Important that we meet discuss speerfishing attacks over business comunicatons. We need to make plan about this IMMEDIATELY. Please click on the link [uurl.callender.com] to make an appointment with IT for quick tutorial.
There are several things wrong with this email, and hopefully, you noticed them. All are red flags you can look for to avoid fake meeting requests or calendar-invite scams.
Business Email Communication (BEC) scams are not new. For example:
In 2020, BEC attacks were the most lucrative scam. The US estimated cybercriminals made over $1.8 billion with this approach. Beyond money, falling victim to a BEC attack also costs your business time and reputation. Here’s what to look for and how to protect against BEC scammers.
How BEC Scams Work
With many more people working from home and meeting virtually, there’s been an uptick in BEC spearfishing attacks.
On Gmail, the bad actor needs only your email address to send an invite that adds to your calendar by default. Then, you might click on what appears to be a meeting link, which actually takes you to a malware site.
Zoom has also become an attack vector. You get an invite to a meeting that asks you to login into Microsoft Outlook. You’ve done it so many times before, except this is a fake login page, and it’s set up to steal your access credentials.
How to Protect Against BEC Scams
Educate your users. As with any other type of email scam, users need to learn to be careful about the links they click. Some indicators to look for, which you can see in our opening example, include:
Email addresses, links, and domain name inconsistencies are more bad signs. Plus, be wary if something seems too good to be true (a free laptop?) or is an unusual request (transfer $1 million from the CEO’s account).
Google Calendar users can go into General settings, then Event settings, and switch off “Automatically add invitations.” Instead, select “No, only show invitations to which I have responded.” Also, under Events from Gmail, you can stop calendar events auto-generating based on your inbox. Keep in mind, though, that you’ll also be blocking legitimate events.
In these days of the hybrid workforce, we’re used to clicking on links from Zoom, Google Docs, and Microsoft Office as part of our daily workflow. The cyber bad guys know this and are taking advantage of it. Unsubscribing from email lists, keeping your email private, and reporting spam to IT can all help.
Your business might also benefit from working with a managed service provider to use a third-party spam filter. Our experts can also review your cybersecurity posture and identify areas to improve your defenses.
Contact us today at 262-515-9499
The importance of information technology in meeting business objectives continues to grow. Regrettably, the shortfall in professionals who can manage business tech is also growing. Learn what the IT skills gap means for you.
Technology helps businesses meet strategic priorities. This includes:
In CompTIA’s research into the “State of the IT Skills Gap,” the skills disparity is widening. And it’s doing so at a worrying rate. Nearly half of CompTIA’s respondents said the skills gap had grown in scope/depth over the past two years. That's 46%, indicating significant or moderate growth in their businesses.
That may not even capture the problem accurately. Only 44% of CompTIA’s respondents felt they had the know-how to identify and assess IT skills gaps on their own.
IT Skills Gap IssuesThe IT skills gap affects strategy and also impacts staff productivity and customer service/customer engagement. The shortfall in IT savvy individuals also impacts security, particularly:
Plus, the IT skills gap can slow the adoption of emerging technology. This sees businesses struggling to upgrade existing hardware and software. They aren't able to use artificial intelligence, automation, or the Internet of Things.
The shortage also hurts data integration, management, and analytics. Software or app development can also suffer.
How to Address the GapThere are many ways businesses can improve the IT workforce pipeline. Providing on-the-job experience through internships or apprenticeships may work, as might encouraging IT employees to pursue new certifications and credentials.
Investing in tech talent is another way to promote your business objectives. Without the right IT support, you could end up buying the wrong technology or struggle to deploy it. Instead of adding agility and efficiency, you’ll slow things down and may compromise security, too.
With the IT environment constantly evolving, it’s difficult for businesses to keep up. Many firms can’t keep up with the rising compensation requirements, keeping internal IT trained is expensive, too. Then, if IT talent leaves, they take their business infrastructure knowledge with them.
The solution? Partnering with a managed service provider (MSP). With an MSP you gain experts that always stay on top of the latest events and are always trained up. Yet you don’t have to pay for their conferences and ongoing training. You typically pay a consistent set fee for the services you need.
Our experts can help update your infrastructure, deploy new systems, and secure IT.
Contact us today at 262-515-9499
Unfortunately, these days online security breaches occur far too often. That’s why it’s never been more important to ensure all your accounts are as protected as possible. Yes, strong passwords are critical, but you should also enable two-factor authentication on your accounts whenever possible.
