Chat with us, powered by LiveChat
678-389-6200

Single Sign On – What Is It and How Does It Affect Your Organization?

Featured-Image-SignleSign

The increase in cyber threats in recent yeas has made the job of your IT team far more difficult. Keeping your network secure can take the focus away from keeping your technology updated and running properly. Single Sign On can take some of the strain off your IT team, allowing them to concentrate more on the tasks that are more important to growth of your organization.

Single Sign On – What is it?

Single Sign On (SSO) allows your users to log in to any related software system with a single username and password. Doing this makes the process of logging in much easier and reduces the likelihood of forgetting passwords. SSO can be real time saver.

How does it work?

Once a user accesses a website using SSO, they can then enter a different website that has the same relationship with the SSO solution. The authentication flow follows the same steps. Put simply, the system remembers that you got the password right on the original site and it will then allow access to the new site.

Does Single Sign On make my organization more or less secure?

SSO can be good and bad – the same features that make it an efficiency booster also make it a vulnerable feature in your IT landscape. It can potentially give a hacker one password to access multiple sites. Your employees may be accessing multiple sites and apps each day in the course of their jobs. Your IT team must have full identity governance to be sure that SSO is as secure as possible. Many companies tackle this issue by purchasing a centralized identity authenticator on special servers, allowing them to govern access to their system. When a team member signs in, their authentication passes through the SSO server, it then passes on their credential for authorizing that person to the app.

You can take this even further by implementing multi-factor or two-factor authentication – which will drastically improve the levels of security your organization is able to achieve. Anything that requires your team to prove their identity is a good thing – once having done so they can use their SSO login credentials successfully.

SSO – alongside other tools – can revolutionize your workplace going forward.

mPowered IT – Ensuring Your Cyber Security

mPoweredIT are your go-to proactive partner in keeping IT systems secure and defended. We never leave things to chance or wait for a problem to arise – predicting and preparing for the threats of tomorrow will help ensure your valuable data is protected and your business continuity maintained.

 

Outdated Technology in Small Businesses

Outdated Technology

Most small businesses don’t invest enough in technology, or at the very least they don’t do it often enough. For some this is due to apprehension about spending money on tools they know very little about, and some have the approach of ‘so what, it still works so I don’t care’. Both are fair points to make, but the reality is that outdated tech can cause serious problems in your workplace. Think about it – when was the last time you invested in technology?

Most businesses have a mixture of old and new technology integrated into their workflows. The majority of businesses replace their tech, when necessary, usually when the hardware has become outdated or in the event of system breakdowns. An overhaul of your entire system is perceived as being too disruptive, which is why a slow gradual approach is preferred and recommended.

All businesses have pieces of hardware or software that are aging, the rate at which the technological world is evolving makes this inevitable. But with the right education and IT consultancy you can be well on your way to a modern technological future.

 

The hidden issues of outdated tech in your business

Higher costs

An office full of old technology, can actually cost you more than upgrading to new technology. Most new technology is designed to increase efficiency, and as you know, if your team isn’t able to be as efficient as possible, it’s costing you money. Also, older technology eats more energy. Newer systems tend to run more efficiently, saving you energy costs.

Expensive fixes

Do you allocate part of your annual budget on technology? Like we said earlier, if things are working fine many business owners don’t see the point in making changes. But it’s smarter to budget for technology, and make sure you’re using current systems, rather than have surprise and costly fixes.

Outdated tech is more likely to experience failures. Emergency IT support will be far more expensive than the preventative measures that can be implemented into current, updated systems. The last thing you want to do is to be forced to purchase new technology, and make a snap decision just to get your business back online. It’s always better to plan for what technology you’ll need next.

No flexibility

Work is going to grow ever more flexible as time goes on, and with the unpredictability of the modern workplace, those that are more flexible are set to be the industry leaders going forward. Work doesn’t get much more flexible than when working remotely, working from home, the office, or on the go – without sacrificing productivity or employees wellbeing – is the future of business worldwide.

It is important that you have confidence in your systems, hardware, and devices. You need to be certain that they are secure and functional when working from a remote setting. Outdated tech rarely offers the functionality – or more importantly the levels of security possible with modern tech. Update your tech with remote working in mind and your team will reap the many benefits of remote working.

