Email Security

5 Tips for Better Email Security

Email is one of the most used mediums today. In fact, half the globe uses email.
In businesses, email is totally universal. This has become an even more ingrained reality since the COVID-19 pandemic. In-person meetings are downright antiquated, and email is used not just to collaborate but to document important conversations.
However, this also means that email has remained a popular channel for attackers to infiltrate. With every professional practically living inside their email accounts these days, hackers and phishers are even more prolific in trying to gain access to sensitive information.

1. Provide training for staff

The cost of business information breaches caused by simple human error averages $3.3 million a year. Even if your staff knows the basics about phishing or other email scams, a simple “mis-click” can end up costing your business dearly.

The goal is to have tools in place that stop those emails from ever hitting inboxes, but some will always get through. Employees become the only thing standing between your business data and a hacker. Ensure that barrier of defense is just as strong as every other part of your email security with regular training.

2. Use stronger passwords

Using predictable passwords is the number-one way hackers gain entry to accounts. According to the 2019 Data Breach Investigation Report (DBIR) by Verizon, 80% of hacking-related breaches are connected to weak passwords.

Learn how to store your passwords, make them stronger, and update them regularly—and ensure everyone at your business does the same.

3. Never, ever open unexpected or unknown email attachments

If you don’t know the sender, don’t open the attachment. Educate your staff to vet attachments, too, by asking themselves: Am I expecting this email? Does the format type look like one I know?

When in doubt, do not open an attachment. You can confirm the nature of the content with the sender before making a final decision.

4. Do not allow anyone to use company email for personal reasons

Personal emails are the best opportunity for cybercriminals to hack business systems. Ensure that no one at your business uses email for personal reasons. No one should even check their personal emails when on your wireless or business server; this, too, opens up the possibilities for a hacker to infiltrate.

5. Periodically review your settings

Just like technology is constantly evolving, so is cybercrime. Periodically review your security and privacy settings and discuss “best practices” with your proactive IT services provider. Turn your own settings into a standard business practice and instruct the rest of the staff to update their settings to the same configuration, too.

It’s business-critical to keep your information secure, and email is the front door that both legitimate and criminal contact comes through. For help implementing these and other best practices, contact us.

5 Tips for Better Backups

Cyber criminals target businesses of all sizes. Natural disasters target indiscriminately, too. There are so many risks out there, and your business-critical data could disappear in an instant.
Take charge of your backup and recovery plan to protect your business. Data security goes a long way, but even a strong backup plan has holes to patch.
Most business backup plans depend on cloud storage. This comes with a long list of benefits; however, there’s more to a backup recovery plan than just choosing your cloud storage provider.
1. Create redundant backups

One complete backup of your business-critical files will protect you, but not enough. A regional disaster, for example, could wipe out a digital infrastructure that affects your cloud storage. Create redundant backups in multiple locations to truly secure your data.

2. Encrypt everything

Backups will inherently include sensitive data like customer information, billing data, employee records and even business strategies. Protect your backups by encrypting every bit of data you store.

3. Keep your eye on changes to regulation

Your business has an obligation to follow any number of privacy laws from the GDPR to CAN-SPAM to HIPAA. Keep your eye on any changes to regulations to ensure your backup complies with the rules. Be sure to ask your cloud storage provider about what steps they take to comply, too.

4. Determine recovery time

The type of backup you use will determine how much recovery time your business needs to retrieve data in case of an emergency. Even a day without data can mean a day without revenue, so plan ahead and write it into your business continuity plan.

5. Establish standard file naming

This might sound like a little thing, but it’s actually something that will make a big difference in your backup—especially when wading through data recovery after a disaster takes place. Backups will also go faster with a standard naming system because you’ll be able to see what’s new and organize it accordingly.

Understanding the best backup plan for business data requires understanding the difference between backups and syncing, too. Keep reading to learn more.

Ransomware Attempt

A Malware Story

“Payment was made successfully.”

