MSPNetworks Blog

There is a scam going around that convinces organizations to pay for their Google Business Profile, and if you paid for this free service, you’ve fallen for the trick. Google is taking legal action against the scammers who have dragged their name through the mud, using Google’s notoriety to defraud businesses who just want to look competitive.

Let’s look at the announcement to determine what your business should keep in mind regarding these scammers.

Google Wants Consequences for the Scammers Who Charge Businesses for Business Profiles

The first thing you need to understand is that a Google Business Profile is free for business owners to claim and use to share information about their business with the public. This means that anyone who calls you to tell you to pay up for the profile is straight-up lying to you and attempting to scam you.

The problem has escalated to the point where Google needs to take action against these scams. The idea is that taking public legal action against the scammers will keep would-be scammers from acting while also increasing public awareness of these issues. Google’s blog post claims they were able to stop 12 million scammers from creating fake Business Profiles, and that there were 8 million attempts to fraudulently claim Business Profiles.

Again, Google charges nothing for Business Profiles. Such accounts are mutually beneficial; they give you a platform to show off information about your business, and Google can make their search engine better as a result. If you ever receive a phone call from someone claiming to be Google to sell you a profile, then you can rest assured it is most definitely a scam.

How You Can Identify Phishing Scams

Phishing scams can be tricky to identify, but with a little knowledge and training, you and your staff can be well-prepared to deal with any scams that might come your way.

• Look for urgency: Most scams will operate with a sense of urgency to get you to act before you have had a chance to think things through. Don’t fall for it; nothing is so important that it can’t wait 10 minutes while you verify the request.
• The devil is in the details: If you receive a call from someone who claims to be from Google, for example, you can always check the Google Business Profile page to view details on account creation. In this case, the page confirms that it is free, so you know you’re the target of a scam.
• Don’t take any risks: If you have reason to believe that a call or a message is a scam, don’t give yourself any room to make a mistake; just hang up or ignore the message until you can confirm that the message is legitimate or fake. If it’s not, then the person on the other end will surely have to respect your caution.

Let’s Make Your Business Security a Top Priority

If you are ready to take scams and cybersecurity seriously, MSPNetworks can support you throughout the process. To learn more, contact us today at (516) 403-9001.

While security researchers do their best to find security vulnerabilities in software and systems before they are actively exploited by attackers, they can’t be successful all the time. There are too many threats and too many variables to consider, and zero-day exploits are often discovered well after they are actively being exploited by threats. How can you keep zero-day exploits from impacting your business?

What Exactly Is a Zero-Day Exploit?

To put it simply, zero-day exploits are flaws in systems that are discovered only after they have been targeted by a threat. The severity of the attacks can vary wildly, ranging from discrete and covert hacks that go undetected for some time, to in-your-face hacks that don’t care about being discovered by the user. In the case of the former, zero-day exploits can go undocumented for so long that it becomes an even greater threat and logistical nightmare for security researchers and developers.

Why Are They So Dangerous?

The main reason why zero-day exploits are so devastating is that they are undocumented and therefore hard to predict or take action to prevent. This unknown factor means that people often don’t know they exist until the flaw is being leveraged by hackers, making it even more crucial that developers act with haste to patch the flaw.

The problem here is that issuing patches to these types of issues takes time—time which is of the essence. As long as the threat is actively being exploited, users remain at risk until the patch has been issued, and after the lid has been blown off the vulnerability, you can bet that hackers will do all they can to take advantage of the exploit before it is fixed.

What Can You Do About Them?

Zero-day flaws are inherently dangerous because security researchers and professionals have precious little time to address them. That said, you do have some options available to you to protect your infrastructure as best you can, at least until the patch has been issued.

First, you want to consider a comprehensive security solution designed specifically for enterprise-grade security. MSPNetworks can help you implement such a system to mitigate most security threats. At the same time, you’ll want to ensure your team has the training they need to identify potential threats and the reporting structure for how they can let IT know if something is amiss. We also recommend that you actively monitor your systems to detect abnormalities before they cause irreparable damage. All in all, you want a proactive strategy rather than a reactive strategy for your IT.

MSPNetworks can help you put this plan into practice. To learn more about what we can do for your organization, call us today at (516) 403-9001.

iPhone users should be aware that, should you encounter a pop-up that reads “Your Apple iPhone is severely damaged”, you don’t need to be concerned—beyond the concern you’d have for any other threat, that is. This pop-up is just a recent iteration of a common phishing scam that aims to fool people into downloading apps that enable hackers to access personal information.

When you think about it, this is kind of a brilliant strategy for a hacker to use. People tend to panic when they see a message like that…and that panic creates an opportunity for the hacker to embrace. What’s your response when your phone has an issue? Almost certainly negative, and more than likely, somewhat thoughtless, and this is what an attacker is counting on as they do it.

Fortunately, avoiding this threat is as simple as closing the pop-up immediately, avoiding the provided link. This link would only initiate the download of malicious software and applications, or bring the user to a form meant to harvest personal information.

This scam has quite the reach, for one specific reason: iPhones are very popular.

iOS, the operating system that powers Apple’s mobile devices, is widely known as being the most secure of the major mobile operating systems out there. This is largely due to the marketing efforts of Apple, and has become less and less true with more people actively targeting iOS with their code. Overall, however, iPhones have retained their reputation for top-notch security.

