Chat with us, powered by LiveChat
678-389-6200

Is Your Organization Prepared for Top 2020 Cybersecurity Threats?

Top 2020 Cybersecurity Threats

Managed IT cybersecurity professionals have been challenged to the hilt through the first half of 2020. Phishing attacks increased by upwards of 600 percent during the height of the pandemic as industry leaders made haste to move to the Cloud or increase their remote workforce infrastructure. Industry leaders have been so busy dealing with the very next issue they haven’t had a moment to prepare for emerging cybersecurity threats.

Cybersecurity Threats

As Gartner analyst Peter Firstbrook explains, the resulting changes implemented to deal with the pandemic “accelerated digitalization of business processes.” Putting operational success on a wireless fast track may have left organizations increasingly vulnerable to wide-ranging threats. According to antivirus software giant Norton, these are top cybersecurity threats organizations may not be prepared to handle.

  • Deepfakes: This trick uses artificial intelligence to combine words and create phony images and messaging.
  • Synthetic Identities: This new method to perpetrate fraud blends real and fabricated personal identity information to build a representation of a real person.
  • AI-Powered Digital Attacks: Cybercriminals can now create programs that even replicate human behaviors to fool people into providing sensitive financial information.
  • 5G Challenges: The rollout of 5G is expected to increase cybersecurity risks on the Internet of Things (IoT) logistics networks.
  • Auto Hacks: Increased reliance on technology in cars, SUVs, and other vehicles, has cracked the door for a new type of automobile hack.
  • Cloud Jacking: This type of cyber-attack leverages weaknesses in programs and systems to penetrate Cloud-based networks and use them to mine cryptocurrency.
  • Ransomware Attacks: According to Security Magazine, more than 151 million ransomware attacks were carried out during the first three-quarters of 2019 alone. They show no sign of slowing down.

Decision-makers who are finally getting their feet under them would like nothing better than to focus exclusively on profit-driving endeavors. But sustaining a debilitating data breach or costly ransomware attack would only bring your efforts to a screeching halt. The question industry leaders may want to be asking, right now, is if you are prepared to deal with critical threats. These are strategies cybersecurity consultants believe are determined solutions going forward.

Extended Detection & Response Proves Meaningful

Extended detection and response (XDR) strategies employ automation to collects and assess data and run this information through a variety of cybersecurity innovations. The process improves early threat detection, deterrence, and response times.

Cybersecurity Automation Comes of Age

Hackers continue to utilize as many technological tools as they can get their keyboards on, and AI has been a boon for digital thieves. But for every move an online criminal makes, cybersecurity experts have a counter. Automating cybersecurity tools through AI and machine learning drive computer-centric systems in the direction of real-time defense. The strategy also streamlines systems by eliminating redundancies that can slow response solutions.

New Breed of CSOs Emerges

Given the emergence of non-traditional threats that evolved during 2019, organizations are looking for enterprise-level chief security officers (CSOs) to deliver on the promise of increased investment. Managed IT professionals rallied around the banner of “enterprise-level cybersecurity” for years. But perhaps the missing piece of the puzzle was decision-makers who understand the underlying infrastructure and salient details.

As ransomware attacks, GPS spoofing, and the next scheme rears its ugly head, having a security professional who can assess, secure, defend, and pivot with agility could make a significant difference. Either CSOs will need to catch up to the wave of next-generation threats or make way for a new breed of enterprise-level executives.

Are Privacy Professionals Needed?

Complying with government data privacy and protection regulations appears to be growing into a discipline of its own. New York, California, and even the EU have pushed through regulations that have national and global implications. And although these laws are stringent, they don’t even scratch the surface of industry-specific data protection and privacy oversight.

Industry leaders find themselves at a crossroads in 2020, deciding whether to create a full-time management position to provide regulatory oversight or outsource. Many are opting to work with a high-level cybersecurity firm to harden their defenses and ensure best practices that always meet or exceed compliance regulations.

Growth in Zero-Trust Networks

In some cybersecurity circles, consultants advocate for an increase in zero-trust networks that shield applications and data from the view of prying eyes. Although virtual private networks (VPN) were considered high-level protection for remote workers, zero-trust appears to be proving even more beneficial. The underlying premise is that a VPN might be difficult to uncover, but a hacker can wreak havoc once breached. Zero-trust networks, by contrast, limit access by the user. Even if a digital scammer swipes someone’s login information, they gain only limited and managed access.

