MSPNetworks Blog

If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.

What is Patch Tuesday?

You don’t need us to tell you that Microsoft as a software developer is a big deal, having released major computer operating systems and business applications that are used by countless individuals and organizations across the globe. We want to highlight one quality that is a little easy to forget sometimes, though, and that is the fact that Microsoft, like any other software developer and publisher out there, is not infallible. They are bound to create products with flaws in them, just like anyone else.

This is why Patch Tuesday exists. It provides Microsoft with the opportunity to routinely address performance issues, security risks, and other bugs that might be discovered in their software. Each month, the Microsoft Security Response Center puts out information using Common Vulnerabilities and Exposures numbers on their website. This information is designed to inform IT workers and the public in general about security issues that are addressed with each update. These updates typically cover Windows operating systems—including those that have reached their end-of-life but are covered under an extended support contract—as well as other Microsoft software products.

Patch Tuesday is the second Tuesday of each month. Patches and updates are issued at 5:00pm (Coordinated Universal Time).

Why is Patch Tuesday Important?

Simply put, Patch Tuesday was created to give IT workers a heads-up as to when patches and updates will be applied. Oftentimes IT workers will need to prepare an infrastructure for a blanket installation of important patches and updates, so this gives them an official date and time to work towards.

Patch Tuesday is also important to another, slightly less altruistic group of individuals: hackers. Cybercriminals and developers of online threats can scour the code of Microsoft’s patches to gain insights into vulnerabilities that might have been addressed within them. They can then use that information to reverse-engineer patches, so to speak, to target individuals who have not deployed their new patches and updates, thereby getting the jump on users who have not expediently deployed them.

Why Are Patches and Updates In General Important?

There is a reason why patches and security updates are issued so regularly, and it’s a big one: your business is very much at risk without them. Patches and updates are issued to shore up security vulnerabilities in software—vulnerabilities that could ultimately give hackers access to your network if they are crafty enough.

It’s important to note that not all vulnerabilities are actively exploited in the wild prior to being detected. It’s entirely possible that developers at Microsoft happened upon them out of the blue and decided to address them appropriately. When they do find unpatched vulnerabilities that are being exploited, however, they tend to release patches and updates out of their routine to get them into the hands of the public as soon as possible.

If all this talk about patches and updates has you concerned about the future of your organization, fear not. MSPNetworks is happy to assist you with the management and deployment of all patches and updates for your mission-critical systems. To learn more about what we can do for your business, reach out to us at (516) 403-9001.

What do you do if you have forgotten your wireless router’s password? You could restore the router back to its default settings, of course, but what if you have, like a dummy, never changed the router’s password in the first place? This Internet password repository could be your saving grace.

RouterPasswords.com

RouterPasswords.com is a website built to document default usernames and passwords for wireless routers. It’s run by a community of users for a community of users. Essentially, anyone can submit their default username and password for their router to help anyone out who may have forgotten it somewhere down the line. They make a point to highlight that the username and password of the router is not the one set by your Internet service provider–rather, they want the factory-set default credentials. Once the credentials have been reviewed by an administrator, they are added to the online repository.

It’s also worth mentioning that this site can be helpful from a technician’s perspective as well, as identifying the default username and password for a device can mean less work and less time spent troubleshooting an issue, if that is indeed the problem at hand.

In addition to having the largest default router password repository on the Internet (according to them, at least), the website also provides tips and tricks for how to manage router settings, reviews for the latest wireless routing technologies, and news related to wireless technology.

There is a Dark Side to This Website Existing

Of course, there is also the negative consequence of a website like this existing in that, if you can use it, so can anyone else on the Internet—hackers included. Imagine that you are a hacker and you’re trying to find the path of least resistance into a wireless network. You notice that the device’s wireless network name was never changed or set up beyond the factory default, so you assume that the wireless network’s password is also the factory default.

From there, well, you can guess where this story goes.

You should always change your wireless network’s name and password for this very reason. Tools like this exist to make users’ lives easier, but they inadvertently also make the lives of hackers easier, too.

Reinforce Your Wireless Practices with Us!

MSPNetworks can of course help you shore up any weaknesses that might exist in your business’ wireless network policies and connections. With us on your side, you’ll have a staunch ally in the fight against cybercrime. To learn more, contact us at (516) 403-9001 today.

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.

No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.

Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.

Why You Should Never Pay the Ransom

Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.

Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.

This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.

Instead, You Should Call Us!

If you become the target of ransomware, we suggest you call MSPNetworks at (516) 403-9001. We can walk you through the appropriate next steps to address ransomware on your network.

Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.

Get started today by calling us at (516) 403-9001.

Passwords are just one part of a comprehensive security strategy, but they are a crucial one. You must make sure that you are investing adequate time and effort into making sure your passwords are secure. This is easier said than done, but by the end of today’s short blog article, you’ll have all the information you need to craft excellent passwords for your accounts.

What Are Some Password Best Practices?

In a list format, we have put together some password best practices for your review:

• Use complex strings of characters: Your passwords should consist of both upper and lower-case letters, numbers, and special characters.
• The longer, the better: If you have more characters in your password, there are more opportunities for a hacker to get it wrong. Your passwords should be easy to remember, but hard to guess.
• Opt for passphrases rather than passwords: To make your passwords easier to remember, you can use a passphrase. The passphrase is basically an upgraded password variant that is harder to guess, but easier to remember. For example, if you were to use a favorite ’80s movie, you might pull a famous line from the movie along with the title and tie it together. For example, if your favorite movie of all time is Short Circuit, you might make your passphrase Sh0rtCIRCUIT#5isALIVE!86
• Use different passwords for each account: You should be using different passwords for each of your accounts, just in case one of them gets stolen. After all, if you use the same password for every account, you’ll have to change every single one of them anyway.

With these practices, you can make more complex and secure passwords. In addition to these practices, you can consider some of the following to make using them easier and more efficient.

What Else Can You Do to Protect Your Online Accounts?

To capitalize on the benefits of password security for your business, we recommend that you take things just a hair further with additional policies and technology solutions. We recommend multi-factor authentication and password management solutions to get the most out of your password and authentication policies.

