MSPNetworks Blog

As technology continues to gain prominence in healthcare, it plays an increasingly vital role. Advancements in technology have allowed the healthcare industry to stabilize costs, improve access, and personalize care delivery—objectives that were challenging in the past. These benefits come with a potential downside: data privacy issues, which are becoming more concerning as technology advances.

Last week we went through some of the issues that Facebook is dealing with in regards to its security and data privacy. Today, we thought it would be helpful to give you the tools you need to protect your privacy on Facebook.

Facebook remains one of the most visited places on the Internet. Meta (the parent company to Facebook) also features WhatsApp and Instagram on their roster and has faced numerous security and privacy failings over the years. In this week’s blog, we’ll take a brief look at some of the most noteworthy.

Your business is likely subject to certain compliance laws and regulations depending on the type of data you collect from your clients or customers. Today, we want to emphasize the importance of your business considering regulation and compliance when managing its data and IT resources, as without doing so, you run considerable risk.

Hackers are always on the lookout for personally identifiable information, or PII, as it’s an immensely lucrative resource. You’ll need to protect it if you want your business to continue operating safely and efficiently. Let’s go over what PII entails and what kinds of data you might find under this term.

Digital monitoring is a bit of a contentious topic in business, but according to a survey from Gartner, it might not be as contentious of a topic as previously thought. In fact, employees are often in favor of digital monitoring under the appropriate circumstances, as long as it doesn’t get in the way of their jobs.

This survey from Gartner found that 96% of workers would accept electronic monitoring of their work activity in exchange for other opportunities, like training and career development. Furthermore, 33% of workers would accept monitoring if it helped them perform their jobs more effectively, and 30% would do so if it meant more proactive IT support. These numbers are telling in a lot of ways.

The survey examined 4,861 full-time knowledge workers using digital technology from September 2022 to November 2022. The workers surveyed were employed by companies with more than 100 employees, and these companies were based in the United States, United Kingdom, India, and China. Whether or not employees supported monitoring largely depended on the type of monitoring being done. Those who supported the monitoring were only in favor if it wasn’t being done for the sake of catching employees who weren’t working to the best of their ability or catching them not coming to the office. The stipulation of monitoring is that it needs to be done with the sake of helping employees work toward goals and outcomes.

In particular, the study highlights just why monitoring can be effective for IT teams. Lane Severson, a Gartner senior director analyst researching digital employee experiences, argues in the report that IT administrators can more effectively identify points of “digital friction” through the use of digital monitoring, something which enables teams to better optimize for productivity and ensure operations are going smoothly. Here are the three types of digital friction that monitoring can help fight against:

• Application friction: A business’ applications are not working properly, leading to your employees not being able to perform their duties.
• Skills friction: The applications are working properly, but the employee does not have the skills or knowledge to make proper use of them.
• Process friction: A business’ applications are working properly and the employees know how to use them, but the processes associated with that application conflict with getting the work done.

If you want your business to thrive, MSPNetworks can help to ensure that your technology is supporting your employees in a way which enables success. To learn more about what we can do for your business, reach out to MSPNetworks at (516) 403-9001.

It’s incredibly important to keep your personally identifiable information secure, but what exactly constitutes PII? Today we offer a definition and suggestions or strategies to help you keep your PII safe.

The Definition of PII Depends on Who You Ask

If you want to protect PII to the best of your ability, you first need to understand what it is, but the answer to this question is not exactly clear-cut.

The United States identifies a couple-dozen identifiers in its legislation, but other countries have different ideas for what is considered PII. The European Union, Brazil, China, and even various US states like California and Virginia have different ideas of what makes for PII. The General Data Protection Regulation (GDPR) sees race, political opinion or affiliation, religion, and sexual orientation as PII, but the California Consumer Privacy Act does not.

With so many different factors and variables in place, it’s hard to define PII, which in turn makes it hard to protect it. Five US states want to hold companies more accountable for failing to protect PII, and regulators are in the same boat. For example, Morgan Stanley Smith Barney failed to properly dispose of consumers’ PII on servers and drives that they wanted to sell following a big move, resulting in a $35 million fine.