What is two-factor authentication? Two-factor authentication (also known as multi-factor authentication or 2FA) requires you to confirm ownership of two separate variables generally your password and a unique code sent via email or text to complete sensitive actions on your accounts.
Sound familiar? You're probably already using this with your bank, most financial institutes require it when you log in on a new computer or device. However, some accounts don't require two-factor authentication - for those that don't but offer it, you should enable it in the settings or security sections. It is available on most online services like Gmail, Apple, and Amazon. Adding this extra step adds another layer of security and can protect your sensitive personal information.
Contact us if you have any questions or need assistance with implementing two-factor authentication for your office devices and apps.
Business downtime is costly. Research abounds on just how much it can set a business back. Some small businesses can't even rebound from the expenses associated with downtime. This article outlines the many expenses a business can encounter as a result of downtime.
What do we mean by downtime? There are many reasons a business might experience IT downtime. Say, the Wi-Fi goes down or there’s a simple power outage. Either could lead to a small-scale, short-term downtime.
Worse, you could be the victim of a cyberattack that sees criminals encrypting your data. A data breach or malware infection could force you to take systems offline to solve the problem.
Severe weather events such as tornadoes or hurricanes can also cause downtime. Or maybe the building suffers a gas leak or a fire, and your business isn't immediately able to get back on-site. If you don't have cloud-based access to your applications, you could suffer downtime.
Every minute you are without your business technology can add up. Let's consider the various costs you could encounter.
Loss of business revenue
If your people can't access business systems or network applications, productivity drops. Your sales team can't close deals, or your product development team can’t access schematics. Perhaps someone in client development can’t get to their pitch presentation.
Fixing your business technology after downtime takes extra work, which means added resource costs. You may have to pay overtime to the IT team working round the clock to get you back up and running, or there could be places you need to catch up when you had to spend time doing things manually. This disrupts efficiency and costs money.
How often do you hear someone apologize for their computer running slowly? When you call a customer service line it's a familiar frustration. Imagine telling someone instead, “our systems are down, and we are unable to help you right now.” You will be compounding customer aggravation. They don't want to wait for your downtime to end to resolve their issue.
If there's a data breach, customers will worry about personal data or compromise of proprietary information.
Legal and compliance fees
Your business could run afoul of compliance or face legal action. For instance, if you are in the health services industry and are breached, you could be hit with hefty fines for jeopardizing personally identifiable information.
Say your payment processor goes down, and you’re not able to take any orders. Some customers will get impatient and order from a competing website. They may end up switching to that company permanently.
There's also a misconception that any press is good press. But you do not want your business to make headlines for having fallen victim to a cyberattack.
Every business owner recognizes the importance of retaining motivated and skilled staff. Employees frustrated by downtime may start looking elsewhere.
Morale and your business culture could decline. Turnover could rise. You'll need to invest time recruiting, training, and retaining fresh new hires.
Don't think business downtime can't happen to you. When it comes to technology, threats are ever-evolving. Keep current with updates and software upgrades, and be vigilant about fresh threats.
Partner with an MSP to develop backup plans. An IT vendor can help move systems to the cloud to ensure mobile access. MSPs can also be proactive. They perform preventative maintenance and help cut your cybersecurity risk.
We can't promise downtime won't happen, but we can make sure you are resilient and able to bounce back more quickly should problems arise. Contact us today at 262-515-9499.
Working for a small business, you can be asked to wear many hats. Even if one of your many roles is not IT, you may need to speak up about your business technology or cybersecurity.
It’s easy to think cybersecurity is someone else’s responsibility, but IT may not be getting the attention it deserves, and that could be damaging to the business, your career, and your identity.
A data breach can destroy a business. Cybersecurity Ventures estimates that 60% of small businesses close within six months of a breach. It’s easy to calculate why. In Ponemon’s annual Cost of Data Breach report, the average cost was $161 per record. That adds up. If you’re at a business that can’t recover, you could be out looking for work again.
Of course, you care about your customers. You don’t want their personally identifiable information (PII) getting out to criminals. But their information isn’t the only thing at risk. Your employer has a lot of PII about you, too. They’ll have your name, address, salary amount, and bank account details. Plus, they may have health information related to your benefits. They probably also have copies of your government identification.