With multi-factor authentication, you can use additional authentication protocols alongside passwords to maximize security. Your average multi-factor authentication tool will utilize two of the three methods: something you are (biometrics), something you have (smartphone, USB key), or something you know (a password, PIN, or passphrase).

In comparison, password management tools take what you have applied to your password security and make them that much easier to manage. Password managers store your passwords in an encrypted database where they are protected by a master password. You can then call the passwords as they are needed when you access your accounts. Password managers often have the capabilities to generate passwords for you, just in case you need some help with your complex passwords. It makes using complex passwords and passphrases that much easier.

MSPNetworks is here to help outfit your business with the security and productivity tools it needs. Give us a call at (516) 403-9001 to learn more.

Chances are pretty good that, by this point, you’ve heard of burnout—maybe you’ve even suffered from it before yourself—but, just in case you’re a remarkably lucky human being, it’s the phenomenon where your employees become disengaged to the point where their performance suffers. While this isn’t good in any facet of your business, it can be especially damaging in terms of your security.

Let’s explore the concept of cybersecurity burnout (spoiler alert: it’s present at all levels, all the way up to cybersecurity pros) and how it could potentially cause problems for your business.

What is Cybersecurity Burnout?

The concept of burnout is a simple one: as we’ve said, it’s a deep-seated disengagement that one of your employees feels from the job you employed them to do. Cybersecurity burnout, generally speaking, is burnout that impacts a business’ cybersecurity professionals and leads them to feel this level of disengagement. However, the reality of today’s workplace is that everyone has to be responsible for cybersecurity.

As a result, everyone is also susceptible to cybersecurity burnout.

 In terms of cybersecurity burnout, the aforementioned disengagement presents itself in a few different ways:

• Human error, in terms of missed phishing signs due to increased stress (which enables attackers to hide their attacks that much more effectively)
• Increased apathy, leading to less adherence to best practices like password standards or bans on shadow IT
• Diminished productivity, leading to less accomplished for your business overall
• Turnover, as stressed and frustrated employees seek out better work environments and compensation

None of this bodes well for a business, so what can be done to prevent this kind of burnout?

How Can I Keep My Employees Engaged in Cybersecurity?

When it comes to cybersecurity burnout, resolving it is very similar to how you would resolve any kind of burnout:

• Recover - Burnout is largely the result of an employee being worn down and exhausted, emotionally and mentally. Giving them the chance to recharge their batteries throughout the day—and insisting they utilize it—can help them break the patterns that lead to swifter burnout.
• Reorient - Once your team members have recovered somewhat, it’s time to help them get back on task in a more effective and balanced manner. Helping them identify their priorities and grasp the importance of their security-related tasks is an effective way to do so.
• Renew - Finally, it is time to help prevent this kind of cybersecurity burnout from coming back. Encourage your team members to develop their professional relationships with one another, and work with them to help align the values that they have with those of your company.

Turn to Us for Assistance with Your Cybersecurity

We’re here to help you keep your business secured in any way we can, especially through our monitoring and maintenance services. This can help take some of the pressure off your employees, allowing them to focus on their tasks more effectively.

Find out more by giving us a call at (516) 403-9001.

Technology has come a long way, but so too have the threats which leverage it to their advantage. How have the cyberthreats which target your organization evolved over time, and what can you do to protect yourself?

There Are More Risks Today Than Ever Before

Modern tools such as artificial intelligence, the Internet of Things, and the cloud give businesses more options to get their work done, but they also represent additional avenues for hackers to attack. Automation can improve your work processes, for example, but it can also make it easy for phishing attacks and other types of threats to infiltrate your network.

This type of advancement means you need to take action. Here are three questions your organization must consider for its continued security and success.

Consider These Three Questions

Let’s examine some of the first questions you should consider for your business’ cybersecurity:

1. Are the security measures we have in place now enough to protect us from developing threats and risks?
2. Are we putting sufficient time into training our employees to be a security asset, rather than a source of vulnerability?
3. Are we preparing ourselves for the threats that will develop thanks to emerging platforms and new technologies?

What Else Should You Consider?

Furthermore, we have some other considerations your organization should look at to keep your technology safe.

Improve the Way You Seek Out Malware

There will always be the types of threats that are in your face and ready to demand a ransom, but more often than not, malware will sneak around in the background and mimic a legitimate user’s technology habits. You have several ways to combat this, such as automated security solutions and increasing your employees’ security awareness.

There Are More Threat Surfaces to Protect

More technology means better processes (when implemented correctly), but it can also mean more vulnerabilities to threats. Businesses need to take stock of their current risk management strategies to ensure that they are effective, even when implementing new technology, without making your systems too complex or hard to manage.

Improve Awareness at All Levels

Your IT department will likely handle most of the cybersecurity issues with your business, but awareness and adoption starts from the top down. If you don’t take security seriously, nobody else will. Now is the time to make security a priority by showing your team just how important it is.

Let’s Work Together to Protect Your Business

As managed IT providers, we work to protect our clients from the many current and emerging threats out there. By making things as easy as possible for businesses like yours to protect themselves from cyberthreats, we give you the power to take back your workday and focus on profits and more efficiently running your business.

To learn more about how we can help you make this vision a reality, reach out to us at (516) 403-9001.

In today’s business, sharing files is easy and something many workers take for granted. Unfortunately, not all file-sharing methods are secure. When efficiency is prioritized over security, it can often lead to extremely troublesome situations. For this week’s tip, we thought we’d go through a half dozen practices you can take to ensure your files get to where you need them to get safely and securely. 

Use a VPN

The Virtual Private Network is a key tool when it comes to securing your data flow. It allows users to use public Wi-Fi, many of which are more than sketchy connections, to safely and securely transmit data. Many public Wi-Fi connections leave users exposed and with a VPN, you have an encrypted portal that makes intercepting data highly unlikely. 

Thorough Password Management

Not only do you need to understand how to concoct a secure password and reliably protect your accounts with solid password practices, you should also consider using a password manager to store your passwords. Not only does a password manager make it almost impossible for hackers to access your passwords, you can also stretch a buck if you need to use shared passwords. There are a lot of them to choose from and the professional consultants at MSPNetworks can help you set up a solution to ensure that your accounts are protected. 

