3 Significant Developments in Ransomware Campaigns
Cybercriminals are continually trying to make their ransomware campaigns more effective. Here are three developments you should know about.Read more
6 Topics to Cover in a Telecommuting Policy
The number of employees working from home has gone up dramatically due to the coronavirus pandemic. Companies that plan to continue letting employees work from home need to formalize that arrangement with a telecommuting policy. Here are six topics often discussed in in this type of policy.Read more
Windows 10 Bug Causes Connected Monitors to Go Black
A bug in Windows 10 Version 2004 is causing external monitors to go black when users try to draw using certain apps. Learn about this bug and what Microsoft is doing about it.Read more
5 Ways to Make Your Virtual Meetings More Effective
Just like with face-to-face meetings, virtual meetings need to be well planned and executed to maximize their usefulness. Here are five ways you can make your virtual meetings more effective.Read more
The End Is Near for These Productivity Apps
Soon many productivity apps will no longer be supported by Microsoft because they are reaching the end of their lifecycle. Find out which popular programs are affected and what your options are. Read more
3 Coronavirus-Themed Phishing Emails That Might Be Headed to Your Business
Nowadays, more than 80% of cyberattacks incorporate a coronavirus theme. Here are three real-life examples of Coronavirus-themed phishing emails that hackers sent specifically to businesses.Read more
Windows 10 Bug Is Causing Connectivity Problems on Remote Employees’ Computers
A connectivity bug is preventing certain apps from connecting to the Internet on some Windows 10 computers. Find out which machines are affected and how to get rid of it.Read more
5 Ways to Maintain Business Continuity During the Coronavirus Crisis
Staying in business during the coronavirus pandemic can be challenging. Here are five ways to help keep your employees healthy and your operations running. While some businesses are shutting down during the Coronavirus Disease 2019 (COVID-19) pandemic, many are remaining open. Staying operational in this new environment can be challenging, though. Companies face the real possibility of having many of having many of their employees become suddenly ill or having their computer systems become incapacitated. Here are 5 ways to help keep your employees and your operations running during the coronavirus crisis:
- Clean Frequently Touched Surfaces Often
COVID-19 is highly contagious. One way employees can get the virus is by touching a surface it is on and then touching their mouth, nose, or eyes. Thus, it is important for your business to regularly clean surfaces that are frequently touched. While some surfaces are obvious targets for cleaning (bathroom and breakroom surfaces), others are not (e.g., printer LED displays, elevator buttons, door knobs).
Businesses in non-healthcare settings can use the cleaning agents they normally use to clean frequently touched surfaces, according to the US Department of Health & Human Services' Centers for Disease Control and Prevention (CDC). However, if an employee has tested positive for COVID-19 or is suspected of having it, more stringent cleaning procedures are necessary.
Besides making sure that frequently touched surfaces in your business's common areas are cleaned regularly, you might also want to provide disposable wipes that employees can use to clean their desks, phones, computers, and peripherals (e.g., keyboard and mouse). With wipes readily available, employees will be more likely to keep their personal space and devices clean.
- Provide Guidance on How to Keep Viruses at Bay
One of the best defenses against COVID-19 and other viruses is good hand hygiene. Washing your hands with soap and water for at least 20 seconds kills the coronavirus, according to the World Health Organization (WHO). An alcohol-based hand sanitizer will also kill it, provided the hand sanitizer contains at least 60% alcohol. So, you should make sure the soap dispensers in your company are filled regularly. (It does not have to be anti-bacterial soap.) You might also want to place alcohol-based hand sanitizer in common areas where there are no faucets, such as reception areas and conference rooms.
Providing employees with guidance on how and when to wash their hands is just as important as providing the soap. Besides washing them for at least 20 seconds, there is a technique that people should use. The CDC recommends that companies instruct employees on when and how to wash their hands and put up posters to remind them to do so.
- Provide Guidance on How to Keep Another Type of Virus at Bay
Unfortunately, COVID-19 is not the only virus your company needs to worry about. The pandemic is prompting new cyberattacks. Hackers are playing on people's fears about the health crisis to trick them into installing computer viruses. For example, in March 2020, hackers pretended to be WHO officials in phishing emails. The emails urged recipients to open an attached Microsoft Word document that contained information on coronavirus precautions. However, the file also included malicious code that led to an infection by a Windows virus named TrickBot.
Getting infected with a computer virus like TrickBot while trying to deal with the COVID-19 crisis could spell disaster for a company. Thus, you should warn employees about the influx of phishing emails and other types of cyberattacks tied to COVID-19. You should also provide training on how to avoid becoming a cybercrime victim (e.g., how to spot phishing emails, how to check for deceptive links in emails) if you have not already done so.
