Reader Spotlight: 5K Technical Services
5K Technical Services, a managed services provider, offers technology services for businesses of all sizes. Located in the Dallas-Fort Worth Metroplex, it provides network monitoring, VoIP, disaster recovery, security consulting, and a wide variety of other technical services to help businesses get the most value for their IT dollar.
Microsoft Word bug: What you need to know
Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Just this month, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug. The attack On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits. Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name. In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss. The solution Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem. Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links. To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources. Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web. Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today! Published with permission from TechAdvisory.org. Source.
The phishing craze that’s blindsiding users
Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing. What are homographs? There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages. Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers. How does this lead to phishing attacks? Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked. Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link. The solution Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough. In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe. For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today. Published with permission from TechAdvisory.org. Source.
Why you need to back up your mobile devices
There was a time when mobile phones were used exclusively for calling and texting. Now, they can do so much more. Regardless of your level of tolerance or skill for managing documents in such a small gadget, mobile devices allow you to send and receive email, download and upload media files, store data, and even close business deals. As mobile devices became indispensable in everyone’s personal and professional life, the security risks have also increased — and backing up became more critical than ever. Malware on mobile More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware. If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files. Device disasters Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation. Backup options Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process. Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection. Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices. Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today. Published with permission from TechAdvisory.org. Source.
An essential checklist for WordPress users
Wake up. Take a shower. Get dressed. These are just some of the numerous tasks we do every single day. They may not be fun, but they are essential to our daily routine. Managing a website is very much the same. By going through the necessary steps, you can ensure the speed and security of your website. Also, it doesn’t take long to complete! Make backups It’s crucial that you perform a daily offsite backup of your WordPress files and database. This ensures data security in the event of a network breach or natural disaster and facilitates the resumption of your business’s regular operations. Although plugins like BackUpWordPress and hosting servers like SiteGround automate the backup process, you should still perform manual backups. Verify backups Not only should you be making backups, you should also be verifying them. By doing so, you are making sure that the backed up files are going where they are supposed to, and backups are being restored. The last thing you need is a failed backup strategy on the day you need it most! Daily security reports If you ask any cybersecurity expert, “Is it crucial to maintain a daily network security report?” the answer will be a resounding YES. While you might not have enough time to carry out thorough inspections and create these reports yourself, you can rely on security monitoring services like Securi. Not only does it carry out the inspections, it sends an SMS notification of any suspicious activity and even emails you a daily status report. Malware scans Cybercriminals are growing in both number and sophistication. With every passing day, new strains of malware are developed and released onto small- or medium-sized businesses. Unless you are a bonafide hacker yourself, detecting malware might be a little tricky. WordPress plugins like Wordfence keeps your website safe using the latest firewall rules, malware signatures, and malicious IP addresses. Speed audits Slow and steady might be qualities valued by some, but not so much for your website. Plugins like Google PageSpeed Insights test how fast your site loads. Because if it takes more than five seconds, you should consider implementing caching and other measures to speed up your site. Slow sites put off visitors and lower search rankings. Review your site For this step, sit down with an impartial friend and let them explore your website. A fresh pair of eyes might highlight issues you might have overlooked, such as forgetting to update the copyright date in your footer. Forbes, National Geographic, and The New York Times are all powered by WordPress, which means you are in good company. By sticking to the checklist, you too can harness the power of this online, open-source website creation tool. Or, instead of signing up for half a dozen services that need daily check-ins, why not have us take care of all of it for you? If you have further questions, don’t hesitate to send us an email or give us a call! Published with permission from TechAdvisory.org. Source.
Firmware: the threat most users overlook
For decades, one of the most foundational principles of cyber security has remained the same: Always update and patch your software. But for most people, hardware is exempt from this process. They think of hardware as nothing more than a vessel for software to occupy — and that’s totally incorrect. Read on to learn more about this oft-neglected aspect of IT security. What is firmware? Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software. For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it. Why is firmware security so important? Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed. And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer. How do I protect myself? Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password. Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password. Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates. It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today! Published with permission from TechAdvisory.org. Source.
Did Microsoft commit a security breach?
In case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public. What’s the damage? Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers — all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function. After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function. Recent updates To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease. Microsoft’s final word Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site. In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground. Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services. If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now for advice. Published with permission from TechAdvisory.org. Source.