Control File Access

One of the best ways to ensure that files are secure is to maintain control over the permissions of them. One of the easiest ways to do this is by assigning groups that can access certain files or file types. You can set permissions by department, but you can also just set up groups that have users in them who need access to the files. Since not everyone needs access to every single file, controlling users’ access is one of the best ways to keep your files and file storage secure. 

Set Up and Enforce Use of Multi-Factor Authentication (MFA/2FA)

Multi-factor authentication (or two-factor authentication) is a security step that requires any user to prove their identity before logging into a particular system. MFA uses multiple authorization methods to verify their identity. They do this in three ways:

• Proof of knowledge - A password or PIN that only the user knows
• Proof of possession - A key of some sort, typically an authentication key sent via mobile device.
• Proof of existence - A key using biometric data or voice recognition. 

Making users prove they are who they say they are is a solid practice to secure your data, but it is important to limit your efforts as to not put too many redundant barriers between your data and your users. 

Ensure Your File Sharing Fits In

As important as file sharing can be, it also can cause some problems if the solution you choose doesn’t fit into your overall security strategy. There are all types of options on the market and the one that you choose needs to fit into your overarching security posture. File sharing is only one facet of your business that needs to be secured, so as to not leave your business vulnerable, ensuring that any file sharing platform you choose to use fits in with all your other security efforts is a must. 

Here are some types, for example:

• Sending encrypted attachments via email
• Sharing links to public or private files in the cloud
• Establishing shared folders or collaborative spaces either online or by syncing information from one location to another

Train Your Staff

Like any other part of your business, the people that use a piece of technology need to be sufficiently trained on how to use it to ensure that its features are used properly. Most hosted platforms are going to take some getting used to for your staff; there is no way around it. That’s why you should get out in front of it and provide the necessary training that will get your people up to speed faster. The more they know, the more secure your files and your file sharing will be. 

At MSPNetworks, we work with New York companies that require dedicated IT services and support to keep their business secure and running efficiently. If you would like to get some insight about enterprise file sharing from our IT professionals, give us a call today at (516) 403-9001. 

It’s easy to use the terms “patches” and “updates” as if they mean the same thing, and they are often used interchangeably within the same context. However, understanding the difference between the two can make a world of difference in terms of how you approach implementing each of them. We’re here to clear things up a bit and help you better understand the patches and updates you deploy on a month-to-month basis.

What is the Big Difference?

Patches and updates are critical to ensuring that your devices and mission-critical software are kept secure from potential threats. Over time, vulnerabilities or operational issues which impact security could arise, and software developers rise to the occasion to resolve them by issuing these patches and updates. The big difference between the two is scope and scale.

Patches are generally used for quick fixes to specific problems which need attention. You can think of it like patching a rip or tear in a piece of clothing. You get a piece of fabric, throw it over the problem, and sew it on for a fix.

Updates, on the other hand, are more structural in nature, and they are generally larger in scope. They might address multiple problems at once. It’s like changing the fabric of your shirt entirely rather than just patching the hole.

Why Should You Care?

In short, the biggest reason why you should care about the difference between patches and updates is that it could very well impact your ability to do your job correctly.

Let’s say you implement a new update. Yes, it solves several problems with the security infrastructure of your software or applications, but it could very well introduce new bugs or operational issues that either affect the way your team gets work done or your ability to perform specific tasks. Imagine if someone updated your operating system overnight and, all of a sudden, the user interface changes, or a critical task you need to perform no longer works the way you expect it to. You have to take the time to adjust to the update or review documentation to ensure that it’s not going to disrupt your operations too profoundly.

Make Patches and Updates Easy to Apply

We know that applying patches and updates can be a bit disruptive to your day-to-day duties and responsibilities. Furthermore, you don’t want to be applying patches and updates on a whim; you need to approach these carefully to ensure they have minimal negative impacts on your business’ operations. This is why MSPNetworks offers remote patching and security update services. We can apply any patches or updates your systems need without the need for an on-site visit. With our management tools, you can rest assured that someone is keeping an eye out for your systems.

To learn more, reach out to MSPNetworks at (516) 403-9001.

Mobile devices demand a special type of attention in order to ensure security. You want to ensure that your devices are protected as well as possible, but you also need to ensure that this does not come at the expense of your employees’ productivity or efficiency. We’ve put together a list of common security issues you might encounter when securing your mobile devices, as well as a couple of practices you can implement to work toward an adequate level of cybersecurity for your mobile infrastructure.

Malicious Applications

Mobile applications will be crucial to productivity with your mobile devices. Just like how laptops and desktops run software and programs, mobile devices require applications for various tasks, including data storage, file access, communication, productivity, and many more. You can usually find these applications on the designated app store for Android or iOS, but you might have to dodge a couple of malicious applications in the process. Make sure you are downloading the appropriate app from a trusted developer rather than a fake, malicious one.

Unsecured Connections

Mobile devices will be connecting to wireless networks in order to dodge the use of mobile data for every little task, but the problem with most public wireless networks is that they are unsecured and susceptible to attacks from all sorts of threats. Even if they are secured, they likely are not secured appropriately, and hackers might be able to intercept or view data traveling to and from your device.

Lost or Stolen Devices

One of the major challenges of mobile devices is the fact that they are… well, mobile, and as such, more likely to be lost compared to your traditional in-house technology solutions. It’s easy enough to misplace a smartphone or laptop, and it’s just as easy for a thief to walk away with it if you take your eyes off of them long enough. 

Security Solutions

To keep your mobile devices from becoming a major pain in the neck from a security standpoint, we recommend that you implement the following solutions and measures. They will go a long way toward keeping your business and its data safe.

• Mobile Device Management: An MDM solution gives your business the power to control app downloads and permissions on devices, all while remotely wiping lost or stolen devices as needed. It makes keeping track of your company’s mobile devices as easy as can be.
• Virtual Private Networks: A VPN is a powerful security tool that gives your mobile devices access to an encrypted connection to your business’ data infrastructure. This means that a hacker won’t simply be able to steal data while it’s in transit, and if they do, they will have to deal with military-grade encryption to make heads or tails of it.

