Protecting Systems from Terminated Employees

According to studies, about two-thirds of past employees are still able to access their past employer’s system. How could this be? Well, it seems that many times, when employers terminate or an employee leaves the company, employer’s don’t always think about the many data they have access to and don’t think to involve their IT department in their termination process.

There is really no way around it; past employees with access to company networks and records means they can be a security threat, especially if the relationship between them and the business was left in bad terms. We’ve put together a few tips on ways in which you can protect your company’s data from those past employees.

Tip 1- Change Passwords

It may seem like a lot of work, but having all passwords changed is crucial. This is the easiest way for employees to gain access and cause damage. Go through every server, website, software, etc. in which they had access and change the passwords to a strong and complex password.

Tip 2- Terminate Email Access

This is one area in which your IT department can be helpful, if you’re not sure how to terminate an employee’s company email. If past employees have access to their email, this means they have access to files that were once shared with them.

Tip 3- Revoke Remote Access

If the employee worked remotely and had access to a Virtual Private Network (VPN) you want to make sure they are no longer able to access it. With this type of access, terminated employees can get their hands on updated or new data that could be sensitive for business.

Tip 4- Retrieve Company Technology

If your company has given employees technology like laptops, tablets, computers, phones, etc. you must get them back. In these devices past employees can have important data, files or notes with sensitive information in them.

Overall, every business should put in place a policy that includes IT in the termination process. Sensitive data should be crucially protected. For help in any of these tips, contact M&H for further information.

Extending your Wireless Network

We’ve guided you towards the right steps in moving or expanding your network. Now, today we’ll help you in extending your network when its wireless and you need a wider range of wifi. Before we get into the different ways to extend a wireless network, you need to take into consideration the following: your network needs to be placed in the center of your home or office and avoid placing it behind a door or near any metal walls that could prevent the wireless network from flowing through. Now, let’s get into the more technical ways in which to extend your network.

One option for extending your network is by purchasing a wireless extender in your home. The wireless extender takes the wireless signal you currently have and boosts it for greater use. When setting up the extender, make sure it is plugged in an area with a solid wireless signal. Although this may be the easiest and most affordable way of extending your network, it could be problematic in other areas. Because the connections all happen wirelessly, it is more likely to cause dropped connections and slow down your Internet speed.

The next option is getting a powerline network kit. This kit is a wired network with hidden wires. The kit usually comes together with two Ethernet cables, and two adapters. This extends your network by connecting one of the Ethernet cables to the router while taking the other Ethernet cable and plugging it into whatever other device you would like the network to extend to. Of course, you would have to plug each adapter to each device in order for them to detect each other. Although this can be effective for specific devices, it can take away from extending the wireless to other ones if they aren’t connected to a powerline.

An alternative to the powerline kit is to simply use an Ethernet with a range extender. This option extends better to multiple powerline kits as well as wireless access points (WAP). This option can also help maintain your Internet’s speed and extends coverage better than other options.

The best option, however, is connecting the Ethernet to the WAP directly. This option is best because it doesn’t connect wirelessly and it direct, which means you get fast and reliable Internet. There are many ways in which this can be done. For consultation on which way is the best option for your home or business, contact M&H.

What is Antispyware?

In order to fully understand what anti-spyware is, you must understand what spyware is and does. As we have mentioned before, spyware is a type of malware that can monitor your computer by either tracking the web pages you visit or everything you could be navigating to in order to collect any information available. In order to fully protect your devices from such malware, you must download a security program, like anti-spyware.

Anti-Spyware works very similarly to an antivirus program. It detects any unwanted spyware program, deactivates it and then removes it. The way it does this is by analyzing the codes of the programs and files installed into your devices. It then compares the codes to the spyware definitions the programs already knows. Detection in anti-spyware can either be based on the rules or the actual definition of the active spyware.

Once the security program detects a match between the program’s, or file’s, code and that of which the antispyware knows, it will disable with program and send an alert. When alert is sent, it will ask whether or not you would like to remove the spyware program and, sometimes, even give you the details on the spyware, like the name of it and where it came from. Of course, fully removing the spyware is the best option.

There are many types of malware protection programs. When asked if simply downloading an antimalware program can take care of all system infestations, the answer is no. The reason why there are so many different protection programs (antivirus, antispyware, antimalware, etc.) is because there are so many infections that target your devices a single malware program can only focus on so many. There are new malware being created all the time, it’s best to protect your systems for all those that are predicted as well as the unpredicted ones.

