Blog

The Security Issues Caused By Misdirected Emails

When we consider the security of our business technology, we often think of scams or phishing e-mails. These get easily shrugged off, as we assume no one would fall for e-mails that simply ask for money or state other falsities such as your having won a lottery in which you never participated. If we were to list the actual security threats of the companies, you would be surprised. The #1 data security incident reported in 2017 was misaddressed e-mails. Something as simple as typing too fast, or misspelling a person’s name can have huge repercussions for your business. The scary thing is any employee, at any moment in the workday, could make this terrifying mistake.

Misdirected Emails

Two major issues result from misaddressed e-mails. One is the result of your e-mail being accidentally sent to the wrong person. Now, some person has information that wasn’t meant for them. This could be as small as a secret joke about the boss, or as treacherous as spreadsheets with a department’s payroll information. Either way, this simple mistake could have enormous consequences.

The second major security issue results from a more sinister adversary where something you send is accidentally delivered into their eagerly awaiting hands. This is known as “doppelganger domains,” where websites are similar to legitimate ones. These similar websites are bought for the entire purpose of capturing your misaddressed e-mails. How many misaddressed e-mails could there be that could do damage to the integrity of your business? Research shows in one case using only two researchers, in six months time, they managed to capture 20 gigabytes of information from various Fortune 500 companies.

The e-mails they captured contained various levels of confidentiality that ranged from employee username and passwords, to even legal documents such as contracts or affidavits. The scary thing is that while a company could catch an e-mail and be working on improving their security, it could be all too late. After a hacker has confidential information such as passwords and usernames, or payroll accounts, the business has all but already handed over the reins. Anyone of these items could be dangerous enough to seriously endanger the business, but all together? The outcome could be catastrophic.

If you were on the receiving end of an e-mail that was not meant for you, what should you or your employee do? The New York Times recently answered this question with the following recommendation, ”If the message appears life-threatening or otherwise very important, then you have a moral responsibility to reply back and try to get the e-mail where it was originally headed. If the message is not life-or-death, you can safely ignore it. That approach means you don’t punish people in need, but otherwise, you let Natural Selection do its thing on people who can’t be bothered to check e-mail addresses.”

Knowing the dangers of misaddressed e-mails is only half the battle. What can we do to prevent it and protect the integrity of our business? Basic e-mail policies are key to improve the security of your business. To do this, you should encourage the use of strong passwords, so they can’t be easily guessed or forged. Secondly, you should ask employees to memorize their passwords (rather than write them down, as this poses another security risk). Thirdly, remember to change their e-mail passwords frequently–it is recommended to do so every two months.

Training, in regards to e-mail and internet etiquette, go hand in hand with your business’s e-mail policy. Training should show employees the importance of always remaining vigilant in attempts to catch e-mails that carry malware or phishing attempts. To achieve this objective, employees should avoid opening attachments or click on suspicious links. Secondly, employees should be suspicious of clickbait titles and check their e-mails for names of unknown senders to ensure they are legitimate. Lastly, train employees to look for inconsistencies or style red flags, simple grammar mistakes or excessive or unusual punctuation.

Businesses do have other options in dealing with doppelganger domains. A study done by the University of Cape Coast shows that companies can buy their own doppelganger domains, thereby maintaining the integrity of their business. The research goes on to state that the business should “set it up so that when a message is received, it will automatically send out a failure notification. Awareness of the issue should be raised among employees.” This could capture any e-mails accidentally sent to the wrong address, and thereby maintain the business’s integrity.

After establishing good work policies for e-mails, there are further steps that you can take to ensure the safety of your business’s confidential information. Similar to how Grammarly checks for spelling and grammar issues, you can check for doppelganger domains. CheckRecipient is a next-generation e-mail security technology to prevent highly sensitive information from being sent to the wrong people. CheckRecipient uses artificial intelligence and machine learning to analyze historical e-mail data and automatically identify anomalies and mistakes in outgoing e-mails which may result in inadvertent data loss. Some of the world’s largest organizations rely on CheckRecipient’s technology across the financial, legal, professional services and biotech sectors.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Introducing…The Facebook Tango

Do you like to dance?

Facebook in 2018

Dancing is both a science and an art. The waltz is a beautiful and romantic flowing dance, the foxtrot involves intricate alternating fast and slow steps, and the tango is rigid with its pace starting slow and increasing in intensity. Each of these is recognized by their steps and a set pace, and partners must step in sync or the dance results in absolute chaos.

A brand’s presence on Facebook is much like the tango: Your content must follow intricately timed steps that the famous Facebook algorithm uses to decide the fate of your post. This algorithm has the final say in the reach of your content, thus impacting engagement.