Mobile device security doesn’t have to be difficult; make it easier by contacting MSPNetworks at (516) 403-9001!

Anyone who has a mailbox or an email knows all about junk mail. We all receive Publisher’s Clearing House entries, calls about your car’s extended warranty, promotions for items and events that you swore that you discontinued by typing “STOP”, and just needless spam that you waste your time going through and deleting. We receive unsolicited messages every single day.

It’s actually more routine now than annoying. 

Today, there are more scams directed at the average individual than ever; and, as a result, it can have negative effects on every organization if someone mistakenly interacts with the wrong one. If you think it isn’t a big deal consider that these scams cost individuals, businesses, and governments over a trillion dollars every year. That’s >$1,000,000,000,000. These scams affect more people from all different types of age groups more than any other crime. Today, we’ll go through why so many people fall for scams and what you can do to protect yourself against being part of this staggering statistic. 

More Scams, More Exposure

The first reason that there are more people falling for scams is because there are just so many scams sent out. For years, there were lottery scams that cost people in the neighborhood of $200 million dollars, but today that cost has doubled; presumably because there are just more scams of that type sent every day. Before everyone depended so highly on the Internet, scams would happen, but they would be more intimate. Individual people stealing money by getting people to invest in real estate scams. Even the Bernie Madoff scam, that defrauded investors of over $64 billion dollars, was the work of a lone firm where many of the people working there thought the company was legitimate. 

 Today, there are teams (companies, in fact) that are in business to defraud people. Since the cost of perpetuating this type of crime has dropped substantially, businesses with the model of fraud have grown and are responsible for the major increase in stolen money.

 What’s worse, it is more difficult than ever to catch and prosecute these criminal organizations. They often operate out of nations that don’t have the type of law enforcement infrastructure needed to combat them. Think about this: Have you recently got a phone call from your area code only to answer it and it be a scam caller? This isn’t somebody in the next town trying to sell you on an extended warranty for your car, it is someone a world away using a routing program to spoof the number that will work to engage the call’s recipient. 

Scams Have Targets

Another reason people are falling for scams is that they are becoming more and more sophisticated by the day. Scams today use the names of popular brands or even people’s own companies to get them to engage with the ruse. Most businesses move fast, especially on the Internet and if a subordinate gets an email from their direct supervisor to send money, login credentials, or other sensitive information, many workers will ignore the warning signs and complete the task. Only after the fact will they understand that they’ve been had by an organization that’s whole mission is to steal data and defraud individuals. 

 The more familiar the tone of the correspondence and the more familiar the whole thing is presented as, the more apt that people are going to let their guard down and interact with these scams. Somewhat surprisingly, younger people are more likely to ignore warning signs and move forward. There are more millennials in the current workforce than any other generation and their lack of awareness, or even their desire to do their job well, can lead to major issues. Since older employees tend to have experience dealing directly with the people they need to deal with, they aren’t as targeted as younger employees. That said, there were over 1.2 trillion phishing emails sent in 2020, and that number continues to rise every year, so everyone remains a target. 

What You Can Do

Well as a business owner or manager, you need to do everything in your power to keep your people educated about how to interact with scam emails, phone calls, and instant messages. Let’s look at some good tips to follow when educating your staff and building your cybersecurity strategy. 

• Be alert - In order to catch a phishing scam before it creates a headache for you, you have to interact with every message you get with a degree of skepticism.
• Verify - The best way to avoid troubles from email and messages sent to you that demand action is to verify with the sender. It doesn’t take that long and any grief you may get from it is far less than the grief you would get if you sent money or information to an unauthorized person outside the organization.
• Look for telltale phishing signs - Does the message you received demand things of you that aren’t normal? Does it have links, phone numbers, or attachments that the email directs you to interact with? Are there spelling and grammar errors? If the message you’ve received doesn’t seem legitimate, it likely isn’t.
• Use security software - One of the best ways to fish out phishing emails is to use a spam protection program. Most enterprise emails have one built in, but they don’t always catch all of them. If you find that you are getting spam emails in your inbox, you can direct them to your spam folder. 
• Keep a backup (or several) - One of the best ways to protect your business in lieu of all the scams and hacks going on is to ensure that your applications and data are backed up. At MSPNetworks, we utilize a backup and disaster recovery service that keeps your files backed up onsite and in an offsite data center to ensure that when you need to get to your backups, you can. 

 If you would like to know more about how to avoid online scams and keep your business more secure, give us a call today at (516) 403-9001 and return to our blog regularly.

When we think about cybersecurity, we usually think about protecting our computers from viruses, right?

I’d imagine a few of our older readers remember a time when you would go to the store and buy antivirus software that came in a big brightly-colored box with a CD in it each year.

As you probably already know, things aren’t as simple anymore.

Cybersecurity is a Huge Problem, Because It’s a Lucrative Business

Maybe the idea of going to the store to purchase the latest version of Norton Antivirus for my home PC makes me wax nostalgic a little, but things have become much more complicated over the last couple of decades when it comes to cybersecurity.

Gone are the days where computer malware simply exists to spread and annoy users. Well, that stuff still exists, but most users are pretty well protected from it, thanks to free antivirus software and built-in protections that are baked right into the various operating systems we’ve come to depend on.

Unfortunately, cybercriminals started to figure out the value of their skills and have been able to turn their talents into careers. I won’t dive too deep into the history of this, as it’s not even necessarily new, but it has been a major factor behind the majority of attacks against personal users and businesses.

It’s estimated that over one percent of the entire global economy is lost to cybercrime each year, and that rate has been increasing quickly over the years. A single percentage might not seem like much, but it’s monetary worth at least $600 billion, and it’s also likely that percentage is a bit higher as many crimes go unreported. As a comparison, the US film industry is about 3.2% of the GDP, and the US professional sports industry is about 1% of the GDP.

That’s not nothing.