This scam leans into this reputation, as it effectively phishes the device’s user, generating fear and urgency that can be leveraged to manipulate the user into acting rashly. As a result, the attacker’s motivations can be accomplished.

Fortunately, simply closing Safari without interacting with the ad prevents this threat from doing any damage. After all, you are also avoiding the risk of accidentally downloading unwanted and malicious applications that could bring operational problems with them.

So, if you use an iPhone as millions of people do, make sure you keep an eye out for these kinds of scams. Mobile devices are hugely popular, so attacks against them are bound to only become more common.

Here at MSPNetworks, we’re committed to helping you and your business become more secure through both education and proactive services. Find out more by calling us at (516) 403-9001.

Simple passwords are just not an effective security practice, so if you’re still using credentials like Password, 123456, Guest, or Qwerty, listen up. You need better password hygiene practices before you suffer from a data breach. Here are some ways you can make a better password to protect your business from threats.

For passwords, it also helps to know what is ineffective in addition to what is effective.

What Does a Bad Password Look Like?

A bad password is, to an extent, always going to be a bad password because passwords are not generally good for account security. While they are certainly better than nothing, they are far from the best way to protect an account, despite being the most popular and most common methods of doing so.

It’s remarkably easy to create a bad password, as well as have bad password practices. Whether it’s a case of the password not being complex enough or too easy to guess, or if it’s used for more than one account, they repeatedly hold businesses and individuals back from achieving the level of cybersecurity they need and deserve.

To help you better leverage good passwords, we’ve put together a list of things you’ll want to do to make them better and stronger.

What Does a Good Password Look Like?

Here are some best practices for password use and creation.

Don’t Repeat Your Passwords
If you use your password for multiple accounts, then all it takes is one of them falling victim to a data breach or phishing attack for all of them to be exposed in the same way. You should be using different, complex passwords for each of your accounts with no repeating passwords.

Always Make Them Complex
Complex passwords are easy to remember, but difficult to guess, which is easier in theory than it is in practice. You can make it much easier through the use of a passphrase rather than a password. Your passphrase should be a random string of words that utilize upper and lower-case letters, numbers, and symbols.

Don’t Use Personal Details
Personal details have no place in passwords for two main reasons: it makes them easier to guess for hackers, if the information is something that they can find publicly on the Internet or on social media, and it places more danger on you in the event that the password is compromised.

Use a Password Manager
To remember all of your complex passwords is impossible, so we recommend using a password manager to help secure them all. A password manager uses one master password to call upon a secure vault of passwords when they are needed. It’s the best way to use passwords without putting yourself at risk.

How are Your Password and Cybersecurity Practices?

If you could use a hand crafting better passwords or protecting your infrastructure, MSPNetworks has got you covered. To learn more, call us at (516) 403-9001.

When security breaches and data breaches are mentioned in the same breath so often, it’s easy to look at them as one and the same. However, we want to take a moment to explain the differentiating factors between the two, as it could be all the most important for protecting your business in the future.

Defining the Security Breach

A security breach can be explained as unauthorized access to company-owned accounts. This happens when people, or other machines, gain access to an account without the appropriate authorization. This could include the device, the network, a website, a server, or any other part of your IT infrastructure.

Defining the Data Breach

Compare this to the data breach, which is a specific type of security breach that involves unauthorized access to data, like computer files or documents. This also includes the alteration and destruction of data.

Why Does This Difference Matter?

Data breaches are indeed a security breach, albeit a very specific one. However, it’s important to know the differences between the two because of the semantics involved with regulations and other data protection laws out there. There are specific definitions for what constitutes a data breach. To put this into perspective, consider this scenario; when encrypted data is accessed and stolen, would it be considered a security breach or a data breach?

And now you see where the definitions come into play. We always try to encourage our readers to avoid security breaches at all costs, which is why we recommend software like firewalls and antiviruses that can proactively prevent these types of issues. Furthermore, we also recommend that you implement patch management and routine maintenance into your technology strategy to keep these systems ready to protect your business. Combine all of this with security training and complex passwords or multi-factor authentication, and you have an adequate security system in place that can keep most threats at bay.

MSPNetworks knows and understands your plight, and we would be happy to discuss with you what you can do to better protect your business. To learn more, call us today at (516) 403-9001.

Small businesses have a lot to worry about in terms of technology, but one of the things that often gets overlooked is network security. Some small businesses feel that they are too small to be considered a viable target for hackers, but they are wrong; all businesses have data valuable for hackers in some form.

Imagine for a moment just how much sensitive data your business stores on its network. You have payroll records, including bank account numbers and routing numbers, personally identifiable information, contact information, and all of the details about your relations with your clients, as well. It doesn’t really matter what industry your business is in. All businesses should take security seriously. Here are some reasons why your organization should prioritize security.

Security is Proactive, Not Reactive

Imagine that your workday is disrupted by a security discrepancy that puts your entire infrastructure at risk, all because someone clicked on the wrong link in an email and downloaded an infected attachment. You now have to contend with the countless issues related to that threat. You can dodge these issues by protecting your business ahead of time so that they don’t affect you in the slightest. Imagine that same scenario, but with an adequate spam or phishing blocker. All of a sudden, that security solution paid for itself simply by preventing the downtime that clicking on such a link would cause.