The Famous Facebook Algorithm

The Facebook algorithm is nothing new to brands that use Facebook to drive traffic. This algorithm is complex (and a closely-guarded secret formula), and prioritizes posts based on the meaningful interaction and discussion they inspire (or not).

The Social Network was born in 2003 and evolved into TheFacebook.com. TheFacebook was initially only available to students at Harvard but was wildly successful, and the rest is history. Considering that Mark Zuckerberg was a computer science student at Harvard when planning TheFacebook, it makes sense that even 15 years later its algorithmic secrets are enigmatic. More than a student directory, TheFacebook project was an edgy and innovative way to take socialization to new levels, paving the way for person-to-person interactions beyond the walls of a classroom or dormitory hall.

Fast-forward to 2018, and Facebook is still testing boundaries and pushing limits. From its humble beginnings as a student-to-student connection channel to today’s content-filled environment where brands compete with bodies for attention in a user’s Feed, Facebook is still focused on social interactions, but is embracing innovation and changing things up on us – again!

Evolution of the Feed

Facebook users were recently sent a survey, with no incentive to complete other than Facebook’s request to understand how users “feel” about the product. Why is this important? Facebook is a business like any other, right? Wrong. Facebook is a for-profit entity with the idea to facilitate interactions between people and to bring them together. The fundamental foundation of Facebook is people.

Facebook Feeds are increasingly becoming more populated with posts from brands and businesses; even the media deliver news via Facebook. Less personal interactions are taking place, and the overall “feeling” from people about Facebook is becoming largely negative. This is not the perception Facebook wants users to have for long-term success.

The last presidential election is a great example of overwhelming Feeds with more news and branded content than actual social posts from friends and family. Facebook has also been blamed for the demise of friendships and destruction of relationships and marriages, with social profiles being checked for “dirt” by attorneys to use in legal proceedings. Social media has been accused of facilitating cyber-bullying and linked to lowering self-esteem. Efforts to combat negativity have been largely unsuccessful given the very public nature of the channel.

Where did the “bad” begin? Even the algorithm can’t pinpoint the precise moment that Facebook started to take a turn. Around 2013, Facebook eliminated the ability for users to have their privacy settings remain invisible to the public and not appear in searches. The notion was that having a private profile on a social network was counterintuitive – and users couldn’t argue since Facebook is a public website. The change came as an unwelcome shock for many users “flying under the radar,” but as in any situation, users adapted to this latest change from the platform known for shaking things up once or twice a year.

What we know for sure

One thing we know is that change is afoot at Facebook: Zuckerberg & Co. want to get back to basics. That’s not to say much will change for users posting content, but brands are going to feel the difference where it hurts. Facebook is responsible for a vast amount of referral traffic from brands’ organic posts on their individual Facebook Pages.

The algorithm will focus on the quality of content, and prioritize people over public posts, pushing for more person-to-person interaction with a focus on community over profit in post content. Facebook is listening to feedback where users are tired of click-baiting, a practice where teaser headlines get users to click to consume content and are sometimes tricked by misleading headlines.

What does this mean for brands?

The bottom line for brands is to evolve or die. Facebook is envisioning a few key outcomes:

  1. Users – people – will spend less time on Facebook
  2. A decrease in user engagement overall
  3. An increase in sharing of personal posts
  4. More lively discussion among users

None of these are making brands do cartwheels with excitement. Engagement is what drives users – again, people – to be on-platform longer. If people spend less time on Facebook, this means less attention is given to brand content and fewer clicks. This translates into a major impact on referral traffic. It’s also going to force brands to re-think their definition of engagement. How can brands still reach users and connect with them? Brands are going to be forced to adapt and change their social media strategies.

The fascinating part of all of this is that Facebook wants an increase in the sharing of personal posts and more discussion among users. These posts are what drive their ad targeting system—Targeted paid advertisements are the way Facebook wants brands to reach their audience.

The bad news for brands is that ad costs have significantly increased in the last few years, a trend that is likely to continue for a few reasons. Facebook is a wildly popular platform and well aware of its position. Even with user churn, Facebook’s user base continues to grow – there are more new users than those who become inactive or choose to leave – thus establishing solid logic for advertising prices, as well as continually increasing the potential reach for a paid targeted ad.

When a brand uses its Facebook Page to post content, the goal is to be in the Feed of every user. This is, in fact, something Facebook has been scaling back since before 2012. Dancing to the tune of the algorithm has long been a challenge brands must overcome to survive and maintain a Facebook presence. Adversely, Facebook has an eventual goal of Page posts reaching no user Feeds at all.  This is rumored to be labeled “Facebook Zero” – where only paid ads and “sponsored content” (paid posts) will target user Feeds.