A loss of customers

Old technology will likely lose you customers. Let’s take a look how.

When working on outdated tech you are for more likely to be the victim of a cyber attack. Your data being compromised will likely cause your customers to lose faith in your ability to protect their data, in turn, leading them to go to your competitors instead.

Modern alternatives are far faster and less ‘buggy’ than outdated tech. This may affect the quality of communication that you have with your customer base and may affect the quality of service you can offer them. This will also cause customers to look for a better experience and quality of service elsewhere.

The relationship you have with your clients is arguably the most crucial element to a successful business. Slow tech can seriously affect the quality of service you are able to offer. The last thing a customer wants is delays, and continuous delays will probably lead you to lose their trust. Slow operations and response times don’t reflect well on your business.

Security risks

We all know cyber attacks are more frequent now than ever before, predominantly due to the pandemic and the increase in our reliance on tech. No matter the size of your business, you are not safe from them, you don’t have to be turning over millions of dollars a year to become a victim. It is, in fact, the opposite. Most cyber criminals target smaller businesses because they presume they won’t have put the resources into advanced cyber security solutions meaning there are more gaps to target.

While your technology evolves, the methods that cyber criminals use to penetrate your systems evolve alongside it. The latest version of any technology is always the best equipped to protect your systems from security threats. The latest tech will have modern preventative measures as standard – this combined with the tools you have purchased will put you in a better position to defend your system.

Vendors eventually stop supporting older systems, making them vulnerable. A lack of security updates will mean that new issues are not remedied. Patching becomes impossible and it’s unlikely that you will be able to prevent breaches until it is too late. Using modern technology will have the opposite effect – a secure productive technological environment.

 

mPoweredIT – Ensuring You are Cyber Secure

mPowered IT can be your proactive partner in keeping IT systems secure and defended. We never leave things to chance or wait for a problem to arise – predicting and preparing for the threats of tomorrow will help ensure your valuable data is protected and your business continuity maintained.

 

 

How to Protect against Phishing email scams

Being Protected from scams

Phishing scams are one of the most popular tools in a cyber criminal’s arsenal today, given the ease with which they can deliver their attack through the relatively undefended route of email.

Email breaches come in a variety of forms, but predominantly involve the use of a false identity – creating trust between the recipient and the hacker – with the intent of duping the victim into unknowingly sharing sensitive information or opening a malicious file on their computer.

Deception is, of course, the key to a successful phishing attack – this trust is used to draw the victim into clicking on a link embedded within the email, which will often load a website posing as a brand entity or company likely known to the email recipient. The scammers go into extensive detail to impersonate individuals and entities that you or your team are likely to trust, so that you’ll comply with their requests. Familiar names such as Netflix, your bank or governmental departments will often be used – with a message requiring the user to act urgently in updating their credit card information or sharing their login credentials.

While most cyber criminals want to gain access to your systems or to compromising and sensitive information for financial gain, some do it for the pure goal of causing chaos.

Methods of the Phishing Scammer

There are technical solutions designed with the intention of blocking phishing attempts, but the most important and first line of defense is ‘the Human Firewall’. Your team needs to know what to look out for if a scammer slips through the net into their inbox.

Your team’s first reaction to any and every email they receive must be to distrust it, until they can verify its legitimacy.

Deceptive Phishing, as described above, not only impersonates an organization you trust, but it urges you to take immediate action. The email may contain a message along the lines of: “Click link to verify identity” or “Unverified account log in, click link to identify.” Or, it may seem to be helping you avoid something bad, when actually they are the bad thing to avoid. Messages such as these will often be accompanied by a redirect to a login portal designed to  harvest account details.

Spear Phishing is a more targeted technique whereby the cybercriminal performs background research on the victim in order to pose as an individual or entity known to them personally. These criminals are not lazy – they will do whatever research they need before beginning an attack. Fraudsters can gather an extensive amount of information from social media profiles so you’ll believe it someone you know and trust. Scams of this nature have a higher chance of success as victims may not think they’d be targeted personally.