- Hold Virtual Meetings Instead of In-Person Meetings
Virtual meetings have long been touted as a way to help companies save money and improve productivity. The coronavirus crisis has brought to light another important benefit of virtual meetings: They reduce employees' risk of exposure to COVID-19 while enabling them to communicate and interact with customers, business associates (e.g., supplier reps), and other employees. To participate in virtual meetings, employees typically only need a computing device, web camera (webcam), Internet connection, and video-teleconferencing solution (e.g., Microsoft Skype, Google Hangouts, GoToMeeting, Cisco Webex Meetings).
- Let Employees Telecommute to Work
Because of the coronavirus pandemic, health officials and government leaders are recommending social distancing — a strategy used to slow down the spread of contagious diseases like COVID-19. A key concept in this strategy is keeping space between people — the more space, the better. This reduces the chance that people will come in contact with someone who is knowingly or unknowingly infected with the coronavirus. The latter is important to keep in mind. People who are infected with mild symptoms might still come to work, thinking that they just have a cold. In some cases, people have no symptoms. One study of 450 coronavirus patients in China found that more than 10% of them were infected by someone who had the coronavirus but were asymptomatic.
One way to practice social distancing is to have employees work from home if possible. Using public cloud-based business and productivity apps (e.g., Microsoft Office 365, Google G Suite, Salesforce) can make the transition easier. However, you still need to set up systems to support those employees. For example, you need to provide a secure, reliable way for employees to connect to your business's computer systems, especially if they are using their own personal computing devices. One possible solution is to use a remote-access virtual private network (VPN).
If working at home is not an option, employees should follow another social distancing practice: maintaining a distance of six feet from each other. To encourage this, you should make sure that employees' desks and other work areas are six feet apart from each other. If spreading out is not possible, another option might be to implement flexible work hours (e.g., staggered shifts) to increase the physical distance between employees.
Change Is Not Easy — We're Here If You Need Help
These are only some of measures that companies can take to maintain business continuity during the coronavirus crisis. There are others, such as cross-training employees on essential business operations and developing an infectious disease outbreak response plan.
After you decide which measures you want to take, we can develop the IT infrastructure needed to support those changes. For example, we can help you select and implement a virtual meeting solution or set up secure home offices.
518432882 flickr photo by cambodia4kidsorg shared under a Creative Commons (BY) license
Going Remote on 1 Day Notice
The impact of COVID-19 is becoming harder for business owners to ignore. If you’re following the recommendations of the World Health Organization, Center for Disease Control, and your local governments; you’ve switched to a remote-based operation. Many businesses are trying to figure out how to go remote. Here are a few items to consider to prepare for a smooth transition.
- Equipment for Staff to Work at Home
How many businesses have an arsenal of extra laptops, desktops, monitors, and other tech equipment sitting on a shelf in case of an emergency? Owners are finding most of their staff no longer own computers, and have shifted to tablets and phones.
Determine who has a home computer they can use for work purposes. What operating system is their home PC running? Is it a Windows or Apple computer? Do they need two monitors to maintain productivity at home? Stores like Office Depot, are creating "work from home" packages that include ergonomic keyboards, mouse and other workstation tech equipment. Make sure to complete your research before making purchases and price compare other options.
How much in-office equipment can be transferred to your employees' home? In many cases, allowing staff to take their work system home, in its entirety, is the simple solution. Consider drafting a simple Equipment Checkout Agreement for the staff and supervisor to sign, maintaining record of the company equipment leaving the building.
- VPN & Remote Capabilities
For Windows based users, setting up VPN access can be pivotal to continued productivity. The decision to go remote is being made quickly and difficult for staff to think of what will be needed to work from home over the next few weeks (or months.) Transfer your files to your cloud solution if you have access from your home, or transfer to a secure Google Drive or similar method. Make sure your password key chain is accessible from your browser at home, or have the necessary access in the event you need to change passwords in order to regain access.
Your network can be set up to allow VPN access. You’ll need to determine the number of ports first. Setting up 50 ports on your network because there are 50 employees that need to work from home now might not have enough bandwidth to support those 50 simultaneous users. Instead, consider setting up a limited access to a group of employees who can fetch what the rest of the team needs, as it arises. S & P Global dives deeper into the limitation of VPNs being exposed due to the coronavirus outbreak.
Creating a continuous flow of access to the network while the staff works from home will be pivotal to work flow production.
- Software Access
If you’re only using web-based programs, your business is set up for a smooth transition to a virtual operation. If your business relies on installed software for vital functionality, complications are more likely to arise with a transition outside the office. Business owners should look to the setup and configuration of their software: servers, IPs and network configuration.
There are issues that will arise after transitioning to a remote operation on short notice. However, a smooth transition starts with equipment, access to data, and software. If you need any assistance with your home workstation, contact us and we will gladly assist.
workstation flickr photo by snDesignV11 shared under a Creative Commons (BY) license
5 Things You Should Know about Phishing
The more you know about phishing, the better you will be able to spot phishing attacks. Here are five phishing fundamentals that can help you avoid becoming the next victim.
