Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for. The user often assumes that they don't need to worry about security because it's handled. This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing the backend infrastructure. But the user is responsible for configuring security settings in their account properly. The problem with misconfiguration is huge. It’s the number one cause of cloud data breaches. It’s also an unforced error. Misconfiguration means that a company has made a mistake. It hasn't adequately secured its cloud application. Perhaps they gave too many employees administrative privileges. Or, they may have neglected to turn on a security function. One that prevented the downloading of cloud files by an unauthorized user. Misconfiguration covers a wide range of negligent behavior. It all has to do with cloud security settings and practices. A finding in The State of Cloud Security 2021 report shed light on how common this issue is. 45% of organizations experience between 1 and 50 cloud misconfigurations per day. Some of the main causes of misconfiguration are: Lack of adequate oversight and controls A team lacking security awareness Too many cloud APIs to manage No adequate cloud environment monitoring Negligent insider behavior Not enough expertise in cloud security Use the tips below to reduce your risk of a cloud data breach and improve cloud security. Enable Visibility into Your Cloud Infrastructure Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud use. When an employee uses a cloud app without authorization, it’s considered “shadow IT.” This is because the app is in the shadows so to speak, outside the purview of the company’s IT team. How can you protect something you don’t know about? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration. Gain visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application. Restrict Privileged Accounts The more privileged accounts you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally open a vulnerability. Such as removing a cloud storage sharing restriction. It could leave your entire environment a sitting duck for hackers. Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate. Put in Place Automated Security Policies Automation helps mitigate human error. Automating as many security policies as possible helps prevent cloud security breaches. For example, if you use a feature like sensitivity labels in Microsoft 365, you can set a “do not copy” policy. It will follow the file through each supported cloud application. Users don’t need to do anything to enable it once you put the policy in place. Use a Cloud Security Audit Tool (Like Microsoft Secure Score) How secure is your cloud environment? How many misconfigurations might there be right now? It’s important to know this information so you can correct issues to reduce risk. Use an auditing tool, like Microsoft Secure Score . You want a tool that can scan your cloud environment and let you know where problems exist. It should also be able to provide recommended remediation steps. Set Up Alerts for When Configurations Change Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include: An employee with elevated permissions accidentally changes them A change caused by an integrated 3rd party plug-in Software updates A hacker that has compromised a privileged user credential Be proactive by setting up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to force multi-factor authentication gets turned off. If an alert is set up, then your team knows right away when a change occurs to an important security setting. This allows them to take immediate steps to research and rectify the situation. Have a Cloud Specialist Check Your Cloud Settings Business owners, executives, and office managers aren’t cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs. It’s best to have a cloud security specialist from a trusted IT company check your settings. We can help ensure that they’re set up to keep your data protected without restricting your team. Improve Cloud Security & Lower Your Chances for a Data Breach Most work is now done in the cloud, and companies store data in these online environments. Don’t leave your company at risk by neglecting misconfiguration. Give us a call today to set up a cloud security assessment. Article used with permission from The Technology Press.

No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report ) These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that, and lost customer trust. A business could also have extensive legal costs associated with a breach. According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million. Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs. It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach. Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack. All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy. Cybersecurity Tactics to Reduce the Impact of a Breach Use a Hybrid Cloud Approach Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally. Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment. What some may find surprising is that using a hybrid cloud approach was also better than a private cloud. Graph from: IBM Security/Ponemon Institute 2022 Cost of a Data Breach Report Put in Place an Incident Response Plan & Practice It You don’t need to be a large enterprise to create an incident response (IR) plan. The IR plan is simply a set of instructions. It's for employees to follow should any number of cybersecurity incidents occur. Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. IR plans improve the speed and effectiveness of a response in the face of a security crisis. Having a practiced incident response plan reduces the cost of a data breach. It lowers it by an average of $2.66 million per incident. Adopt a Zero Trust Security Approach Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are: Multi-factor authentication Application safelisting Contextual user authentication Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach. Use Tools with Security AI & Automation Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings. Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response. How to Get Started Improving Your Cyber Resilience Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy. Working with a trusted IT provider, put together a roadmap. Address the “low-hanging fruit” first. Then, move on to longer-term projects. As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach. A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks. Need Help Improving Your Security & Reducing Risk? Working with a trusted IT partner takes a lot of the security burden off your shoulders. Give us a call today to schedule a chat about a cybersecurity roadmap. Article used with permission from The Technology Press.

