Posts

Best Secure Practices for Working Remotely Thumbnail

Top Practices for Businesses Working Remotely

Working remotely, as we have seen in recent times, has become increasingly necessary to maintain a productive and profitable business. It is also an invaluable asset for any business continuity plan. If an unforeseen natural disaster or power outage takes place, organizations need to be prepared to continue operations.

A good example was in spring 2020 when the Securities and Exchange Commission became the first federal agency to encourage remote work for employees.

Although remote work is ideal for some, it can be an adjustment for others. And if you run a business or work for a businesses with sensitive data, how do you ensure your information is safe outside of the office?

Working remotely does not provide the same level of security that an office would. Furthermore, the environment in which you find yourself working might have present challenges to data security.

Here are some rules and policies we suggest when working remotely. Even when working on a cloud  environment, you must practice caution and communicate regularly to maximize the remote experience.

Communications

Periodic Check-ins

Working remotely requires daily and frequent calls with one another. A manager especially must take actions to establish calls with remote workers. Whether they are in the form of on-on-one calls or team call, if they are collaborating on a project.

There is no such thing as over-communication

Periodically notify your superiors of any information you might consider important. If there’s a doubt about the relevance of some information, share that also. In the case of remote work, nothing is too insignificant.

Clarify to your team all expectations moving forward

Communicate priorities and establish metrics for success. Remote work is more efficient when expectations and policies are clear and understood.

It’s also important to let employees know the best way to reach you and at what time. Nothing must be left to the imagination to successfully deploy a remote operation.

If you are off to lunch, notify for how long. When you return, notify your team. It’s crucial that all employees understand what the goals and directives are to avoid repeating efforts.

Track your progress

Keep track of your progress by documenting it and sharing it with relevant personnel. A work long with specific time slots for each task is particularly helpful in this case. It could be done in an excel sheet or a notebook. The medium is less important than the method. So long as it helps keep things organized.

Security

Stay away from public networks, encrypt your web connection, or use a personal hotpot

A public Wi-fi connection like the ones found in coffee houses and some restaurants create a risk for remote workers. In a public network, a threat actor or hacker can easily make their way into your device without a firewall in place. Moreover, anyone on a public network could easily monitor your traffic as well.

For these reasons it’s crucial that you keep your devices protected and secure.

Personal Hot-Spots

Using a hot spot eliminates the problem of a hacker jumping on the network you’re using. Although your web traffic remains unencrypted, your data stays safe. This will count against your cell phone data but it is worth the extra costs.

Most cell phone carriers there’s a minor fee for using hot spots but the alternative could cost you much more. And with the advent of 4G and 5G networks, hot spots are just as fast as home network connections.

VPN’s

A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.

VPN’s are another solution if you find yourself working in a public network. A VPN, or Virtual Private Network, enables you to create a secure connection with another network through the internet. These networks are often used to shield browsing activity from anyone snooping around on a public Wi-Fi network.

A VPN connects your device to a server that then connects it directly to the internet. But you must make sure the VPN you utilize is secure because hackers have been known to target unpatched VPN to access the user’s information. They usually do this via phishing scams that users interact with through a fake email.

This leads to the next point:

Encrypt your email and devices

If you have the proper safeguards in place, like email encryption and multifactor authentication then your data will remain secure no matter where you work from.

There are many software companies that provide encryption for email. Retruster, is one such example but there are others. This gives you added protection and peace of mind when working remotely.

Malicious actors often leverage current, events, personal information , or natural disasters to manipulate targets through phishing emails. An example of this was in spring 2020, when there were instances of hackers using the COVID-19 outbreak to send malicious emails to users.

Multi-Factor Authentication for Secure Devices

Multifactor authentication is a security system that requires multiple methods of authentication from independent credentials to verify user identity. In other words, it is a system that requires verification from a cellphone and a computer, for example, to then access data on your devices.

Having these measures in place creates a secure environment that facilitates remote work. None of these measures work in isolation. If communication is not up to par with data security or vice-versa, your operation will be compromised.