CEO Fraud is where the scammer impersonates a company CEO or other other high-status person. Armed with publicly-sourced information about the CEO they’re impersonating, they communicate with company employees asking them to perform tasks and transactions that would normally be unauthorized. The cyber criminals invent stories as to why the requests are valid in the hope that your team complies. Would you disobey and slow down the boss’s workday? You wouldn’t think twice if the source seemed genuine.

Cloning involves creating an identical copy of a previously sent email from a legitimate sender. This time, however, any of the links contained within the original email will be replaced with malicious ones.

Pharming involves directing users toward fake websites set up to steal login credentials and other forms of sensitive information. Cyber criminals may use viruses to direct individual users towards the rogue site – but this method does involve infecting the user’s computer beforehand, which can be difficult.

 

3 Ways to Avoid Phishing Attacks

With their techniques getting more sophisticated by the day, their manipulative talents, and their clever tricks, anyone can fall prey to Phishing scams. You must always proceed with care, examine links closely, and if you are in doubt, delete.

Pay close attention to URLs. If you find yourself redirected to a site from an email, take a moment to look at the URL to compare it to what you would expect. Look out for anything out of the ordinary, slight misspellings, extra words, or unnecessary hyphens in the domain name for example. Also look to see if the ‘top-level domain’ is as you expect. For example, if you expect ‘.com’ but you see ‘.fr’ then something is not quite right. As we said, if in doubt, just close your window and if you need to visit that site, enter the correct URL manually.

Know your bank and the way it operates. Do some research – or even contact – your bank to learn how they will contact you in the event of an emergency. Any financial establishment worth its weight will let you know exactly how they will get in touch so that you distinguish between legitimate communications and the fraudulent ones.

Do not reveal too much! A massive, publicly available social media presence is a goldmine to fraudsters, and they will use it to gain access to sensitive information. Apply privacy settings and keep things like your friends list, phone numbers and your date of birth viewable only to people you know and trust.

 

mPowered IT – Ensuring Cyber Security for Your Business

mPowered IT is your go-to proactive partner in keeping IT systems secure and defended. We never leave things to chance or wait for a problem to arise – predicting and preparing for the threats of tomorrow will help ensure your valuable data is protected and your business continuity maintained.

 

6 Things You Should Have In Place to Protect your Systems

Protecting what matters

In the modern digital age, our businesses need the security and reliability of our IT systems and infrastructure. Any outage or loss can seriously disrupt the efficiency and security of business operations, potentially creating financial loss, and breaching industry compliance obligations.

Where to begin

The security of your IT should be a priority but how do you achieve it? You should start with these six key tools that give your business the best chance of preventing a cyber-attack.

Six tools to help protect your systems

Firewalls

A firewall protects the perimeter of your network by sifting inbound and outbound traffic. It looks for open ‘doors’ that could leave your system vulnerable to exploitation or take over from cyber criminals. A well configured firewall, (hardware or software) will allow or disallow permissions to enter your network for both people and data traffic. Perhaps most importantly, it monitors and protects information and data, making it much more difficult for data to be stolen. But a firewall alone, especially without continuous updates, will not serve you well for long.

Secure configuration

To achieve a secure configuration, you must implement a series of security measures when building and installing your computers and network devices. By doing this, you reduce your risk of becoming a victim of a cyber attack. Criminal hackers look to exploit your security misconfigurations to gain access to your system. Apply best practices to the way your network and systems are configured to prevent misuse and exploitation.

Access control

Between cyber security and company best practice access protocols, you should limit system access permissions on a ‘need to know’ or ‘need to access’ basis. Restricting access will stop staff from accessing files and folders that do not pertain to their role, while simultaneously limiting the potential reach should a cybercriminal successfully breach your system. Administration rights are seen as the `master key` for cyber criminals. Losing that key could have serious consequences for an individual computer or in the worst-case scenario, your entire network.

Malware protection

Malware protection comes in the form of software that is designed to protect IT and individual computers from malicious software. Malware is the umbrella phrase used to explain malicious software, or what is more commonly referred to as viruses. A virus is essentially designed to cause disruption or steal information from your network. One of the most common forms of malware is ransomware. Ransomware is used by the criminal as a means of locking out your access to your files & folders, sealing them behind the criminal’s own encryption key, only allowing you access after you pay a considerable ransom.