The disturbing statement blinked at me from the computer screen. I felt sick and grateful at the same time. At least it was over.
It all started with an email. I should have known it was a phishing attempt, but in the rush of the day, I didn’t look closely enough. The email said I had to update my credentials for our ERP account. First, I had to “validate” my current credentials by entering them into the login screen.

After hitting “send,” the screen went black.

I rebooted my PC and the first screen I saw was a message in green text: “Welcome to LockerLock. Your files have been taken. We will keep them secure for 48 hours only. Cost of release: $100,000 USD.”

Next Steps
I was shocked and confused. Before clicking on anything else, I sped into the neighboring office. My coworker was rebooting her computer and said her PC had frozen.

One long and painful conference later, the office leadership confirmed that we had been hit by a ransomware attack. The price to release our files was $100,000.

Instructions came from the hackers. They explained how to access the dark web and how to initiate a cryptocurrency transfer.

The whole process seemed to drag on after only a day had passed. Every client that called in had to be told something, but our customer service wasn’t able to tell them much. Our hourly staff was left with so little to do that they started organizing the office…it’s never been so clean before or since.

My story isn’t unique, and my story isn’t the last. Malware comes in many forms and hackers are always a step ahead of the rest.

There are many types of malware, and ransomware is one of them. New-age malware uses advanced capabilities to spread through encrypted files while evading detection. Pre-built infrastructures are used to easily distribute malware to a growing number of devices.

New techniques like offline encryption methods are becoming popular, too, allowing malware makers to take advantage of legitimate systems like Microsoft.

Today, all businesses are at risk. Over half a million instances of malware are detected every day and there are more than 1 billion active programs threatening consumers and businesses right now.

Every 60 seconds, another four companies fall victim to ransomware attacks. That doesn’t even include the other kinds of malware.

If you don’t have malware protection, in another 60 seconds your time could be up. Talk to us about proactive IT services and take your security to the next level. Start the conversation with TimbukTech today.

Laptop, pad and phone

Leslie, the IT Lady

Small business IT administrators need to keep track of a growing number of mobile devices these days. Devices include both personal and business phones, tablets and computers brought in by clients and employees.

Every IT admin has to know what resources employees and clients need, not to mention how to protect devices and the network.

That’s what we call Mobile Device Management, or MDM.

Meet Leslie…

Leslie is the IT admin at a small business. She handles the software on local machines, she installs hardware, she gets new employees set up and advises leadership on information security.
Leslie is not an MDM specialist because, frankly, MDM wasn’t a “thing” when she was in school. It’s still pretty new to everyone.

When the company decided to deploy “bring-your-own-device” (“BYOD”) at their business, it was exciting. The company would either pay for or provide reimbursements toward personal devices as long as they were used for business (and were kept to certain security standards).

The business would benefit because staff would be more efficient on devices they already knew how to use.

Leslie, however, saw BYOD as a new mountain to climb.

Deploying MDM to secure all those brought-in devices would introduce new challenges for Leslie. She would have to balance the need to secure corporate apps with the employees’ need to maintain privacy. She would also have to learn how to set privacy right to encourage the right business behaviors from users.

Leslie had to take a step back and breathe, because it quickly became too much. It would be easier if she first identified what a new MDM program would require.

MDM Requirements
Each unique developer of every mobile operating systems controls what a Mobile Device Management software can do on their devices, which adds another layer of complexity for people like Leslie trying to manage it all.

This is why mobile device management has inspired its own line of software to manage the moving parts.

Mobile device management software generally includes:
• Device inventory management
• Device tracking
• App distribution reporting
• Remote device wipe
• App whitelisting and blacklisting
These same features can also be implemented by a proactive IT services provider for added personalizations and more robust options like data encryption and password reinforcement.

Leslie Made the Call

Leslie knew she needed to call a proactive IT services provider to get the best protection and ensure streamlined mobile device management.
So she did, and her company’s transition to BYOD was safe and painless.
Be like Leslie. Make the call today—contact TimbukTech to learn more.

Man updating his software

Why Software Updates?

You’re no stranger to those little pop-up windows.
“An update is available!”