In Conclusion

What is most important is ensuring all members of your team are meeting your requirements, communicating effectively with one another and avoiding unnecessary risks like joining insecure networks or leaving devices unattended or unencrypted.

 

Best Secure Practices for Working Remotely Leaderboard

MGM Resorts Phishing Hack Data Breach Thumbnail

MGM Resorts Hack Exposed the Data of 10.6 Million Guests

Hackers leaked the personal information of over 10 million MGM hotel guests this week on an online hacking forum.

The data was obtained last summer after hackers accessed MGM servers.

Victims of the data dump include government officials, CEO’s, celebrities among others. Also, the leaked information included personal information like full names, phone numbers, dates of birth and emails.

Data Breach

The majority of stolen data is considered “phonebook information”, information available to the public even before the breach. Additionally, The information that was obtained by hackers could be used conduct other types of cyber-attacks.

‘Phonebook Information’ is NOT useless

A hacker can turn this trove of seemingly useless information into a valuable asset through spear-phishing. The more detailed the information available the easier it is to compose an email designed to trick someone.

Spear phishing attacks only work if they’re detailed enough to fool the victim into clicking on a link or the attachment. Hackers could use the phonebook data to craft a scam involving the IRS or a digital subscription.

Moreover, the hacker who dumped the information is still unknown but experts believe they’re associated with the group GnosticPlayers. GnosticPlayers is a hacking group that dumped over a billion user records all through 2019.

Gnostic Players

Gnosticplayers gained fame after publishing data from several hacked companies, like Canva and Zygna, among others. The group was comprised of two individuals, Nclay and DDB. Nclay would hack and DDB would sell.

Furthermore, once groups like Gnostic players gets the sought after data, they sell it in a darkweb marketplace like Joker’s Stash or Dream Market. At that point, other people can freely buy that information for their own purposes.

Marriot Hack

Although the hack in MGM is quite large, it isn’t the first hotel chain to get hacked. In November 2018, 500 million people had their personal information stole in a hack that lasted four years.

Marriot’s a good example of how breaches aren’t easy to spot. Sometimes, breaches can happen without any sign that anything is wrong.

Luckily the breach in MGM wasn’t as severe but it could have been. MGM Resorts is publicly traded and has 80,000 employees spread throughout 29 hotel and casinos.

MGM said in a statement to ZDNet that it was “confident” no financial information was taken.

Although the majority of the leaked data was phone-book information, some guests had more sensitive data exposed online.

1,300 guests were informed that information like passport numbers were gained from the breach.

However, most US states don’t require companies to inform their customers if public data has been exposed through a hack.

MGM Resorts Phishing Hack Data Breach Leaderboard

A business owner trying to secure their business

Why Cloud Security is Better for Your Business

In May 2017, there was a massive, worldwide ransomware attack known as WannaCry that targeted computers running on Microsoft Windows operating system. Organizations that had not installed the Microsoft security updates were affected by the attack.

 If you’re reading this thinking, “That’ll never happen to me or my business,” you’re not alone, but you’re likely to be wrong. Malware attacks are becoming more frequent.   85% of all attachments emailed daily are harmful according to Cyber Defense Magazine. The same magazine states the expected cost of online crime is $6 trillion by 2021. Moving your IT to the cloud may seem laborious and intimidating, but it’s actually the best thing you could do in today’s era of tech-dependence. Your business has the most chances at growth and security with the cloud.

Here are a few reasons why:

1.You are not an IT security expert

You’re running a business; there’s no way you should be expected to keep up with all the new IT security threats that are coming out on a seemingly daily basis. Cloud services providers, like Nerds Support, however, have both the resources and expertise necessary to keep up with new threats. They’re exposed to a huge range of vulnerabilities and threats because they protect businesses daily.

Nerds Support works on all IT related matters exclusively. Giving you periodic updates and staying vigilant of any discrepancies or anomalies within your system. This means they can spot systemic issues that may affect your business long before you can.