The advanced schemes trolled out by digital thieves gives industry leaders and cybersecurity specialists a headache every year. Although hackers in 2020 leverage cutting-edge technologies, these bad actors can still be contained.

If your organization, like many others, could be vulnerable to these or other next-generation cybersecurity threats, it’s time to harden your defenses. A third-party cybersecurity firm can conduct a full review of your network, evaluate best practices, compliance, and provide a report. With this objective information in hand, your organization can be prepared, come what may.

How To Combine Multiple PDF Files

In many cases, you might want to combine multiple PDF files to create a single document. Disseminating information is often easier when you share one file instead of many. If you have Adobe PDF Pro, it’s easy enough to combine more than one document. You can also make several documents out of one large document. This is often common when you need to upload a file, but it’s too large.

Working With PDF Files

Combining Two or More PDF Files

  • STEP 1: Open Adobe PDF Pro.
  • STEP 2: Open the first document you want to combine.
  • STEP 3: Click “Document,” then “Insert Pages.”
  • STEP 4: Choose “From File.” The dialog box will open. Choose the file you want to append to the first file by double-clicking it. A new dialog box will open. You can also choose “From Clipboard” if you copied something and need to paste it into the current file.
  • STEP 5: Choose the location from the drop-down box. Your choices are “Before” and “After.”
  • STEP 6: Choose “First,” “Last,” or “Page.” If you choose “Page,” you will need to enter a page number. Thus, you can insert a new file at the very beginning by choosing “Before” and “First.” you can insert a file at the very end of the first document by choosing “After” and “Last.” Or, you can insert a file in the middle of a document by choosing ‘before’ or ‘after’ and entering a page number.
  • STEP 7: Scroll through the document to ensure the second file is where you expected it to be.
  • STEP 8: Save the file with a new filename.

Removing Pages

  • STEP 1: Open the PDF document you need to break down.
  • STEP 2: Click “Document,” then “Extract Pages.” A dialog box will open.
  • STEP 3: Enter the pages you want to extract. For example, if you want to extract pages 2 and 3, you would enter ‘2’ in the first box and ‘3’ in the second.
  • STEP 4: Choose one of the boxes: “Delete Pages After Extracting” or “Extract Pages as Separate Files.” If you choose to delete the pages, the system will remove the pages from the document and then delete them. If you choose to extract pages as separate files, the system will open the pages in a new PDF document.
  • STEP 5: Choose “Yes” or “No” when the “Are You Sure?” dialog box pops up.
  • STEP 6: Save the newly edited document. If you chose to save the extracted pages as another document, be sure you save that document.

Additional Functions

You can also replace pages, delete pages, and split a file. One of the most useful functions is to split the file. Often, when you need to upload a PDF that is too big, instead of guessing how many pages make a certain file size, you can tell Adobe PDF Pro what size to split the file into. This is extremely helpful for law offices who upload PDF files to the clerk – county and federal clerks often put a file size restriction on files and pleadings often exceed that file size, especially when you have several attachments.

  • STEP 1: Open the file you want to split.
  • STEP 2: Choose “Document,” then “Split Document.”
  • STEP 3: If you know the number of pages you want in each file, choose the radio button for ‘Max Pages’ and enter the number in the box. If you want to divide the file into several files that are a specific file size, choose the ‘File Size’ radio button and enter the file size in megabytes in the box. You also have a third choice to split the file by top-level bookmarks.
  • STEP 4: Click “OK.” Adobe will split the file. A new dialog box will pop up telling you how many documents the system created. Click “OK.” You can find your files in the folder where the original document is located. They will have the same file name and ‘Part X’ appended to the file name.

Adobe Pro makes it easy to create files from files and to manipulate the files if you need to break them down, or if you need to add another file in the middle of your original file.

Is Your Organization Prepared For Top 2020 Cybersecurity Threats?

IT cybersecurity professionals have been challenged to the hilt through the first half of 2020. At the height of the pandemic, phishing attacks increased by upwards of 600% – all while executives made haste to move to the Cloud or increase their remote workforce infrastructure.