Avoiding Fines for PII Security

The first and foremost thing you need to account for is the PII as it is outlined for your industry. Take this information into consideration right from the start so there is no room for error or confusion. Implement it into your data handling and sharing practices immediately to ensure compliance.

Furthermore, you’ll have to test your protections to make sure that you are keeping your data as safe as possible. Be sure that the data, even if stolen, cannot be used to identify the individual.

To top it all off, implement solutions designed to protect your data on all levels, including encryption, identity and access management, and role-based permissions.

MSPNetworks can help to make sure that your business is protecting its personally identifiable information. All you have to do to get started is call us at (516) 403-9001.

It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.

Unfortunately, card skimming is even worse for those who rely on prepaid cards provided by the state for food assistance. Let’s consider why this is.

Skimming Losses are Worse for Those Receiving Assistance

Authorities across the country have taken note of increased losses associated with those receiving assistance through the Electronic Benefits Transfer (better known as EBT), which permits participants with the Supplemental Nutrition Assistance Program (SNAP) to pay for their food purchases.

When a SNAP card is used, the associated EBT account is debited so the store is reimbursed for the purchase. In this way, the EBT card is effectively a debit card—they even have an associated PIN and can be used to withdraw money from an ATM.

However, EBT cards largely lack the protections that most other payment cards have, like the more secure smart chip technology that makes these cards harder to duplicate, or the fraud protections that other payment cards have. If SNAP funds are fraudulently stolen and spent, the rightful recipient has little recourse to take. They’re effectively out that money…money that they need as a member of the program.

It isn’t exactly news that criminals and scammers have found ways to steal card data, either…and they’re getting better at doing it surreptitiously. The devices used to “skim” data off of payment cards (cleverly referred to as “skimmers”) can now be hidden inside cash machines, or camouflaged to look like just another part of the device. This makes it more challenging to spot these skimmers, putting more people at risk in general of having their data cloned and used to create additional copies of payment cards that the thief can use or sell.

What Can Be Done?

Well, short of more states implementing improved security measures into their EBT cards—eliminating the magnetic strip and replacing it with the modern chips that other card types use—it really falls to the user and the business where an ATM or other card-reading device is located to prevent these issues. Keep an eye out for people trying to tamper with these machines, and discontinue its use if you can until it has been fully checked by a professional for card skimming devices. As a customer, give any card reader a close look before you swipe to see if it looks at all unusual.

MSPNetworks is here to help keep your business more secure and efficient, both for your benefit and that of your clients and customers. Find out how we can help via our managed services by calling (516) 403-9001.

As time has passed, cybersecurity attacks have become another way some organizations and nations engage in warfare. You can argue that there is a war going on at all times in cyberspace while hackers—many of which are sponsored by government agencies—try to outdo security researchers at all turns. One such scenario sees customers in the United States and Israeli defense technology sectors becoming the target of “password spraying.”

Password spraying is a somewhat disgusting-sounding term used to describe the process of hacking into multiple accounts by spamming commonly used passwords. You can see how this can become problematic, especially considering users’ propensity for using variations of these commonly used passwords.

In the above scenario, Microsoft warns that about 250 Microsoft Office 365 customers in the aforementioned sectors were being targeted by these password spraying tactics. Microsoft has called the group performing such attacks DEV-0343, with the DEV moniker being used to showcase that the attackers are, at this time of writing, not state-sponsored. DEV-0343 is thought to originate from Iran.