2. You can’t stay focused on IT Security around the clock

 To ensure that your business is secure, you need to monitor and manage your IT security at all times. This requires important resources and a budget. Nerds Support’s team monitors, manages and responds 24/7, ready and willing to protect your business from criminal hackers and toxic viruses.

Your data stays encrypted when you transition to a cloud-based infrastructure. It’s how we keep your information safe in transit and storage so that even if it is somehow accessed or acquired by some malicious third party, it’s unreadable. With the cloud you’re always protected by advanced levels of security.

3. You probably don’t have a “Business Continuity Plan

Protecting your data from a cyber-attack is just one way the cloud can be of great value to a business owner. However, another frequent issue that you have to be aware of is network downtime. If your IT is on-premises, the resilience of your network is only as good as the robustness of your server. If this is compromised, damaged or destroyed, your system goes down. If you have on-site infrastructure, the fortitude of your network is highly reliant on your server, and, therefore, vulnerable. If your server is damaged destroyed or compromised in any way, your system will go down.

Cloud service providers, like Nerds Support, don’t rely on one server alone. They have a host of back-up systems both on and off-site, all protected by the most robust network and security available. If a server goes down it gets switched to another server and your business can continue uninterrupted. This allows you the flexibility to do something called ‘virtualize’ your IT infrastructure in the cloud. You can generate multiple copies of your applications, files and even desktops, storing the original in a separate and secure location.

Learn more about the cloud here

Download our FREE E-Book to grow your business with IT Services

Get Your Copy Today!
  • We respect your privacy. We'll NEVER sell, rent or share your email address.

 

Riviera Beach Got Hacked : Forced to Pay 600K in Bitcoin

Cyber-attacks are becoming ever more frequent, affecting local business, schools and even cities.

Most recently, it was reported that Riviera Beach had to pay 65 bitcoins, which is the equivalent of $600,000, to hackers after a government employee clicked on a malicious email link three weeks ago.

This was a classic case of ransomware. A hacker uses social engineering to attack unsuspecting people to click on a link or an email attachment. Once they click, malicious software encrypts files, making them inaccessible until the victim pays to get it encrypted, hence the name ransomware. Ransomware, like in the case of Riviera Beach, is delivered through email via links, downloading attachments and in some cases social media messaging. Many Nerds Support partners who receive suspicious emails, send them to our IT and Software experts to analyze and vet to determine whether the email is safe to open or not. This is just one way to prevent a situation like the one in Riviera Beach.

According to a report by The Council of Economic Advisers, malicious cyber activity cost the US economy between $57 billion and $109 billion in 2016 and since then, cyber-attacks have become far more common. Juniper Research, a cyber-security firm, projected cybercriminals will steal an estimated 33 billion records by 2023. Juniper expects more than half of all data breaches globally to occur in the US by 2023 as well.

Having Backups are Key!

The most important thing businesses can do is back-up their data regularly and consistently. Here at Nerds Support, we provide our partners with daily automated back-ups, for example, and filter out potential malicious websites and emails. Also having cyber security measures in place to mitigate the risks is a big step. Training staff in yearly, quarterly, or semi annual trainings is an effective strategy. Should your business suffer a ransomware attack, at the very least you’ll be able to access your important information, mitigating the impact of the attack. As an organization, you can also employ anti-ransomware software to prevent ransomware from successfully launching. Nerds Support has IT engineers along with sophisticated security software, monitoring suspicious activity 24-7 and alert our partners of any potential threats including strange files, email links, or attachments.

 The DOJ reported an average of 4,000 ransomware attacks occurred per day in 2016 with over a billion dollars in ransoms paid. These numbers have increased since. A Beazley Breach Response study revealed, about 70 percent of ransomware attacks in 2018 targeted small businesses with an average ransom demand of over $100,000, the highest demand topping at $8.5 million.