Industry leaders have been so busy dealing with emergencies at hand, they haven’t had a moment to prepare for emerging cybersecurity threats.

Cybersecurity Threats

As Gartner analyst Peter Firstbrook explains, the changes implemented to deal with the pandemic “accelerated digitalization of business processes.”  And putting operations on a wireless fast track may have left organizations increasingly vulnerable to wide-ranging threats. According to antivirus software giant Norton, these are the top cybersecurity threats organizations may not be prepared to handle:

  • Deepfakes: This trick uses artificial intelligence to combine words and create phony images and messaging.
  • Synthetic Identities: This new method to perpetrate fraud blends real and fabricated personal identity information to build a representation of a real person.
  • AI-Powered Digital Attacks: Cybercriminals can now create programs that even replicate human behaviors to fool people into providing sensitive financial information.
  • 5G Challenges: The rollout of 5G is expected to increase cybersecurity risks on the Internet of Things (IoT) logistics networks.
  • Auto Hacks: Increased reliance on technology in cars, SUVs, and other vehicles, has cracked the door for a new type of automobile hack.
  • Cloud Jacking: This type of cyber-attack leverages weaknesses in programs and systems to penetrate Cloud-based networks and use them to mine cryptocurrency.
  • Ransomware Attacks: According to Security Magazine, more than 151 million ransomware attacks were carried out during the first three-quarters of 2019 alone. They show no sign of slowing down.

Decision-makers who are finally getting their feet under them would like nothing better than to focus exclusively on profit-driving endeavors – but that can all be brought to a screeching halt by a debilitating data breach or costly ransomware attack.

The question industry leaders need to ask right now is: are we prepared to deal with critical threats? These are the strategies cybersecurity consultants believe are the solutions going forward:

Chief Security Officers

Given the emergence of non-traditional threats that evolved during 2019, organizations are looking for enterprise-level chief security officers (CSOs) to deliver on the promise of increased investment. Managed IT professionals rallied around the banner of “enterprise-level cybersecurity” for years. But perhaps the missing piece of the puzzle was decision-makers who understand the underlying infrastructure and salient details.

As ransomware attacks, GPS spoofing, and the next scheme rears its ugly head, having a security professional who can assess, secure, defend, and pivot with agility could make a significant difference. Either CSOs will need to catch up to the wave of next-generation threats or make way for a new breed of enterprise-level executives.

The Need For Privacy-Compliance Professionals

Complying with government data privacy and protection regulations appears to be growing into a discipline of its own. New York, California, and even the EU have pushed through regulations that have national and global implications. And although these laws are stringent, they don’t even scratch the surface of industry-specific data protection and privacy oversight.

Industry leaders find themselves at a crossroads in 2020, deciding whether to create a full-time management position to provide regulatory oversight or outsource. Many are opting to work with a high-level cybersecurity firm to harden their defenses and ensure best practices that always meet or exceed compliance regulations.

Growth in Zero-Trust Networks

In some cybersecurity circles, consultants advocate for an increase in zero-trust networks that shield applications and data from the view of prying eyes. Although virtual private networks (VPN) were considered high-level protection for remote workers, zero-trust appears to be proving even more beneficial. The underlying premise is that a VPN might be difficult to uncover, but a hacker can wreak havoc once breached. Zero-trust networks, by contrast, limit access by the user. Even if a digital scammer swipes someone’s login information, they gain only limited and managed access.

The advanced schemes trolled out by digital thieves gives industry leaders and cybersecurity specialists a headache every year. Although hackers in 2020 leverage cutting-edge technologies, these bad actors can still be contained.

If your organization, like many others, could be vulnerable to these or other next-generation cybersecurity threats, it’s time to harden your defenses. A third-party cybersecurity firm can conduct a full review of your network, evaluate best practices, compliance, and provide a report. With this objective information in hand, your organization can be prepared, come what may.

Need help? Reach out to us at 678-389-6200 or contact us online

What Is Two Factor Authentication?

Protect Yourself – Use Two-Factor Authentication for Your Business

Learn about what two-factor authentication is and how it works. Once you understand its benefits you will see how helpful it could be for your business.  