Cybersecurity researchers uncovered an alarming mobile statistic. During the first few months of 2022, mobile malware attacks surged by 500% . This is alarming both in scale and because many people aren’t yet protecting smartphones. For years, mobile phones have become more powerful. They now do many of the same functions as a computer – just with a much smaller screen. Yet, people tend to secure their computers better than they do their smartphones. This is a behavior that needs to change. Over 60% of digital fraud now occurs through mobile devices. That makes them highly risky if proper safeguards aren’t followed. Many of these are the same types of protections you have on your computer. It’s time to start thinking about your smartphone as a mini-computer and keeping it just as secure. Tips to Improve the Security of Your Smartphone Use Mobile Anti-malware Yes, your mobile phone needs antivirus/anti-malware too! Malware can and does infect smartphones and tablets. You need to ensure you have a reliable mobile anti-malware app installed. And beware of those freebies. Freebies are great when you’re talking about food, but not security apps. Malware is often hidden inside free apps. These apps are ironically supposed to make you more secure. Don’t Download Apps from Unknown Sources Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like: Apple App Store Google Play The Microsoft Store Amazon Appstore You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later . Don’t Assume Email is Safe Many people prefer checking email on their phone rather than PC because it’s so handy. But they have a false sense of security about the safety of emails when viewed on a mobile device. You can’t assume an email is safe just because you’re not on your computer. Be just as wary about unexpected emails and scam emails masquerading as legitimate. It’s difficult to hover over a link without clicking when on a smartphone. If you see something questionable and want to check the link, open the email on your PC where you can do that. Beware of SMS Phishing (aka “Smishing”) In March of 2022, text spam outpaced robocalls. Unwanted text messages rose by 30% , ten percent higher than robocalls. Many of those spam texts are smishing. Smishing is the text version of phishing. These texts usually contain malicious links. A hacker can potentially breach your device if you click them. The message may also ask you to text back personal information. Be on the lookout for text messages that don’t quite make sense. For example, getting a shipping notification when you haven’t ordered anything. Also, beware of texts from unknown sources. Phishing via text message is a growing concern. It’s also one that most people aren’t aware of yet, so they often get caught in its trap. Remove Old Apps You No Longer Use Approximately 2.6 million apps haven’t had an update in a year or more. Apps are often abandoned by the developer. This can leave security vulnerabilities on your device. Hackers seek out these types of vulnerabilities to exploit. If they aren’t addressed, then they remain a danger. Go through your device and remove old applications that you are no longer using. There is no reason to keep them around, potentially leaving your device at risk. Additionally, look at the time of the last update. If it’s over a year, then you may want to consider replacing that app with something more current. App updates often include security-related items. It’s not good when a year or more goes by without the developer making any type of update to the app. Keep Your Device Updated Speaking of updates, you also need to keep your device's operating system updated. Are you using the current version of Android or iOS? Not installing updates can mean your phone has vulnerabilities. These vulnerabilities allow hackers to breach your data. Automate updates as possible. If you have a company with several devices, then it’s a good idea to include your phones on a managed IT services plan. Use a VPN When on Public Wi-Fi Public Wi-Fi is dangerous. Most people understand that, but many connect to it out of necessity anyhow. You may worry about going over your data plan allotment. Or your mobile carrier reception may be slow. Both cases are reasons people opt to connect to unsecured public hot spots. You can connect to public Wi-fi with less risk if you use a VPN application. VPNs stand between your device and the internet. They route your data through a secure server. This keeps it away from prying eyes that may be lurking on that public Wi-Fi. Mobile Security Solutions to Prevent a Data Breach Don’t wait until your phone is infected with malware to secure it properly. We can help you with automated solutions that protect your device, accounts, and data. Contact us to schedule a consultation. Article used with permission from The Technology Press.