  • Did you know that brands can use Facebook Messenger for promotions? They can message their customers directly within the Messenger platform and sidestep the Feed rules. Like email marketing, when deployed strategically, engaging with Facebook users via Messenger can yield impressive results. Brands can also use systems to automate updates sent to subscribers and responses to inquiries – at least for now.

The Exception to the Rules

Over half of Facebook users are members of at least one Facebook Group. The numbers speak for themselves: The number of Facebook users hovers around 2 billion, and Facebook Groups have a user base of more than 1 billion active users every month. There are more than 100 million users in Groups considered “meaningful,” in that the discussions are deemed informative, insightful, and intellectual – and users find them very helpful.

  • Did you know that the total count of users who are members of Facebook Groups outnumber Instagram and Snapchat total subscribers combined?

Zuckerberg & Co. believe Groups are underestimated and underappreciated. There is value hidden within Facebook Groups. In 2017 Facebook hosted a Communities Summit that was free for U.S.-based Group members, with Facebook covering the hotel and food tab for attendees.

What is the benefit for brands? To be heard through the noise on Facebook, a brand is going to need to get (even more) creative. A brand can create a Group through their Page, and follow a few tips and best practices to successfully incorporate Groups into their overall strategy:

  • Don’t confuse brand “sales” with Facebook’s “Buy and Sell” when choosing a Group Goal; “Buy and Sell” is widely used for garage sale-type Groups.
  • Choosing a “Closed” Group setting as a privacy option helps create the feeling of exclusivity for users.
  • Be careful not to be too detached in choosing your cover photo; a cold photo expressly aimed at generating a profit isn’t going to send the right message.
  • Invite members through Messenger with a personalized message. This is still an element you can automate, but remember to convey the value a member can find within the Group

Active Group discussions are key drivers of “free” post visibility. Above, we learned Facebook wants to focus on lively discussions among users. Carefully crafted posts in Groups for targeted, engaged members will yield incredible reach, all while playing Facebook’s game!

Time to Tango

For users, in a perfect world, they would see funny memes and videos of cats and updates from friends and family. Facebook maintains that memes and videos don’t offer the satisfaction and fulfillment that user interaction holds —And since they control the algorithm, they’re leading this tango. Brands that choose to dance need to stay in step, or they’ll be forced to sit the next one out.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

The Key to Winning the Age Old Battle for Privacy on LinkedIn is…

LinkedIn, the increasingly popular business and employment-focused social networking site is a crucial tool for professionals who are happily employed or still searching for the job of their dreams. It’s a fantastic place for you to network with others in your field or reconnect with old co-workers from the past. Regardless of what you’re using the social networking site for, you need to make sure you’re staying as safe as possible.

Privacy on Linkedin

Similar to any social networking site, there are privacy concerns you need to consider. First and foremost, keep in mind you typically share a lot more personal information on LinkedIn than you do on Facebook or Twitter. Why? Because your profile is essentially a digital resume – showcasing your entire past from where you’ve attended school to where you’ve worked.

So What’s the Secret to Keeping Yourself Safe on LinkedIn?

While accounts are protected by a series of automatic checks designed to stop unauthorized sign-in attempts, you still have to do your part when it comes to keeping your data safe. Your privacy settings give you tons of options when it comes to sharing and receiving content. For example:

  • Don’t share your activity: You can prevent anyone who isn’t one of your connections from seeing your activity. Go to privacy & settings, select the privacy tab, and click the change option under follows in the blocking and hiding section.
  • Hide your list of connections: If you want to keep your connections private, go to privacy & settings, select the privacy tab, and click the change option under who can see your connections. You’ll get a drop-down menu where you can choose “only you.”
  • Keep your profile photo private: Keep your profile photo private to only your first-degree connections or network if you prefer. Go to privacy & settings, then find the link to change your profile photo and visibility under the privacy controls box.
  • Limit the contact information you share: Make sure you’re not sharing any personal contact information, such as personal phone numbers/emails or home addresses. Go to the edit profile link from the profile menu, scroll down to the personal information option, and click edit.

We are here to help with all things cybersecurity-related – from safeguarding your online privacy to installing a secure wireless networking solution. Call us at (416) 490-9019 or email us at sales@ittoronto.com for more information.