Two-factor authentication is something every business should be using to protect themselves and their customers. You know the value of adding layers of security to your business. If you have a brick and mortar operation, you probably have a lot more than a simple lock on your front door. Security cameras, alarms, barriers and more are common for most businesses because one layer of security is never enough. The same is true for online security. Two-factor authentication gives your business and customer another layer of protection beyond the standard password – so why not use it to improve your security?

What is Two-Factor Authentication?

You have probably already encountered two-factor authentication as you navigate the internet for personal or business reasons. All the major tech companies like Google and Facebook are using it because it makes sense to do so. The process of two-factor authentication goes something like this:

  1. Input your username and password. Two-factor authentication starts off just like your standard security measures. You input your username and password for the site you are trying to access or the app you are trying to use. This is the first step of the authentication process, the first factor.
  2. Provide a second factor to authenticate yourself. Here is where two-factor authentication becomes special. It asks for you to provide a second factor that is much harder for hackers to mimic. For example, it might ask to send an authorization code to your smartphone or ask for your fingerprint to verify your identity. Hackers are much less likely to have these available to mimic you and try to access your account.

You have definitely encountered the older way to verify your identity – security questions. But security questions have become less and less effective at protecting your information than they used to be. Most security question answers can be found on your social media account, after all. Hackers can spend just a little time doing some research to find all the answers they need, particularly if they have already stolen your password from another site through their cybercrime efforts.

How to Use 2FA in Your Business

You can easily implement two-factor authentication or 2FA into your current business security efforts – both for your employees and your customers. There are multiple ways you can use two-factor authentication, including:

  • Text Messages (SMS). Most people prefer to use SMS to verify their identities over the other methods listed below because it is so easy to check your text messages and access the authorization code. All the user needs to do is log in with their username and password, then receive the code through SMS and type the code into the verification box. The only drawback to this method is that if the user loses their phone they can’t authenticate.
  • Email. You can also allow users to send their verification code to their email. They need to be able to access their email – which usually isn’t a problem – but if they can’t this method would not work. The other problem that can come up with emails is that they can sometimes get caught in spam filters and never arrive at the person’s inbox.
  • Phone Call. While this option is not used nearly as often as the two above, it is a possibility depending on the system you are using. The user can choose to get a phone call which will use text to speech to deliver the code they need to log in.
  • Tokens. Some companies find it easiest to give employees tokens, either hardware tokens like key fobs or software tokens through apps, that can then be used to provide the second factor in the authentication process.
  • Push Notifications. It is possible to get an app that will allow users to receive push notifications so that they can authenticate their accounts. They get the notification and then click yes or no to authenticate.

2FA is possible using a variety of methods – the most important thing is that you start using it to begin with. Whichever authentication method you choose, your business and your customers will be more secure as a result.

Two Factor Authentication

Hackers Target Zoom Meetings for Cyberattacks

Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform

As the usage of Zoom has skyrocketed during the coronavirus outbreak, the company has had to respond quickly to security flaws and potential phishing attacks  

As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool.

The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. For context, the company noted that as of December 2019, the most significant amount of daily users was 10 million. In March, that number ballooned to 200 million.

How Are Hackers Exploiting the Zoom Platform?

For many exploits, it starts with a website.

According to Check Point, more than 1,700 domains had been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.

Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.

It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.

“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”

What Is Zoom Doing to Protect Users?

Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:

  • Zoombombing. Multiple incidents of zoombombing have arisen in recent weeks. Uninvited visitors to online sessions have gained access and harassed participants by playing music loudly, displaying pornography and disrupted sessions. That’s led to more explanations of passwords, muting controls and sharing settings
  • Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If chatters used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed
  • Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information
  • Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy

The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”

How Can You Protect Zoom Users from Cyberattacks?

Here are some tips to ensure that Zoom users are protected:

  • Use password features to require meeting attendees to log in before being allowed access
  • Update the software. Users should be alerted that upon finishing a meeting, the software will check to see if an update is necessary
  • Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice
  • Be careful about recording meetings. The recording sits in a file, either online or the host’s computer and could be stolen

Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.

What’s The Best Way To Switch IT Managed Service Providers?

The COVID-19 lockdowns have naturally changed how many organizations and companies operate. Educational institutions are embracing virtual classes, events that were previously held in person are now fully virtual, and a whopping 98% of employees worked from home to avoid spreading the novel coronavirus. Sadly, not all IT managed service providers were able to keep up with their customers’ needs during this challenging time, leading disaffected business owners to search for new IT managed services that can handle a company’s current and future IT challenges.