Less than 20 of the targets were actually compromised, but it’s shocking that such high-profile targets would opt for such basic passwords, to say the least. It’s reported that organizations using multi-factor authentication are at much less risk compared to those who don’t. According to Microsoft, security professionals should be on the lookout for suspicious connections from Tor networks: "DEV-0343 conducts extensive password sprays emulating a Firefox browser and using IPs hosted on a Tor proxy network. They are most active between Sunday and Thursday between 7:30 AM and 8:30 PM Iran Time (04:00:00 and 17:00:00 UTC) with significant drop-offs in activity before 7:30 AM and after 8:30 PM Iran Time. They typically target dozens to hundreds of accounts within an organization, depending on the size, and enumerate each account from dozens to thousands of times. On average, between 150 and 1,000+ unique Tor proxy IP addresses are used in attacks against each organization.”

In general, your organization should be prepared to analyze its traffic for suspicious activity of any kind, particularly during off-times when nobody should be accessing your infrastructure. Furthermore, it’s critical to remember that passwords are, of course, only one part of an adequate cybersecurity strategy and that you should always strive to use multi-factor authentication when possible. Passwords are one part of this process and should be used alongside something else you have, like a secondary device or smartphone, or biometric technology.

You can count on MSPNetworks to stay in the loop regarding any security risk to your business and implementing solutions designed to protect your organization from any potential threats. To learn more about what we can do for your business, reach out to us at (516) 403-9001.

Data privacy is a bit of a hot topic in today’s business environment, especially with high-profile hacks and ransomware attacks emerging and putting organizations at risk. In particular, the emerging concept of “privacy engineering” has a lot of businesses thinking about how they can secure their organization and future-proof their data privacy infrastructures.

Let’s discuss what privacy engineering is, as well as what some big names in the industry have to say about the future of data privacy.

What is Privacy Engineering?

The International Association for Privacy Professionals, or IAPP, defines privacy engineering as “the technical side of the privacy profession,” which can mean any number of things. For some, it is making sure that the processes involved in product design take privacy into consideration. For others, it might mean the technical knowledge required to implement privacy into the products. At the end of the day, it seems there is a general consensus that privacy engineering is the consideration of privacy, from a user’s standpoint, throughout the production process, from conception to deployment.

This is notable for a couple of reasons. Systems and products that take privacy into consideration at every stage of development will be much more consumer-friendly. Users can be more confident that their privacy has been considered through each stage of the process, making them much more likely to buy into the product. When products have this kind of reputation, it would be no surprise to see profits increase.

This sets off a chain reaction for businesses that create these products, increasing their bottom line. When businesses achieve this level of success, the value of the company increases, leading to more investors and the production of similar goods or services. Furthermore, since privacy and security is such an important part of modern computing, these types of investments are relatively safe from a shareholder’s point of view, as organizations that invest in products that meet specific regulations and set these high standards are more likely to persist into the future.

You can see how this all shakes out; in the end, the concept of privacy engineering is beneficial to both the consumer and producer. Therefore, placing your bets on technology that facilitates this is a great way to invest in your own company’s future.

What Does the Future Hold?

Back in 2020, Gartner made some predictions for where the data privacy industry was heading in the years to come. Here are some insights from their report:

• Proactive security and privacy is better: When you take measures to build security and privacy into operations, you are more likely to build trust and adhere to regulations. We preach this all the time; it is easier to prevent issues from emerging than reacting to those that are already here.
• Increased reach of security regulations: According to Gartner, 65% of the world’s population will have their privacy governed by some sort of data privacy legislation or regulations by the year 2023. This is notable, especially with the rise of regulations like GDPR.
• The rise of a privacy officer: By the end of 2022, 1 million organizations will have appointed a data privacy officer. Having someone within your organization whose sole responsibility is to keep you compliant means that you can rest easy knowing that you are doing all you can to make sure it stays that way.

Don’t Wait to Get Started

MSPNetworks can help your business ensure it is implementing adequate data privacy and security standards all across your infrastructure. To get started, reach out to us at (516) 403-9001.

Just in case you haven’t been paying attention, online privacy has been highlighted significantly in recent years—in no small part due to the sale of our profiles by the tech giants that provide today’s most (in)famous websites… including and especially Google. Having said this, it is also important to acknowledge that some of Google’s recent policy changes could suggest that this may change at some point.

Let’s dive in and see what we can piece together.

