Train your staff: Your first and best firewall

by IT Connect 360 | Feb 21, 2022

Train your staff: Your first and best firewall

Protecting your organization against cyber threats can seem like a challenge that involves extremely high-tech wizardry, sophisticated knowledge etc.. Much of this is true. Protecting your data and your company against cyber threats requires skilled professionals. But that isn’t only what is needed. The first line of defense in data security is everyday common sense and diligence on the part of everyone who works in your organization.

Some thoughts . . .

The first challenge in beefing up your data security is creating awareness among all of your employees that they really do have a serious role in data security. Many of the ways they can protect your data are simple, but until they are aware that they may represent a threat to data integrity they won’t take their role in protecting your company seriously. Provide training that both explains that their actions may unknowingly create problems, and then review what they can do to avoid trouble.

Training should not end. It should be an on-going focus in your organization.

Passwords Part 1 Remind everyone that simple passwords are unwise. Does your company mandate a certain level of complexity in password creation? Maybe you should.

Passwords Part 2 – No password sharing. We tend to trust most of our colleagues, so when logging in and out seems a nuisance, we are often willing to let a peer use a database we’ve already logged into so they can do some simple, quick task. Not a good idea.

Email and phishing scams – These are really easy to fall victim to. Emails that look like they are from a legit source, so we open them up and then click on a link inside. Explain that emails can be made to look like what they aren’t. Always be suspicious. Look at the email address to see if the domain matches the legit site.

Odd links – If someone you know sent you a link to a site, unless you absolutely know the email is legit and the link is safe, let it go. Email them back to verify.

Lonely hardware – Remind everyone: Never, ever put a thumb drive into their computer unless they know where it came from. No matter how much one knows better, if you find a thumb drive sitting on a desk, it can be extremely tempting to plug it in to see what’s on it.
Don’t. Just don’t.

Three best practices to protect your data

by IT Connect 360 | Feb 14, 2022

Three best practices to protect your data.

While malware and phishing attacks have evolved over time and are constantly becoming more and more sophisticated, there are ways to protect your data from them. Here are two best practices to observe no matter the size of IT infrastructure needed in your company or organization to follow that can help safeguard your business.

Install a strong firewall
A firewall can help prevent unauthorized access to your network by monitoring access attempts and allowing or rejecting them. Firewalls are flexible in the sense that you can choose how stringent or lenient you want it to be in terms of limiting access. There are different kinds of firewalls, each serving a particular purpose and offering different protection levels. An MSP with deep experience with these technologies, as well as your specific industry, can be an excellent resource. Firewalls basically work to block unauthorized traffic to your network based on various factors including IP address, location and any other custom parameters that you may choose. Without a firewall, your network is essentially open, exposed to any one on the web, which puts you at serious risk.

Invest in antivirus software

Antivirus software programs identify viruses and other malicious attachments that cybercriminals may use to gain entry into your system or network. Make sure you invest in a good antivirus software and update it regularly so it can protect you against newer versions of malware that crop up with time. Be wary of consumer grade programs.

Train your staff

Train your staff to identify and steer clear of phishing emails, links and messages. All the protection in the world is no defense if your staff opens a phishing email and clicks ona malicious link. It is game over right then. Employees tend to assume you are the one responsible for maintaining data security. They often don’t realize they also play a role. Educate them on password hygiene, safe web surfing, and basic IT best practices even when using their own devices. You can provide training in-person and conduct mock drills and IT workshops. Also, consider sending regular emails on these topics so your staff remains alert. Security training isn’t a one-off project. Also update your staff on any new vulnerabilities discovered and if there are any security updates or patches released for them in the market, then be sure to apply them immediately.

Everyone wants to go phishing

by Jason Ruediger | Jan 31, 2022

Everyone wants to go phishing.

You are very much aware that your company or organization is at risk, every minute of the day, from cyberattacks, malware, ransomware, and even benign errors that can put your data at risk. Even a failed backup procedure could mean a loss of critical company and customer data. In today’s blog we’re just going to review one of the most common methods that bad actors use to try to gain access to your data. Phishing. Phishing isn’t a particular type of malware or virus that attacks your data. Instead, it refers to the tools cyber criminals use to get access to your data. Phishing refers generally to the bag of tricks they use to break into your house.

In phishing attacks, cybercriminals generally send a web link that is disguised to look genuine, and prompt the receiver to share information that will then be misused. For example, an email may be sent to you that looks as though it came from your bank or the IRS announcing a tax refund that your business is eligible to receive. You may be asked to log into your bank account or a fake IRS site and enter your bank details to receive the refund or download a receipt. The cybercriminals will have access to any details you share and later use it to clear out your bank account.

Phishing links may also lead to clone websites. Clone websites, as the name suggests, are websites that look strikingly similar to original websites, but are obviously not the same and are controlled by cybercriminals and used to steal data from unsuspecting victims. Here are a few tips to help you identify clone websites and steer clear of them.

If you receive an email with a link to a familiar website asking you to log into the site or enter your personal information, cross check the URL. Check the spelling and domain, for example, www.amazon.com is the right URL, whereas a clone website may have an URL that looks similar but is not the same. An example would be www.amaazon.com or www.amazon-offer.com Another thing you can do is, always type the URL you intend to visit. For example, if you are being asked to log into your bank account, type your bank’s website address instead of clicking on the link they provided to you in the email.

Sometimes, phishing attacks can be manual as well, meaning, instead of asking you to enter your personal information in a website or a form, the cybercriminal may pose as someone you know and send you an email from an email address that looks authentic and try to get money or personal information from you. Such attacks usually happen if your network or that of your recipient’s has been compromised in a hacking attack, whereby the cybercriminal has some information that they can use to make their messaging sound genuine.

Next Entries »

619-819-5508

[email protected]