Make Sure Your Router is Secure There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life. And can have costly consequences for individuals. Hackers can steal identities and compromise bank accounts, just to name a couple. Cybercriminals breach about 4,800 websites every month with form jacking code. It has become all too common to hear of a large hotel chain or social media company exposing customer data. Hackers can breach your personal information and passwords without you knowing it. And the time from breach to notification of the breach can be lengthy. One example is the data breach of CafePress. This is a popular online retailer that prints personalized items. CafePress suffered a data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also breached social security numbers that weren’t encrypted. As mentioned, the breach happened in February. But many consumers weren’t notified until late summer. The FTC recently took action against the company. This was due to its careless security practices. The point is that months or years can go by without you knowing about compromised data. Unless you happen to look at the right website, you may not even realize it. Those breached password features in browsers are helpful. But what if you have other information beyond a password compromised? It’s best to protect yourself with some knowledge. We’ll help by listing several recent breaches. If you’ve interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout. Recent Breaches of Personal Information That May Impact You Microsoft Customer Data Breach On October 19, 2022, Microsoft announced a breach that exposed customer data. A misconfigured server was to blame. The breach exposed certain business transaction data. It’s thought that this breach could have affected more than 65,000 entities worldwide. 2.5 Million Records Exposed in a Student Loan Breach Did you get a student loan from EdFinancial and the Oklahoma Student Loan Authority (OSLA)? If so, you could be in trouble. The organizations notified impacted individuals by letter in July 2022. The personal information at risk included: Social security numbers Email addresses Home addresses Phone numbers The breach compromised the data of over 2.5 million loan recipients. U-Haul Data Breach of 2.2 Million Individuals’ Data Large rental firm U-Haul is a household name. It also just had a major data breach. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022. The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company. Neopets Breach May Have Compromised 69 Million Accounts You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk. But users of the platform got a rude awakening due to a breach of the service. An estimated 69 million accounts may have had emails and passwords leaked. The full stolen Neopet database and copy of the source code were being offered for sale for about $94,500. One Employee Computer Causes a Marriott Breach Hotel giant Marriott suffered another breach in July 2022. It blamed a single unsecured employee computer. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information. Unfortunately, the company shows a pattern of poor cybersecurity . Within the last four years, it has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there. Shield Health Care Group Exposes Up to 2 Million Records In March of 2022, Shield Health Care Group detected a breach. This Massachusetts-based company found that hackers breached up to 2 million customer records. This includes medical records, social security numbers, and other sensitive personal data. Flagstar Bank Takes 6 Months to Identify Individuals Affected in a Breach In December of 2021, Flagstar Bank suffered a breach. It wasn’t until 6 months later that it identified the individuals affected. And the impact was large. It included exposed social security numbers. The hack impacted about 1.5 million customers. 8.2 million Current and Former Customers of Block Compromised Block was formerly known as Square, a popular payment processing platform. It announced in April of 2022 that it was breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed. About 8.2 million current and former customers had their data exposed. Crypto.com Breach Nets Hackers Over $30 Million Cryptocurrency may be hot at the moment, but it’s very susceptible to cyberattacks. In January 2022, over 483 users had their Crypto.com wallets breached. The criminals made it past two-factor authentication, which is usually quite effective. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies. How Secure Are Your Passwords? There are many solutions that can help you better manage and secure your passwords. Give us a call to learn more about protecting your personal data from a breach. Article used with permission from The Technology Press.

Data privacy has been a growing requirement ever since the internet age began. So much personal information is flying around through computer networks. Protecting it has become a mandate. Most companies must follow HIPAA, GDPR, or another industry or locality-based privacy rule. By the end of 2024, 75% of the world’s population will have their personal data protected. It will fall under one or more privacy regulations. You don’t need to be a large enterprise organization to have data privacy compliance at the top of your mind. It goes hand in hand with cybersecurity. Additionally, privacy requirements hit all sized companies. Between July 2020 and July 2021, GDPR violations rose by 113.5% . The number of associated fines also jumped, by 124.92%. When it comes to HIPAA violations, each incident can carry a penalty between $100 to $25,000 . It’s important to make data privacy a priority and factor it into all your data collection processes. When companies collect, send, or store personally identifiable information (PII) it needs protection. This means putting adequate safeguards in place. To stay on top of your privacy compliance obligations, you should also keep up with trends in this area. Next up, we’ve documented the biggest data privacy trends happening in 2023 that you should be aware of. What’s Happening in Data Privacy Compliance? AI Governance Approximately 40% of privacy compliance technology needs artificial intelligence (AI) to operate. AI has certainly made its way into many of the applications we use on a daily basis. When you’re typing in MS Word and text just springs up as a suggestion, that’s AI predicting what you’ll type next. When working on a photograph in Photoshop, you can now click a button to give a frowning face a smile. This is also the work of AI. So, it’s no surprise that AI is running many of the algorithms responsible for keeping data protected. But what happens when there is a problem with the AI? This is the question that AI governance is working to address. This is a new trend in data privacy because AI has never been so prevalent throughout the data journey as it is now. Whenever AI is used in the data protection area, organizations need to govern it properly. This helps ensure that automated processes aren’t accidentally exposing sensitive data. Consumer Privacy UX A trend that we’ve seen over the last several months is putting more privacy power into the consumer’s hands. Many privacy regulations require that apps and websites provide data