Security Protects Your Business’ Future

If you were in the market for a new good or service, would you want to work with a company that doesn’t take your security and privacy seriously? This is one big reason why you need to protect your infrastructure; it protects the longevity of your organization. Businesses that let security fall to the wayside often lose clients because they don’t want to work with a business that is unreliable. When a business cannot obtain new clients due to word of mouth and online reviews soiling their reputation, that business is doomed to fail.

Security Keeps Your Bottom Line in Check

Businesses that fall victim to security threats or data breaches might become subject to fines as a result of exposing the wrong data to hackers. These fines, put in place by regulatory bodies, are preventative measures to encourage businesses to do the right thing and protect their infrastructures in a way that is consumer-friendly. These fines can be quite expensive, too, depending on the industry and the infraction. Cover all your bases now so you don’t have to pay up later down the road.

MSPNetworks can help your business implement security solutions that work for you. We can help you implement the strategies and tools you can use to keep your business safe both now and well into the future. To learn more, call us today at (516) 403-9001.

We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.

That is, when you get any kind of email or text message with a link you weren’t expecting, whether it’s from someone you know or from your bank, just don’t click it. Instead, log into the account in question the way you normally would, and verify the information there, or confirm with the sender through some other means to make sure what they are sending is valid. While this is still a good practice, sometimes you need to click on a link. Here are a few tools you can use to check if a link is safe, before you click.

Why Would a Link Be Dangerous?

First of all, why wouldn’t you want to trust a link that someone you trust sends you?

There are a lot of reasons. Even if it looks like a video message from your dear sweet Nana, or a virtual Christmas card from your youngest niece, there is a chance that the sender has been compromised and is trying to spoof their contacts. 

You want to know when it’s probably not a scam or a threat? When your dear sweet Nana or your niece calls you up on the phone and asks you to look at it.

That simple two-step confirmation makes all the difference in the world. Otherwise, you should consider the risks that maybe, just maybe, the sender was compromised and that the link you are being sent is malicious.

The same goes for the business end of things. 

Your coworker, business partner, vendor, or client might have no reason to do anything malevolent to you. If they fall for a trick themselves, though, a part of that trick might include spreading to all of their contacts.

A malicious link could contain malware that infects your computer, tries to steal your data or access your online accounts, and also spreads itself as quickly as possible to anyone in your contacts list. Not only will you be the victim, but your friends, family, and colleagues will be YOUR victim, and so-forth.

How to Safely Identify and Copy a Link

Before we get into the tools, let’s quickly run through what we mean by a link.

Basically, any text or graphic that is clickable and takes you to another page in your browser is a link. Sometimes, that link will be written out, with the https:// and the full URL. 

For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29 

Links could also just be text that is clickable. So instead of writing out the URL, the link might be something like this: Get Started with PayPal

Now here’s the thing. If you’ve been paying attention, we’ve already proven to you just how easy it is to trick a user into thinking they are going to one website, and taking them somewhere totally different. Both of the links above don’t actually go to PayPal. We assure you that they are safe, but they are taking you to goofy fake mustache glasses on Amazon.

Sometimes, links are graphics, like buttons, icons, pictures, or virtually anything else. If you can click or tap it and have it take you somewhere, it’s a link, and any links can be spoofed very easily.

If you want to tell where a link is going to take you, you need to copy the actual link:

 On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”

Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)

On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”

Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.

Safely Check a Link Before You Click it with These Tools

You can use the following tools to check the safety and legitimacy of a link. Keep in mind, this won’t protect you from one hundred percent of all scams, as these tools can only check for known threats. It’s also a good idea to use multiple tools to cross reference, in case some of the tools just haven’t been made aware of the link you received.

Use Norton Safe Web to Check a Link
Norton Safe Web is a free online tool that lets you paste a link to check to see if it’s safe.

It will give you a quick rating on the link. If the link is untested in Norton, it’s a good idea to try a few of the other tools. If Norton states the link is dangerous, it’s a pretty safe bet you should avoid it.

https://safeweb.norton.com/

Check the Link With PhishTank
The cleverly named PhishTank site will tell you if a link you received has been reported as a phishing scam. Phishing links tend to look pretty similar to legitimate web pages. For instance, a phishing link for PayPal might look almost exactly like the regular login page for PayPal. The problem is that it won’t log you into PayPal, but it will send your PayPal credentials to someone else.

https://www.phishtank.com/

Google’s Transparency Report Might Tell You If a Link is Unsafe
Google’s search engine works by crawling the Internet and indexing everything it finds. Sometimes, it might run across dangerous content such as malware or phishing risks. Google’s Transparency Report tool will tell you if a link you’ve been sent is found in their massive database of unsafe content.

https://transparencyreport.google.com/safe-browsing/search

Scan the Link with VirusTotal
Finally, there’s VirusTotal. This tool takes a little longer to give you an answer, but it can be a little more thorough than the others. This is a good last-ditch effort if you aren’t happy with the results from the other tools. 

https://www.virustotal.com/gui/home/url

It’s important to keep in mind that a phishing scam or malware attack could still sneak through these tools, especially if the URL was just generated and you are among the first people to get it. These tools are designed to spot known phishing attacks and malware that has already been reported. With that in mind, it’s still a good idea to err on the side of caution.