While finding a competent IT service is imperative, it’s also vital to know how to change companies without disrupting your current IT operations. The following are some expert tips that can help a company transition to a new IT service safely and smoothly.

Switch First

Don’t tear up your contract with your current IT managed service provider until you find another provider that can take their place. Furthermore, you’ll need your new provider to get to work on your IT set-up right away. Once your new IT service has everything under control, you can pull the plug on your former IT service.

What does this operation entail? Here are some steps you’ll need to take to make sure your business is ready to switch IT managed services:

  • Make sure you have all your login information and administrative access to all your accounts. Any decent IT managed service will provide you with this information even before you ask for it. Sadly, some subpar services try to hold onto your information to force you to continue to work with them.
  • Have your new company do a thorough cybersecurity assessment of your business to ensure there are no back doors that former IT technicians can use to gain access to your valuable company information.
  • Let your staff members know that you will be changing IT managed services by a specific date. Inform them of new protocols that will be put in place once you make the switch.
  • Schedule IT training sessions with your new managed IT service as soon as possible so your staff members can learn how to master new programs and cybersecurity rules quickly and easily.

What Does a Good Managed IT Service Look Like?

Selecting the right IT managed service provider to replace your current IT service is no easy task. Here are some tips that can help you make smart decisions.

  • Make sure the IT managed service is familiar with your industry.
  • Look up reviews online and ask prospective IT managed services to provide references from clients they have worked with in the past.
  • Ask about the pay structure. It should be a fixed monthly price, with allowance to scale services as the need arises.
  • Make sure the IT service can meet your future needs as well as your current ones.
  • Choose an IT service provider that puts a premium on cybersecurity services. Data breaches are becoming more commonplace than ever, with more than eight billion records exposed in the first quarter of 2020 alone.

Switching IT managed services can be challenging. It shouldn’t be done in a hurry; at the same time, you shouldn’t hesitate to find a new service provider if your current one is unable to meet your present and future needs. Do careful research to ensure your new provider is the best fit for your business, and start the transition process before notifying your current IT company that you will no longer use its services. Doing so will protect your business from disruptions while improving your IT efficiency and security.

Time to make a change? Interested in switching to an MSP? Reach out to us at 678-389-6200 or contact us online

Should I outsource IT to a Managed Service Provider?

Internal IT vs. Outsourcing IT: The Value of Outsourcing to a Managed Service Provider

The question of whether to outsource or rely on an internal IT team is common. Services that were once considered “nice to have” are now necessities – including machine learning, artificial intelligence, and cloud computing. While they add a lot of value to your business, they can be difficult to manage if you don’t have a reliable team of IT experts.

Outsourcing IT Services To An MSP

Why Outsourcing To An MSP Make Sense

While having an in-house team presents unique benefits, the value of outsourcing is unrivaled. Some of the reasons why it may be a better choice include the following:

1. Optimized Uptime and Consistency

Having an in-house team is a good idea, but how do you deal with issues after their working hours? Your in-house team has specific working hours. They may need to be away from work because of sickness or personal emergencies. Even the slightest problem could cost you days or hours of work. Outsourcing takes care of that problem. You can enjoy consistent and comprehensive IT support. Your MSP can handle issues as soon as they occur. They are available 24/7 and don’t need to take breaks. Your provider offers regular maintenance to promote peak efficiency.

With cybersecurity, consistency is critical. Most ransomware attacks happen outside regular working hours. If you rely on your internal team, you need to wait until the next business day to address them. MSPs, on the other hand, can keep your business safe while you are away.

2. Specialized IT Support

Your in-house IT experts may do their best, but they are unlikely to deliver the expertise you need to take advantage of modern technologies. As your business evolves, you may need to train them or hire a new team. However, the right MSP can cater to the needs of your business as it grows. With their help, your business can take advantage of the latest technologies.

3. A Variety of IT Skillsets for Your Company

Your MSP can provide you with a range of skillsets that are essential for successful network management. They can provide you with IT strategy and planning, cybersecurity, and cloud and mobile expertise. Finding members of an in-house team that have all of these skillsets is difficult, especially if you have a limited budget. The most realistic way to take advantage of all possible competencies is by working with an MSP.

