Posts

Is That Email A Phishing Scheme?

49Research has revealed that over half of all users end up opening fraudulent emails and often even fall for them. Phishing is done with the aim of gathering personal information about you, generally related to your finances. The most common reason for the large number of people falling for fraudulent emails is that the phishing attempts are often so well-disguised that they escape the eyes of a busy email reader. Here are a few tips that help you identify whether that email really came from your bank or is another attempt at defrauding you…

1. They are asking for personal information – Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s amiss.

2. The links seem to be fake – Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that:

  • Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing scheme email could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
  • Disguised URLs – Sometimes, URLs can be disguised…meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL upon a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL www.bankofamerica.com@mysite.net will take you to mysite.net and not to any Bank of America page.

3. Other tell-tale signs – Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include:

  • Emails where the main message is in the form of an image, which, upon opening, takes you to the malicious URL.
  • Another sign is an attachment. Never open attachments from unknown sources as they may contain viruses that can harm your computer and network.
  • The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, threat of bank account closure if you don’t verify your ATM PIN or e-banking password.

4. Finally, get a good anti-virus/email protection program installed. It can help you by automatically directing spam and junk mail into spam folders and deactivating malicious attachments.

CLICK HERE for a free network assessment.

Is Your Business Safe From Cybercrime? 4 Questions to Consider

Did you know that 50% of small business owners think their businesses are too small to be targeted by the thieves of the virtual world? Contrary to popular belief, 72% of hacker attacks often happen to smaller firms – firms with less than 100 employees! So how prepared is your SMB? Here’s a checklist to help you find out how vulnerable you are to these attacks.

481. Do you have Antivirus protection? – An antivirus software program can protect you from threats that originate from emails such as phishing and virus attacks. However, the most striking fact is that 61% of small businesses don’t install any antivirus software! If you are one of them, then it’s time to change!

2. How sturdy is your Firewall? – A good firewall system protects your computers from the variety of threats that exist in the virtual world. Examples include harmful cookies, viruses, worms and other such malicious programs used by hackers.

3. Do you use a Spam filter? – Using a simple spam filter for your emails keeps junk out of your inbox. The bonus to having a good spam filter is that your employees save time, as they are not distracted by irrelevant emails, but the major perk here is that the potential virus and phishing threats are lessened as spam emails are unlikely to be opened.

4. Do you do backup your data regularly? – Agreed – backups don’t really protect your data, but they are the only way to recover it if data loss does happen. So, be sure you have a regular and reliable backup plan in place – and it is actually being deployed.

Data loss can prove very costly—especially to SMBs, sometimes even resulting in them having to close down. Prevention is certainly better than a cure in such cases. Stop cybercrime before it happens. CLICK HERE for a free network assessment.

Mitigate Costly New Technology With An MSP

47Partnering with a managed service provider (MSP) is one new approach being used by many companies like yours. Experienced MSPs have access to newer tools that reduce costs by automating many routine in-house labor intensive processes. Break-fix is labor intensive, and labor is one of the most expensive operating costs within your IT infrastructure. The new innovative tools that can be provided by MSPs generate real productivity increases and mitigate the risk of network failure, downtime and data loss from human error.

MSPs deliver a trusted foundation for your team and your customers. Some of the services and tasks offered include:

  • Remote Desktop Management and Support
  • Predictable Management of Critical Patches and Software Updates
  • Fractional Resource Availability of Best-In-Class Expertise – scaled to your needs
  • Implementing and Testing Backup and Disaster Recovery Processes
  • Performance of Inventory and Audits of Computer/Network/Software
  • Enforcement of Network/Security Policy
  • Monitoring of Network/Operating System and Alerts
  • Updating Anti-Virus Software and Detecting Spyware

Erase any misconception that managed service providers are nothing more than “outsourced” tech help priced to displace your in-house IT technician or team. The new MSP has defined new methodologies and technology partnerships to offer valuable preventative services that proactively locate and eliminate threats before a bigger problem arises.

MSPs today put considerable effort into understanding the operational and business needs of SMBs to develop and deliver a set of specific services that align technology with the SMB’s business objectives. This is the reason you hear managed services often referred to as “partners.” A present day MSP offers quantifiable economic value, greater ROI and decreased total cost of operation by streamlining costs and eliminating unnecessary lost productivity, revenue, and avoidable on-site IT consultant fees, in addition to eliminating the need for costly hardware/software repairs or replacement.

CLICK HERE for a free technology assessment.

Five Ways Your Business Can Improve Its Standing With Google

46In an age where most business happens online, not showing up in Google search results can really hurt you. While there’s no real shortcut to showing up consistently on web searches, there are a few quick fixes to get your site to show up on your potential customer’s search results…

1. HTML tags – Important HTML tags include the title tag, meta description and meta keywords. Make sure each page of your website has appropriate HTML tags. The title tag of each page should be unique and relevant to that particular page.

2. Alternative text images – Ensure that most of the images on your website have alternative text tags. Alt tags are basically descriptions for images. By adding relevant alternative tags to images, you are allowing search engines to recognize them, which will improve the likelihood of your page showing up in search results.