If you feel like you’ve received a suspicious email, text message, or other correspondence, and you would like us to take a look for you, don’t hesitate to reach out to us at (516) 403-9001.

For millions of people, the rubber ducky is a benign reminder of childhood. Depending on when you were a child, the rendition of Sesame Street’s Ernie singing “Rubber Duckie, you’re the one,” is ingrained in your mind every time you hear the term. Unfortunately, the Rubber Ducky we are going to tell you about today has only fond recollection for people who are looking to breach networks they aren’t authorized to access or deliver malware payloads that are designed to cause havoc. 

What is the Rubber Ducky?

The Rubber Ducky is a device that looks like a regular flash drive that you would use to transfer files from one PC to another. We’ve all used them, and with most of us moving to cloud-based platforms, they don’t seem to be as popular as they once were. Well, despite that notion, the USB flash drive industry is growing at a pretty impressive 7% year-over-year, and is currently a $7+ billion industry. That means there are a lot of USB flash drives being created every year and that means that there are millions of them just floating around. 

The Rubber Ducky is more than your average USB flash drive, however. It looks like one, but when it is plugged into a computer, it is read as a simple accessory like a keyboard. This means that any defensive measure that is set up to thwart potentially dangerous data transmission is already worked around when the device gets plugged in, making it much easier for the device to work for the hacker’s end goals, whatever they are. Any keystroke taken while the device is open, is trusted, making the sky the proverbial limit when it comes to device access. 

What Kind of Threat Is the Modern Rubber Ducky?

Any USB dongle needs to be carefully considered before inserting it into your computer, but the Rubber Ducky is designed to overcome the limitations of previous versions of the hardware. The new version makes a major upgrade in that it runs on the “DuckyScript” programming language that the device will use to create demands on any target machine. Other iterations of the Rubber Ducky were limited to writing what are known as “keystroke sequences”, the new DuckyScript is a feature-rich language, which lets users write functions, store variables, and use logic to make it possible to carry out complex computations. 

Now the Rubber Ducky can determine which operating system is running a machine and deploy code that allows for hackers to get into the appropriate software. It can also mask automated executions by adding a delay between keystrokes to make the computing system think that it is human. Most intrusively, it can steal data from any target by encoding it in binary, giving users the ability to extract critical information (such as saved authentication) with ease.

What You Can Do

The best practice here is to not allow strange USB dongles to be placed in your device’s USB drives. Unless you know exactly where the device has come from and what is on it, avoiding interactions with it is the best way to keep away anything unsavory that happens to be on the device to interact with your computer’s OS, and by extension, your network.

Being wary of hardware is just one part of keeping your business and personal information secure. MSPNetworks can help build a cybersecurity strategy that takes into account all types of malware deployment methodology, keeping you from any problematic experiences with your IT. Give us a call today at (516) 403-9001 to learn more. 

This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.

Let’s discuss some ways that AI can assist your organization’s cybersecurity efforts.

Malware is Growing More Dangerous

The biggest notable trend in cybersecurity is the increase in dangerous types of malware, as it has increased by a whopping 86% over the past year alone. These threats are not easy for the average user to spot, either, thanks to phishing, malicious websites, downloads, and other types of attack mediums. They can be difficult to identify and respond to, and businesses that don’t have a plan of action will be in a difficult position.

AI Helps Solve This Problem

AI-powered security tools give businesses the upper hand in identifying threats and protecting their assets.

If you can leverage artificial intelligence and machine learning to your advantage, you’ll be more likely to uncover and stop attacks like ransomware before they occur.

Now, ransomware is pretty scary stuff, we won’t lie to you, and since it is spread primarily through phishing attacks, you need a solution in place that can help to stop these attacks before they have a chance to succeed. These attacks specifically target your users, and they can fool even the most seasoned employee into making a decision that they will come to regret. Naturally, this leads to cybercriminals making phishing attacks difficult to identify and making them as convincing as possible.

You can train employees to identify these attacks, but there will always be a chance that someone slips up. Artificial intelligence can pick up where they fall short, though.

How Does AI Help Your Business?

AI can use predictive tools and analysis to identify threats your organization might face. This has led to many companies adopting it as a security measure, and it can help in several ways. Here are some reasons why businesses might implement AI:

• Spam and phishing protection
• Analyzing DNS data to detect threats
• Identifying problematic data
• Tracking advanced malware

AI has become more accessible than it has ever been, so we think it is worth exploring the concept further.

Let Us Help You Protect Your Business

MSPNetworks can help your business manage its technology and cybersecurity. To learn more, reach out to us at (516) 403-9001.

How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.

The biggest problem with phishing emails is one that you might not expect. It’s certainly problematic enough that phishing scams are increasingly more common, and it’s definitely a challenge to ensure that your infrastructure stays secure under such circumstances. However, you’ll find that the major challenge that cybersecurity professionals face in regard to phishing scams is that hackers are just too crafty with how they continuously adjust their tactics.

Phishing attacks can come in several different manners and tactics, each of them focusing on the fact that the weakest points of your security infrastructure have to do with the human elements of your cybersecurity strategy. They might come in the form of an unsolicited email, or they could come from a phone call asking for sensitive information. No matter what, though, they are going to find ways to circumvent your security protections somehow simply because hackers realize that their best chance of getting through to your organization is through your employees.