How Google Makes Its Money

In fairness, there are a lot of answers to this question. For our purposes, we’ll focus on just one.

The short answer is simple: by selling advertisements.

Make no mistake about it: whenever you use the Internet, you are being watched. Giant platforms, including and especially Google, monitor your activities while using their services and use it to create a knowledge base of user behavior.

For instance, by using a combination of Google Search, Google Analytics, and Google Maps, Google could likely deduce that a user in Anytown, USA looking up “best pizza in anytown” would be interested in the most popular pizzeria. By analyzing which websites, phone numbers, and navigational directions got the most positive reaction after coming up as a search result, Google’s algorithms can figure out that this user would be happy to get the result for “Mario Rossi’s Fine Italian Ristorante and Pizzeria” and continue through the link to the establishment’s website.

This is that website’s goal—for more users to click into it, where they’ll be more encouraged to do whatever that website is trying to get them to do. As it stands, Google’s search results are organized based on an extensive list of factors far too numerous to go into depth with here… basically, it depends on how much Google likes how your website is put together, how other users have behaved after clicking the link to your website, and again, so much more. 

As a result, Google has some leverage here, effectively serving as the gatekeeper for a staggering amount of Internet traffic. This puts them in the position to profit from these other websites.

One way that they do so: selling advertisement space in key positions on their search results pages. Another way: selling ads that are personalized to your web browsing history.

Google’s Recent Announcement, and What it Means

Google’s revelation that they will no longer create or support trackers that can follow an individual’s behavior and activity across the Internet has some significant ramifications regarding privacy and the Internet as a whole.

This is a sizable shock, as it seems to say that Google plans to hamstring one of its profit centers. However, it is important to clarify that this isn’t the entire truth.

Rather than eliminating tracking altogether, Google is simply shifting its approach to doing so. Instead of using cookies to compose in-depth profiles for each user, Google is shifting over to evaluating trends amongst groups of similar users and phasing out the comprehensive data collection that their past efforts were based in.

This “privacy sandbox,” as it is called, will allow users to be anonymously bundled together by browsing behaviors and other interests, with the data these groups generate being sold to advertisers. The idea is that this way, an advertiser can still target their most likely prospects, without that prospect’s information changing hands more than they may anticipate.

Caveats and Conditions

Of course, Google has left themselves a few loopholes in their new strategy. First, if a user signs into a website using their Google account, that information can still be tracked and used to shape advertising. Plus, this change only applies to the websites—mobile apps are still fair game as well.

This new sandboxing approach has already inspired scrutiny from regulatory bodies, with officials in the United Kingdom investigating these tools to catch any anticompetitive features. This comes as Google is also facing numerous antitrust lawsuits stateside, suggesting that this change in tack could be construed as an effort to show how important customer data security is to the corporation.

So Really, What Does This All Mean?

In terms of Google, these tactics seem to telegraph that the company is preparing for a future where data collection is much more controlled than it is now—and that Google is in a place where the downsides of such tracking have overtaken the value that these activities once net them.

In terms of the Internet as a whole, a player as large as Google might inspire other large providers who have not yet addressed how they balance data collection and data privacy. Having said this, Facebook’s current battle against Apple’s privacy-boosting features show that this approach will certainly not be universally accepted, either.

One way or another, this move will likely create some shifts to the Internet as a whole—and should reinforce how you need to be careful about your own organization’s data collection and storage practices.

MSPNetworks can help you out in that regard. To find out how our solutions and services can make your company more secure, efficient, and compliant, reach out to us at (516) 403-9001.

If you are an avid reader of our blog, we are constantly saying how there are always a growing number of threats. This is true. Two-in-every-three business owners consider that their cybersecurity risks are increasing each year. The other third must not focus on them, and that is a problem. In fact, many business owners don’t give the proper respect to cyberthreats and many of those businesses pay the price. This is why every business should consider a security and compliance audit a mandatory part of their yearly IT assessment. 