If you are not sure which antispyware program is best for your system(s) contact M&H for guidance.

Internet Security Myths (Part 2)

Welcome to the second part of our ‘Internet Security Myths’ series where we highlight myths that have been used to justify why we don’t really need to take further security precautions. Now, let’s continue with the myths…

1.“I don’t need a security system because I don’t access unsafe websites.”

It’s true that many websites, emails, and pop-up ads can navigate anyone to access malware in their electronically devices. However, it is also true that malware are very well hidden and can even live within “safe sites” as well.

  1. “Social networks are safe and won’t harm my computer.”

Maybe social networking sites, like Facebook and Twitter, are free from malware, but this doesn’t mean that hackers can’t gain access to your information. Some of them go as far as creating a fake account to take personal information from others and learn their habits in order to take on their identity.

  1. “Private browsing makes me anonymous, therefore no one knows who I am.”

This is actually false. Using private browsing only makes it so nothing saves onto your browsing history, web from history, cookies, or your temporary Internet files. Your IP address can still be located. Private browsing does not make you anonymous.

  1. “If I install a security program it will protect my system from all malware.”

One single security program isn’t going to protect your devices from all malware. Multiple malware programs exist in order to protect systems from multiple types of malware. The best way to protect your devices is by downloading multiple anti malware programs.

Let’s face it, we have all taken these myths and ran with it in order to save money on our security systems, or simply because we never think that we could be victims to a hack or crazy malware infections. No one is immune to such security breaches so, it’s important to take all precautions. Contact M&H’s Tech Support for help on taking the next steps against security issues.

Internet Security Myths (Part 1)

Many myths have developed over time about Internet security that has been used to justify why we shouldn’t take greater precaution when it comes to security protection. Today, we will be highlighting some of those myths in our two-part series of ‘Internet Security Myths.’

In case you thought this could be irrelevant to you because you’re not “important enough” to be targeted, the first myth we’ll be highlighting is…

  1. “Only people of high profile have to worry about being targeted.”

This is the reasoning we all tend to come up with whenever security hacking gets brought up. Truth is that hackers and malware don’t attack important people; they attack systems that are not well secured.

  1.  “I don’t store important or sensitive information so attacks wouldn’t affect me.”

Many times, we end up storing information in our devices that we don’t think are important or relevant enough for hackers to use. In reality, though, hackers can take any little piece of data to help them discover who you are, what your online behavior is and so much more in order to take your identity.

  1. “Viruses only target Windows, so it won’t affect my Mac”

It’s true that there are a ton of viruses created for windows or PCs but malware doesn’t exclusively attack Windows. Throughout the years, more malware has been created to affect Macs as well. Your system isn’t built as a malware repellant.

  1. “All my passwords are strong and complicated, so I’m safe.”

This is great! You should make all your passwords this secure. However, if your actual password isn’t properly stored away, then anyone can get access to it. In order for your passwords to be fully effective, it’s best to use a password manager in order to keep track of them.

  1. “I have VPN so all my files are encrypted anyway.”

Are you completely sure this is the case? Just because your virtual private networks (VPN) providers offer encryption, it doesn’t necessarily mean that it comes all together. Make sure to talk to your VPN provider to get the encryption service with your network.

If you have any questions or are looking for guidance on taking better security precaution contact M&H for consultation.

What’s New with Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It is an access-denial type of attack that prevents legitimate users from accessing files[2] since it is intractable to decrypt the files without the decryption key. The use of ransomware scams has grown internationally. Security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013. This number has grown in recent years. In fact, every week seems to bring news of another case of ransomware.

 

In April 2016 The Unites States and Canadian governments released a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and crooks demand payment for it to be unlocked. The US Federal Bureau of Investigation reports that ransomware attacks are not only proliferating, they’re becoming more sophisticated. So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas: 1) Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls; and

2) The creation of a solid business continuity plan in the event of a ransomware attack. (Source: FBI Cyber Report 4/2016)

 

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, and large businesses are all on the radar of cyber attacks of ransomware. The FBI and US government has given an official guide on what to do in the case of a ransomware attack on your business. Please read on for their suggestions.

 

Prevention Efforts

 

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and antimalware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

 

Business Continuity Efforts

  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

If you don’t know where to begin or need to beef up your security protocol call M&H for a security evaluation and implementation.