4. Maximizing Productivity

Outsourcing is a smart way to free up some time for your team. They can focus on the core purpose of your business while your MSP focuses on IT matters. Your MSP handles issues that your in-house employees would otherwise waste a lot of time trying to resolve.

5. Safeguarding Your Institutional Knowledge

If you choose to work with an in-house team, you may need to spend a lot of time and money training them. When they leave your company, they take all your institutional knowledge with them. The IT industry is competitive, and your former employees are likely to share what they learned from you with their new organizations. With an MSP, you don’t need to go through the trouble of hiring, training, and rehiring staff members. They are a long-term partner that gets you through all the stages of growth.

6. Saving Money

Working with an MSP may be cheaper than hiring an in-house team. It cuts out the cost of training and hiring employees. With MSPs, your business can have less downtime and improved productivity.

The benefits of outsourcing IT services outweigh the advantages of working with an in-house team. The most outstanding ones include safeguarding your institutional knowledge, improving your productivity, 24/7 support, and specialized IT support.

Interested in switching to an MSP? Reach out to us at 678-389-6200 or contact us online

What Is Two-Factor Authentication?

Protect Yourself – Use Two-Factor Authentication for Your Business

Two-factor authentication is something every business should be using to protect themselves and their customers. You know the value of adding layers of security to your business – if you have a brick and mortar operation, you probably have a lot more than a simple lock on your front door. Security cameras, alarms, barriers, and more are common for most businesses because one layer of security is never enough.

The same is true for online security. Two-factor authentication gives your business and customers another layer of protection beyond the standard password – so why not use it to improve your security?

What is Two-Factor Authentication?

You’ve probably already encountered two-factor authentication as you navigate the internet for personal or business reasons – all the major tech companies like Google and Facebook are using it because it. The process of two-factor authentication goes something like this:

  1. Input your username and password. Two-factor authentication starts off just like your standard security measures. You input your username and password for the site you are trying to access or the app you are trying to use. This is the first step of the authentication process, the first factor.
  2. Provide a second factor to authenticate yourself. Here is where two-factor authentication becomes special. It asks for you to provide a second factor that is much harder for hackers to mimic. For example, it might ask to send an authorization code to your smartphone or ask for your fingerprint to verify your identity. Hackers are much less likely to have these available to mimic you and try to access your account.

You have definitely encountered the older way to verify your identity – security questions. But over time, security questions have become less and less effective at protecting your information. Most security question answers can be found on your social media account, after all. Hackers can spend just a little time doing some research to find all the answers they need, particularly if they have already stolen your password from another site.

How to Use Two-Factor Authentication in Your Business

You can easily implement two-factor authentication into your current business security efforts – both for your employees and your customers. There are multiple ways you can use two-factor authentication, including:

  • Text Messages (SMS). Most people prefer to use SMS to verify their identities over the other methods listed below because it is so easy to check your text messages and access the authorization code. All the user needs to do is log in with their username and password, then receive the code through SMS and type the code into the verification box. The only drawback to this method is that if the user loses their phone they can’t authenticate.
  • Email. You can also allow users to send their verification code to their email. They need to be able to access their email – which usually isn’t a problem – but if they can’t this method would not work. The other problem that can come up with emails is that they can sometimes get caught in spam filters and never arrive at the person’s inbox.
  • Phone Call. While this option is not used nearly as often as the two above, it is a possibility depending on the system you are using. The user can choose to get a phone call which will use text to speech to deliver the code they need to log in.
  • Tokens. Some companies find it easiest to give employees tokens, either hardware tokens like key fobs or software tokens through apps, that can then be used to provide the second factor in the authentication process.
  • Push Notifications. It is possible to get an app that will allow users to receive push notifications so that they can authenticate their accounts. They get the notification, then click yes or no to authenticate.

Two-factor authentication is possible using a variety of methods – the most important thing is that you start using it to begin with. Whichever authentication method you choose, your business and your customers will be more secure as a result.

Need help setting up? Reach out to us at 678-389-6200 or contact us online

Protect Your Team From Coronavirus Phishing

How to Protect Your Business From the Surge in Phishing Websites

As the entire world is worrying about the coronavirus, cybercriminals are taking advantage of the global crisis to line their pockets. Google reports that there has been a 350% increase in phishing websites in the last two months alone. This threat is genuine, and you need to take steps to protect yourself, your business, and your data.