Patch management

Hackers are constantly working to exploit vulnerabilities within the software applications and operating systems you use every day. By employing patch management, you will keep your software up to date and secure by rolling out critical updates as they become available.

Education

There is absolutely no point in implementing all the above tools in your quest for cyber security without educating your staff. Everybody should be aware of best practices when it comes to navigating their cyber environment. Think of it like this — the tools you implement are the armor and the person inside is the soldier that uses them all. They are all there to help as best they can, but ultimately the quality of their defense comes down to the capabilities and knowledge of the person behind them.

How to begin your implementation

If you have an IT person, ask if all the above has been implemented. A lot of businesses just get a firewall and some form of malware protection installed and feel their security is covered. It’s not. Cybercriminals do nothing but look for new ways to attack. Your business cannot passively protect itself against an active, motivated, stalking, evil predator. So start with a conversation with whomever is responsible for your network security to get an idea what measures are in place. If that falls short, or you’re not sure, you need a good IT partner who will work with you, and your IT person, to ensure you have real, up-to-the-minute security measures in place, that are appropriate for your business and budget. The ideal partner will adopt a customer-first approach while having the technical knowledge and competency to see things as they apply to real world solutions and your business.

mPoweredIT – cyber security experts

At mPoweredIT we are proactive in keeping systems secure. We never leave things to chance or wait for a problem to arise. We take care of your business systems with the attention and care as if it were our own network on the line.

 

The Growing Cyber Security Threat

The Growing Cyber Security Threat

How serious of a problem is cybercrime? A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021. This is a big number, but it’s no surprise to anyone who has followed the exploits of hackers and online scammers.

Cybercrimes have become big news, with large data and security breaches at companies generating headlines, and cyberthreats from foreign locales such as China and Russia threatening U.S. businesses and elections.

The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well. Data breaches expose sensitive information that often leave exposed users at risk for identity theft, ruin companies’ reputations and almost always leave the company liable for compliance violations.

Security breaches have increased by 11% since 2018, and the average lifecycle of a breach in 2019 was 314 days (from the breach to containment). That’s a lot of time for data to be stolen, corrupted, or held for ransom.

Even enterprise companies and multinational corporations are discovering that their current IT security is not sufficient to fend off an ever-evolving list of cyber threats. This is perhaps most evident in the recent high-profile data breaches that have made headlines. A network breach can result in catastrophic losses of data and high costs for recovery and damage control. A breach can ruin a company’s reputation, making it harder for them to do business in the future. Security breaches at large companies are a matter of national security, as they have damaged our infrastructure and threatened our financial markets.

It’s tempting for small-to-medium sized businesses to assume that they won’t be a target of threats such as ransomware, malware, and phishing because of their size. The reality is that hackers target thousands of businesses simultaneously — size is not really a factor. If you have a connection to the internet, you’re a target.

Dependence upon cloud computing and an increasingly remote, mobile workforce means threats that compromise one system can compromise a larger network relatively easily. All it takes is a single security gap. To combat these threats, businesses are naturally turning to their own IT departments to shore up their networks, implement disaster recovery plans, and coach their fellow employees on data security.

Unfortunately, skill shortages and budget constraints have made security a significant challenge even at the largest, most well-funded companies.

To augment their own IT departments, manage costs, and gain access to additional IT resources, businesses of all sizes have relied on managed service providers (MSPs).

What is the difference between a Managed Service Provider and a Managed Security Service Provider?

It’s important to understand the difference between a managed service provider (MSP) and an MSSP. An MSP is a third-party organization that is contracted to perform ongoing IT services, essentially an outsourced IT department for businesses or organizations who do not want it all managed in-house.

A managed security service provider (MSSP) is similar to a managed service provider, but with more cybersecurity capabilities such as virus and spam blocking, next-generation firewalls, breach detection, and end user security training. An MSP can function as an MSSP as long as they offer that level of specialization and select services, which mPowered IT is.

Both MSPs and MSSPs are designed to help organizations tackle complex IT problems without taking on the burden alone. Each tends to operate on a strategic level, offering valuable solutions and insights throughout all stages of the business’ life cycle.

Why do Businesses turn to MSSPs?