Aside from updating your privacy settings, what else can be done to keep you protected? Here are a few great tips:

  • Set up two-step verification: Members can opt into two-step verification for their accounts. If you choose to do this, you’ll be required to type a password, as well as a numeric code that’s sent to your mobile device when the device you’re signing in from isn’t recognized.
  • Turn on secure browsing (HTTPS): Secure browsing offers extra protection when viewing all pages across the social networking site. This will keep you safe from hackers. Simply go to settings, click the account tab, and click manage security settings to check the box.
  • Keep an eye out for phishing emails: LinkedIn doesn’t ask for sensitive personal or financial information via email, so don’t be fooled if you receive an email from them or any other social networking site. How can you tell if it’s a phishing email? Here are a few hints:
  • The message is filled with bad spelling and grammar.
  • The message contains a suspicious email attachment or software update.
  • The message is threatening in some manner (XYZ will happen unless you act now.)
  • Update your password on a regular basis: The simplest way to stay safe is keeping your password up-to-date. Here are some best practices to follow:
  • Change your password at least once every 3 months
  • Use different passwords for each website or service
  • Throw in some capital letters, symbols, and punctuation
  • Substitute numbers for letters that look similar (3 instead of E)
  • Do not share your password with others
  • Check which apps can access your data: Check which applications have access to your profile and data. This can be done by clicking the groups, companies & applications tab, then click the option to view your applications. Remove access as you see fit.

Last but not least, sign out of your account after using a public device for optimal protection. The tips above should keep your account fairly secure, however, always be on the lookout and use common sense. Be careful what you share online on any social networking site. Remember, even the safest social networking sites get hacked. Don’t say anything privately that you wouldn’t want to be made public.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Is LinkedIn Premium Really Worth the Splurge?

We know LinkedIn is the most popular ‘social network’ for professionals in a wide variety of industries. It’s filled with fantastic features and functions that will propel your career or business in terms of expanding your professional network and enhancing your credibility in the marketplace. So what’s the deal with LinkedIn Premium? Is it really worth the big bucks?

LinkedIn Premium

Here’s the Full Scoop on LinkedIn Premium Plans…

LinkedIn Premium plans aren’t exactly cheap – costing around $29.99 to $47.99 per month for job seekers, $69.99 per month for business development or sales professionals, and $99.95 per month for recruiters looking to fill positions.

The base plan, Premium Career ($29.99 per month), is great for job seekers who want to connect with people within any company, industry or geography. You’re able to enhance your profile for greater visibility while sending three InMail messages per month.

The next plan, Premium Business ($47.99 per month when billed annually), gives you unlimited searches in your extended network. Plus, you get advanced search filters and 15 InMail messages each month.

Premium Sales Navigator Professional ($64.99 per month when billed annually), possibly one of the most useful plans, is phenomenal for business development or sales professionals alike. Why? LinkedIn stores mass amounts of data on people from all sorts of companies and industries.

This data is seriously game-changing when you’re trying to make that next sale or add leads to your ever-growing funnel. You not only receive lead recommendations and invaluable insight into existing accounts, but you also get 20 InMail messages each month.

Premium Sales Navigator is also available in a multi-seat version known as Sales Navigator Team ($99.99 per month when billed annually). This option gives you 30 InMail messages, 10 PointDrive presentations, 25 Out-of-Network profile unlocks, and much more.

Premium Sales Navigator Enterprise takes it to the next level with 50 InMail messages and an unlimited number of seats. All of the Premium Sales Navigator plans give you the following great features, so it’s entirely dependent on what extras you need and what you’re willing to spend:

  • 100-mile maximum search radius from specific postal codes
  • 1000 profiles shown per search
  • 15 saved search alerts each week
  • Unlimited number of saved searches, accounts, and lead recommendations
  • Advanced search filters
  • Access to the mobile app

Last but not least, LinkedIn’s Talent Solutions, starting at $99.95 per month when billed annually for the starter tier: Recruiter Lite. Recruiter Lite gives you 30 InMail messages, advanced search, automatic candidate tracking and integrating hiring, and more.

Recruiter Lite is great for those who need to make a few hires. Recruiter, the next tier, is great for those who are always in search of people to add to their team. Pipeline Builder, the last tier, is great for creating a constant pipeline of talent for your team.

Need more information? Call (416) 490-9019 or email us at sales@ittoronto.com to find out more about Premium Career, Premium Business, Sales Navigator Professional or Recruiter Lite. Our team is always here to help.

What’s the Final Verdict?

LinkedIn Premium is absolutely worth the splurge (and of course, we would recommend choosing to be billed annually to get the discounted price of whichever plan you choose). Upgrading is well worth your time and money if you’re looking to:

  • See more than just the last five individuals who have viewed your profile in the last 90 days.
  • Access expanded search results with features like filtering results by industry or job title.
  • Send messages to members of the site (professionals or employers) who are not currently contacts of yours.
  • Receive lead recommendations and insight into existing accounts easily to keep your funnel constantly up-to-date.
  • Find great talent to join your company, whether you’re hiring a few people or an entire team.
  • Learn more about your industry and increase your chances of securing employment within that field.

