SpireTech Blog - Tag: Security
IT security and safety recommendations, news, and advice.
IT workers around the world have been busy the last couple of weeks. At SpireTech, the service desk has been slammed with issues relating to everybody getting setup to work from home (WFH) and we apologize for any delays or long hold times. The sorts of issues our clients have been facing are:
- Users learning how to properly use new videoconferencing tools
- Issues with passwords
- Learning how to properly use VPN’s or Remote Desktop
- A remote control session will always be slower than if you are sitting in front of the computer
- Avoid videos or conferencing software on your remote computer, run those locally.
There are things you can do to make it easier for our team to keep on top of your requests:
- When calling the service desk, please let us know if you’ve previously emailed us regarding your issue so we do not create a duplicate ticket.
- If you are emailing us and working from home, please include your mobile number in your email.
- If you are emailing us about a prior issue, please locate the earlier correspondence and reply to it, instead of starting a new email.
Let’s encrypt, an industry nonprofit that issues free SSL certificates, had to revoke 3M certificates Wednesday March 4, 2020 due to a bug. SSL is the technology that gives websites the https “padlock” and is often used to secure other things like mail servers.
For more information, you can visit the Sophos security blog. We’ve already checked all SpireTech web hosting and Managed Services clients to see if anyone is affected, and installed new certificates where needed.
If you visit an https website and receive a certificate error in the next several days, it’s possible the site is affected. We don’t recommend proceeding to the site, instead consider notifying the site owner. Bad actors are already taking advantage of this and launching phishing emails and banners, so use caution. If you find that a website we host or server we manage for you is affected, please let us know and we’ll fix it right away. Read more...
We’ve been recommending for quite a while that our clients implement multi-factor authentication (MFA) on their email and Office365 accounts – really, anything that can have MFA enabled should. You may have heard of two-factor authentication (2FA) before, multi-factor can use two or more methods of authentication.
We’re asking our clients to use two factors to login now. This is because like it or not, employees will use weak passwords – or use the same password on multiple websites. If a hacker gains access to your email, they can trick your clients or employees into sending your hard-earned cash to them, or worse. Some regulated industries have penalties associated with data breaches. At a minimum, your reputation is at stake – do you want to have to tell your clients you’ve had a breach?
Microsoft has made two-factor authentication easy to use with the authenticator app for iOS and Android. Once connected to your account, all you have to do is push the “approve” button when prompted on your phone. Read more...
used with permission from Tektonika (HP), by Karen Gilleland
Unlike fine wine, your cyber assets don’t get better with age. Any PC more than four years old is not only costly to keep, but it’s also hack-friendly tech that could pose serious office security risk. Old PCs lack the built-in security triggers needed to repel the thousands of malware threats discovered each hour. With new technology, you could avoid 70–80 percent of the top malware detected.
Down-level hardware could potentially jeopardize your business—and that risk carries a price tag far exceeding an investment in state-of-the-art technology. As Two River Community Bank put it, “The risk just isn’t worth it.” There’s no reason to stick with outdated hardware, especially when computing power is growing exponentially and faster than ever. Older hardware may be costing you precious time, and the longer you delay updating old equipment, the further behind you’ll fall in the skills, knowledge, and technology needed to compete with companies on top of the curve. Read more...
used with permission from Norton by Symantec
Mention “cookies” and most people expect a chocolate chip treat to appear. When talking about computers, however, cookies aren’t on the dropdown menu. In fact, they’re not even physical objects. Yet they do a great deal of the work that makes it more convenient for you to browse the Internet — and they can be troublesome if you don’t know how to clear or delete cookies.
Meet the computer cookie
A computer “cookie” is more formally known as an HTTP cookie, a web cookie, an Internet cookie or a browser cookie. The name is a shorter version of “magic cookie,” which is a term for a packet of data that a computer receives and then sends back without changing or altering it.
No matter what it’s called, a computer cookie consists of information. When you visit a website, the website sends the cookie to your computer. Read more...
used with permission from FTC.gov, by Lesley Fair
Engage, connect, protect was the theme of a series of Small Business Security Roundtables the FTC sponsored last summer. We listened to businesses talk about the challenges they face in securing sensitive information and fending off cyber threats. We also heard that they want concrete advice from the FTC. For example, how can a small company – especially one that may not have the in-house expertise to host its own website – get down to business while also addressing these concerns?
In search of a solution, many businesses turn to web hosting firms to set up their website and email systems. In a just-published Staff Perspective, Do Web Hosts Protect Their Small Business Customers with Secure Hosting and Anti-Phishing Technologies?, the FTC’s Office of Technology Research & Investigation (OTech) looked at 11 web hosts that market their services to small businesses. (The Staff Perspective explains OTech’s methodology.) Read more...
What are they and can they affect you?
Ask a business person where their office is located and the likely answer is “everywhere.” They’re working from home, staying in the loop while traveling, and catching up on email between sales calls. For productivity’s sake, many companies give their employees – and perhaps clients or service providers – remote access to their networks. Are you taking steps to ensure those outside entryways into your systems are sensibly defended?
If your business wants to start with security, it’s important to secure remote access to your network. Here are some examples based on FTC investigations, law enforcement actions, and questions that businesses have asked us.
Ensure Endpoint Security.
Your network is only as secure as the least safe device that connects to it – and there’s no guarantee that an employee’s home computer, a client’s laptop, or a service provider’s smartphone meets your standards for security. Before allowing them to access your network remotely, set security ground rules, communicate them clearly, and verify that the employee, client, or service provider is in compliance. Read more...
2018 is right around the corner, and here are our top five tips for things you can do to improve your cybersecurity in the new year. Cybersecurity has been the most critical issue in 2017, and that’s not going to change. If you haven’t begun addressing your organization’s cybersecurity defense, let’s start now!
#1 Train Your Employees
The best way to improve your IT security is to train your employees on best security practices. Educate them so they can recognize and avoid cyber threats like phishing and scams. Teach them about protecting sensitive information. Humans are the weakest link in your security defense: with a single click in an email they can open the door for hackers. You should have a network firewall, but don’t forget your employees are a firewall too.
#2 Create Security Policies & Enforce Them
Do your employees know what they are expected to do and not do to protect your data? Read more...
Managed IT services, or outsourced remote network management, can help your business in many ways. It’s a cost effective way of having your IT infrastructure monitored and maintained by experts instead of hiring an IT director. Or, it can free up your IT director and IT staff to work on more important projects than daily maintenance. But other than productivity and peace of mind, what are the security benefits of managed IT services?
Here are three security advantages you get with remote network management.
#1 You Stay Updated
Basic managed IT services include running software updates, patches, and upgrades for your servers and/or desktops. Any machines covered by your contract will automatically have updates run on schedule, so you never have to worry about the time it takes to check your update status and apply patches. Instead, updating happens automatically – heading off any cybersecurity attacks that target vulnerabilities between the times when a patch is released and then actually applied. Read more...