And this is not even taking into account the scam emails that are so convincing that even the spam filters cannot capture these potentially dangerous messages. If a hacker takes the time to research your organization and make their message seem like an authentic message, there is a chance that it can bypass your spam filters entirely and become a very real threat to your business. These types of messages can be difficult to identify, especially if your users have not had any formal training about phishing messages.

Simply put, you absolutely cannot rely on your spam filter to keep you safe from the countless threats out there. Messages that don’t automatically get caught by the software’s filters could very well still be phishing emails that have been tailor-made to strike your organization with a social engineering attack.

We always recommend that businesses implement not only enterprise-grade spam filtering to keep the majority of threats out of your employees’ inboxes, but also to train your employees to identify potential threats. This is a type of preventative approach that all businesses should implement, and it’s one that is often overlooked. It’s easy to think that technology can solve all of your problems, and while it’s pretty likely to make improvements to your security infrastructure, it’s only as effective as the people who work for you.

It might be impossible to guarantee that your employees never see a phishing message, but you can optimize the chances that they will act appropriately if you provide them with the correct training and IT resources. MSPNetworks can help fulfill both for your business. We can equip your business with enterprise-grade solutions to keep threats off your network while also providing the training needed to inform your team’s security practices.

To learn more, reach out to us at (516) 403-9001.

At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.

Keep Your Antivirus and Security Tools Updated

What’s better than eliminating a threat from your network? Stopping it from getting that far entirely. With antivirus, firewalls, and other security measures in place, you can keep your business secure from the majority of threats before they even become a problem in the first place.

Use a VPN

In case you or someone else on your team has to travel, or if you have a team that works remotely, a VPN is incredibly valuable. Public Wi-fi is notorious for being quite dangerous, and a virtual private network can offer a safe haven for you to access the Internet without fear of being observed by any onlookers.

Utilize Multi-Factor Authentication

You can take your security practices to the next level through the use of multi-factor authentication. A password can only do so much in today’s threat landscape, so you should back it up with biometrics, generated PINs, and other secondary measures that can make things much more difficult for any would-be hacker.

Use a Password Manager

We know you’ve heard it a thousand times; “always use a different password for each and every one of your accounts to maximize security.” While this should be practiced, it can be difficult to observe if you don’t have a password manager keeping tabs on each of your credentials. Plus, let’s face it, you don’t want to rely on your browser’s password management options if you can help it. 

Avoid Phishing Scams

While it would certainly be amazing to win the lottery, a free vacation, or catch some juicy gossip in your email inbox, the fact of the matter is that phishing emails know that these kinds of temptations make you want to click on links in emails, regardless of how likely you think they might be. Other tactics used include fearmongering and threats, which aren’t nearly as fun to receive, but are equally as effective, if not more so under the right circumstances. Either way, you should use extreme scrutiny when navigating messages from unknown or unsolicited sources—especially if they contain links or attachments.

Let Us Help Your Business Keep Itself Safe

While you can certainly do all of the above on your own, why not work with a managed service provider like MSPNetworks? We can take the stress out of managing your network security. To get started, call us at (516) 403-9001.

We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.

Spoiler alert: it’s really, really important.

Data Shows that Enterprises Suffer from Considerable Vulnerabilities

Compiled by Sevco Security, the State of the Cybersecurity Attack Surface report took data from over 500,000 IT assets. This data, compiled from enterprise-level businesses, revealed that a substantial number of the assets these businesses rely on are missing critical endpoint protections or aren’t being actively patched.

According to Sevco Security’s research, the businesses they surveyed were lacking endpoint protections at a rate of 12%, while 5% of them were lacking enterprise patch management. Compounding these issues, 19% of Windows servers were missing endpoint protections.

Furthermore, “stale” IT—assets that are present in the security control console and register as installed on a device, but haven’t checked back in for a few weeks—is a small but serious issue for these enterprise organizations. 3% of the IT assets have stale endpoint protections, while 1% have stale patch management. However, since they are supposedly accounted for, these risks are harder to spot and more likely to create issues.

Of course, these findings were all based on research into enterprise-level companies, with enterprise-level capabilities. Now, just consider what that suggests about the small or medium-sized businesses and their comparative capabilities.

Trust Us to Help Prevent These Vulnerabilities from Presenting Themselves in Your Business

Part of our proactive remote monitoring and maintenance services is to catch these kinds of issues before they result in larger problems for your business. To learn more about how we accomplish this, give us a call at (516) 403-9001 today.

If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.

What is Patch Tuesday?

You don’t need us to tell you that Microsoft as a software developer is a big deal, having released major computer operating systems and business applications that are used by countless individuals and organizations across the globe. We want to highlight one quality that is a little easy to forget sometimes, though, and that is the fact that Microsoft, like any other software developer and publisher out there, is not infallible. They are bound to create products with flaws in them, just like anyone else.

This is why Patch Tuesday exists. It provides Microsoft with the opportunity to routinely address performance issues, security risks, and other bugs that might be discovered in their software. Each month, the Microsoft Security Response Center puts out information using Common Vulnerabilities and Exposures numbers on their website. This information is designed to inform IT workers and the public in general about security issues that are addressed with each update. These updates typically cover Windows operating systems—including those that have reached their end-of-life but are covered under an extended support contract—as well as other Microsoft software products.