Cybercriminals Treat It Like a Business

It’s pretty rare to come across a business that doesn’t have some form of antivirus these days (thank goodness). That’s good. All businesses need to have centrally-managed, carefully monitored, and thoroughly maintained antivirus.

Let that sink in, though. Most businesses have this base-level of protection, but cybercrime is booming.

You need to look at cybercriminals and realize there are very clever, hard-working entrepreneurs within this group, and that they are always looking for ways to grow and expand. You need to compare cybercriminals to other businesses you see today. They are constantly trying to disrupt in the same way that Uber and Lyft disrupted the taxi industry… while also disrupting the course of business for everybody else involved.

It’s a business about making the most money with minimal effort, using tactics that can easily be repeated and have a high success rate.

Look at them as your competitors in sort of a weird sense. They are ruthlessly vying for your revenue.

It’s Time to Take Cybersecurity Seriously

For many businesses, complying with certain levels of cybersecurity protections is the law, but it’s more than that too. Even if you are a healthcare practice that is strictly following HIPAA and every other compliance regulation, you need to review and push that envelope a little harder to stay ahead of those who are working just as hard to get a piece of your business.

It’s terrible, it really is. Like I said, I miss the days when it was as simple as installing new antivirus every year.

That said, we are here to help. At MSPNetworks, we take a security-first approach to everything we do, and we can help your business protect itself. It’s not worth waiting. Even if you just want a second set of eyes to evaluate your network, don’t hesitate to give us a call today at (516) 403-9001.

Insurance is a great asset, should you ever need it… including where your business technology is concerned. If you weren’t aware, there is a form of insurance—cyber insurance—that you can purchase in case your business suffers from a data breach.

Is this additional form of insurance worth the investment? Absolutely.

Let’s take a few moments and explore why you’ll be happy to have cyber insurance when the time comes

What is Cyber/Cybersecurity/Cyber Liability Insurance?

Cyber insurance, like any other form of insurance, is meant to help cover the financial impacts of a given event. In this case, the event would be some kind of cyberattack.

It can be easy to underestimate the fallout that a cyberattack can have. Sure, there’s the immediate issue that the attack itself creates in terms of lost time and productivity, but there are plenty of other impacts and aftereffects that are also associated with these attacks as well.

For instance, if you’ve lost data, you could very well face significant fines from the government, on top of the definite lack of trust the general populous will likely feel toward your business once word gets out about your data loss event.

Then, you also have to consider how much it will cost to restore your business, fixing the systems that have been impacted and influenced by the attack. You need to account for all the business that the aforementioned lack of trust will lose you. You need to factor in the cost of all the notifications that you will need to send out to those impacted by your data breach.

This is a pretty, pretty penny… far more than you can realistically budget away in your IT costs.

Hence, cyber insurance.

What Can Cyber Insurance Help Cover?

There are assorted needs that cyber insurance can help you to pay for, if need be, including:

• Notifying affected parties
• Resolving security issues
• Providing credit monitoring services for those impacted
• Extortion payments
• Expenses related to resuming your business practices
• Covering public relations costs

Who Needs Cyber Insurance?

To put it in no uncertain terms: any business that stores or handles sensitive information, whether that’s financial data, medical information, contact details, or personally identifiable information.

Don’t get us wrong, we don’t hope that you ever have a need for cyber insurance—we just know it is better to be prepared. Having said that, we’re also here to help minimize the chances that you’ll ever need it.

Reach out to us to learn more about our comprehensive cybersecurity services by calling (516) 403-9001.

Phishing attacks can be scary to deal with, especially since it is not unheard of for staff members to not even know they are looking at one. To make sure your staff can identify and respond to phishing attacks in an appropriate way, we’ve put together this short guide to help you along the way.

First, let’s go over what makes a phishing attack.

What is Phishing?

Phishing is one of the most common forms of cyberattacks used by criminals with goals ranging from stealing data to gaining access to an infrastructure. Essentially, a phishing attack is an attempt by a cybercriminal to communicate with your team members in hopes that they will give away important information or allow access to critical systems. Phishing attacks are a natural evolution of cyberattacks that rose in popularity due to the advancement of security standards; while solutions have grown stronger and more difficult to crack, the human mind remains ever-vulnerable.

Phishing emails are the most well-known type of phishing attack, but they also come in other forms, like online forms designed to harvest credentials, SMS messages with infected links, phone calls, and other means of communication. Since phishing attacks can take so many different forms, it’s important that your team knows what to look for in these attempts, as well as how to report them to your trusted IT administrator. 

Let’s go over some of the ways your team members can identify a potential phishing attack.

Signs That a Phishing Attack is Targeting You

There are plenty of warning signs you can use to identify a phishing attack. Here is a short list to consider, but if you have any concerns at all, we hope you will reach out to us at (516) 403-9001 to learn more about them:

• A tone that doesn’t match the supposed sender
• Misspellings and other discrepancies in key details, like email addresses, domain names, and links
• Out-of-the-blue messages
• Egregious spelling and grammar errors
• Unexpected or out-of-context attachments
• Excessive urgency behind, or open threats as a consequence of, not complying with the message
• Ambiguous messages that motivate the recipient to investigate
• Unusual requests, or requests for explicitly sensitive information

It’s incredibly important to know what these warning signs are so you can actively keep a lookout for them. If you don’t, who knows what could happen?

We’re Here to Help Keep Your Team Safe!

If you feel you could use some help keeping your business safe from phishing attacks, we are happy to help. To learn more, reach out to us at (516) 403-9001.

Unfortunately, cybersecurity is a lot easier to reinforce in the office than it is when your team members are working remotely—and even then, it can be a serious challenge to maintain. However, let’s focus on the remote worker’s situation for a few moments and review a few best practices that can help a remote worker stay secure.

Best Practice: Provide Them with the Tools to Stay Secure

When your team members are working outside of the office, they aren’t going to be protected by the security you’ve implemented into your business network—not without a few specialized tools in place. This is why your remote workers should have fully up-to-date antivirus solutions and virtual private networking (VPN) connections in place.

A VPN in particular is a great tool for a remote worker, as it allows them to access your business’ network from elsewhere without revealing their traffic and data to snooping eyes.