Explaining the Security and Compliance Audit

Since there is a constant stream of threats coming at your business from the Internet, it stands to reason that you need to come up with a strategy to reduce or completely eliminate those threats’ path to your business’ IT infrastructure. Traditionally, that means installing security software solutions such as firewalls and antivirus, training your staff on how to navigate potential scams, and doing your best to monitor the threats as they come in. This seems comprehensive, right? Unfortunately, these efforts are unlikely to prevent a breach of your network or a corruption of your IT infrastructure.

The IT infrastructure that continues to grow.

If you consider that every year more and more is added to your IT infrastructure, it’s not a stretch of the imagination to not only gain more to support, but also additional points of potential exploitation. New systems can create new vulnerabilities in your network, and more to support can add even more holes in your existing system. These are the avenues hackers use to access your network and steal your data. 

Additionally, the more complicated your IT infrastructure gets, the more difficult it will be to stay in compliance with any regulations your business operates under. As issues with data privacy start to be taken seriously by lawmakers, expect more regulations; and additional focus on compliance. 

A security and compliance audit is basically the full assessment of your cybersecurity situation. It goes far beyond your average vulnerability scan as it takes into account how your technology is used and provides you with specific criteria that you need to take into account. This profile will go above and beyond your cursory network and infrastructure scan. MSPNetworks has the certified technicians on staff to comprehensively conduct such an assessment. We can provide you with information on where your business is weakest and what you can do to bump up your network security to stay in compliance and keep your network resources safe. 

Go Even Further

Our security and compliance audit can tell you what you need to know, but once you have taken the steps to patch the potential vulnerabilities in your network and infrastructure, you will need to keep it up. We can conduct penetration testing to ensure that the steps you take work to fix the vulnerabilities in your network. This can function as assurance that your business isn’t caught up in two terrible situations: a data breach or fallout from non-compliance. 

If you would like to talk to one of our IT professionals about getting a security and compliance audit, or if you would like to talk about how our managed IT services can work to thwart all types of negative situations, give us a call at (516) 403-9001 today.

Wherever there is money, there are scammers. So it may not be a big surprise that scammers are out en masse trying to get between you and your federally mandated stimulus money.  It’s bad enough that we’ve already seen a couple of phishing scams using the COVID-19 pandemic that are designed to help hackers get into accounts they have no business in, now that these scammers know that people are getting cash, the scams are kicked up a notch.

This is not the first time that the U.S. government has distributed checks to everyone, but with online banking being more prevalent now, scammers have a more complete opportunity to steal money. Let’s go through the ways you can ensure that you get your stimulus money:

1. Avoid anything that has you sign up for stimulus money - Unless you haven’t filed a tax return in the past two years, you will not have to do much to get your stimulus money. If someone wants you to fill out a form to get your stimulus money, you are definitely being scammed.
2. Scammers don’t just act online - Like traditional phishing, you need to be aware everywhere. Whether you get postcards in the mail with a password printed on it or you get messages over social media, you need to know that being asked to take action to gain “access” or to “verify” your payment information is almost assuredly a scam.
3. You can’t get your money faster - Some scammers have concocted a scam that “for a small fee” they can get people their stimulus check faster. With tens of millions of people already receiving their check, it's a sign that your money is on its way if you haven’t received it already. No service can help you get your money faster. 
4. No, you aren’t getting more - What’s better than getting $1,200 tax-free money from your government? Getting more money. Some scammers are actually sending checks for two or three times the amount of the stimulus, the scammer will then apologize for the discrepancy and ask the recipient to reimburse them. The check and their strategy are completely false and should be ignored. 
5. IRS correspondence - It’s true that some people have had to fill out forms on the IRS website in order to get their checks sent to them or deposited in their bank accounts. Of course, scammers have set up forms that look like it. If the form you filled out isn’t on the IRS’ website, you shouldn’t fill it out.

Knowing what you are up against is the best defense against scammers. If you haven’t yet received your CARES Act stimulus money, you need to go to the official IRS website to find out why (or more likely when) you will receive your stimulus check.

