MSPNetworks Blog

Cybersecurity has to be a big deal for any business that uses IT, and today, who doesn’t? When your employees don’t follow cybersecurity rules, it can put your business in danger, like getting hacked or losing money. The first step is to figure out why employees aren’t following the rules. This could happen because they don’t know the rules, haven’t been trained enough, or think the rules are too hard or take too much time. 

Nowadays, it is crucial that you make security a top priority. With the right approach, it not only saves you massive headaches, but also a considerable amount of capital—particularly if you leverage the appropriate solutions for SMBs. As a managed service provider, we can ensure that you implement the appropriate IT solutions to maximize the return on your security investment.

Cyberattacks can cost businesses a lot of money. They’re also more prevalent today than ever before. It seems you can’t go a couple of news cycles without hearing about some organization that has been hacked or scammed and it’s resulted in the sensitive data the organization holds being sold online, vast operational downtime, or worse. For this reason, many organizations have deliberately built up their cybersecurity infrastructure, enhanced their policies, and invested in training to ensure that they aren’t the next victim. Unfortunately, this attention doesn’t always work. 

The Federal Bureau of Investigation has found that cyberattacks increased about 400 percent from 2019 to 2020. Doing what you can to keep your organization’s computing resources secure is extremely important. The cybersecurity outlays made by businesses and other organizations have been immense, and that has led to a sobering reality. Most of any organization’s security problems, especially relating to malware deployment, is due to their employees’ lack of conscientious decision-making when faced with problematic situations. 

It doesn’t matter how much more secure or how much smarter you make your organization’s information system security, it can all be for naught if one employee doesn’t do what they should. This is extremely frustrating for IT people, since it is one of their core responsibilities to keep these systems secure. Let’s take a look at how employees fail to keep their credentials secure and what you can do to remedy this worrisome trend. 

Employees as Attack Vectors

Increasingly, workplace strategies have been altered significantly. In fact, millions of workers are currently working remotely now, effectively distributing a business’ operational network. For the IT professional who is in tune with the current threat landscape, workers that don’t do everything they can to protect organizational data and infrastructure are typically viewed as ignorant; or worse yet, as a saboteur. Unfortunately for everyone, the driving factor is not negligence or a willingness to do their organization harm, it is out of workplace stress, a factor that is difficult to quantify, and harder yet to eliminate. 

A study conducted by the Harvard Business Review found some interesting results about the role stress plays in maintaining their assumed role in protecting their organization’s cybersecurity. The study found that two-of-every-three workers failed to fully adhere to organizational cybersecurity policies at least once in the 10 workdays where the study was conducted. During the study, it was found that employees simply ignore the cybersecurity policies around five percent of the time. This may not seem like a lot, but if you consider that it only takes one non-compliant action to result in a major data breach, having dozens of such instances happen each day is putting organizations in jeopardy. 

You may be asking yourself, “If they follow procedure 19 times out of 20, why don’t they follow it that other time?” Well this is where this seemingly clear issue gets cloudy. The study got the answer to this question. The top three were:

• “To better accomplish tasks for my job.”
• “To get something I needed.”
• “To help others get their work done.”

In fact, of all the respondents, 85 percent that were non-compliant to their organizational cybersecurity policies responded with one of these three answers. These employees knowingly broke the rules and in doing so put their organization in jeopardy, but not because they were lazy or they just had it, it was because that was the only way they could efficiently get the work done. Situations where a person is damned if they do and damned if they don’t, they tend to pick the priority. 

To most workers, they weren't hired as cybersecurity professionals; they are hired to do a job and if cybersecurity policy gets in the way, they will choose productivity over security every time. If you consider that only three percent of policy breaches were acts of true defiance or sabotage, the 97 percent of the rest are likely perpetuated by dutiful employees. It’s hard to justify stern reprimand for a person who thinks they have the business’ best interests in mind.

Redefining the Importance of Cybersecurity

For the average employee, following procedure is typically going to be a distant second to maintaining productivity. After all, there are very few instances over time where someone was labeled as “great at their job” because they didn’t accidentally start a cyberattack. Moreover, most organizations’ IT support team can’t really give people the benefit of the doubt; most employees that don’t follow security procedures are looked on as negligent or deliberately working against their best efforts. The truth is most training platforms and policies (as they are known to the employee) don’t take into account that there are gray areas that don’t line up with the expectations put on employees by their managers. 