transparency. They need to tell people what data they’re collecting, how they’re collecting it, and what they do with it. People also need an “out” to get their data back. These needs have led to consumer privacy UX becoming a “thing.” You can think of this as a centralized privacy portal. A place people can access privacy-related settings in various apps. This gives better visibility into how their data is being used. Increased Scrutiny of Remote Employee Monitoring The pandemic has forever changed the global workforce. Many organizations are now running completely remote offices. Or may be using a mix of remote and in-office staff. The dramatic increase in people working from home has led to data collection changes. Companies are ramping up their monitoring of those employees working off-site. But this type of monitoring opens a can of worms when it comes to data privacy. Organizations need to ensure that they aren’t encroaching on the rights of their staff. This is most pertinent when putting monitoring in place on employee devices. For example, approximately 49% of remote employees use their personal computers for work. Companies often put endpoint device monitoring in place for security reasons. They need to ensure they are not gathering or backing up any personal data. That would be data owned by the employee and not the company. Data Localization One of the concerns when the social app TikTok became popular relates to location. With the firm being a China-based company, people worried about the privacy of their data. The data was originally stored on servers governed by the Chinese government. A country with very different data privacy rules than the US and other countries. Data localization is going to become more prevalent. Increasingly organizations look at where their cloud data is being stored. Where a server resides governs the privacy rules and regulations that it may fall under. Thus, companies and governments are now asking a question of cloud providers. This is, “Where is my data stored?” Many want their data to be as close to home as possible. Privacy-Enhancing Computation (PEC) Data privacy by design is a fairly new term. Using privacy-enhancing computation is a way that AI is helping cybersecurity. By using PEC as a built-in component of software and apps, developers provide value to clients. They address privacy concerns by making data protection more automated. Look for PEC components in data analytics when shopping for business tools. When Is the Last Time You Had a Compliance Check? How are your data privacy protections? Are you risking a penalty due to lax controls? Give us a call! We can help with a compliance checkup. Article used with permission from The Technology Press.

Our technology inevitably comes with us when we travel. Most of us won’t even travel to the end of the block without our smartphones. When you go on a trip, not having your technology there when you need it can ruin your day. Travel smarter and more securely by doing several checks before you go. Use our handy tech travel checklist. It can save you from suffering from lost devices, missing chargers, or a data breach. 1. Check Your Apps Have you ever sat at an airport gate wondering why it looked so empty? You then found out that your gate had changed, and you had no idea. You go rushing to the other end of the concourse, hoping you’re not too late. How did everyone else know about the gate change? They most likely had the app for the airline and received a notification. Before you leave for a trip, make sure to download any apps you may need. It’s better to download them when you’re at home on your own Wi-Fi. If you wait until you’re at the airport, reception may be an issue. Some of the apps you may want to grab or update before your trip are: Airline app Train app Hotel app Theme park app Camping ground app Weather app City tourism app 2. Check Your Cords & Adapters People leave behind countless chargers and adapters every day. They litter airports, restaurants, and train stations around the world. Make sure to bring a backup charger for your laptop, tablet, or phone. Otherwise, you may find yourself paying a premium for a new charger in a gift shop. Your device could also go black if you lose its charger and can’t quickly get a new one. 3. Check Your Power A great way to ensure you have the power you need is to buy a small charging battery. You can find these in most major retailers or online. They are small “blocks” that hold a charge and can power up a cell phone in a pinch. Having this extra backup also helps you avoid potential juice-jacking ports. These are fake or compromised public USB charging ports. Hackers use them to steal your data when you plug in. 4. Check Your Mobile Plan If you’re traveling out of the country, you’ll want to check your mobile plan. If you don’t have the ability to call internationally, then you may not be able to text or call home. Carriers can add an international capability to your plan, but ask about pricing. It can get expensive if you’re on long calls or using mobile data. An alternative is to set up a VoIP app you can use with your office, friends, or family while you’re traveling. These enable both calls and SMS, but you do need an internet connection. 5. Check or Add a VPN Free Wi-Fi may be a welcome site when you’re on the road, but it can also be dangerous. You don’t know who else is using that Wi-Fi. A hacker hanging out on the connection can easily steal your data if you’re not protected. It’s better to use either your mobile carrier connection or a virtual private network (VPN) app. VPN plans are inexpensive and will keep your data encrypted, even if you’re on public Wi-Fi. 6. Check Your Backup Unfortunately, mishaps occur when traveling. You may leave your phone behind on a boat, have your luggage lost, or get your device stolen while in a crowded area. 10% of all laptop thefts happen in airports. Don’t lose all your data with the device! Back up your devices to the cloud or local storage before you travel. This ensures that you won’t lose the valuable information on your device. You also won't need to think twice about enacting a remote “wipe my device” command if necessary. 7. Check Your Device Security Make your devices as secure as possible before you hit the road. When we’re traveling, our minds are occupied by other things. So, you may not think to check your antivirus or avoid suspicious phishing links. Protect your devices before you go using: Antivirus/anti-malware DNS filtering Screen lock with passcode Sharing features turned off VPN application Find-My-Device feature turned on 8. Check Your Double-Checks What do we mean by checking your double-checks? Use the buddy system as a backup. When the family is getting off a plane, each should check with the other that they have all their devices. If you’re traveling alone, have a friend or family member check up by text. Did you grab your charger? Is your VPN turned on? Those little reminders can go a long way toward avoiding digital travel nightmares. Improve the Security of Your Devices Now Don’t leave your devices unprotected. This could mean a breach of your banking app or personal data. Contact us for device security solutions to reduce your risk. Article used with permission from The Technology Press.