It's not only about protection
If your business tech is out of date, you’re at greater risk of cyber vulnerability. But improving IT isn’t only about protecting data and preventing downtime. Having the right technology to suit your business can also help you be more productive. Speaking up about IT could see the business improve, grow, and gain resiliency.
Working with a good MSP can help both you and your business:
A slow system is painful to use. Having to wait even a few minutes for a computer adds up over a 40-hour work week. Worrying about the security of your data doesn’t help your focus at work either.
You don’t have to be an IT expert to understand that there is room for improvement with your technology. Connect us with your employer to schedule a free consultation for your business needs!
Contact us at 262-515-9499 to start the conversation.
A new year is a chance for a fresh beginning. To that end, try these tech tips for small business owners to kick 2022 off right.
First, launch a successful new year for your business by going mobile. Agility is one of the key differentiators of a small business. Be more flexible than larger competitors by taking full advantage of cloud computing. Use Microsoft 365 (MS365) as an all-in-one solution for communication, collaboration, and more. When you’re cloud-based, you and your employees can operate from any location with ease.
You'll also want to focus on security. Don’t think that you’re safe because of your small size. Every business is a target. An automated bot isn't going to differentiate between a company with six employees and those with 60 or 600. It is simply going to find that vulnerability and attack. Don’t risk losing time and money to a data breach or ransomware. Instead:
Also, make sure you’re leaving room in the 2022 budget to invest in IT. This is one area where you don’t want to be cutting corners. Unreliable internet service could cause downtime that hurts productivity and loses you clients. Skimping on software or hardware upgrades could lead you vulnerable to safety issues.
New Year, New Your Business
Another smart move? Get a professional email address. Using firstname.lastname@example.org or email@example.com doesn't make a great professional first impression. Instead, have a firstname.lastname@example.org email address. You can get reliable business-grade emails from MS365.
Do an information and communications technology audit as well. Take stock of your current technology and how it is performing. This check-up can help you identify opportunities to streamline processes. You might consider adding a customer relationship management tool. This will centralize your customer information and help you personalize pitches. An enterprise resource planning system could improve accounting, human resources, and operations workflows.
Now is also a good time to hire a managed service provider. Partnering with an IT professional helps you make good technology decisions. You may have a lot of people with opinions, but you want to get input from industry experts who understand technology, security, and optimizing IT resources.
Contact us today at 262-515-9499 to learn more about what we can do to help your business meet its goals in 2022 and beyond.
Working from home has its advantages but can also blur the line between professional and personal time. Plus, employees may grow more relaxed about what they do on their work computer while remote. This article shares things employees should avoid doing on work computers, whether remote or in the office.
What to avoid doing when working remotely
Log in to an unprotected network
Working outside the office means you are more mobile. If you have a business laptop, you could decide to work one day in a coffee shop and the next in a public park. But in doing so, never connect to public Wi-Fi. This is an unencrypted network. Hackers can position themselves to compromise your computer.
If you absolutely must use a public network, add a layer of protection by using a virtual private network. This can help shield your browsing from anyone monitoring your online activity.
Save personal files
You spend so much time on the work computer, and you want to get a few personal things done during the day. You might even start saving personal files on the computer. Maybe you created a “my stuff” folder on the desktop.
This isn’t a good idea, because personal data could get automatically backed up to the cloud with the work files. Cloud backup is good practice for the business, but now you’re losing control of your personal information. Plus, if you leave the job, you lose access to that computer and those personal files.
Let family and friends surf the Web
Working from home changes the office environment. People want to look something up, or kids need to submit schoolwork online. And your work computer is right there! Why shouldn't they use it?
This could expose proprietary business data or sensitive information. You may think “my 10-year-old won’t know what that spreadsheet says.” Yet, especially in a regulated industry, you could be compromising compliance.
What to avoid doing when in the office
Stream personal entertainment
You have a break, or things are slow, so you decide to catch up on your favorite TV show at work. What’s the harm?
In fact, you could be making it more difficult for your colleagues to do their work. Streaming takes up bandwidth, and there is only a set amount available to your business. So, while you’re laughing at a sitcom, others are struggling. Colleagues could drop from video calls or wait longer to download important files.
Click on unrecognized links or download attachments from unknown parties
This one is well-known. It’s up there with not using simple access credentials such as “password” or “letmein.” Be wary of what links or attachments you click on or download. Cybercriminals constantly leverage human error to gain illicit access to business networks. Don’t be the weak link in your company’s security posture.