Ransomware is becoming increasingly lucrative because it offers cyber-criminals a low-risk, high reward method for monetizing malware.  The malicious software typically isn’t very complicated because most businesses are underprepared to deal with ransomware anyway, which appeals to even the most amateur cybercriminal. In March, Albany New York, the state capital, admitted being hit with ransomware on a Saturday. There are minimal to no IT staff on Saturday’s. Neither the private nor public sectors are adequately prepared to handle even the most primitive malware attack precisely because IT security has traditionally been a minimal concern, only now are we seeing the damaging consequences of underappreciating it.

Nerds Support is working hard to protect medium and small businesses from experiencing any cyber breach, including ransomware with its dedicated team of engineers and IT professionals.

Contact us today at 305-551-2009 and hacker proof your firm!

Spam protection against your business

Should I Secure my Website? What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is an Internet protocol that protects the confidentiality of data between the user’s computer and the website.

HTTPS was originally intended for passwords, payments and other sensitive data but now more websites are securing themselves by moving towards it.

You know you’re connected to a website with HTTPS if the website starts with “https://” and it shows a light green lock icon to the left of the web address.

In the United States, your Internet Service Provider (ISP) is allowed to snoop on your web browsing history and sell that information to advertisers. A website that moves to HTTPS will prevent the ISP from seeing as much data. They would only be able to see that you’re connecting to a specific website, as opposed to which individual pages you’re looking at. When connecting to a website with standard HTTP, your browser looks into the IP address that corresponds to the website, makes a connection to that IP address and assumes it’s connected to the correct server. Data is sent over the connection in clear text and that provides an opportunity for your ISP or a government agency.

One of the big problems with HTTP is that there is no way of verifying if you’re connected to the right website. Many cyber attacks take advantage of this and redirect you to a website posing as your bank, for example, and putting you in a situation where you’re likelier to give away your information. If you’re on an unfamiliar network make sure the web address is correct and that it has HTTPS and the lock icon, otherwise you may be connected to an imposter site.

Data sent using HTTPS is secured through a Transport Layer Security Protocol (TLSP), which provides three layers of protection to a site: encryption, data integrity, and authentication. Encryption modifies data that’s transferred between the browser and your computer to protect it from eavesdroppers. This means no one can track your activity through the web or steal information. Data integrity means the data exchanged cannot be modified or corrupted without being detected. Authentication proves the users of your site are communicating with the correct website and not being redirected to a scam site.

Many browsers are making HTTPS with new, more advanced features that make web pages load faster. Other browsers like Google are actually penalizing websites for using standard HTTP. Google often flags websites that don’t use HTTPS as unsafe in Chrome. Google also prioritizes websites that use HTTPS in Google search results, SEO. This can prove challenging if you’re looking to gain more traffic to your site or promote a business through your site.

Marketing and IT teams need to work together in implementing HTTPS in their website to remain competitive. If you move your site from HTTP to HTTPS, Google treats this as a site move with URL changes. This might temporarily affect your traffic numbers but the rewards outweigh the costs. In the end, the search algorithms will pick this up and your site should rank higher for selected keywords.

Hackers are getting smarter nowadays, and pose as real secure websites to take information from your clients and customers. HTTPS itself won’t guarantee a site is the real deal. There are phishers who’ve picked up on this trend and know people look for HTTPS as indicators of legitimacy. They might go out of their way to disguise their websites to resemble a secure HTTPS site. Scammers and hackers can also get certificates for their scam sites because in theory they are only prevented from impersonating sites they don’t own.

We’re Here to Help!

Through our Managed IT and Business Continuity Plans, we can help guide you in securing your website so your web visitors can access your site safely. We ensure every customer touch point is safe from hackers and other imposters. Reputation and first impressions are everything in today’s digital age. Why not impress potential clients with a safe and secure website? If your website is not secure, why should they trust your business?

Nerd Support can assist in answering all web related questions and ensure your website is secured and operational. We offer award winning managed it services to financial, logistics, and manufacturing firms and they have seen growth and improved processes after partnering with Nerds Support. Even if no hiccups were to happen, we can have a business continuity plan in place so you can rest easy if a hiccup happened!