Skilled IT Professionals are in Short Supply

There simply aren’t enough trained and experienced cybersecurity specialists to handle the needs of the modern threat landscape. Unfortunately, hackers and other bad actors can function alone or in small cells, but cybersecurity is typically a team effort that requires constant attention from skilled individuals.

IT Departments are Often Spread too Thin

When a business’ internal IT department becomes overwhelmed, they will often turn to MSPs or MSSPs to fill in gaps. This is generally a much faster way to find and deploy a knowledgeable team without spending months hiring and training new staff.

Even Small Businesses need to be Secure

Small businesses are being targeted more frequently as larger enterprises shore up their own security. Hackers usually look for the weakest points, and that is usually the small business who isn’t taking cybersecurity seriously, not the massive corporation with a huge IT budget.

Cyberthreats are Constantly Evolving

One of the most challenging aspects of IT is that it is constantly evolving — and that goes double for the cybersecurity landscape. IT professionals and cybersecurity specialists must maintain a constant state of continuing education to keep up with the changes in their industries. This isn’t the kind of thing that business owners or C-level executives have time to do on their own. By working with an MSSP, a business can be sure that their defenses are evolving to meet the changing needs of the times.

What Services does an MSSP Provide?

The typical MSSP works as an extension of your business through consulting, planning, and project-based action or ongoing management. Cybersecurity must work in layers, and that means every business needs a tailored suite of solutions working together to completely protect their network and data.

Here are some of the Essential Services Offered by MSSPs:

  • Offsite Backups and Recovery Plans
  • Employee Awareness Training
  • Next-Generation Firewall Protection
  • Encryption Services
  • Password Regulations
  • Security Assessments
  • Email & Web Filtering
  • 24/7 Network Monitoring
  • Offsite Backups and Recovery Plans
  • Antivirus Services
  • Breach Prevention Services
  • Automated Updates
  • Dark Web Scanning
  • Multi-Factor Authentication

End User Awareness Training

In most of the recent high-profile security breach cases, the cause was employee negligence — usually initiated by a phishing email or SMS text message. Humans are almost always the weakest link in a security chain, which means the weakness must be addressed through training in threat awareness and avoidance.

According to a study reported by Tech Republic, 54% of the 1,000 IT professionals surveyed said poor password policies and the careless actions of employees were the root causes of cybersecurity incidents at their companies. More than 50% of the companies surveyed had experienced a ransomware attack in the past year, and 79% of those affected said the ransomware entered their system through a social engineering attack (such as phishing).

What are the other common culprits? Poor password maintenance, a lack of two-factor authentication, or having no password regulations in place at all.

While it’s important to strengthen your network, the human factor must be addressed for your security effort to be successful. MSSPs can be contracted to create a culture of security at your company. They’ll coach your employees to recognize common security threats like phishing emails and malicious links. They can even help you establish a password policy so that passwords are updated regularly and stronger company-wide.

24-7 Network Monitoring

Most organizations can’t afford a staff of in-house IT professionals to manage their network around the clock. Network Operations Center (NOC) monitoring is an important service provided by MSPs, typically to monitor for network outages, server overloads, and other errors by scanning critical network functions. MSSPs provide 24/7 Security Operations Center (SOC) monitoring to identify security issues, manage firewalls, scan for vulnerabilities, and provide intrusion protection and prevention.

MSSPs can monitor networks continuously via their own SOC or through specialized third-party providers. In the event of an issue or security threat, engineers at the MSSP are notified and act quickly to resolve problems. This type of active monitoring is the surest way to ensure data security and minimize downtime.

Emergency Backup and Recovery

Data backup is common at most companies and often required when regulatory compliance is a factor.

Offsite data protection ensures your data is secure and ready to be recovered in the event a system crash or internal error. It also ensures your data is protected in the event of a catastrophic natural disaster. Secure, reliable backups can also serve as a means to access and recover data in the event of a ransomware attack.

Antivirus Services

To combat growing security threats, modern organizations need a layered approach to security. This includes enterprise level antivirus software as well as anti-malware, Next-Generation Firewall Protection, intrusion detection and prevention, and well-trained employees. An MSSP provides all of these security layers as part of a package to your organization.