Patch Tuesday is the second Tuesday of each month. Patches and updates are issued at 5:00pm (Coordinated Universal Time).

Why is Patch Tuesday Important?

Simply put, Patch Tuesday was created to give IT workers a heads-up as to when patches and updates will be applied. Oftentimes IT workers will need to prepare an infrastructure for a blanket installation of important patches and updates, so this gives them an official date and time to work towards.

Patch Tuesday is also important to another, slightly less altruistic group of individuals: hackers. Cybercriminals and developers of online threats can scour the code of Microsoft’s patches to gain insights into vulnerabilities that might have been addressed within them. They can then use that information to reverse-engineer patches, so to speak, to target individuals who have not deployed their new patches and updates, thereby getting the jump on users who have not expediently deployed them.

Why Are Patches and Updates In General Important?

There is a reason why patches and security updates are issued so regularly, and it’s a big one: your business is very much at risk without them. Patches and updates are issued to shore up security vulnerabilities in software—vulnerabilities that could ultimately give hackers access to your network if they are crafty enough.

It’s important to note that not all vulnerabilities are actively exploited in the wild prior to being detected. It’s entirely possible that developers at Microsoft happened upon them out of the blue and decided to address them appropriately. When they do find unpatched vulnerabilities that are being exploited, however, they tend to release patches and updates out of their routine to get them into the hands of the public as soon as possible.

If all this talk about patches and updates has you concerned about the future of your organization, fear not. MSPNetworks is happy to assist you with the management and deployment of all patches and updates for your mission-critical systems. To learn more about what we can do for your business, reach out to us at (516) 403-9001.

What do you do if you have forgotten your wireless router’s password? You could restore the router back to its default settings, of course, but what if you have, like a dummy, never changed the router’s password in the first place? This Internet password repository could be your saving grace.

RouterPasswords.com

RouterPasswords.com is a website built to document default usernames and passwords for wireless routers. It’s run by a community of users for a community of users. Essentially, anyone can submit their default username and password for their router to help anyone out who may have forgotten it somewhere down the line. They make a point to highlight that the username and password of the router is not the one set by your Internet service provider–rather, they want the factory-set default credentials. Once the credentials have been reviewed by an administrator, they are added to the online repository.

It’s also worth mentioning that this site can be helpful from a technician’s perspective as well, as identifying the default username and password for a device can mean less work and less time spent troubleshooting an issue, if that is indeed the problem at hand.

In addition to having the largest default router password repository on the Internet (according to them, at least), the website also provides tips and tricks for how to manage router settings, reviews for the latest wireless routing technologies, and news related to wireless technology.

There is a Dark Side to This Website Existing

Of course, there is also the negative consequence of a website like this existing in that, if you can use it, so can anyone else on the Internet—hackers included. Imagine that you are a hacker and you’re trying to find the path of least resistance into a wireless network. You notice that the device’s wireless network name was never changed or set up beyond the factory default, so you assume that the wireless network’s password is also the factory default.

From there, well, you can guess where this story goes.

You should always change your wireless network’s name and password for this very reason. Tools like this exist to make users’ lives easier, but they inadvertently also make the lives of hackers easier, too.

Reinforce Your Wireless Practices with Us!

MSPNetworks can of course help you shore up any weaknesses that might exist in your business’ wireless network policies and connections. With us on your side, you’ll have a staunch ally in the fight against cybercrime. To learn more, contact us at (516) 403-9001 today.

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.

No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.

Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.

Why You Should Never Pay the Ransom

Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.

Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.

This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.

Instead, You Should Call Us!

If you become the target of ransomware, we suggest you call MSPNetworks at (516) 403-9001. We can walk you through the appropriate next steps to address ransomware on your network.

Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.

Get started today by calling us at (516) 403-9001.

Passwords are just one part of a comprehensive security strategy, but they are a crucial one. You must make sure that you are investing adequate time and effort into making sure your passwords are secure. This is easier said than done, but by the end of today’s short blog article, you’ll have all the information you need to craft excellent passwords for your accounts.

What Are Some Password Best Practices?

In a list format, we have put together some password best practices for your review:

• Use complex strings of characters: Your passwords should consist of both upper and lower-case letters, numbers, and special characters.
• The longer, the better: If you have more characters in your password, there are more opportunities for a hacker to get it wrong. Your passwords should be easy to remember, but hard to guess.
• Opt for passphrases rather than passwords: To make your passwords easier to remember, you can use a passphrase. The passphrase is basically an upgraded password variant that is harder to guess, but easier to remember. For example, if you were to use a favorite ’80s movie, you might pull a famous line from the movie along with the title and tie it together. For example, if your favorite movie of all time is Short Circuit, you might make your passphrase Sh0rtCIRCUIT#5isALIVE!86
• Use different passwords for each account: You should be using different passwords for each of your accounts, just in case one of them gets stolen. After all, if you use the same password for every account, you’ll have to change every single one of them anyway.

With these practices, you can make more complex and secure passwords. In addition to these practices, you can consider some of the following to make using them easier and more efficient.

What Else Can You Do to Protect Your Online Accounts?