Also, avoid visiting non-work-related websites. You are more likely to visit a site that harbors malware if you are surfing the Web for personal use at work.
Download software without first asking IT
You might have a preferred way of doing things, but the business computers don’t have the software you’re familiar with. Deciding to download it to your own computer seems safe enough. It could be a well-known app or piece of software. It’s not like one of those shady downloads from the point above.
Yet downloading software to a work computer can cause problems for the IT team, as they don’t know what’s working on the systems. There could be upgrades or system updates you miss that create a vulnerability. You could also, again, risk noncompliance.
These six things should be avoided if you’re using a work computer. It doesn’t matter where you’re working, you still need to be thinking of cybersecurity and productivity for you and your colleagues.
Need help knowing what your employees are doing with work computers on- or off-site? A managed service provider can help. Learn more about remote monitoring and other helpful tools.
Contact us today at 262-515-9499.
Myth Buster programs on television never focus on business misconceptions about IT. Too bad, because believing these myths can be both costly and dangerous to your business. This article debunks seven common business IT myths.
Sometimes myths are harmless, but when it comes to business IT myths, not knowing the truth is damaging. Make smarter tech decisions with accurate information and a better understanding of IT.
Myth 1: Consumer PCs are interchangeable with business PCs.
Sorry, this one’s false. Selecting a business-grade computer can impact productivity. Don’t squander your competitive advantage by relying on consumer PCs to get the job done.
Consumer PCs are largely about getting the price point down by using lower-quality materials, whereas business computers are built to last, use higher-quality components, and go through more testing. They have business-appropriate features such as fingerprint readers or encryption tools, and better warranties and support.
Myth 2: Apple computers can’t get viruses.
Microsoft Windows users are targeted more often because there are more Microsoft users, and the payoff is bigger. Plus, Windows PCs run any program requested, regardless of danger, whereas Apple has steps in place to prevent unauthorized malware from running.
This myth is also untrue. In fact, in September, Apple released a security update to fix its phones, tablets, and watches. Victims didn’t even have to click on a malicious file to risk device infection. So, if you’re using an Apple device, go into Systems and make sure you’ve upgraded to iOS 14.8, macOS 11.6, and/or watchOS 7.6.2.
Myth 3: One backup is enough.
In the case of data backups, you are much safer taking a 3-2-1 approach to data backup. Have three data backups available on at least two different mediums, one of which should be off-site.
You might backup your data to:
Myth 4: Antivirus software completely prevents infection.
Antivirus software is valuable, yes, and your business should consistently upgrade its antivirus software. But no antivirus is going to protect your business from every threat.
Security programs do their best to keep up with new threats and vulnerabilities, but infections can spread across the internet quickly. Plus, bad guys are getting better at crafting variations to evade antivirus tools. As a result, make antivirus software only one piece of your cybersecurity strategy.
Myth 5: Cybercriminals only target enterprises.
Attacks on enterprises grab the headlines, but nearly half of the cyberattacks hit small businesses. The bad actors know that small businesses are more resource-constrained and don’t have cyberattack prevention plans in place. It is easier to go after the little fish than targeting the enterprises with IT teams as big as a basketball squad.
Myth 6: It’s OK to wait until the computer fails to replace it.
You can wait, but it’s not going to be the best thing for your business. Long before a computer fails it could be slowing down your business. Older PCs disrupt productivity and reduce employee satisfaction.
As the computer ages, you'll lose time loading applications and dealing with crashes. You may also be leaving your systems vulnerable to cyberattack if you can't upgrade the software.
Myth 7: IT outsourcing is not effective for small businesses.
Maybe you think your IT systems are too small to need ongoing maintenance or monitoring, or (Myth 5) that you’re not at risk. Yet, IT systems of any size need ongoing, consistent attention, and outsourcing can help free up your IT resources to do more value-add tasks.
A managed service provider (MSP) can monitor hardware and backups, streamline systems for speed, and keep security current. The MSP can also manage firewalls, and identify and protect against threats.
Partner with us for business IT support today! Call us now at 262-515-9499
Smishing is high up on the list of words that do not sound as intimidating or threatening as they should. Smashing the word fishing together with the “SM” for short messaging service (aka text), smishing is a cyberscam.
