal details.

Why are IoT devices less secure than computers and smartphones? Here are a few reasons:

  • They usually won’t have antivirus or anti-malware capabilities
  • Users often don’t update IoT devices regularly
  • They have basic interfaces which can hide a breach of the device
  • People often don’t change the default device username and password.
  • Sharing settings on IoT devices makes them easier to hack

Improve Security by Putting IoT on a Separate Wi-Fi Network

Just about all modern routers will have the ability to set up a second Wi-Fi network, called a “guest network.” This shows up when you connect to Wi-Fi as a separate Wi-Fi that a device can use to get online.

Separate Wi-Fi

By putting all your IoT devices on a separate network you improve security. You cut that bridge that hackers use to go from an IoT device to another device on the same network. Such as those that hold sensitive information (computers and mobile devices).

In fact, when you separate those two (IoT devices and sensitive-info devices) a hacker can’t see all. If they breach one of your smart devices, they can’t tell you have a PC or smartphone. This is because they’re on the other network.

This is an important layer of security to use. Whether you’re a remote worker or use your computer for home budgeting and banking, it can help. All PCs and smartphones usually contain access to online banking or personal information.

Here are the steps to take to separate your IoT devices. (Note, you can also have this done by us, we’ll be happy to handle all these steps for you.)

  • Step 1: Log into your router settings.
  • Step 2: Look for an area that allows you to set up a guest network. This will be different for each router, so you may need to access a help guide online.
  • Step 3: Set up the guest network according to the router prompts. Make sure to use a strong password.
  • Step 4: Edit the password for your existing network. This keeps IoT devices from automatically reconnecting to it.
  • Step 5: Connect all IoT devices in your home to the new guest network.
  • Step 6: Reconnect your sensitive devices (computers, smartphones) to the preexisting network. Use the new password.

As you add any new devices to your home network, make sure to connect them to the appropriate network. This keeps the layer of security effective.

One more tip: When naming your Wi-Fi networks, don’t use descriptive names. This includes things like “IoT network” or your name, address, or router model name.

It’s best to use names that won’t give the hackers valuable information they can use in attacks.

Need Help Upgrading Your Home Cybersecurity?

With so many remote workers, hackers have begun targeting home networks. They know they can contain sensitive business as well as personal data. Don’t leave yourself open to a breach. Schedule a home internet security review today!


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

turn-on laptop displaying 97 percent battery

Get More Unplugged Laptop Time with These Battery-Saving Hacks

One of the big draws of a laptop computer is that you can use it anywhere. You don’t need to have it plugged in all the time because it has an internal battery.

Your laptop may start out with several hours of battery life when you first buy it. But the lifespan can get shorter as time goes by and battery health takes a hit. Sometimes this can be due to a lack of PC maintenance. Other times, it’s due to the environments the laptop is subject to (such as a hot car).

Seeing your laptop’s battery capacity shrink can be frustrating. But there are several things you can do to increase the time you can go without needing to plug it in.

Lower the Display Brightness

The brighter your display is, the more battery power it’s taking. Have you ever hit the automated low battery mode on a laptop? Then you know you immediately notice a difference in brightness. This is because that setting turns down the brightness. It’s one of the ways to reduce battery consumption.

You can turn down the brightness of your screen in your display settings. You can also use the brightness keys that are usually in the top row of keys on a laptop keyboard.

Reduce PC Battery Use in Power/Sleep Settings

Here’s one way to increase the time you can use your unplugged laptop without a power source. Adjust some of its power and sleep settings.

Power Settings

If you’re using Windows, open the search on the Task Bar. Type in “power settings.” This directs you to the power, sleep, and battery settings in your system settings.

Look for any tips at the top for increasing battery longevity. Such as, making the time your screen goes dark after inactivity and the time it goes to sleep the same.

Then review the settings, such as Screen and sleep, and Power mode. Find the ones that will reduce your PC’s battery consumption. This will extend the time you can go without a new charge.

Power & Battery

Enable Battery-Saver Mode

You don’t have to wait until your PC hits 10% for it to go into battery-saver mode. You can control this and enable it yourself in your system settings.

Do you know you’re going to be without a power source for a while? Put your PC in power-saver or battery-saver mode right away, so you can extend the charge as long as possible.

Use the Manufacturer’s Battery Calibration Tool

Manufacturers will have their own PC maintenance tools installed. You can use for battery calibration. Sometimes calibrating the battery can correct an issue with a battery life. Especially if life has gotten shorter than when you first purchased your laptop.

Look for a manufacturer’s built-in maintenance app. It will usually be on the Task Bar unless you’ve hidden it. When you open that, you may find that you need to do a calibration or other maintenance task.

Battery Calibration Tool

Get a Computer Tune-up

If you have processes running in the background it can sap your battery life. Processes that aren’t needed can often run anyhow. Getting a computer tune-up from your IT provider can solve a lot of different issues. This includes such as computers that get sluggish, and often, the battery life too.

Consider Using Microsoft Edge Browser for Its Efficiency Settings

If like most people, you keep a lot of browser tabs open while you’re working on your PC. They could be sapping your battery power.

Consider trying Microsoft’s Edge browser. It has been gaining in popularity ever since it incorporated the Chromium engine. This is the same one Chrome uses.

The browser has several power-saving features that you can enable in your settings. Search “sleeping tabs” in Edge settings to find these. They include:

  • Enable efficiency mode (choose from the available options)
  • Enable Sleeping Tabs and fade them when asleep
  • Choose when you would like to put inactive browser tabs to sleep to conserve battery power.
Microsoft Edge Browser Features

Turn Off Unnecessary Apps Hogging Battery Power

Check the apps that are running on your PC in the Task Manager. Do you really need them all to run when you’re unplugged and trying to conserve battery power?

Often processes that aren’t 100% necessary all the time will be running. Such as an update service or cloud storage syncing app. Close the apps you don’t need to use at that time to lengthen battery life.

Keep Your PC Out of Too Much Heat or Freezing Temps

Both excess heat and freezing temperatures can be bad for a computer. This includes shortening the battery life.

You should never leave your laptop in a car on a hot day or when it’s freezing outside. Also, it might not seem particularly hot to you, but if it’s sunny, the inside of a vehicle can heat up pretty quickly. Be aware of the temperature extremes that your laptop is subject to.

Looking for a PC Tune-Up or Battery Replacement?

We can help you with a full system tune-up or a laptop battery replacement if needed. Don’t struggle with short battery life when you can have that fixed in no time! Give us a call today and let’s chat.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.