If you follow Microsoft products, then you may know about Microsoft Ignite . Held annually, it generates many exciting updates and announcements in the Microsoft world. Microsoft held its most recent conference last October. In the rush of the recent holidays, you may have missed some of the highlights. So, we’re bringing them to you now. One thing you’ll notice is that Microsoft Teams got a lot of love at the event. Microsoft is now describing Teams as “the app at the center of Microsoft 365.” We can see why the company keeps enhancing this virtual workspace. Teams now has over 280 million users. It’s not surprising seeing that Microsoft has introduced over 450 new Teams features. And that's just in the last year. We’ll go over some Teams features below, along with other Microsoft App announcements from Ignite. These may give you some ideas for your next digital workflow upgrade. Teams Premium There is a new Teams Premium offering from Microsoft that adds a whole new AI component to the platform. This service includes several AI-powered features. They make it seem like you have your own meeting assistant. Some of the cool features include automatically generating chapters from a Teams meeting. The app also generates personalized highlights for you. This saves you from having to rewatch the meeting later. If you’re meeting internationally, you can enjoy real-time translations for captions. Meeting guides is another new feature. It sets up your meeting options according to your needs. 360-Degree Intelligent Camera for Teams Meetings SmartVision 60 is the first 360-degree, center-of-room intelligent camera. It has the ability to track the speaker as they’re moving. The camera is also due to have a people recognition feature coming soon. Virtual meetings can feel much more like real meetings using SmartVision 60. Instead of just seeing a small video feed of one person, the movement of the camera can capture a whole team. Cisco is Now a Certified Devices Partner for Teams Rooms Those that are fans of Cisco meeting products will be pleased to know they now have more options. Microsoft announced that Cisco is now a Teams Room Certified Devices partner. You can now start Teams meetings across all certified Cisco meeting devices. Microsoft Places One of the virtual workspace apps to support the new hybrid movement is Microsoft Places . This is a team management app that integrates with the rest of the Microsoft 365 ecosystem. The office is still around, but for how long? Much of the world had to do things virtually during the pandemic. Many companies and employees found they like it better that way. Seventy-four percent of US companies have or plan to put in place a permanent hybrid work model. Microsoft Places is one more way Microsoft is leading the hybrid office revolution. Some of the app’s features include: Manage and track where employees are working (at home or in the office) Track whether coworkers are away or available Track physical room use to make strategic decisions Hours & Location Feature in Outlook & Teams Another feature announcement related to the hybrid working world is hours and location. This is a new capability added to Teams and Outlook to make it easier to schedule in-person meetings. It can get tricky to plan in-person meetings when you don’t know who is working at the office and who is remote. If you plan without checking, you're bound to alienate someone. They won't be happy if they were planning to work from home that day. The new hours and location feature allows people to specify where they are working. They can adjust this from hour to hour. It takes the guesswork out of scheduling. Loop App Private Preview Another exciting app announcement that Microsoft made was about its Loop app. It stated that Loop entered private preview. This gives some organizations a chance to check it out. Loop is a collaborative workspace app that helps teams ideate in a virtual space. All data pulled in from Microsoft 365 apps syncs automatically to stay up to date. Microsoft Clipchamp Video Editor You may have noticed an unfamiliar app popping up on Windows. Microsoft Clipchamp was formally announced at the Ignite event. It’s a quick and easy video editor for Windows PCs. Have you ever felt frustrated trying to fix a video and not having the right tool to do it? Then you may want to take a closer look at what Clipchamp has to offer. It looks to have a fairly low learning curve. Get Help Navigating the Microsoft 365 Universe Microsoft 365 has come a long way in a short period. There are many different app integrations you can use to power your workflow. But it can get a bit complicated without an expert to help. Give us a call today to schedule a Microsoft consultation. Article used with permission from The Technology Press.