What scams have you been seeing lately? Let us know in the comments section below and return to our blog for more great technology-related information.

Late in the summer this past year there were several articles written about how Google would continue to track the location of a person’s smartphone after they had chosen to turn their location settings off. A Princeton researcher corroborated those claims for the Associated Press, traveling through New York and New Jersey with locations services off only to be tracked the entire way. Today, we will discuss this issue, and tell you what you need to know to keep Google from tracking you wherever you go.

Google’s 99 Problems
The perception of Google might be as of a benevolent force in a world full of malevolence to a majority of its users, but over the past few years the problems have been mounting up at the doors of the Googleplex. There has been a laundry list of ongoing legal problems, there has been an employee walkout to protest sexual assault allegations by top executives, and for its continued work as a military contractor. CEO Sundar Pichai appeared before Congress in December to answer lawmakers’ questions about data privacy and company censorship. There has also been a recent dust up with Apple over a violation of Apple App Store policy.

With all these problems on the surface, it would be difficult to assume that Google, or its parent company, Alphabet, Inc. would be raking in dough. That is exactly what has happened. Google took in an astounding $39.3 billion in the fourth quarter of 2018. With every dollar they take in, they take in so much more data. In fact, over the past week, the scrutiny over privacy problems led Google to make the claim that changing their privacy policies--something they will most likely be expected to do--could hurt their company earnings and hinder their ability to create revenue.

So Google Tracks User Data?
Like many of the most utilized services, Google, which owns the Android mobile operating system that powers over 81 percent of all smartphones in the world, tracks data down to an individual level. They contend that they do this to be able to improve their services. The more they know about an individual, the more they know about demographics, and about society as a whole. This gives them the best opportunity to develop, build, and bring to market products and services in line with what people want.

Google has its hands in lots of pies, but its most lucrative, by far, is advertising. In fact, in 2017 Google made $110 billion in profits, $95.4 billion of which came from advertising. In order to be the best they can be at advertising, they need information about consumers (and would-be advertisers).

Google’s tracking tools are numerous.

They have the number one mobile operating system (Android), the number one Internet browser (Chrome), the number one hosted email provider (Gmail), the number one video site (YouTube), the number one search engine (Google Search), and the number one mapping application (Google Maps). This is just a small list of all of Google-owned services as hundreds of millions of people and organizations also use their cloud storage systems, their productivity applications, their virtual assistant, and their news aggregate.

Privacy with Google
With all the services you use tracking every piece of data they can, keeping yourself private with Google around might be harder than you think...or is it? You’d think that you should just be able to go into your Android OS and switch off location settings and they will keep from tracking your whereabouts or your activity. This, of course, is not the case, but there is a relatively simple way to keep your location a secret...even from Google. Throw your phone in a large body of water. If you don’t have a large body of water near you, just run it under the faucet for a couple hours (or long enough for those with that pesky IP68 certification to be proven foolhardy).

We’re just kidding of course. If you want Google to stop tracking you, you will need to find, and toggle off the “Web and App Activity” setting. With this setting turned off, Google will no longer be able to store a snapshot of where you’ve been and won’t have access to browser search metrics either.

This may be annoying to some Google users, as to their understanding once Location History is toggled off, the phone should not be able to track his/her location. Google, defending the miscommunication, stated, “Location History is a Google product that is entirely opt in, and users have the controls to edit, delete, or turn off at any time...we continue to use location to improve the Google experience when they (users) do things like perform a Google search or use Google for driving directions.”

Google’s justifications could make sense, until you consider that a feature called “Web and App Activity” needs to be disengaged in order for Google to stop tracking location, even after you tell the OS to stop tracking location. While the company has a laundry list of valuable services, they continue to try and obtain as much data as they can to drive their ad program’s effectiveness, thus profiting off of consumers’ trust.

Do you think that these major Internet companies reliance on advertising revenue is good for consumers or investors? Who really is profiting? Leave your thoughts in the comments section below.