Whether it’s for desktop, tablet or mobile software, updates are a regular thing. Our lives revolve around software both in work and at home, so we see these notifications often.

As frequent as these little pop-ups are, however, the number of times we hit “remind me later” is almost as frequent.
How many times has a device forced you to update because you’d pressed that button too many times?
Software updates are important for all devices for both security and functional reasons. The sooner you click “OK” for these updates, the more confident you can feel.

Keep reading to learn the four principal reasons why software updates are so important.

1. They patch security flaws

One of the main reasons why updates are pushed out so often is to patch security flaws. Bugs are discovered, vulnerabilities are fixed, and the programmers behind the apps you use are always patching every hole for you.

Why wouldn’t you want to opt into the added security as soon as you can?

2. You deserve the best

Software updates give you the latest and greatest versions of the apps you love and need. New features and improvements are part of these regular updates.

Whatever the benefit, is there any reason why you wouldn’t want to opt in?

3. Updates do a lot

Software updates offer other benefits as well. Beyond hole patches and new features, updates also include better speed, no more crashing, and other improvements to the user experience.

4. It isn’t just about you

Whether it’s your work or personal computer or device, updates (and their implications on security, in particular) protect the data you share with others. They also protect you from getting a virus that could be passed over your network to other people’s devices and computers, too.

It’s easy to click “remind me later” and perpetually skip software updates. If they take a few minutes that you feel you just don’t have, it sometimes seems like the only option.

Putting your data or whole network at risk, however, is never worth it.

Understanding why software updates are so important is the first step. Now, take the extra few minutes to click “OK” on that next update pop-up, and you’ll gain these benefits and more.

motherboard - key - security

Ways to Secure Your Passwords

Let’s assume you’re using different passwords for all the websites and apps you’ve signed up for. (After all, we certainly hope you are.)
That means you have so many different combinations of numbers, letters and memory triggers that it’s officially impossible to keep them all straight.
Fortunately, there are secure and convenient ways to store all your passwords so you never have to memorize another one again. You can keep your data even more secure and save yourself from ever getting locked out of an account by using one of these options.
1. Your browser’s password storage

Using your browser’s password storage option is a secure and convenient way to keep track of all your passwords. If you use the same browser on your desktop and mobile device, the password memory even carries over.

Perhaps the best part about this option is that every browser has it. Whether you use Chrome, Safari, Edge or Firefox, browser password storage keeps all your passwords safely one click away.

2. Password manager software

There are special websites and apps that store your passwords much in the same way your browser does. You can install the extension to your browser on any device, and your account information will carry over wherever you need to access your passwords.

The real stand-out feature of this type of software is that you can securely share credentials with other people. They receive an email notification with the option to “accept share,” and then they can log into that account without you actually revealing your password. It just fills in automatically for them.

You can revoke their access by email address whenever you want, too.

Keeping your passwords safe is ultimately about choosing the right storage option for you and making sure your passwords are strong. The most important passwords are still helpful to memorize, too, especially if you need to access those accounts on public computers.

And remember: even a really good password used over and over again puts your data at risk.

Questions? Ready to learn more about your password security? Contact us today.

A Dark Web Story

The “dark web” refers to online content that is not indexed by search engines. It’s also encrypted for browsing anonymity. You might have also heard it called the “dark net.”
The dark web is part of a bigger “deep web,” which refers to all sites not indexed by search engines.

The dark web can only be reached with special browsers like Tor Browser. Instead of taking the most direct route between your computer and the “deep” content you’re trying to reach, Tor uses a random path of encrypted servers. This is how users can connect to hidden content without any risk of their activity being tracked.
In other words, dark web browsers allow for anonymous browsing of hidden websites.

Why use the dark web?
Using the dark web provides the greatest privacy for users. Even using the Tor browser to access regular websites adds a layer of anonymity.
Many dark websites provide the same services and content you see across the rest of the web, but they do so from behind the shroud of “unfindability” (except by those they want to be found by.)