Best Practice: Emphasize Password Security Even More

Spend enough time with us, and you’ll likely be able to recite the advice that we repeatedly share regarding passwords—never writing them down, using a different password for every account, creating passwords (or ideally, passphrases) that will hold up to attempts to crack them, and many more tidbits. Remote employees need to be held to the same standards, and then some.

With your team members acting outside of your office, they aren’t sitting in an environment that actively reminds them to maintain their security standards in general, meaning that their password practices are apt to suffer. Working to keep these standards top of mind will be important for you to prioritize.

Best Practice: Reinforce Physical Protections

Cybersecurity practices go beyond password resilience and antivirus protections—you also need to consider your actual technology and the physical protections you have defending it. Keeping unexamined peripheral devices away from your work hardware, keeping your work hardware secured, and generally keeping it reserved exclusively for your work-related use are essential parts to your overall security posture.

Of course, this is just the tip of the iceberg—there’s a lot more that can and should be done to ensure your remote workers aren’t undermining your business’ cybersecurity. Learn more by reaching out to us at (516) 403-9001.

Your network security is of the utmost importance to your business for numerous, hopefully obvious reasons. However, there are a few errors that are easy enough to make that could easily be the proverbial monkey wrench in the works. Let’s go over what these network security faux pas look like, so you can resolve them more effectively (and don’t worry, we’ll discuss that, too).

So, let’s dive right into the mistakes you need to identify in your business—if they should be present—so that they can be fixed.

Not Preparing For (or Denying Outright) Threats

“But it doesn’t happen to businesses like mine,” is one of the most lethal opinions you could possibly have in terms of your preparedness against threats of all kinds. This is primarily because (spoiler alert) these kinds of attacks do, in fact, happen to businesses like yours.

They happen to all businesses—it really comes down to how well prepared you are to resist the efforts of such attacks. This will require some forethought to first generate a list of risk factors your business is apt to face and establish the means to minimize them. Between phishing and other forms of social engineering, pure cyberattacks, and the litany of other attack methods that modern cybercriminals employ—often using automation—the threats to all businesses are very, very real.

Neglecting Maintenance and Upgrades

Let’s say that you do accept that you’re at risk of cyberattacks. That’s a great start, but if you don’t keep up with your IT’s needs and allow your business’ technology to fall into disrepair, you’ll also accept that you’re going to be breached. You need to keep up with your upkeep, ensuring your technology and its defenses are all in proper working order and that you promptly install any upgrades that apply to your solutions.

Failing to Educate Employees on Security Processes

Look, I understand the impulse to want to trust your team members to make good decisions, but there’s a difference between trust and shortsightedness. While you should feel that you can trust your team, not educating them on how to recognize and appropriately respond to the various threats they are effectively guaranteed to encounter leaves them far more vulnerable than otherwise. Training them, on the other hand, helps you secure your business that much more effectively.

Not Establishing a Cybersecurity Policy or Standards

If you aren’t enforcing a baseline expectation for your team to follow in terms of their security, you are again providing an inroad into your business. Putting together the standards that your team members need to uphold—particularly in terms of passwords, multi-factor authentication, and the like—and holding them accountable to them will help to keep your business and its data secure.

Using the Default/Built-In Options

Honestly, you get what you pay for when it comes to your security, so default security options that come integrated into your solutions aren’t the wisest move. The investment into more trustworthy security options will be well worth it when you compare it to the cost of a breach. We can equip you with security solutions that you can trust your business’ data to.

Shortchanging Your Business Data

You need to consider your data itself, and what might happen if your infrastructure was to fail. Failing to maintain a comprehensive backup and data recovery strategy only risks your business further. On the other side of the coin, you need to ensure that your data is only accessible by those who need it, and remains protected both while in storage and while in transit.

Worst of All, Not Turning to the Experts for Help

Finally, the biggest network security mistake you can make is trying to go it alone, instead of leaning on the team of professionals we have here at MSPNetworks. Find out more about our multiple cybersecurity services that can help you avoid these mistakes by calling (516) 403-9001.

Despite hearing about a constant stream of cyberattacks over the past few years—most of which cause millions of dollars of damage to businesses—it might still be difficult for you to justify spending a lot of money on your business’ cybersecurity plans. There is a finite amount of capital to go around and many times CIOs and network administrators will be rebuffed by management when asking for money to spend on cybersecurity. Today, we thought we’d discuss three ways that you can spend on cybersecurity initiatives and not feel like you are throwing your money down the drain. 

Today, many organizations have gone as far as to hire a CISO, or chief information security officer to handle budgetary issues when it comes to the protection of a business’ digital resources and information systems. Even though they operate under the CIO, they typically have budgetary discretion to spend cybersecurity money as they see fit. If your business doesn’t have a defined CISO, these four tips should help you out. 

Identifying Your Organization's Digital Strengths and Weaknesses

As with most IT-related initiatives, in order to intelligently spend your organizational cybersecurity capital, you need to assess your current standing and how they relate to putting together reliability in your IT. You’ll want to start by identifying the assets that need to be protected. You may be surprised at what you find after an assessment.  Most businesses, especially in the small business sector will find that they come in woefully short in:

• Business continuity plans - Businesses tend to put in minimal effort into their contingency plans and will find that if something were to happen to their business’ information systems that they would be facing major downtime events and other disastrous situations.
• Phishing and cybersecurity training - The threat landscape is littered with businesses that haven’t prioritized training for their staff. Today, phishing attacks are the number one source of malware attacks and other cyberattacks. 
• Cybersecurity insurance - There are many cyber insurance plans out there that can help protect a business against data loss and cyberattacks. 

Regardless of your business’ situation, a full security assessment can give you the answers you are looking for to help drive a robust cybersecurity strategy. 

Aligning Your Security to Support Your Business

To understand how they get a return on your security investment, decision makers need to see potential issues in practical means. This often means breaking it down into dollars and cents. Security spending will always be justified if decision makers see how inherent risks can ultimately affect ongoing continuity and business processes in general. 