Especially with online shopping skyrocketing during the pandemic, delivery smishing has gained traction. Don’t fall victim to this type of cyberattack.
What does smishing look like?
You’ll get a text message that appears to be from a shipping company. You’re told you have a package coming, but that more information is needed to ensure delivery. You’ll squeal, “a package!” OK, maybe you won’t squeal, but you’ll feel the anticipation and click on the link to help deliver that package to your door.
You might already be expecting a package. After all, as recently as June 2021, PWC was describing a “dramatic shift” toward online shopping. According to its most recent consumer survey, in the last twelve months:
So, you might not think twice about clicking on a link appearing to be from a major delivery service. Don’t do it!
What happens next?
You click on the link and are asked for personal information, even a credit card number or password. Otherwise, clicking on the link will download malware onto your phone. The bad guys use their access to snoop and/or send your sensitive data to its servers, without you knowing it.
The smishing scam is a global one:
Package delivery isn’t the only common smishing tactic either. You might also see:
All that would get your attention, right? So, what do you do about smishing? That’s covered next.
Protect against smishing
Avoid getting drawn in by the urgency or emotional appeal of the SMS. Don’t click the link, and don’t call the number in the message either. Instead, look through your bills or go online into your account for information on how to contact that company.
Reputable mail carriers and financial institutions won't send text messages asking for credentials, credit card numbers, ATM PINs, or banking information.
Look at the sender more closely. A message from a number with only a few digits was likely sent from an email address, which can flag that it’s a scam.
Also, don’t store personal banking or credit card information on your mobile phone. That way the criminals can’t access it, even if they do get you to download malware onto your phone.
You can help others to not fall victim to smishing as well. Report any attempts to your telecommunications carrier or your communications regulatory body.
For more helpful information on mobile security threats and how to protect your home network from cyberattacks,
contact us at 262-515-9499
Working from home is no longer only for a few employees in special circumstances. The pandemic pushed many businesses to enable remote work. The priority was getting it working and securing access. Now that it’s routine, it’s also time to consider how you back up work from home.
Data backup creates a reliable copy of business data. An accessible, accurate backup prepares you for system failures, data corruption or deletion, natural disaster, or a security breach.
Regular readers of our articles know that we’re in favor of the 3-2-1 approach to data backup. You have three separate backups on at least two different mediums, and one is always off-site.
Yet even those with best practices in place may not have thought about work-from-home backups. Still, with so many people using remote networking, you need to take a fresh look at backup systems.
The IT team should have already set up automated backup systems for the on-site work environment, but what procedures are in place to protect data generated remotely?
Remote Work Backup RisksBackup puts important business data in a protected place to ensure a quick emergency response. Without a backup, it will take a lot longer for your business to bounce back from an IT disruption.
In the home office, or when people are working remotely elsewhere, there are new risks. Saving files locally on a home computer may mean that data is not available to others who need it. Plus, the laptop could be lost or stolen (or broken when a furry colleague at the home office knocks it from the table). The business could also be disrupted if a remote worker’s system goes down due to power outage, fire, or an extreme weather event.
Businesses in regulated industries must also store data safely on- or off-site. Medical, financial, or legal industry businesses face data storage, protection, and audit regulations. The fact that people are working from home doesn’t mean they get a pass from compliance concerns.
Backup Best Practices for Work from HomeIf your teams use MS 365, that can help with business collaboration. No matter where employees are, they can edit and share documents and other files. Tracking version history from any device also helps with data currency.
Yet this is not the same as a data backup. Set up an automatic backup of all files created on remote laptops and computers. Ask employees to back up to the cloud using Microsoft’s OneDrive, Google Drive, or another alternative.
We recommend setting up backups to upload every night in the wee hours. Backing up takes a lot of internet bandwidth, and scheduling for 2 a.m. is less likely to interfere with someone else’s Netflix binge-watching or video game play.
It’s also a good idea to get an outsider’s perspective on remote backups. You may need to manually save files to appropriate locations or to set up policies to safeguard off-site files in case of hardware, software, or security issues.
You could take advantage of remote monitoring and management, and you can test backups remotely. This also improves recovery time, as IT can restore data without physical access.
Need help backing up work from home? We can help. Contact us today at 262-515-9499
Tech Force Blog
We provide you with important, practical tips and insight for your technology and networks for both home and business.