Coronavirus Phishing

What Is a Phishing Website?

Phishing websites are designed to steal your information, but they can work in a variety of different ways. For instance, a cybercriminal may make a website that looks like your bank site. You think the site is real so you enter your username and password, and then, the criminals have everything they need to access your account.

Similarly, a phishing website may look like it’s for a charity helping people with the coronavirus. In fact, it’s just a scam designed to steal money and credit card information. In some cases, phishing websites download malicious files to your computer when you visit them — once executed, these files may encrypt your data until you pay a ransom, copy all your keystrokes, or steal information from your computer in other ways.

Rise in Phishing Websites During the Coronavirus

In January, Google reported that it knew of 149,000 active phishing websites. By February, the number almost doubled to 293,000. As the virus began to take hold in the United States in March, the number increased to 522,000. That’s a 350% increase since January.

During the coronavirus, the most significant increases in phishing sites have happened during the most stressful times. The most significant day-over-day increase occurred on March 21st, the day after New York, Illinois, and Connecticut told their residents to shelter in place. The second-biggest increase? March 11th, the day the World Health Organization declared the virus as a pandemic. Both of these days saw about a threefold increase.

Unfortunately, no one is immune — one survey indicates that 22% of Americans say they have been targeted by cybercrime related to COVID-19.

Critical Strategies for Protecting Yourself From Phishing Websites

To protect yourself and your business from phishing websites, you need to take a multi-pronged approach. Keep these essential practices in mind:

  1. Educate your employees about the risks of phishing websites. Send out a newsletter, set up a training session over videoconferencing, or find another way to talk with your employees about how to protect your business from phishing attacks.
  2. Don’t click on links in emails from unknown senders. A lot of cybercriminals use phishing emails to direct users to their sites. If the email appears to be from someone you know, double-check the sender, and consider reaching out to them directly before clicking on any links.
  3. Invest in quality cybersecurity tools that block malicious websites, prevent your computers from executing approved applications, or protect your network in other ways.
  4. Be aware of the signs of a phishing website. These may include misspelled names of companies or charity organizations or forms that ask for information you usually don’t provide. For instance, a phishing website trying to steal your bank details may ask for your username, password, and PIN, while your bank’s actual website only requests your username and password.
  5. Advise your team to be selective about the websites they visit. Ideally, if they are searching for information on the virus or trying to donate, they should go to sites that they know and trust, rather than going to unknown websites.
  6. Work with a cybersecurity specialist. They can help you safeguard your network, which ultimately protects your money, your data, your business, and your reputation.

To stay as safe as possible from cybercrime during the coronavirus, you need to be aware of the heightened risks. If your team is working remotely, your network is likely to be even more vulnerable than usual.

To get help protecting your team, reach out to us at 678-389-6200 or contact us online

Hackers Target Zoom Meetings For Cyber Attacks

Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform

The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool. According to MarketWatch, the company’s daily active user count was up 378% from a year earlier, as of March 22,

How Are Hackers Exploiting the Zoom Platform?

For many exploits, it starts with a website.

According to Check Point, more than 1,700 domains have been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.

Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.

It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.

“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”

What Is Zoom Doing to Protect Users?

Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:

  • Zoombombing: Multiple incidents of “Zoombombing” have arisen in recent weeks. According to NPR, “…intruders hijack video calls and post hate speech and offensive images such as pornography. It’s a phenomenon so alarming that the FBI has issued a warning about using Zoom.” That’s led to wider use of passwords, waiting rooms, and muting controls. Never post a public link to a Zoom meeting.
  • Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If participants used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed.
  • Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information.
  • Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy.

The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”

How Can You Protect Zoom Users from Cyberattacks?

Here are some tips to ensure that Zoom users are protected:

  • Use password features to require meeting attendees to log in before being allowed access.
  • Update the software. Upon finishing a meeting, the software will check to see if an update is necessary
  • Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice.
  • Be careful about recording meetings. The recording sits in a file, either online or the host’s computer, and could be stolen.

Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.

For more, call us at 678-389-6200 or contact us online

Web Analytics