As an added bonus, LinkedIn Learning and LinkedIn Salary are included with all four versions of LinkedIn Premium. LinkedIn Learning gives you the most in-demand technology, business or creative skills through industry expert-taught courses.

LinkedIn Salary, on the other hand, gives you a breakdown of salaries by job title and location. You can also view data on specific businesses, such as geographic expansion, employee turnover, and other useful information.

If you’re ready to get started with one of the plans mentioned above, get in touch with us now at (416) 490-9019 or sales@ittoronto.com. We’ll answer any questions you might have about LinkedIn Premium and what the right plan can do for you.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Meltdown and Spectre – How to Handle the Phishing Scam and Other Problems

The most talked about hardware issue in the news right now is the “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715) exploits. Nearly all the computers around the world are affected by one or both bugs. All the big-name software and hardware vendors such as Microsoft, Apple, and Google have been hard at work crafting a fix for this potentially damaging issue. Some patches are available while others are on the way.

Intel Meltdown

Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory. Spectre steals data from the memory of other applications running on a machine. Meltdown is said to be limited to Intel, but Spectre has been exploited on ARM and AMD as well.

While programs typically aren’t permitted to read data from other programs, malicious programs could exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs, which include your passwords stored in a password manager or your browser, personal photos, emails, instant messages and even business-critical documents.

Meltdown breaks down the most basic of walls between user apps and the operating system. It allows a program to access the memory of other programs and take its secrets. Spectre breaks the isolation between apps, allowing hackers to unexploited apps into leaking information.

What Happens to Your Data

When modern Intel processors execute code, the code reaches a pre-programmed point in the algorithm. Instructions branch out into two different directions, saving time by “speculatively” venturing down these forks. So, in other words, they take a guess and execute instructions to get a head start. If the processor learns that it went down the wrong path, it jumps back to the fork in the road and throws out the speculative work.

A hacker could trick a processor into letting their unprivileged code sneak into the kernel’s memory by using speculative execution. When the processor throws out the temporary data, it jumps back to the fork. Making data retrieval difficult. It does temporarily store this information in the computer’s cache. With some clever code and patience, a hacker could easily find and steal the data in the cache, giving them access to personal information, passwords, and more.

While Meltdown and Spectre require access to your system, hackers have various ways to gain access. Already hackers are using phishing emails to trick users into giving them access. They send out an email claiming to contain a patch for Meltdown or Spectre. Instead, the email installs malware on your system. This malware gives the hacker access to your system, allowing them to exploit the bugs and take the unprotected data.

Now What?

As an MSP or IT Services firm, how do you handle the inevitable influx of customers calling with concerns that their systems may be vulnerable? Techies like us understand how this works and how to avoid falling prey to a scammer looking to exploit this vulnerability. But what about the average business owner? Some things to keep in mind are:

  • First, vendors like Microsoft and Google are already rolling out patches for these exploits. Some antivirus software isn’t compatible with the new patch and could become an issue for some. Also, remember that antivirus doesn’t protect against this vulnerability.
  • Second, customers may notice that some services are running slower than usual. It may not be the sign of a bigger problem. It could be a side effect of the provider is taking steps to fix the problem. There have already been reports that cloud services may experience some slowdown to mitigate the issue. While it’s still too early to know exactly how significant the slowdown will be, some researchers are saying it could be as high as 30%.
  • Third, be wary of social engineering scams like phishing emails. Hackers are all too eager to take advantage of problems like this, and unfortunately, some people are so eager to fix the problem that they might not realize that the “patch” they just clicked on is now allowing a hacker to steal all their data.
  • Fourth, Spectre has been identified to affect ARM, AMD, and Apple chips, found inside the set-it-and-forget-it Internet of Things devices like iPads and smartphones, and where the Spectre issue might linger the longest.
  • Fifth, the information we have points to a human problem. Last summer the bugs came to light, but the news was broken suddenly this month when Google determined that someone may have been leaking the information. Which happened before patches were ready, so now manufacturers are scrambling to get the fix out.

Because the affected system needs malware running to use the exploit, there is still time to retrain customers on proper cybersecurity and training on how to spot phishing scams. This issue of Meltdown and Spectre potentially will be around for a while.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Apple Products Not Immune to Meltdown or Spectre

The year 2018 started with a Meltdown that even Mac and iOS users aren’t immune to. Meltdown is a flaw in processors that allows a hacker to gain access to the personal data stored in your computer. Meltdown, and the similar Spectre were discovered January 3rd. They affect processors from Intel, AMD, and ARM, leaving these machines vulnerable.