Don’t make the mistake of relying on consumer-grade antivirus software in a business environment. While many commercial antivirus solutions are fine for personal use, they do not offer all of the solutions needed when protecting a business. You should be able to manage and monitor all your devices from a single platform. Your antivirus software should receive automated updates and provide advanced protection beyond what is needed for personal use.

Email & Web Filtering

Email filtering helps to identify spam and phishing emails and delete or quarantine them before they can do harm. Most modern email platforms, such as Gmail or Office 365, have a built-in spam filter, but hackers have become very good at bypassing these filters. Since some spam will always make into your employees’ inboxes, scam or fraudulent emails will always be a threat to your business.

An MSSP can provide you with advanced layers of email filtering services along with training to help you identify harmful emails before they’re opened and clicked. The security tools provided by an MSSP can also help you filter out malicious websites when your employees are browsing online. To increase employee productivity, you can also use web filtering to block specific types of content such as online shopping sites, social media sites, and gaming sites.

Breach Prevention

A breach occurs when data is compromised and finds it way into the wrong hands. This can happen through network intrusion, through a malicious email link, or if someone downloads your data to physical storage and then uploads it to the dark web (like from a stolen device).

With so many ways for breaches to occur, cyber defense must move beyond the IT department and into your organization as a whole by fostering a culture of security. In addition to monitoring for attacks and unusual behavior, an MSSP can help you create this culture at your company through training, monitoring, and technical expertise. They’ll help you get control over who is accessing your data so you can stay proactive and prevent dangerous activity before it occurs.

Automated Updates

Updates to your applications, software, and operating systems aren’t just to improve functionality. Many updates are sent to protect the software or device against a new type of threat or to patch vulnerabilities that have been recently discovered. These updates don’t always download and apply themselves automatically. They must be authorized by a user, or by an administrator. Too often, important updates are neglected because internal IT staff are overstretched or unsure of what an update will do to the system. Neglected updates quite frequently leave your system vulnerable.

An MSSP ensures that you’ll never have to worry about missing updates and making yourself vulnerable to avoidable threats. Part of their job is to find outdated software and provide automated updates and patching services so you’ll never need to go through your systems and apply updates manually.

Password Standards

As we mentioned, humans are usually the weakest link in a security chain. One way that is true is that people are often careless with creating and maintaining their passwords. When employees are responsible for creating and maintaining their own passwords, you can expect vulnerabilities. Employees will often use the same password for all their accounts, use passwords for years at a time, or they may use a very weak password like “12345,” “password,” or their name and birthdate.

Passwords like these are easy for password cracking programs to decipher. If the same password is used for multiple logins, it could give hackers access to your entire system as well as any software you use. Part of the issue is that too much of the burden is placed on individual employees, many of whom simply want to log in and get to work without having to deal with complicated passwords.

Without any guidance, they’re likely to pick a password that’s easy to remember and stick with it. An MSSP can help your company develop a strong password policy and implement password standards for all your employees. Password regulations, or password policies, govern how your employees create, manage, and use passwords. You may also benefit from using a password manager to help your employees keep track of their passwords. This may be necessary if they use several accounts throughout the day.

Data Encryption Services

Data encryption is important for businesses that must meet regulatory requirements, but every business should include encryption as part of their security strategy. The most comprehensive approach is usually to encrypt any and all data that may be passing through or coming from your business via email, your website, or the internet in general.

Encryption is about protecting data during transit so that theft by interception is nearly impossible. There are many forms of encryption including website, email, network, and hardware encryption. Encryption is becoming the new standard for many businesses. Most major email plat- forms either encrypt emails automatically or make it easy to encrypt emails yourself. At the beginning of 2017, Wired magazine reported that at least half of the web is now encrypted.⁵

Nonetheless, managing the encryption of your data can be difficult and time-consuming. An MSSP can provide your company with Encryption as a Service (EaaS) so you can focus on other tasks with the knowledge that your data is secure. They can also provide additional network layer encryption and hardware encryption.

Security Assessments

Many organizations are bound by regulations and must have certain security measures in place in case they are audited, but any organization that handles important data should check their security status regularly. An MSSP can help you conduct such evaluations and asses your own security. It’s important to do this regularly, as time creates gaps in security that can make you vulnerable to new forms of attack. During a security assessment, an MSSP will look for common problems, including:

  • Poor network architecture
  • System configuration errors
  • Data integrity and confidentiality
  • Weak passwords and poor password regulation
  • Missing system updates and patches
  • Network vulnerabilities

An MSSP can provide an initial security assessment of your organization followed by periodic assessments to keep you secure.