Only 66% of working adults correctly answered the question “What is phishing” in 2019 Proofpoint survey. This means one-third of adults do not know that phishing is a form of fraud in which cybercriminals try to scam people into providing sensitive information (e.g., login credentials, account information) or performing an action (e.g., clicking a link, opening an email attachment) in order to steal money, data, or even a person’s identity.
Being able to answer the question “What is phishing” is a good start. However, the more you know about this type of attack, the better you will be able to avoid becoming the next victim. Toward that end, here are five things you should know about phishing:
- Phishing Isn’t Just about Emails
People commonly associate phishing with emails. However, hackers carry out phishing attacks through other communication channels as well, including websites, text messages, and phone calls.
Most often, cybercriminals use emails and websites in their phishing attacks. Sometimes they even use both channels in the same scam. For example, they might try to get people to click a link in a phishing email, which sends the victims to a phishing site. Similarly, cybercriminals might try to get people to click a link in a text message, which leads to a phishing site.
Phishing calls are also becoming common. Mobile scam calls rose from 3.7% of all calls in 2017 to 29.2% of all calls in 2018, according to researchers at First Orion. This upper spiral is expected to continue throughout 2019.
- Phishing Sites Can Be HTTPS Pages
Cybercriminals are increasingly using HTTPS sites for phishing. Hackers are counting on people being lulled into a false sense of security when they see the “https” designation and the accompanying padlock icon in their web browser’s address bar. When some people see these two elements, they assume that a site is safe. However, the “https” designation simply indicates that any data sent between the browser and the website is encrypted. It does not signify that the website is legitimate or free from malware.
More than half of all phishing sites are HTTPS sites, according to Anti-Phishing Working Group’s “Phishing Activity Trends Report, 2nd Quarter 2019“. The situation is getting so serious that the US Federal Bureau of Investigation (FBI) issued a public service announcement in June 2019 warning people about this.
- Hackers Like to Reel In Certain Types of Victims
While phishing attacks were initially targeted at consumers, cybercriminals quickly discovered that businesses are also lucrative targets. In 2018 alone, 83% of businesses experienced phishing attacks, according to Proofpoint’s “2019 State of the Phish Report“.
Small and midsized companies are often targeted. In 2018, for example, employees in smaller organizations received more phishing emails than those in large organizations, according to Symantec’s “2019 Internet Security Threat Report“. Small and midsized companies are sought because they typically do not have the expertise or resources to properly secure their businesses against phishing scams and other types of attacks.
Cybercriminals are also selective about who they target within companies. Security experts note that popular phishing marks include:
- Executives are highly sought because they typically have access to sensitive business information and the authority to sign-off on financial transactions such as electronic fund transfers.
- Administrative assistants. Administrative assistants work closely with the managers and executives they assist. As a result, they often have access to information (e.g., an executive’s schedules) and accounts (e.g., a manager’s email account) that can help phishers plan and carry out scams.
- Human resources (HR) staff. Cybercriminals like to target HR professionals because they have access to sensitive data such as employee records. Plus, they regularly respond to queries from employees (including manager and executives) as well as handle unsolicited communication from people outside the company (e.g., job applicants).
- Sales team members are common marks because their contact information is often readily available. Furthermore, they are usually very responsive to unsolicited communication (e.g., emails, texts, or calls from potential customers).
- Cybercriminals Don’t Take Holidays Off
Hackers go phishing 365 days a year, which means people should not let their guard down, even on holidays. In fact, people might want to be more cautious around holidays, as cybercriminals often ramp up their efforts during certain seasonal events such as Black Friday, tax season, and even Amazon Prime Day. Cybercriminals also try to capitalize on unforeseen events, such as natural disasters. Preying on people’s compassion, they pretend to be collecting donations for disaster victims.
Nearly 80% of phishing attacks occur on weekdays, according to Vade Secure researchers. This isn’t too surprising given that hackers like to target businesses. Tuesdays and Wednesdays are the top two days cybercriminals carry out their attacks.
- Phishers Are Skilled Impersonators
Cybercriminals commonly impersonate legitimate contacts and companies to carry out their phishing scams. When targeting a business, cybercriminals often pretend to be someone within the company (e.g., an executive or employee) or an organization that does business with the company (e.g., a supplier or lawyer).
When targeting consumers, hackers typically masquerade as representatives from popular companies. For instance, in the second quarter of 2019, the top 10 companies that hackers pretended to be representing were:
- Microsoft
- PayPal
- Netflix
- Bank of America
- Apple
- CBIC
- Amazon
- DHL
- DocuSign
A Serious Threat
Phishing attacks are a serious threat for not only consumers but also companies. We can help your business devise a comprehensive strategy to deal with phishing attacks, no matter if they are carried out through emails, websites, text messages, or phone calls.
Hacking flickr photo by Worlds Direction shared into the public domain using Creative Commons Public Domain Dedication (CC0)