Apple Computers Meltdown

Meltdown exploits a user-based program to read your kernel memory. This means that important information such as passwords, credit card information, and more are vulnerable. Spectre allows applications to read each other’s memory. So far, these exploits haven’t been used for nefarious means, but they’re still a problem.

Microsoft and Google immediately went to work releasing a patch that would take care of the issue. Apple kept quiet until a document came out confirming that iOS devices and Mac systems were indeed vulnerable. Apple has since released updates for iOS, macOS, and tvOS to handle the exploits. Apple’s watchOS isn’t affected by these exploits, so Apple Watch users have nothing to worry about.

Keep an eye out for the latest patches for your OS, and make sure to download and install them as soon as possible. If you’re diligent about installing updates, you may have already installed the fix.  If not, it will be available soon. It’s also a good idea to run antivirus software on your machine. Since the exploits can only be used locally, the attacker would have to gain access to your machine. If a hacker can’t gain access to your system, it’s potentially safe from Meltdown and Spectre.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Don’t Wait To Start Training Your Employees To Protect Your Business During W-2 Phishing Season

W-2 Phishing season is about to begin – without the right IT security services, your business will be left vulnerable.

You and I know that effective communication with co-workers and clients is crucial, but are you sure your employees are practicing safe email and messaging conduct? If you don’t already have the best technical security services, your answer is probably, “I’m not sure”, right?

Cybercriminals are smart – they adapt quickly and continually come up with new ways to take advantage of businesses like yours. A popular tactic among hackers today is “phishing”, a method in which they send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers. With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.

At this point, phishing attempts are nothing new, but without the right computer security services, you can still fall victim to a common phishing scam. This is especially a danger in the coming weeks when phishing will be primarily used to target W-2 data being processed for your employees during tax season.

This is nothing new. Over the past few years, cybercriminals have been very successful during tax season, executing social engineering campaigns against thousands of targets in order to access and steal valuable W-2 data. By sending phishing emails to unsuspecting workers in the payroll and HR departments in target businesses, cybercriminals have caused extensive damage, leaving companies like yours liable for fraudulent tax returns, identity theft, and class action lawsuits.

What does a W-2 Phishing Email Look Like?

As dangerous and damaging as these types of social engineering scams can be for you and your employees, the good news is that they are avoidable – if you know what you’re looking for. The key identifiers of a phishing email like this include:

  • Sender: Typically, the email will appear to come from a high-level executive or someone that the target employee wouldn’t want questions or ignore. Often the cybercriminal will go so far as to mimic the executive’s email signature to enhance the authenticity.
  • Request: The email will request W-2 or other tax information to be sent via reply, sent to another email address, or to be uploaded to a server.
  • Timeframe: The cybercriminal will likely try to create a sense of urgency so that the target doesn’t have time to think about the request or confirm it through other means.

Once the user’s email, password, and other information have been entered into the fraudulent website, the damage is done. The hacker can then take the information and do even more damage with it. It’s the new and constantly evolving cybercrime threats like these that make network security services so vital.

The key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place. The reality is that small and medium-sized businesses like yours are put at great risk if you don’t have cybersecurity services.

What Can You Do About Phishing?

So what’s the answer? What can the average business member do to keep themselves and their company safe when criminals are employing such deceitful methods? In addition to equipping your business with the best technical security services, you should also be sure to educate and test your employees on IT security best practices and knowledge. Make sure they understand the following:

  • Never give out private information: The trusted institutions with which you do business will not ask you for your private information. They already have your account numbers, social security number, and your passwords. They won’t have any good reason to ask for it again, right? If an email from a superior or external contact asks for that info, it is likely a scam, so be sure to confirm the request by phone or in person.
  • Never click on a link before you hover over it with your mouse: If you hover over a link with your mouse, your computer will show you where that link is actually taking you. Many times, criminals will give you what looks like the right link (such as www.YourBank.com) but when you hover over the link with your mouse it actually will show something different (such as
    www.YourBank/2340937fvt5.com). If the link is not as advertised, then don’t click.
  • Always check up on unexpected email attachments. If you get an email from someone you know with an attachment that you weren’t expecting, give them a call or send them an email to confirm that the attachment is from them and is legitimate before you open it.

How Can You Be Sure Your Employees Know About Phishing?

The best way to ensure your employees know how to deal with a phishing threat is to test them. Allow us to help. We’ve prepared an example phishing email template that you can fill out and send to employees in just minutes to test their knowledge of phishing threats.