The new year has just begun and it’s a time of renewal as we plan for the possibilities to come in 2023. It’s also a time when you need to plan for resiliency in the face of ever-present cyberattacks. Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse. They have a good reason. Attacks continue to get more sophisticated. They are also often perpetrated by large criminal organizations. These criminal groups treat these attacks like a business. In 2021, the average number of global cyberattacks increased by 15.1% . To protect your business in the coming year, it’s important to watch the attack trends. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you better update your IT security to mitigate the risk of a data breach or malware infection. We’ve pulled out the security crystal ball for the upcoming year. And we've researched what cybersecurity experts are expecting. Here are the attack trends that you need to watch out for. Attacks on 5G Devices The world has been buzzing about 5G for a few years. It is finally beginning to fulfill the promise of lightning-fast internet. As providers build out the infrastructure, you can expect this to be a high-attack area. Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Anytime you have a new technology like this, it’s bound to have some code vulnerabilities. This is exactly what hackers are looking to exploit. You can prepare by being aware of the firmware security in the devices you buy. This is especially true for those enabled for 5G. Some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices. One-time Password (OTP) Bypass This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is well-known as very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password. There are a few different ways that hackers try to bypass MFA. These include: Reusing a token: Gaining access to a recent user OTP and trying to reuse it Sharing unused tokens: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account. Leaked token: Using an OTP token leaked through a web application. Password reset function: A hacker uses phishing to fool the user into resetting a password. They then trick them into handing over their OTP via text or email. Attacks Surrounding World Events During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters are lucrative. They launch phishing campaigns for world events. Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams. This is because they are often distracted by the crisis. People need to be especially mindful of scams surrounding events like these. They will often use social engineering tactics, such as sad photos, to play on the emotions. Smishing & Mobile Device Attacks Mobile devices go with us just about everywhere these days. This direct connection to a potential victim is not lost on cybercriminals. Look for more mobile device-based attacks, including SMS-based phishing (“smishing”). Many people aren’t expecting to receive fake messages to their personal numbers. But cell numbers are no longer as private as they once were. Hackers can buy lists of them online. They then craft convincing fake texts that look like shipping notices or receipts. One wrong click is all it takes for an account or data breach. Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500% . It’s important to ensure that you have good mobile anti-malware. As well as other protections on your devices, such as a DNS filter. Elevated Phishing Using AI & Machine Learning These days, phishing emails are not so easy to spot. It used to be that they nearly always had spelling errors or grainy images. While some still do, most don’t. Criminal groups elevate today's phishing using AI and machine learning. Not only will it look identical to a real brand’s emails, but it will also come personalized. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past. Schedule a Cybersecurity Check-Up Today Is your business prepared for the cyber threats coming in 2022? Don’t wait to find out the hard way! Give us a call and schedule a cybersecurity check-up to stay one step ahead of the digital criminals. Article used with permission from The Technology Press.

Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media. Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach. Including remediating a malware infection or compromised account. Cybersecurity insurance policies will cover the costs for things like: · Recovering compromised data · Repairing computer systems · Notifying customers about a data breach · Providing personal identity monitoring · IT forensics to investigate the breach · Legal expenses · Ransomware payments Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches on record. And in the first quarter of 2022, breaches were up 14% over the prior year. No one is safe. Even small businesses find they are targets. They often have more to lose than larger enterprises as well. About 60% of small businesses close down within 6 months of a cyber incident. The increase in online danger and rising costs of a breach have led to changes in this type of insurance. The cybersecurity insurance industry is ever evolving. Businesses need to keep up with these trends to ensure they can stay protected. Here are some of the cyber liability insurance trends you need to know about. Demand is Going Up The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance. Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach. With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage. Premiums are Increasing With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74% . The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren’t willing to lose money on cybersecurity policies. Thus, those policies are getting more expensive. This is at the same time as they are more necessary. Certain Coverages are Being Dropped Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks. These are attacks that come from a government. Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category. In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary. Another type of attack payout that is being dropped from some policies is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24% . Insurance carriers are tired of unsecured clients relying on them to pay the ransom. So many are excluding ransomware payouts from policies. This puts a bigger burden on organizations. They need to ensure their backup and recovery strategy is well planned. It’s Harder to Qualify Just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene. Some of the factors that insurance carriers look at include: · Network security · Use of things like multi-factor authentication · BYOD and device security policies · Advanced threat protection · Automated security processes · Backup and recovery strategy · Administrative access to systems · Anti-phishing tactics · Employee security training You’ll often need to fill out a lengthy questionnaire when applying for insurance. This includes several questions about your cybersecurity situation. It’s a good idea to have your IT provider help you with this. This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums. So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks. Need Help Making Sense of Cybersecurity Policies? Cybersecurity coverage and insurance applications can be complex. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should. If you’re considering cybersecurity insurance, don’t go it alone. Give us a call and schedule a consultation. We can explain the policy details and provide guidance. Article used with permission from The Technology Press.