To capitalize on the benefits of password security for your business, we recommend that you take things just a hair further with additional policies and technology solutions. We recommend multi-factor authentication and password management solutions to get the most out of your password and authentication policies.

With multi-factor authentication, you can use additional authentication protocols alongside passwords to maximize security. Your average multi-factor authentication tool will utilize two of the three methods: something you are (biometrics), something you have (smartphone, USB key), or something you know (a password, PIN, or passphrase).

In comparison, password management tools take what you have applied to your password security and make them that much easier to manage. Password managers store your passwords in an encrypted database where they are protected by a master password. You can then call the passwords as they are needed when you access your accounts. Password managers often have the capabilities to generate passwords for you, just in case you need some help with your complex passwords. It makes using complex passwords and passphrases that much easier.

MSPNetworks is here to help outfit your business with the security and productivity tools it needs. Give us a call at (516) 403-9001 to learn more.

Chances are pretty good that, by this point, you’ve heard of burnout—maybe you’ve even suffered from it before yourself—but, just in case you’re a remarkably lucky human being, it’s the phenomenon where your employees become disengaged to the point where their performance suffers. While this isn’t good in any facet of your business, it can be especially damaging in terms of your security.

Let’s explore the concept of cybersecurity burnout (spoiler alert: it’s present at all levels, all the way up to cybersecurity pros) and how it could potentially cause problems for your business.

What is Cybersecurity Burnout?

The concept of burnout is a simple one: as we’ve said, it’s a deep-seated disengagement that one of your employees feels from the job you employed them to do. Cybersecurity burnout, generally speaking, is burnout that impacts a business’ cybersecurity professionals and leads them to feel this level of disengagement. However, the reality of today’s workplace is that everyone has to be responsible for cybersecurity.

As a result, everyone is also susceptible to cybersecurity burnout.

 In terms of cybersecurity burnout, the aforementioned disengagement presents itself in a few different ways:

• Human error, in terms of missed phishing signs due to increased stress (which enables attackers to hide their attacks that much more effectively)
• Increased apathy, leading to less adherence to best practices like password standards or bans on shadow IT
• Diminished productivity, leading to less accomplished for your business overall
• Turnover, as stressed and frustrated employees seek out better work environments and compensation

None of this bodes well for a business, so what can be done to prevent this kind of burnout?

How Can I Keep My Employees Engaged in Cybersecurity?

When it comes to cybersecurity burnout, resolving it is very similar to how you would resolve any kind of burnout:

• Recover - Burnout is largely the result of an employee being worn down and exhausted, emotionally and mentally. Giving them the chance to recharge their batteries throughout the day—and insisting they utilize it—can help them break the patterns that lead to swifter burnout.
• Reorient - Once your team members have recovered somewhat, it’s time to help them get back on task in a more effective and balanced manner. Helping them identify their priorities and grasp the importance of their security-related tasks is an effective way to do so.
• Renew - Finally, it is time to help prevent this kind of cybersecurity burnout from coming back. Encourage your team members to develop their professional relationships with one another, and work with them to help align the values that they have with those of your company.

Turn to Us for Assistance with Your Cybersecurity

We’re here to help you keep your business secured in any way we can, especially through our monitoring and maintenance services. This can help take some of the pressure off your employees, allowing them to focus on their tasks more effectively.

Find out more by giving us a call at (516) 403-9001.

Technology has come a long way, but so too have the threats which leverage it to their advantage. How have the cyberthreats which target your organization evolved over time, and what can you do to protect yourself?

There Are More Risks Today Than Ever Before

Modern tools such as artificial intelligence, the Internet of Things, and the cloud give businesses more options to get their work done, but they also represent additional avenues for hackers to attack. Automation can improve your work processes, for example, but it can also make it easy for phishing attacks and other types of threats to infiltrate your network.

This type of advancement means you need to take action. Here are three questions your organization must consider for its continued security and success.

Consider These Three Questions

Let’s examine some of the first questions you should consider for your business’ cybersecurity:

1. Are the security measures we have in place now enough to protect us from developing threats and risks?
2. Are we putting sufficient time into training our employees to be a security asset, rather than a source of vulnerability?
3. Are we preparing ourselves for the threats that will develop thanks to emerging platforms and new technologies?

What Else Should You Consider?

Furthermore, we have some other considerations your organization should look at to keep your technology safe.

Improve the Way You Seek Out Malware

There will always be the types of threats that are in your face and ready to demand a ransom, but more often than not, malware will sneak around in the background and mimic a legitimate user’s technology habits. You have several ways to combat this, such as automated security solutions and increasing your employees’ security awareness.

There Are More Threat Surfaces to Protect

More technology means better processes (when implemented correctly), but it can also mean more vulnerabilities to threats. Businesses need to take stock of their current risk management strategies to ensure that they are effective, even when implementing new technology, without making your systems too complex or hard to manage.

Improve Awareness at All Levels

Your IT department will likely handle most of the cybersecurity issues with your business, but awareness and adoption starts from the top down. If you don’t take security seriously, nobody else will. Now is the time to make security a priority by showing your team just how important it is.

Let’s Work Together to Protect Your Business

As managed IT providers, we work to protect our clients from the many current and emerging threats out there. By making things as easy as possible for businesses like yours to protect themselves from cyberthreats, we give you the power to take back your workday and focus on profits and more efficiently running your business.