Dark Web Scanning

The dark web is part of the internet that is hidden from conventional search engines like Google, and thus, doesn’t attract much legitimate traffic. It acts as a marketplace for stolen data and hosts many other illicit activities and illegal trades. When a system is breached, it’s common for cybercriminals and other bad actors to post data on the dark web for sale. An MSSP can provide you with dark web scanning to help identify any of your data for sale on the dark web, thus allowing you to minimize further damages.

Although the best protection is to protect your business from breaches in the first place, dark web scanning helps to mitigate damages. It also serves as a means to located stolen data that could have been originated before your current cybersecurity strategy was put into place.

Multi-Factor Authentication

Multifactor or Two-factor Authentication (2FA) has become almost essential, as it helps to offset the risks associated with weak passwords. While you should still focus on creating strong passwords and enforcing password policies at your company, you should also take into account the possibility that at least one of those passwords will eventually be compromised. Hackers can decode passwords using cracking programs, buy them from adjacent data breaches, or bypass them using phishing scams.

Once a password is revealed, it won’t matter how strong it is. If one email account is breached, it can be used to reset the passwords of other accounts or perform further spoof email attacks within the network.

In a two-factor authentication (2FA) system, an account holder must provide two separate pieces of information to access an account. This often takes the form of a primary password and a temporary, randomly generated PIN that is usually sent to the account holder’s smartphone via SMS or email.

This can also be accomplished through a specific device that generates a random PIN, token, or password which the account holder possesses. The second piece of information, or token, is secure because only the account holder has access to it. Additional layers of security can be put in place for extremely sensitive information. For example, you can add biometrics, such as a thumbprint, as a requirement for access. Such an approach offers three layers of protection: “something the user knows,” “something the user has,” and “something the user is.”

Who are we?

mPowered IT provides a full range of IT Support, including technical helpdesk, data backup and recovery, and strategic consulting to small and medium-sized businesses. We take cybersecurity very seriously and always go the extra mile in securing both ourselves and our clients from the latest cyber threats.

We work with many types of businesses throughout the area, and strive to eliminate IT issues before they become costly and frustrating. You can continue to drive your business forward while we make sure your technology is functional and secure. Our dedicated staff loves seeing our clients succeed.

Give those hours wasted on IT problems back to your staff and create a lasting impression on your clients through superior technology services and customer care. Give us a call at 678-389-6200 or visit our website to learn more. 

SOURCES

Learn to Spot Phishing Emails

Learn to Spot Phishing Email | Good Email Hygiene 

Avoid the spread of ransomware by learning to avoid malicious emails. Most phishing attacks can be stopped with a little diligence and awareness. Don’t let one bad click bring down your company!

Can you spot…

…use of a trusted name?

…an almost legitimate sender address?

…a generic greeting?

…attempts to create urgency?

…a suspicious attachment?

…a malicious link?

…generally unprofessional look and feel?

Train for phishing awareness

WATCH FOR GENERIC CONTENT AND GREETINGS

Greetings like “Dear valued customer” or “Important client” are a bad sign. If you or your company isn’t identified by name at the beginning of the email, be suspicious.

NOTICE MISSPELLINGS, INCORRECT GRAMMAR, & ODD PHRASING

Phishing emails from other countries (which is the majority of them) often contain poor grammar and misspelled words.

URGENCY IS THEIR MOST POWERFUL TOOL

Scammers have known this for ages: if you make someone panic or hurry, it’s much easier to make them slip up.

MANUALLY CHECK ALL LINKS

Mouse over every link to check the URL you’ll be sent to. If you don’t know for sure that it’s safe, don’t take the chance.

EXAMINE THE SENDER’S EMAIL ADDRESS

Scammers use email addresses that look almost like legitimate email servers. Be wary of addresses like “@microsoft.custsupport.com” or “@ups-service.com”

ONLY INPUT DATA ON SECURE WEBSITES

Any webpage where you enter personal information should have a url beginning with https://.

For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

Web Analytics