3. File hierarchy – How simple is your HTML file hierarchy? Check to see if your website’s pages are logically situated and avoid too many unnecessary folders. For example: ‘NFL=>Teams=>PittsburghSteelers’ is a better folder structure than ‘NFL=>Teams=>NFCEast=>PittsburghSteelers’, because here ‘NFCEast’ is redundant and only serves to push the Steelers page deeper down the order. This complexity makes your site less likely to show up on search results for people searching for Steelers websites.

4. Sitemap – A sitemap acts as a navigational guide for your visitors as well as search engines. Does your website have one? If not, then it’s time to put up a site map on your website.

5. Content quality – Read your website content to determine its quality. Is your content written for search engines or actual visitors? Is it stuffed with keywords? Does it truly add value to your audience, or is simply there to fill up the page? Answer these questions and make sure it has value for your audience. Value for your audience translates to better search engine rankings.

CLICK HERE for a free network assessment.

5 Reasons Why You Should Get On The Cloud

45A recent article by The Guardian (UK) states that the cloud industry is set to see a growth of around 30% soon. But many small and medium business owners are still struggling to make sense of the cloud and how it can benefit them. If you are one of them, then here’s what’s in store for you when you migrate to the cloud:

1. Connectivity – Being on the cloud gives you unparalleled connectivity to your data—from anywhere and at any time. All you need is a device that can connect you to the web and you are set!

2. Save On Hardware Costs – Using the cloud for certain programs spares you the cost of investing in specific hardware. Even devices as simple as your smartphone or a tablet can help you access those applications so you don’t have to spend money on dedicated hardware. Studies have shown that cloud users end up enjoying as much as a 17% IT cost reduction compared to their non-cloud counterparts.

3. Cloud Enables SAAS – The cloud allows you to use software as a service. Microsoft 365 is one such example. When you use software as a service, you enjoy certain benefits such as more regular updates at a lower cost and the ability to have anyone work on the program for you by sharing the access credentials with them.

4. More Efficient Use of IT Staff – Moving to a cloud-based environment puts the burden of maintenance and downtime reduction on your service provider. That means you can use your limited IT staff more efficiently and also don’t have to worry about the costs associated with such maintenance or downtime.

5. Improved Productivity – Studies have shown that cloud users enjoy better productivity than their non-cloud counterparts. This could be because cloud service providers are better equipped to handle any IT eventualities than the average SMBs.

So, perhaps it’s time to ‘get cloudy’ and enjoy all that the cloud has to offer your SMB. And…if you need help in doing that, CLICK HERE.

The Benefits of a Managed Service Provider

Managed Service Providers – or MSPs – are often recommended as a cost effective IT solution for small businesses. For a minimal monthly fee, MSPs provide a reasonably priced solution to the complex technology pains of small businesses. Here’s a look at the various benefits an MSP can offer your business…

  • Freed-Up Resources and a Renewed Emphasis on Core Business – Both business owners and internal IT staff would much rather focus on revenue enhancing tasks like product development or the creation of cutting-edge applications/services. This is one reason routine monitoring and maintenance tasks are often neglected by an internal IT person or team, which always proves to be detrimental much l44ater. Often misportrayed as a “threat” to an internal IT person or staff, MSPs can instead relieve internal staff of mundane network operations maintenance, repetitious monitoring of server and storage infrastructure, and day-to-day operations and help desk duties.
  • A True Partner Sharing Risks And Responsibilities –The goal of an MSP is to deliver on contracted services, measure, report, analyze and optimize IT service operations, and truly become an irreplaceable catalyst for business growth. Managed Service Providers not only assume leadership roles, they enable risk reduction, enhance efficiency and change the culture by introducing internal IT operations to new technologies and processes.
  • Access to Expertise, Best Practices and World-Class Tools and Technologies – MSPs have experience with a variety of businesses and organizations. Managed Service Providers can keep your business relevant and on track with continually evolving technology, support, and productivity demands. Let’s face it, no small or medium sized business can afford to fall behind with technology trends in today’s business world.
  • The Benefit of a Full-Time Fully Staffed IT Department at a Fraction of the Cost – Most small business owners live and die by proactive management. They just haven’t had the budget, resources or access to on-demand expertise to be proactive with information technology management. A Managed Service Provider gives business owners and overwhelmed internal IT staff affordable computer and server support, remote monitoring of critical network components like servers and firewalls, data backup and disaster recovery, network security, custom software solutions, and technology evaluation and planning.

Managed Service Providers can decrease the overall IT support costs by as much as 30% to 50%. Rather than being stressed about technology, business owners can instead get back to focusing on growing their business. All while enjoying the benefits of highly-trained IT experts boosting their network’s reliability and performance.

Choose Cognoscape as your MSP. CLICK HERE for a free network assessment.

Cybercrime and SMBs

 WHAT HAPPENS ON MAIN STREET STAYS ON MAIN STREET

When hackers breach the security of corporations it makes headlines, yet there is rarely a mention when cybercrime hits small to medium sized businesses (SMBs). Very few people are even aware that today’s cybercriminals are targeting SMBs, not just supersized global businesses. According to Verizon’s 2013 Data Breach Investigations Report, 71% of the data breaches investigated by the company’s forensic analysis unit targeted small businesses with fewer than 100 employees. Of that group, businesses with less than 10 employees were the most frequently attacked.