Worst Case Scenarios of Backup Disasters

Prepare for the worst, hope for the best.

 

It is not what business leaders ever want to think about but it is a topic they must consider – worst case scenarios of backup disasters! What do we mean by worst case scenarios? Unfortunately, there is a long list of things that could go wrong and could jeopardize your technology and data in the blink of an eye. Environmental triggers such as record snowfall, hurricanes, and floods, top the list of  storm-related fears of executive and tech experts alike. Then there is the other “storm” as such that can cause just as much fear of a worst case technology failure – human error. Most disasters in IT aren’t due to bad weather, but instead attributed to human error. Common mistakes, disgruntled employees, and malicious attacks by hackers are some of the risks that plague data centers, in addition to the storms and bad weather over which we have no control. All of these events can cause what no business owner wants to consider a back up disaster!  

 

No matter the threat – humankind or Mother Nature – you need to understand your business’s risk landscape and understand how you can prevent a worst case scenario from happening at your company. The best disaster recovery plans take into account all the possibilities and look at the worst that has happened to other companies in order to learn from and prevent such occurrences in the future. What steps can you take to minimize your business’ risk and prevent the worst from happening right in your own office.

 

  • Disaster Recovery Plan – Every company should have a plan of what to do in the case of an event that can impact your tech or physical office. This Disaster Recovery Plan should be a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such a plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster.
  • A Backup Team – Certain employees may be designated to monitor worst case scenarios in order to properly jump into action in the case of an event that stops employees from getting to work or if technology has been compromised. Some companies even have a secondary office location where work can be done, or done remotely. This group should know what the most recent backups included in order to ensure that all data and files are secure and able to be accessed.
  • Insurance Safeguards – Invest in insurance to cover your hardware and devices. Computers, printers, phones, projectors and other forms of technology can cost a ton of money to replace. If you ever face an office fire or natural disaster, you don’t want to worry about spending thousands to replace your vital business equipment.
  • Prepare Clients – Customers and Clients should be aware that there is a disaster recovery procedure well before an actual disaster occurs. Well crafted emails and preplanned documents can put clients at ease about what to expect from your business if a worst case scenario occurs.

Transition Planning – Planning for a worst case scenario also takes into account transitioning back to normalcy after the event. Your Disaster Recovery Team should be able to reasonably give information and timelines to employees about how quickly things will get back to normal.

Protecting your Technology While on Vacation

Vacation! You have been waiting all year to kick back, relax and step out of the rat race for a while. You may have travel plans and are finally getting to visit the places you have only dreamed of all year. The last thing on your mind is protecting your technology. While we don’t want to ruin your blissfully happy vacation plans, we also don’t want you to have a technology induced headache upon your return, or even while you are off on this idyllic vacation. Thus we have compiled a list of ways you can protect your technology while you are on your dream vacation.

 

  • Back Up – Before you head off into the sunset and dive into vacation be sure to back up your family and work devices such as smartphones, laptops, and tablets. Backing up your devices will protect your work, photos, and stored information in case of a lost or stolen device while on vacation.
  • Keep your Devices Nearby – While you are focused on jumping in the pool, playing frisbee on the beach, or getting up to capture the perfect photo, criminals are focused on how to grab any unattended devices or bags. Carry your smart phone in a fanny pack that stays around your waist. Be sure to secure external USB and hard drives, and pay a little extra for a room safe in your hotel.
  • Be Wary of Internet Logins – Avoid doing anything that requires me to log in if I’m on a completely open network at an airport, cafe or anywhere else to protect your data as much as possible. If something seems odd about your connection such as pop-up boxes start flashing on the screen, strange messages, etc.,  immediately disconnect and go somewhere else. Always try to connect to a password-protected network associated with the cafe or hotel.
  • Quit the posting Check ins and Geo-tagging – While it might be fun to post socially where you are on vacation, this comes with some risk, especially abroad where cyber attackers can zero in on you.
  • Physically Protect your Travel Devices – Be sure to have strong protective covers for all of your mobile devices. Smashing your phone can be a real bummer and can cut you off from communicating with your group depending upon how badly damaged the device is. Protective covers are useful for avoiding splashes and keeping dirt and sand away from your phone’s inner workings. Tablet covers also work in a similar way, and they’re very useful if you plan on reading, browsing the Web or checking email while on vacation.

Be safe and have fun by taking a few simple technology checks before you head off for your vacation this summer.