You need to make them understand that security efforts have to go further than just maintaining regulatory compliance. You will want to make them understand that your security budget is used for risk mitigation, sure, but also can benefit productivity and boost revenue. One way you can accomplish this is to automate certain security processes. Not only will this remove the repetitive and mundane tasks thrust on your IT team, it will also provide the data needed to justify the increased security spending as it will lay out how spending on security can save an incredible amount of capital when compared to dealing with cyberattacks and other security issues. 

Onboard Solid Contributors

Finally, everyone knows that new hires are some of the costliest line items in a new budget, and to justify the need for them on the cybersecurity side, you also need to cultivate a strategy that requires investment to be made. That may just be having extra eyes on your IT infrastructure, or bringing on people that can help train your employees on the best practices that will keep your business’ data and infrastructure secure. Investing in solid contributors that quickly understand the role they play in your organizational security and don’t need to have their hand held while navigating your business’ computing environment can bring significant dividends. 

Network security is always going to be a touch and go issue, especially for people who need to release funds to your IT team. Getting them the tools and resources they need to mitigate the negative impact to your business takes work but is possible. If you would like to have a conversation with one of our security professionals about how to best spend your security dollars, give MSPNetworks a call today at (516) 403-9001. 

How often do you find yourself stressing out about who has access to which data or internal resources on your company network? What about who has access to open the front door of your office or who has access to important physical resources within your building? Ensuring the security of your business’ assets is critical, and access control tools can help your company ensure that only authorized individuals have access to specific parts of your organization’s infrastructure, be it physical or digital.

What is Access Control?

Access control is, at its core, a way to restrict access to specific resources within your company based on user or role. It generally involves authorization of some sort and demands that the user verify their identity before being granted access to said resources. Think about it like asking the network for permission before being allowed onto it; once the network or infrastructure has confirmed the identity of the individual, they will have access to the resources.

Access control can be broken up into two groups: digital or cyber access control and physical access control. We’ll go over some of the benefits for both types of access control and how they can help your business keep itself safe.

Cyber Access Control

Your business undoubtedly has data on its infrastructure that should only be accessed by specific individuals and no one else. This might include sensitive employee data, applications or resources, financial records, and so on. You should be limiting access to important information like this specifically because the fewer people who have access to it, the less likely it will be compromised. Through access control tools, you can control which employees have access to specific data, applications, or resources on your network, based on their role within your organization.

Physical Access Control

Sometimes you want to keep certain users out of specific parts of your office. This is where physical access control comes into play. Physical access control might involve key cards, code-guarded doors, and even biometric scanners, with the intention of securing various parts of your office. One example of how you might use it is if you have sensitive records stored in a specific part of your office. You might keep that door locked, only accessible to specific individuals within your organization. Another example might be an access gate open only to employees of your business.

Get Started Today

MSPNetworks knows how complex it can be to implement new security solutions, especially if they require a certain level of management and maintenance, like access control systems do. We want to help your business take advantage of these solutions in a way that minimizes the additional duties and responsibilities of your organization. Through MSPNetworks, you can implement, manage, and maintain these systems without dedicating your internal resources to them; instead, you can outsource the responsibility to us! Our technicians are more than happy to assist you each step of the way.

To learn more, reach out to us at (516) 403-9001.

With cybersecurity a priority for every business that depends on their IT, there are a lot of different strategies being utilized out there to keep threats off of networks and data safe. One of the most advanced strategies being used today is enlisting a service that runs a Security Operations Center (SOC). Today, we’ll investigate what a SOC is and how it works to keep threats at bay. 

Defining SOC

The Security Operations Center is a lot like the Network Operations Center (NOC), but its whole purpose is to monitor computing networks and devices and eliminate threats to their efficient operation. While that description may seem simple, business computing infrastructures are typically complex with a lot of end users, making network and device security a complicated endeavor. 

Today’s businesses have computing infrastructures and networks that run around the clock, and the SOC is staffed to facilitate that 24/7/365 demand for security monitoring and services. Working hand-in-hand with your NOC (and perhaps other IT administrators depending on the complexity of your business’ IT), the SOC typically handles the overarching cybersecurity strategy. 

Typically, businesses want their IT to align with how they want to run their business and part of that is maintaining uptime and keeping threats off of the endpoints, networks, and the vast amount of infrastructure that makes up the network. After all, all it takes is one vulnerability to be exploited and it can create major problems. The SOC deploys a myriad of tools and strategies all designed to do one thing: stay ahead of threats to the network. 

How the SOC Operates

As we stated previously, the SOC functions much like a NOC in that its main purpose is comprehensive around-the-clock monitoring and notification. If something goes wrong on the network, the SOC will log the issue and do what it can to mitigate the issue. As these things happen it will notify the IT administrator (the NOC) of the issue to keep them in the loop. Let’s take a brief look at some of the services the SOC will provide:

• Complete assessment - The discovery process is a major part of how the SOC can be most effective. In being aware of all the hardware, applications, and other tools on the network(s) your business needs, the SOC can ensure that everything is monitored continuously. 
• Continuous monitoring - Not only will the SOC monitor software and traffic trends, it will also monitor user and system behaviors as a way to identify issues. 
• Thorough logging - Keeping large computing networks secure is a big job, and a lot of your executive and managerial team don’t have the knowledge or the time to stay on top of threats as they come in. Keeping logs of every action the SOC makes, including communications with vendors/employees and steps taken to keep the network and infrastructure free from threats is a great way to provide a layer of oversight to the security process. It’s also an important factor in staying compliant with any regulatory mandates. 
• Comprehensive Incident response and investigation - This is where the SOC really becomes a major benefit for the security of your company's IT. Not only do SOC technicians respond quickly to any incident, they also work fast to investigate what caused the issue in the first place. Going further than your typical IT management, the main benefit of the SOC is the mitigation of efficiency-sapping issues such as malware and other manners of attack. 

If you think your business could use a Security Operations Center service to keep your growing network and infrastructure clean from threats and working for your business, give MSPNetworks a call today at (516) 403-9001.

With many businesses’ increased reliance on their information systems and other IT, they need to do everything they can to keep those systems up and running and secure. This not only includes rolling out security systems that support that goal, it also demands they take the action necessary to keep these systems secure. Let’s look at four things you need to do to keep your business’ IT as secure as possible. 