To this end, it is more important than ever for employees to be involved in the creation and development of workable cybersecurity policies that take into account that business moves fast and sometimes a person that is focused on doing the best job they can, isn’t going to be focused on maintaining network security. Managers also need to ensure the members of their team know what they need to do and what those actions accomplish to reinforce the importance of their cybersecurity efforts. 

Most businesses celebrate employees that excel at their jobs. Today, their job is actively changing and they have to know why straying from procedure is a major problem. The problem is that one wrong move and the company is dealing with malware and reputation troubles, and loss of revenue. While it might be ridiculous to celebrate adherence to corporate cybersecurity policies, people have had cake for less.

If your business needs help balancing productivity with their cybersecurity policies, give the IT security professionals at MSPNetworks a call today at (516) 403-9001. 

Virtual reality has been one of the coolest technologies available for over a decade. Today’s applications make it an exciting piece of tech for individuals; and you’ve seen that market expand (especially during the pandemic) with Facebook, Sony, HTC, and HP coming to market with a VR offering. The question we wanted to look at is how VR could be used at a business like yours.

Virtual Reality Explained

For those of you who think that this technology is nothing better than a gimmick, you may be surprised to find out that not only is there serious application development happening in the VR space, some of that software may actually be of huge value to your business. Virtual reality is technology that allows an individual to simulate an interactive, three-dimensional virtual world and the use of those virtual worlds is slowly growing.

In 2018 the virtual reality market was a mere $829 million. As a result of growth, much being spurred on by the worldwide COVID-19 pandemic, VR in business is projected to top $4.2 billion by 2023. That growth is due to the advancement of better hardware, better software, and more exposure to the technology. The software is notoriously difficult to develop so growth figures that look like that are impressive. 

Two Functions VR Can Bring to Your Business

On the surface, VR doesn’t seem to be the most practical technology. The price has dropped as to not be prohibitive for businesses who want to use it for the following two reasons:

Training

As a technology, virtual reality may be best suited for a training facility for businesses. By immersing employees into a lifelike environment you can better train them for situational awareness. Imagine not having to have business back up every time you had to train a new employee? With VR, employees can face complex situations, and learn how to best react when those situations come to fruition.

Retail

One way that virtual reality could grow to be an extremely important technology for business is in the retail sector where you can already see it moving online. VR development, then will have to be a line item on a retail store’s to-do list. With VR, customers can enjoy a shopping experience that is customized for them and they won’t have to worry about the crowds or the lack of product in stores. Even in brick and mortar stores, VR is being used to heat map traffic to coordinate where to put certain products. 

Engineering and Realty

With production costs higher than ever, one use-case for VR might be found for manufacturing and realty industries. Product designers can build products in VR for board members and buyers to sample and demo, before producing a physical product. Architects and interior designers can create virtual environments of living spaces, offices, convention centers, and more, and help convey their ideas and vision to their clients.

Virtual reality may not be the answer to all of your operational problems, but it is a fast-emerging technology that will be normalized before too long. What are your thoughts on virtual reality? Do you think it’s a gimmick or do you think there is room for it to be a positive force for your business down the road? Leave your thoughts in the comments below and check back soon for more great technology information.

With email being such a huge part of doing business, phishing has become a favorite tool of many scammers. To fight back, it is key that you know how to recognize a phishing email, so we’re dedicating this week’s tip to doing just that.

What is Phishing?

Phishing goes beyond just your email. The term actually covers any digital attempt that someone makes to trick you into revealing important information about your business or personal accounts. A ‘phisher’ would try to fool you into handing over a particular detail about yourself, like the password you use for your online banking, or your business’ client and personnel files.

Of course, a scammer doesn’t have to use email as their preferred phishing tool. With social media becoming such a big part of business and personal life, phishers will pose as people you know and message you to try and extract information. Others will just pick up the phone and call you as someone else, hoping you won’t question them and hand over the information they want.