How Often Should Technology Be Upgraded?

When your company is busy it means that business is good and while there may be funds to do necessary upgrades, there probably isn’t enough time in the day to get it all done. Then, when business is slow, it might mean that the extra funds for upgrades has dried up or been allocated for other projects. It is a double edged sword that businesses face all over this country. It is tempting to wait until a computer breaks or a piece of software becomes obsolete and to think about how you’ll replace it, right?

 

How exactly does your company decide when the appropriate time is to change out hardware or update the existing software that you need for the day-to-day running of your company? Do you wait until it is do-or-die time? Wait for signs of cracks? Wait till employees complain? M&H can help you create schedules and timelines for how long your technology should last and when the appropriate times are to upgrade. Here are some strategies for helping your company make these decisions.  

 

  • Create a Technology Plan – Upgrading and refreshing both your software and hardware should not be a haphazard procedure that is only discussed when there is a problem.  Using feedback from managers, leadership, employees and, most of all, any of your tech experts, creates a technology plan that takes into account budgeting for needed upgrades and updates to the technology that your business may depend on. This plan should look into the lifespan of certain devices as well as take into account the regular pace at which upgrades to software turn out.
  • Look at warranty and Insurance Plans – When deciding upon replacing existing tech look at any warranty and insurance programs that may remain on the devices. This may save your business a lot of money in the long run.
  • Examine how an upgrade will help your clients/customers and patrons. You do not need the latest and greatest of every new technology. With the fast pace at which things change in this industry, your company would go broke just trying to keep up. So, examine what impacts the change may have of your customers first. Will the upgrade help with your customers having a better experience with your business? Will it increase a positive impact on customer service? This may help in your decision.
  • Budget – Yes, it may come down to budget. Does your company have the funds to upgrade, or would it be best to wait on items for the next fiscal year?  
  • Prioritize – Obviously software upgrades that are imperative for the operation of your business should take priority over splurges for new devices for employees. Make a list and regularly examine what takes priority in your company. For companies just starting out this list may need to be fluid as unexpected costs come up, but have the list to keep you on track.

Talk to Experts – Talk to tech experts like M&H whose business is to know what upgrades and new tech are coming down the pike. We can help you prioritize and create a tech plan that is right for your unique business.

When Should You Change your Password?

How often does your company change passwords? Once a month, twice a year? Never? The debate over how often to change passwords rages in the tech community. Some tech experts support regular password changes to avoid hackers and deter attackers from regularly gaining access to your business files and servers, while other experts take the position that password changes don’t necessarily help stop cyber attacks and, in fact, may cause an undue burden on businesses. Let’s take a closer look at the two side of this debate so that your company can evaluate what might be best for your company.

 

The Theory Behind Regular Password Changes

 

Regular password changes are theoretically a good idea because they ensure someone can’t acquire your password and use it to snoop on you over an extended period of time. For example if a hacker were to gain access to your business accounts that may contain private information, credit card numbers or bank accounts, that person could revisit your files and gather more and more confidential information, possibly without you even knowing it! If a password has been compromised, changing it every so often can potentially cut off access for bad guys who may have figured them out.

 

‘Changing Passwords Regularly Doesn’t Help’ Theory

 

According to the Federal Trade Commission’s chief technologist, Lorrie Cranor, the strategy of changing passwords has some major holes. First of all, forcing employees to keep changing their passwords can result in workers coming up with, well, bad passwords. If your password is not compromised, you don’t benefit by selecting another uncompromised password; you just inconvenience yourself. If human beings had infinite time and perfect memory, regular password changes would be a fine idea. In reality, changing passwords imposes a burden on people. It’s already basically impossible to choose strong, unique passwords for every website and remember them. According to How to Geek,  if an attacker gains access to your accounts, they’ll most likely use their access to cause damage right away. If they gain access to your online banking account, they’ll log in and attempt to transfer money out rather than sit and wait. If they gain access to an online shopping account, they’ll log in and attempt to order products with your saved credit card information. If they gain access to your email, they’ll likely use it for spam and phishing, or attempt to reset passwords on other sites with it. If they gain access to your Facebook account, they’ll probably attempt to spam or defraud your friends immediately.

 

Ask your tech professional or call M&H Consulting to discuss your business safety needs. We can create a comprehensive security protocol that can include your passwords and backup strategies in the case of a cyber attack.