The global home security market has been growing by leaps and bounds. By 2026, experts expect the market to expand at a rate of 20.1% . This is on top of an expected increase of 21.6% from 2021 to 2022. From Ring doorbell cams to entire home security systems, consumers want these solutions. Watching your front door from afar has never been so easy. With cloud-based video streams, homeowners can view any part of their home. Sharing doorbell camera shots on neighborhood social media groups is now common. These home security systems also provide peace of mind at a wallet-friendly cost. But don’t let the ease of setup fool you. Home security cameras can open your family up to risks if you don’t take precautions. Often, people are so excited to see what they can do, they don’t stop to think about device security. There are horror stories online about hacked video cameras. This includes strangers saying disturbing things through those cameras to children. Additionally, in 2019, Ring suffered a data breach . That breach exposed the personal data of over 3,000 Ring users. This included usernames and passwords. It’s enough to make you reconsider your decision to add extra security. But don’t let those incidents scare you off. You can properly secure a home video camera system to ensure it’s not breached. Here are some of the things you should do for a safe home security setup. Make Sure Your Router is Secure You access an IP security camera via the internet. Any commands going to the system or footage coming from it go through your router. So, you need to make sure that your router is properly secured. Hackers breach routers so they can get to the devices connected to that network. Ensure your router security protocol is no lower than WPA2. The next generation, WPA3, is even better. These protocols govern the protection of data transmitted through the wireless network. Give the router a strong password that is at least 12 characters long. Software can crack a password of only 8 standard characters instantly. But a 12-character password with at least one upper case letter, number, and symbol takes 34,000 years . Change the Default Username & Password You also need a strong password for your security system’s admin account. You should also change the default device and username. Hackers have lists of all these device defaults and use them to break into these systems. Changing the default username and password for the device should be one of the first things you do. Otherwise, it could be mere minutes after you connect to the internet that you’re hacked. Ensure the System Uses SSL/TLS Or Other Encryption You don’t want the footage from your cameras transmitted for anyone to grab and watch. Make sure the security system you choose notes SSL/TLS. Or another standard encryption. This ensures that the data cannot be intercepted and accessed. SSL is short for Secure Sockets Layer, and TLS is short for Transport Layer Security. Without a form of encryption, a hacker can easily breach your device. Keep the Software Updated If your security system has an automatic update feature, turn that on. Unfortunately, many users don’t think about updating their device software. This leaves it more vulnerable to a hack. Updates often include important security fixes for found vulnerabilities. You want to make sure updates install promptly. That’s why automating this is best. Consider Access Levels for Multiple Users Do you have several family members accessing your cloud-based security device? If so, set up some access levels. Not everyone needs to be at an administrator level. Hackers love it when they can breach the login of an admin user for an account. This gives them more privileges, like changing settings. Giving lower-level privileges, such as “view only,” to most family members improves security. Enable Camera Security Features There will be various security features that are available with your system. Manufacturers often do not enable all security settings by default. The user must turn all or some of them on. If you’re unsure of what settings should be on or off, we’ll be happy to help. Some home security systems have generous sharing options. This can be an invitation for hackers. You want to restrict these as much as possible. Make Sure Your Mobile Device is Secure Most people access their security cam through their smartphone. Make sure that you secure yours and keep it updated with the latest operating system. Hackers can gain access to a security system through a device with weak safeguards. Add things like: · Mobile anti-malware · DNS filtering · Screen lock · Automated updating Looking for Help Protecting Your Cloud Security System? Give us a call and schedule a visit. We’ll be happy to help you ensure your security system is set up with best practices. Article used with permission from The Technology Press.