These different methods that a scammer might use can even classify the attempt into a more precise type of phishing. Attacks that are highly customized to one particular target are called “spear” phishing attacks, while those that pose as the CEO of a company are called “whaling.”

Regardless of what kind of phishing it is, it ultimately relies on deception to work, more than any other factor.

Spotting Phishing

Fortunately, while some phishing scams are getting to be pretty elaborate, there are a few practices that can help prevent you from being fooled. Here, we’ve put them together to give you a simple guide to avoiding potential phishing attacks.

Warning Signs

There are plenty of warning signs to help you spot a phishing attack. Some are found in the body of the email itself, while others are actually based a little bit in behaviors. For instance:

Is the message filled with spelling and grammar issues? Think about it this way: does it look good for a business to send out official correspondence with these kinds of avoidable errors? Mind you, we aren’t referring to the occasional typo, rather the tone of the message as a whole. It certainly does not, which suggests that the message may not be legitimate.

Is the message written to make you panic about something? Consider how many phishing messages are framed: “Oh no, you have an immediate issue with something so we need you to confirm your access credentials so that this immediate issue can be resolved. Otherwise, there will be huge consequences.” While there are a variety of ways that people can be convinced, these types of messages hit on some major ones: striking quickly to keep people from questioning you, removing power from someone who wouldn’t listen to you, and using very definitive and final terms. Does the message do these things, suddenly alerting you to a terrible issue that only the sender can protect you from? If so, there is a good chance that it is a scam.

Is the message a typical occurrence in general? Finally, think about the average case when a message like this is received. If you were to suddenly get a message on social media from someone who you really don’t talk to, it’d be a little weird, right? The same goes for your business communications… how often would this supposed sender actually reach out for this?

Protecting Your Assets

Fortunately, there are a few simple ways to help reduce how effective these attacks can be.

• Use a spam blocking solution to help reduce the number of phishing messages your employees need to deal with. While many phishers have become more sophisticated, plenty are still keeping it simple enough to be stopped automatically.
  
  
• Make sure your employees are trained to spot and properly handle attempts that may come through. By starting with the end user, you’re taking away a lot of the power that phishing has.

At MSPNetworks, we appreciate the importance of secure workplace practices. If you’d like to learn more about phishing, and how we can help stop it from hurting your business, reach out to us at (516) 403-9001.

There is always going to be user error in the workplace. Even the best workers make mistakes sometimes. You naturally want to reduce these occurrences as often as possible, but for the purposes of training and whatnot, you want to assume the worst: that any worker, even the most dedicated veteran, could potentially make a business-ending mistake. Thankfully, there are ways you can make sure this doesn’t happen for your business.

Here are three tips for reducing human error in the workplace.

Provide Proper Training
Surprisingly enough, if you train your employees properly, you won’t have to worry about them making mistakes; at least, not as much as you would under untrained circumstances. You should take care to properly outline all of your processes in a way that’s easy to understand, including both intensive and routine tasks, as well as having an established workflow for reporting issues or identifying security problems with spam or phishing emails.

Limit User Permissions
Not all users will need the same permissions on their devices. For example, an IT administrator might need admin permissions, but the average user won’t. The same can be said for access to specific data on your network. You should partition off certain information to only those departments that might need it so you can avoid an access issue with other employees. Basically, the fewer permissions a user has on their device or network, the less harm can come of it in the event a hacker manages to sneak their way in.

Use Your Collective Workforce to “Crowdsource” for Quality
We’re sure you’ve heard the phrase “two heads are better than one,” and you’ll be interested to hear that the same phrase can be applied to the workplace. If you have a large project that could use an extra pair of eyes, why not ask your coworkers for a quick glance? It might help putting out a project with glaring errors that you might not notice because you’ve been staring at it for a few weeks straight. You can think of this process as beta testing in a way, as you can determine potential problems with a product before it is actually released to the public. This can prevent a loss of profit from a product or service that’s not ready to be released can bring if it’s thrown out into the world too soon.

If your business wants to cut out the dangers of human error in the workplace, MSPNetworks can help. To learn more, reach out to us at (516) 403-9001.