Promote Strong Password Practices

Many users are just not as savvy as most organizations need them to be about their passwords. In fact, many of the most popular passwords used today are still “password” and “123456”. Even if your people are more deliberate about their password practices, many of them choose passwords that could be easily guessed if someone had knowledge about that person’s personal life. This can be a major detriment to any organization’s attempts to keep their IT secure. Here are some tips that you can use to create strong and reliable passwords:

Password Length 

It stands to reason that longer passwords are harder to guess than shorter ones. It’s been proven that passwords that are at least 12 characters long are more apt to be secure than not. The problem with longer passwords is that they are more easily forgotten and result in significant downtime. A good strategy is to create easy-to-remember passphrases with random words and a combination of upper and lower case letters, numbers and symbols. For example a password of “elephantredfootball” will usually be secure, but one that is written: “3l3ph@ntr3df00tb@ll” is even more secure. 

Unique Passwords

 Lots of people will use the same password for every account. This couldn’t be more dangerous. Think about it, if you use the same password everywhere and one account is cracked, you are looking at a situation where every account where you use that password is now compromised. 

Use Software Tools 

There are plenty of tools designed to help people keep their accounts safe. Password managers can be a good resource for people who use long or randomly-generated passwords. These platforms use encryption to ensure that all login and passwords are secure and can cut down on password-related problems that can cause downtime and unwanted IT support costs. Another tool that can help organizations keep their accounts secure is multi-factor authentication. Most platforms will provide options that will add an additional layer of security in the ways of an authentication code sent through an authentication app or separate email or text message. In using randomly-generated codes from a multi-factor authentication system, you can do more to ensure that the people who access your organization’s network-attached files and cloud services are authorized to do so. 

Train Your Staff

One of the biggest issues for organizational IT security has to be threats coming in from outside your organization. These typically come in the form of phishing attacks. A phishing attack can come in on any platform including phone, email, text message, or even social media. There are over three billion phishing emails sent every day, and that isn't even taking into account all the other attack vectors. These messages come in with the intention of getting an unwitting or distracted employee to engage with it. Once this happens, nothing good comes of it. Scammers will use this social engineering technique to gain access to protected accounts, deploy malware of all types, and disrupt an organization’s workflow. This is why it is imperative to train your staff on how to identify phishing attacks and what to do when they inevitably encounter one. 

The phishing message will typically look like it comes from a person or organization that has some semblance of authority. Scammers like to develop subterfuges acting as financial institutions, insurance companies, even executives and managers inside a company. Many will ask recipients to click on a hyperlink or download an attachment. Either action could be dire for an organization’s technology. Let’s look at some variables of phishing messages that ever organization needs to train their employees on:

Demand Immediate Action

Most phishing attacks are structured to create fear and anxiety in the recipient. This typically will get people to make impulsive decisions. The best action is to verify any suspicious action before interacting with any messages like this. 

Include Unprofessional Spelling Errors and Grammatical Faux Pas 

Many phishing messages are developed by people whose first language isn’t the recipient's language and include demands, spelling errors, and grammatical errors that no professional correspondence would include.

Come From Unrecognizable Accounts 

Many phishing messages may initially look legitimate when you look at the account it comes from. The more legitimate these messages seem the more effective they are. Consider the email address or account these messages come from before clicking on any links or downloading anything from the email. 

Keep Your Software Updated

Phishing may get most of the attention, but one of the most used attack vectors by hackers is infiltrating networks through software vulnerabilities. Most enterprise software is continuously being developed to ensure that it is a secure product. If an organization doesn’t have a patch management program where their applications are updated regularly, hackers can use any software vulnerabilities to gain unauthorized access and wreak havoc on their network. 

If your organization uses a lot of applications, it may seem like keeping everything patched is a full-time job. That’s why using automation to ensure new patches are added regularly is important. You will also want to test every patch to ensure that your software solutions function as designed. This includes frequently updating antivirus tools, firewalls, and spam filters. 

There are plenty of solutions and strategies that you can use to keep your business’ network and data secure. If you would like to have a conversation about cybersecurity and how to deploy some tools and strategies that can work to that end, give MSPNetworks a call today at (516) 403-9001. 

The world is full of people who would try to take advantage of your organization and its employees—or, in less gratifying words, scammers. They will do everything they can to try to fool your company and make a quick buck doing so. How can you make sure that the countless messages and phone calls you receive on a daily basis aren’t crooks trying to scam you out of house and home? It all starts with a little awareness.

If you are reading this blog, it’s because you want to know how you can avoid being scammed while going about your day-to-day business. Here are three tips we can offer to help you identify scammers and handle them accordingly.

Trust No One

Scammers will often try to pose as someone you know, be it a business you recognize or one that you associate with on a daily basis. There have been reports of some scammers even impersonating people within your own organization; sometimes scammers might take on the persona of someone on the executive level to convince others to wire transfer funds or to convince them to do something shady. Avoiding these scammers starts with taking a critical look at who is sending the message, and from where. If something seems a little suspicious, cross-reference the contact with what you have on file or have a conversation with the person who supposedly sent the message face-to-face.

It’s Too Good (or Bad) to Be True

Scammers often use prizes or problems to lure unsuspecting victims into giving up sensitive information. These are pretty easy to identify, as they might claim you have entered a contest that you have no recollection of entering, or they might suggest issues with an order you don’t recall placing.

You Must Act Immediately

Scammers often urge you to take immediate action, whether it’s something that is good or bad that must be addressed. There might even be an unreasonable amount of rush to perform a certain action, like resetting a password, paying a bill, or otherwise, sometimes with the threat of law enforcement or government agencies getting involved. Regardless, something of this magnitude should always be approached with a grain of salt.

If any of the above conditions are met, then you might be looking at a scammer. We urge you to use caution when dealing with any of the above situations, and when all else fails, rely on the word of professionals like MSPNetworks. We can tell you if the emails you receive are authentic or if there is a severe security flaw on your network. To learn more about how we can help your business, reach out to us at (516) 403-9001 and let our expertise speak for itself.