One constant struggle in offices is the balance between productivity and security. If you give users too much freedom in your network, risk increases. But add too many security gates, and productivity can dwindle. It’s a fine balance between the two, but one you can achieve. Organizations need to recognize the importance of both. And not sacrifice one for another. A recent report from Microsoft notes a dangerous lack of authentication security. Just 22% of Azure Active Directory users had multi-factor authentication (MFA) enabled. This means that over three-quarters were at a much higher risk of an account breach. Why do organizations fail to adopt important security protocols, like MFA? We know that it’s as much as 99.9% effective at stopping fraudulent sign-ins. Yet so many companies aren’t adopting it. User inconvenience is the biggest reason. MFA is not expensive. In fact, it’s free to enable in nearly all cloud applications. But if users say that it’s hurting productivity and is a pain to use, companies may not bother with it. But sacrificing security can hurt productivity worse. Downtime due to a data breach is expensive and can put smaller companies out of business. The main cause of data breaches is credential compromise. So, if you’re not protecting your authentication process, the risk of becoming a breach victim is high. 35% of data breaches initiate from breached login credentials. There are ways to have both secure and productive users. It simply takes adopting some solutions that can help. These are tools that improve authentication security. But do it in a way that keeps user convenience in mind. Solutions to Improve Security Without Sacrificing Convenience Use Contextual Authentication Rules Not every user needs to go through the same authentication process. If someone is working in your building, they have a certain trust factor. If someone is attempting to log in from outside the country, they do not have that same trust. Contextual authentication is used with MFA to target users that need to reach a higher bar. You may choose to limit or block system access to someone attempting to log in from a certain region. Or you may need to add an additional challenge question for users logging in after work hours. Companies don’t need to inconvenience people working from normal locations during typical hours. But they can still verify those logging in under non-typical circumstances. Some of the contextual factors you can use include: Time of day Location The device used Time of the last login Type of resources accessed Install a Single Sign-on (SSO) Solution A report on U.S. employees found they use a lot of apps. Workers switch between an average of 13 apps 30 times per day. That’s a lot of inconveniences if they need to use an MFA action for each of those logins. Single sign-on applications solve this problem. They merge the authentication process for several apps into just one login. Employees log in once and can go through MFA a single time. Using multi-factor authentication isn’t nearly as inconvenient. Users gain access to everything at the same time. SSO solutions help organizations improve their security without all the pushback from users. Recognize Devices Another way to better secure network access is to recognize devices. This is typically done using an endpoint device manager. This automates some of the security behind user authentication. Thus, it doesn’t inconvenience the person. First, register employee devices in the endpoint device manager. Once completed, you can then set up security rules. Such as blocking unknown devices automatically. You can also put in place device scanning for malware and automated updates. Both these things increase security without sacrificing productivity. Use Role-based Authentication Your shipping clerk may not have access to sensitive customer information. But your accounting team does. One can have a lower barrier to authentication. Using role-based authentication saves time when setting up new employee accounts. Authentication and access happen based on the person’s role. Admins can program permissions and contextual authentication factors once. Then, the process automates as soon as an employee has their role set. Consider Adding Biometrics One of the most convenient forms of authentication is biometrics. This would be a fingerprint, retina, or facial scan. The user doesn’t need to type in anything. It also takes just a few seconds. Biometric hardware can be costly, depending on the size of your organization. But you can introduce it over time. Perhaps using biometrics with your most sensitive roles first, then expanding. Additionally, many apps are now incorporating things like facial scanning. Users can authenticate using a typical smartphone, making it much more affordable. Need Help Improving Authentication Security? Don’t give up important security because you’re afraid of user pushback. Give us a call and schedule a security consultation. SHOUT OUT TO T.M.E.

Countless employers still don’t trust their people to do their best work unless they’re physically in the office. But while managers may be struggling to adjust to our new hybrid world, this perception is a long way from the truth. Research from around the world reveals that greater flexibility from remote and hybrid working often results in a major boost to productivity. Yet still some firms are bringing back an office-only policy. Employers may be grappling with the fallout of the last few years and hoping that a return to the office will result in a post-pandemic productivity boost. But seeing as hybrid workers show improved morale, greater creativity and better collaboration (compared with pre-pandemic levels), this could be a big step in the wrong direction. Big Brother will never be popular Some businesses have increased their employee monitoring to try and track performance. But this is often perceived as a Big Brother tactic that ends up having the opposite effect – a drop in productivity, a lack of trust, demoralized teams, and a greater feeling of ‘us and them’. All businesses need to understand how they are performing and decide which metrics give the best insight into productivity. But this has to be done in a way that doesn’t leave employees feeling like cogs in a machine. So what’s the answer? There is some clear advice for building a productive and successful hybrid environment: · Encourage people to work in the way that’s best for them · Find the right ways to measure performance – without people feeling like they’re constantly being watched · Automate repetitive tasks to free up your team’s creativity · And provide everyone with the tools and tech they need to do their job properly. That could include choosing the right devices, using communication tools that aid collaboration, and making the right connectivity choices. We can help with all of this. So if you’re having trouble adjusting to a hybrid world, get in touch – we’re here to help. Published with permission from Your Tech Updates.