Check out this screenshot of an effective test email you can send to your employees to prepare them for the W-2 phishing season:

W2 PHISHING

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Ensure Your Cybersecurity For 2018

Cybersecurity, no matter the size of your business or how many employees you have, is a vital part of today’s business. Everyone in your organization must be up to date on how to spot a cyber threat and what to do about it.

Cyber Security 2018

In addition, there are some fundamental things you should do to protect your business from cyber threats. As hackers find new and innovative ways to steal your data, you must be able to stay a few steps ahead of them. Here are some ways that you can “seal the breach” against hackers:

  • Educate your staff about social engineering attacks.

Social engineering attacks trick people into giving up sensitive information, usually by posing as someone within your company or a vendor. Educate your staff on what to look for and how to protect themselves and your company from these malicious attacks. Phishing is a popular social engineering threat that disguises a virus within an email. Once the attachment is opened, the virus goes to work attacking data and sending information back to the hacker. Make sure your employees question anything that seems odd or out of place.

  • Use up-to-date anti-virus software and firewalls.

Check for updates periodically and set them to install automatically. Cybercriminals can easily exploit an unsecured system with a one-time breach or ongoing theft.

  • Establish company policies for handling and storing sensitive data.

Everyone in your organization doesn’t need access to sensitive data. Restrict who has access, and make sure they change their passwords every 90 days at the very least. Also, don’t store more client data than you need, and don’t hold it any longer than you have to. The less data you have on hand, the less you lose during a breach.

  • Establish guidelines for company-wide computer use.

Your employees shouldn’t use company computers or devices for personal use. This prevents them from inadvertently sending out sensitive data. Plus, employees shouldn’t use their personal devices for business purposes. This includes thumb drives, tablets, and phones.

  • Institute a mobile device policy.

Set up a protocol so your employees can access data from a secure location on their phones without downloading data. Enable access codes, encryption and remote-wipe software on all company devices—And keep a log of all issued and approved devices, and who has them

  • Stay up-to-date on software patches.

Install all hardware, software and operating system updates. This keeps hackers from taking advantage of vulnerabilities. Be sure these updates take place across-the-board on all computer devices.

  • Use passwords.

Use the built-in password functions for laptops and other devices. Don’t allow employees to store passwords on their work computers or devices. And make sure they use a combination of letters, numbers, and symbols to make strong passwords. They should also change them at least every three months.

  • Encrypt sensitive files.

Encrypting your files is essential. This way, even if criminals get your data, they won’t be able to view or alter it. Data in transit that’s sent over the internet should also be encrypted. This way, if they’re intercepted, they’ll be unreadable by unauthorized individuals.

  • Dispose of old files and devices properly.

Simply deleting a file on your hard drive doesn’t mean that it’s gone forever— The data can still be retrieved. The only way to prevent this is to destroy the hard drive. When you upgrade equipment, remember to destroy their drives. And when replacing copiers with hard drives, destroy them as well.  Consider what other equipment might contain drives with stored data, and destroy them when replacing these pieces of equipment.

  • Back up your files.

Keep copies of your data separate from your original files. Whether online in the cloud or offline at a separate site, always back up your data. It’s best to both back up data on the cloud and offline in another location. This way, if you’re hacked or data gets lost, you’ll have a better idea of what’s missing, and be able to retrieve it.

Cybersecurity is a big deal and a big job. But it’s never foolproof. You must remain vigilant and uncompromising in your security measures. Don’t let hackers take what you’ve worked so hard to build. With ransomware and other cyberattacks on the rise, you want to start 2018 on the right foot.

Give Paradigm Network Solutions a call at (416) 490-9019, or send us an email sales@ittoronto.com. Our technicians will help you increase your cybersecurity.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

5 Reasons Why You Need to Make the Switch to Microsoft Office 365

If you run a business, chances are that you’ve thought about moving to an online productivity suite. The two most popular in recent years is Google’s G Suite and Microsoft’s Office 365. Touted as “innovative” and “the next big thing,” Microsoft’s productivity suite is a revolutionary concept when it comes to operating systems and computing. But why should you choose Microsoft over the other guys?

Because:

Microsoft Office 365

  • It’s cloud-based. Doing all your computing in the cloud means that you always have access to your files as long as you’re connected to the Internet. All of Office 365’s tools will work on any PC/Mac, tablet, or smartphone. With O365, you can use the online versions of the productivity suite, or install them to your device.
  •  It’s secure. Whether you’re using the version of O365 installed on your machine, or the cloud version, you’ll get the best level of security and encryption. The same set of Rights Management Services applies to both. None of your files can be accessed without the proper user credentials that are set up and monitored by Microsoft Azure. This provides the best security and control over your Office 365 data.
  • Data is backed up. Microsoft’s Office 365 offers its own form of checks and balances, 24/7 support that’s always on-call, and OneDrive to store all your files. But it’s always a good idea to have an extra layer of protection by using a Managed Services Provider (MSP) who can monitor your backups and add an extra layer of security if your data is compromised or lost.