Anonymity is appealing to most of us, but in its early years, this anonymity of the dark web attracted criminals as a marketplace for drugs and stolen data.
Today, however, even someone trying to keep a medical condition private can benefit from the dark web. It’s a more common thing, especially with more of our data sold every day for advertising purposes.

4 Key Takeaways of the Dark Web
• The dark web is the smaller classification inside of the bigger classification called the deep web.
• Dark web content is both encrypted and not indexed by search engines.
• Special browsers like Tor are required to reach the dark web.
• The dark web can be used to help maintain privacy and allow people to freely express their views.

Thor on Tor
There was a guy named Thor who used Tor Browser. He was attracted to the dark web for its anonymous browsing, and he felt liberated to peruse website content without getting retargeted by creepy ads later.

Thor’s mother complained, “the dark web is where arms are traded and drugs are delt.”
Thor asked, “have you ever even been on the dark web?”
Indeed, Thor was able to benefit from the dark web in several ways.

When Valentine’s Day came, Thor thought, “what better way to look for gifts without my partner getting wise than to shop on the dark web?” He felt further vindicated by his choice to us Tor.
Thor found a deal on the dark web that advertised a discounted, temporary Netflix pass and a free pizza. He couldn’t have planned it better himself. Thor leapt at the chance to show his girlfriend a good time with some rest and relaxation over pizza.

As it turned out, Thor was actually suckered into a fake deal. The Netflix credentials had been stolen, and the owner had already changed her password.
Thor was only out a few bucks from the transaction, but he had no path to justice. This was even more damaging. The dark web had none of the standard consumer protections, and he had no way to prove that the transaction was fraud..

Worst of all, now Thor had to think of another Valentine’s Day gift.

Thor might have just lost a few bucks, but your business has a lot more to lose. The dark web has no purpose for most businesses today.

Unfettered dark web activity will expose your business to risk without any power to report or complain suspicious cases. Talk to us now to learn more about the dark web and to make the best call for your business.

Man in cyber world

4 Tips for Cyber Resiliency

Cyber resiliency is a fancy way to say “protect your digital assets.”
Putting it in more relatable terms, digital security is more than just a “core value” you slap on company training materials. Security today has to be backed with a real plan.
For businesses, that requires implementing firewalls and equipment security to support your overall cyber resiliency.
Here’s how.
What is a firewall?
The first time you ran into a firewall was probably when one had to be deactivated to get something on a website to work.
But what is a firewall, exactly? Could you define it in technical terms?
Firewalls are software programs that filter and examine the data coming into your machine from the internet. They’re installed as a first line of defense to stop malicious programs or hackers from gaining access to your device or network.
What is equipment security?
Equipment security, especially in the context of business cyber resiliency, covers a whole slew of protection, surveillance and identification systems running in the background on your machines and devices.
Equipment security protects your PCs, mobile devices, cameras, alarm systems and more.
In short, equipment security is the bigger “umbrella” of how you protect each piece of physical hardware your business uses to run.
4 Tips to Cyber Resiliency
Achieving cyber resiliency starts with the following four tips. Go through these one-by-one and your organization will have its core security covered to protect your brand’s integrity, livelihood, and assets.
1. Recognize where you are

Know where you are right now in terms of risk. You can get your risk level assessed by a proactive IT services provider (like us). Your take-away from this assessment should be a clear list of where you’re most vulnerable.

2. Reduce exposure

Once you know where you’re most vulnerable, that’s where you start to plan your next steps. Firewalls are especially handy to patch vulnerabilities here.

3. Secure assets

Equipment security is particularly handy in this stage, because securing your assets is simultaneously about protecting physical hardware and stopping hackers from getting your “soft assets” (or data).

This is also the step where many organizations learn exactly how urgently they need hardware upgrades.

4. Accelerate the capacity for business recovery

Once you know your vulnerabilities and have patched them the best you can, there’s still the possibility that your systems, hardware or data could be compromised by a malicious attack.

As long as that possibility exists, you need a contingency plan.

Protect yourself by continuous monitoring your network and by building a Business Continuity Plan

Keep reading these 4 tips for device and gadget security to get even more granular in your cyber resiliency.