Benefits of social media policy reviews
Does your business have a social media policy? If so, when was the last time you updated it? If you’re taking too long to answer these questions, that isn’t a good sign. Because you should be conducting regular reviews, at least annually. You’d enjoy innumerable benefits, and deter your employees from obsessing over Snapchat filters in the process. Avoid legal trouble Do you remember Chipotle’s social media debacle in 2015? It lost a lawsuit for firing an employee that posted negative content on social media because it turned out that Chipotle’s social media policy violated federal labor laws. That’s why you should work with your legal team to keep your policies up to date: so they comply with the Federal Trade Commission and the National Labor Relations Board. Protect company information Social media policies can actually help safeguard sensitive data from hackers and cyber attacks, especially in a bring-your-own-device (BYOD) working environment. Employees must know the proprietary company information that must never be shared, as well as understand that confidential information — such as marketing tactics, non-public financials, and future product launches — are to be communicated only ‘internally.’ A good example is General Motor’s social media policy, which clearly spells out what can and can’t be disclosed to the public. Define which kinds of social media activities are and aren’t allowed Although posting offensive or insensitive material on a company-branded social media page being is an obvious no-no, it still happens. For the people handling your company’s social media, what precautionary mechanisms are in place to avoid a public relations disaster? Are there rules for different platforms? Beyond that, however, is a lot of gray area when it comes to if and how employees will be held accountable for what they post on their personal profiles. When social media policies clearly outline how employees should behave online and the punishments that come with violating that agreement, you can deter rogue employee posts and avoid a viral fiasco. Effective social media policies need to be fluid and responsive to the fast-paced modern business environment. Taking the time out to perform yearly social media policy reviews will save your employees a lot of confusion while helping your company steer clear of potential PR and legal nightmares. If you have further questions, don’t hesitate to send us an email or give us a call! Published with permission from TechAdvisory.org. Source.
Is the government really spying on you?
Wikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and…TVs? Let’s see just how worrisome they really are. What devices and apps are supposedly vulnerable? Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware: Windows operating systems iOS Android Samsung Smart TVs WhatsApp Signal Telegram Confide Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds. Two considerations before freaking out First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false. What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised. Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering — and for good reason. The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago. But what about iOS — surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011. Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities. In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system. But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today. Published with permission from TechAdvisory.org. Source.
MyAnalytics: O365’s productivity coach
Installing software that immediately boosts employee efficiency is any small- or medium-sized business owner’s dream. With Office 365’s newest dashboard — that’s exactly what you’re getting. And best of all, it’s directly integrated with your existing productivity suite. Read on to learn more. What is MyAnalytics? Microsoft’s newest productivity offering is all about applying machine learning technology to your employees’ Office 365 data. By utilizing extremely powerful computing processes to analyze huge blocks of information, MyAnalytics can uncover trends and correlations that may be too complex for human discovery. Every day, Office 365 users create several thousand new data points across Microsoft’s productivity suite, and there’s a lot of potential to rearrange meetings, project goals, and employee tasks to increase efficiency. The most obvious improvement is with Outlook calendar. MyAnalytics tracks how long you’re spending with each person in your office as well as the time you’re investing in specific projects. After sufficient information has been gathered, your Office 365 dashboard will begin coaching you on how to organize meetings and project goals based on your habits and past successes. How can it improve your office? Have you ever worked on a huge project that required multiple contributors? Did you all meet regularly to update each other on progress? Users who add contacts — from both inside the company and out — and projects to MyAnalytics get reminders to stay in touch with co-workers most vital to project completion. Every metric tracked by MyAnalytics can be shared with your team to make sure everyone is on the same page. So MyAnalytics is more than just a motivational tool, because sharing these metrics allows your team to identify bottlenecks and trends to smooth the workflow process. Response time is another key metric your employees are probably only vaguely aware of. MyAnalytics calculates average email response times — both from you and from contacts — to identify what time of day you’re best at communicating, and how you can adapt your schedule to get more work done in the same amount of time. Privacy concerns One of the greatest things about MyAnalytics is that it doesn’t introduce any new privacy concerns for business owners. All the data it uses to create customized coaching and advice is publicly available to everyone at your business — via calendar appointments, email content, and message timestamps. The only difference is that Microsoft is lending you the previously prohibitive computing power to sift through all of it. Availability This wonderful new tool comes free with any Enterprise E5 plan, but can also be added on to E1 and E3 Enterprise plans for just a few dollars per month. Increasing employee productivity is never as clear cut as it is with MyAnalytics. Install a solution, follow its advice, and start brainstorming about what to do with all your extra time. We’ve got plenty of other great solutions for streamlining your business processes — call us today to find out! Published with permission from TechAdvisory.org. Source.