To learn more about how we can help you make this vision a reality, reach out to us at (516) 403-9001.

In today’s business, sharing files is easy and something many workers take for granted. Unfortunately, not all file-sharing methods are secure. When efficiency is prioritized over security, it can often lead to extremely troublesome situations. For this week’s tip, we thought we’d go through a half dozen practices you can take to ensure your files get to where you need them to get safely and securely. 

Use a VPN

The Virtual Private Network is a key tool when it comes to securing your data flow. It allows users to use public Wi-Fi, many of which are more than sketchy connections, to safely and securely transmit data. Many public Wi-Fi connections leave users exposed and with a VPN, you have an encrypted portal that makes intercepting data highly unlikely. 

Thorough Password Management

Not only do you need to understand how to concoct a secure password and reliably protect your accounts with solid password practices, you should also consider using a password manager to store your passwords. Not only does a password manager make it almost impossible for hackers to access your passwords, you can also stretch a buck if you need to use shared passwords. There are a lot of them to choose from and the professional consultants at MSPNetworks can help you set up a solution to ensure that your accounts are protected. 

Control File Access

One of the best ways to ensure that files are secure is to maintain control over the permissions of them. One of the easiest ways to do this is by assigning groups that can access certain files or file types. You can set permissions by department, but you can also just set up groups that have users in them who need access to the files. Since not everyone needs access to every single file, controlling users’ access is one of the best ways to keep your files and file storage secure. 

Set Up and Enforce Use of Multi-Factor Authentication (MFA/2FA)

Multi-factor authentication (or two-factor authentication) is a security step that requires any user to prove their identity before logging into a particular system. MFA uses multiple authorization methods to verify their identity. They do this in three ways:

• Proof of knowledge - A password or PIN that only the user knows
• Proof of possession - A key of some sort, typically an authentication key sent via mobile device.
• Proof of existence - A key using biometric data or voice recognition. 

Making users prove they are who they say they are is a solid practice to secure your data, but it is important to limit your efforts as to not put too many redundant barriers between your data and your users. 

Ensure Your File Sharing Fits In

As important as file sharing can be, it also can cause some problems if the solution you choose doesn’t fit into your overall security strategy. There are all types of options on the market and the one that you choose needs to fit into your overarching security posture. File sharing is only one facet of your business that needs to be secured, so as to not leave your business vulnerable, ensuring that any file sharing platform you choose to use fits in with all your other security efforts is a must. 

Here are some types, for example:

• Sending encrypted attachments via email
• Sharing links to public or private files in the cloud
• Establishing shared folders or collaborative spaces either online or by syncing information from one location to another

Train Your Staff

Like any other part of your business, the people that use a piece of technology need to be sufficiently trained on how to use it to ensure that its features are used properly. Most hosted platforms are going to take some getting used to for your staff; there is no way around it. That’s why you should get out in front of it and provide the necessary training that will get your people up to speed faster. The more they know, the more secure your files and your file sharing will be. 

At MSPNetworks, we work with New York companies that require dedicated IT services and support to keep their business secure and running efficiently. If you would like to get some insight about enterprise file sharing from our IT professionals, give us a call today at (516) 403-9001. 

It’s easy to use the terms “patches” and “updates” as if they mean the same thing, and they are often used interchangeably within the same context. However, understanding the difference between the two can make a world of difference in terms of how you approach implementing each of them. We’re here to clear things up a bit and help you better understand the patches and updates you deploy on a month-to-month basis.

What is the Big Difference?

Patches and updates are critical to ensuring that your devices and mission-critical software are kept secure from potential threats. Over time, vulnerabilities or operational issues which impact security could arise, and software developers rise to the occasion to resolve them by issuing these patches and updates. The big difference between the two is scope and scale.

Patches are generally used for quick fixes to specific problems which need attention. You can think of it like patching a rip or tear in a piece of clothing. You get a piece of fabric, throw it over the problem, and sew it on for a fix.

Updates, on the other hand, are more structural in nature, and they are generally larger in scope. They might address multiple problems at once. It’s like changing the fabric of your shirt entirely rather than just patching the hole.

Why Should You Care?

In short, the biggest reason why you should care about the difference between patches and updates is that it could very well impact your ability to do your job correctly.

Let’s say you implement a new update. Yes, it solves several problems with the security infrastructure of your software or applications, but it could very well introduce new bugs or operational issues that either affect the way your team gets work done or your ability to perform specific tasks. Imagine if someone updated your operating system overnight and, all of a sudden, the user interface changes, or a critical task you need to perform no longer works the way you expect it to. You have to take the time to adjust to the update or review documentation to ensure that it’s not going to disrupt your operations too profoundly.

Make Patches and Updates Easy to Apply

We know that applying patches and updates can be a bit disruptive to your day-to-day duties and responsibilities. Furthermore, you don’t want to be applying patches and updates on a whim; you need to approach these carefully to ensure they have minimal negative impacts on your business’ operations. This is why MSPNetworks offers remote patching and security update services. We can apply any patches or updates your systems need without the need for an on-site visit. With our management tools, you can rest assured that someone is keeping an eye out for your systems.

To learn more, reach out to MSPNetworks at (516) 403-9001.