Windows 10 Tips

4 Windows 10 Productivity Tips
In case you were wondering, about one billion computers today run Windows 10.
If you weren’t wondering, it’s no wonder you don’t know all the coolest ins and outs of the operating system!
A little curiosity goes a long way with Windows 10. Windows in general has been around for so long that most users don’t get too jazzed about updates, but the latest version has some tricks you’ll want to leverage.
Windows 10, they say, was built especially for productivity. Keep reading, and you’ll learn how to maximize your computer’s relationship with Windows 10 so it can work exactly the way you want it to.
Windows 10 for added productivity
You probably have the basics down in Windows. And that’s great! The following are some of our favorite tips to boost productivity even more when working on Windows 10. We guarantee you’ll learn something new.
1. Minimize interruptions

Stay focused on whatever it is you’re working on by eliminating notification interruptions. Pop-up notifications can be helpful, but at the wrong time they can kick you out of a productive headspace.

To turn these off, open the Start menu, click the Settings cog, and then click on System > Notifications and actions. There, you can turn notifications entirely off or limit which apps can send them.

2. Use (and organize) workflows

Some users feel pretty tech savvy just using the Alt-Tab combination to leaf through open programs on Windows 10. You can take the time to organize things even better, though, and make multi-tasking as smooth as can be. This is even cooler with the right multiple-monitor setup.

System tasks like automatic posting can be included in what are called “Workflows,” either preceded or followed by other tasks you perform. Just click the search icon and type in “workflow,” which will bring up the Workflow page. Create a Workflow by simply listing the steps on each individual line. Each step is set by conditions that you define.

3. Night light

Use the night light setting on Windows 10 to restrict the blue light shining out from your computer display. Blue light restricts your melatonin production at night, which makes it harder to sleep.

Go to Start > Settings > System > Display to activate the night light slider, and keep it on all day. You’ll be grateful you did.

4. Windows timeline

The Windows 10 timeline displays the history of all your activity in Microsoft apps. That includes everything from Microsoft Office files to Edge browser tabs. This makes it easy to jump back to something you were working on before, even after you’ve closed it out.
Being more productive means finishing your days sooner and with more energy, all while getting more done. These tips are more than glamorous—they’ll seriously streamline everything you do on your PC.

Compliance is Integral to Business Success

Let’s Not Be Frank
IT compliance means abiding by certain laws and legal norms that regulate the handling of data. Most of the time, it relates to handling consumer data, such as the protections HIPAA ensures for patient medical records.
Companies big and small are required to meet compliance standards with internal processes that ensure the safe storage of data. Managing these processes is part of a company’s risk management.
Compliance processes aren’t just important for meeting requirements, either. They also help prevent data loss, hacking, and even espionage and other financial risks. Compliant IT is also more efficient IT.
…If only Frank had known that.
Frank’s story
Frank was a fleet manager for a logistics company for more than 15 years. He had a good relationship with the clients he delivered for and an even better relationship with his drivers. The day came where Frank took his team and started his own firm.
Not long after Frank started his logistics firm, the pandemic hit. Business took off for Frank, because with shuttered storefronts and the sudden boom in e-commerce, there was more demand than ever for companies like his to move products.
Frank wasn’t prepared to scale that fast, though. He was barely able to hire new drivers quickly enough as demand went through the roof.
IT compliance was NOT at the top of Frank’s mind.
Frank thought, “compliance is only an issue if you get audited and fined.” His company had reasonable practices in place to protect data, but he wasn’t devoting enough resources to meet every compliance standard there was.
When Frank’s firm fell victim to industrial espionage, he lost all the company’s data. There were client addresses, employee driving records, and even bank information from payments made.
Under the weight of fines and lawsuits, Frank’s company went bankrupt in a matter of months.

Data privacy is vital to business, and the smaller the business, the more crucial it is. The cost of risks taken on can crush small and even medium-sized businesses otherwise. For a little added guidance, plus the tools you need to manage IT compliance responsibly, contact us today!