Office 365 offers major advantages over others. As with anything worth doing, there are pros and cons when moving your operations to the cloud. However, there are some major advantages when using the Microsoft Cloud:

  • You can work anywhere. If you have an internet connection, you can use your data from anywhere and on any device. You can check emails, access files, and work on a project all from the same place – even if that place happens to be the other side of the world.
  • Easy collaboration between coworkers. How many times have you had multiple people working together on the same project only to have one version go missing. With Office 365 you can avoid this. Collaborators can work on the same file and get changes in real time. You can also share files as links right from OneDrive, rather than as attachments.
  • Access to the latest versions of programs. Imagine having access to the most current versions of Word, Excel, and Outlook without having to pay extra or reinstall programs. All the most recent versions of everything in the Microsoft Office Suite are available with an Office 365 subscription.
  • Great security features. How secure the Cloud is for you depends on what security measures you have in place. With Office 365, there are quite a few built-in security features to keep your data safe. These include:
  • Encrypted email. Only the intended recipient can read an email.
  • Data loss prevention. O365 checks and ensures that sensitive data (like your social security number) doesn’t get sent out via email.
  • Mobile device management. You can control Office 365 on your employees’ phones, and protect company information.
  • Advanced threat analytics. O365 learns and protects company data, and alerts you of suspicious activity on the network.

Alongside all the advantages of using Office 365, there are also a few cons:

  • Subscription-based model. You must pay a monthly or annual subscription for your Office 365.
  • If the Internet is down, your data is down. Because Office 365 is cloud-based, if the Internet goes out, you could be without access to your data. Plus, if you have a slow connection, working with a cloud-based system isn’t ideal.
  • Most people don’t use all of its features. Most users don’t use everything that Office 365 has to offer. They only use email, file storage, and access to Office programs. This isn’t a terrible thing, but it means you’re paying for features that you aren’t using.
  • Microsoft throws in some great extras. Office 365 comes with 1TB of storage space in Microsoft’s OneDrive cloud storage service, free web hosting and the tools to use it, and a full 60 minutes of Skype each month for making landline calls.

Microsoft Office 365 is a very good example of not only what a cloud service can be, but what more businesses are turning to for their cloud needs. Cloud computing is becoming a big part of more companies’ tech strategy, and Office 365 is an excellent way to jump into the cloud.

Our IT experts can walk you through your Office 365 set up. Give Paradigm Network Solutions a call at (416) 490-9019, or email us at sales@ittoronto.com, and we’ll make sure you get the full benefit of this great service.   

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Top 12 Tech Gifts of 2017: Sphero R2-D2 & BB-9E

We like tech, it’s what we do. As the holiday shopping season kicks into overdrive, we are bringing you 12 of the most requested, most wanted tech gifts for 2017. Check back each business day between now and December 19th for another must-have tech item and why you should check it out.

r2d2

In 2015 Sphero released their app-connected robot, BB-8, to tie-in with Star Wars The Force Awakens. Now, with this year’s release of The Last Jedi, Sphero has done it again with two new droids, R2-D2 and BB-9E. R2, of course, moves on treads and can move sideways if wanted or he can bring out his third leg and use it to lean back and navigate tougher terrain like carpeting.

R2’s head turns, and he has plenty of lights and sounds from built-in speakers, something BB-8 didn’t have. You can draw a path with your finger on the app and R2 will follow it. There’s also a button to have R2 “flip out” so to speak, where he shakes and makes noise before falling over.

Like its droid brothers, the BB-9E droid uses the same app as the other two and can be controlled via app or voice commands. The three droids are in scale with each other and 12-inch action figures.

Sphero is planning to add new ways for the droids to interact with each other and their surroundings. Right now, you can have them watch Rogue One or The Force Awakens, and the droids will react at certain points thanks to scripted points in the movies and the app listens for these cues to cause the droids reactions.

If you’ve got a Star Wars fan on your list this holiday, no doubt they’ve already got these little guys on their list. At just $250 for R2-D2 and $200 for BB-9E, they are just about affordable enough to get both…assuming you can find one. As is the case with most items on our list of Top 12 Tech Gifts, these droids are in short supply but revered by Star Wars fans all over.

Happy Holidays and good luck on the tech hunt from all of us here at Paradigm Network Solutions!

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 4 of 26 «...23456...»