55EVERYONE IS A VICTIM WHEN IT COMES TO CYBERCRIME

The loss and exposure of confidential data from a cyber-attack is costly to both the people victimized and the businesses whose data was compromised.

For the victim, hackers typically retrieve personal information, bank account, credit card and social security numbers, resulting in identity fraud. The stress and time involved to reclaim their identity and get their financial house back in order is beyond measure.

For businesses, there are 47 state-specific DBN (Data Breach Notification) laws in effect in the United States. Adding to the complexity and costs of this process is the fact that laws and compliance obligations vary from state to state. A breach of customer data in Pennsylvania will have different breach notification and follow-up requirements than a breach involving a customer in Massachusetts. This means firms servicing customers and clients from more than one state are responsible for these duplicative legal, regulatory and compliance burdens.

CYBERCRIME COMES AT A HIGH PRICE FOR SMBs

According to research compiled by the Ponemon Institute in their 2nd Annual Cost of Cyber Crime Study, the average cost per breached record in the U.S. is anywhere between $150 to $200. This amount factors in the costs of the investigation and notification process, fixing the issue that led to the breach, possible liability and litigation costs, lost business, and the time and effort that go into damage control. In many cases, a damaged reputation may prove to be irreparable. Nearly two-thirds of victimized companies are out of business within six months of a significant cyber-attack, making cybercrime the death knell for many SMBs. This is because the consequences of cybercrime extend well beyond the actual incident and have long-lasting implications.

Small businesses obviously don’t have the same financial footing to rebound and carry on with business as usual in the way organizations like Target, Amazon, Apple, or Citibank can.

Symantec’s research found that customers affected by security breaches are generally less forgiving of smaller businesses, especially smaller online retailers, than larger companies. SMBs are contending not only with lost revenue and expenses, but also the possibility of never regaining the trust of customers, clients and business partners.

Symantec’s 2012 State of Information Survey found that nearly half of all SMBs admitted to a data breach damaging their reputation and driving customers away.53

The trend of cybercriminals preying on smaller businesses doesn’t seem to be waning. According to Symantec, the number of cybercrime attacks targeting firms with fewer than 250 employees jumped from 18 percent of all attacks in 2011 to 31 percent in 2012.

WHY CYBERCRIMINALS ARE ZEROING IN ON SMALL BUSINESSES

Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty in-house IT dedicated employees ensuring that every device connecting to their network is adequately protected.

In comparison, SMBs have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have fulltime IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

A joint survey of 1000 SMBs conducted in September of 2013 by McAfee Internet Security and Office Depot further confirms how lax many SMBs are when it comes to protecting their data.54

Not only have SMBs become easy prey for cybercriminals, but their sheer abundance also makes them an alluring target. There are roughly 23 million SMBs in the United States alone. Half of that figure is comprised of home-based businesses. Even in a struggling economy, it’s projected that there are still an estimated 500,000 startups launching every month with only a handful of employees.

SMBs ARE NOT “TOO SMALL TO MATTER”

Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber-attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.

The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks. SMBs must end the “It will never happen to us” mindset. For instance, political “hactivists” have been responsible for a number of high-profile Denial-of-Service (DDoS) attacks in recent years. The goal of a hactivist is to disrupt the status quo and wreak havoc on the technology infrastructure of larger corporations and government entities. It’s a form of cyber anarchy: A “stick it to the man” philosophy spearheaded by groups like 4chan, Anonymous, LulzSec, and Anti-Sec.

An owner or Chief Information Office (CIO) at a SMB may read of these high publicized attacks in the press and not think anything of it. They aren’t Sony, Apple, or the Department of Defense, so why would a hactivist target their data? But it’s estimated that there are on average 1.29 DDoS attacks throughout the world every two minutes and such activity is much broader in scope than the press may lead us to believe.

SMBs- THE ACCESS RAMP TO BIGGER & BETTER DATA

One reason small businesses are more vulnerable is they’re often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber-attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.

For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.

Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data to.

CLICK HERE for a free network assessment.

Understanding How Data Loss Happens – The Four Main Reasons

43Small business owners are often worried about data loss. Rightly so, because data loss has the potential to wipe out a business. We have identified the most common forms of data loss so you can see how they fit into your business and assess the risks related to each of these pitfalls.

1. Human Error – Human error – by way of unintentional data deletion, modification, and overwrites – has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. While virtualization and cloud computing have enabled improved business continuity planning for many businesses and organizations, humans must still instruct this technology how to perform. The complexity of these systems often presents a learning curve that can involve quite a bit of trial and error. For instance, a support engineer may accidentally overwrite the backup when they forget to power off the replication software prior to formatting volumes on the primary site. They will be sure to never do that ever again, but preventing it from happening in the first place would be more ideal.

2. File Corruption – Unintended changes to data can occur during writing, reading, storage, transmission and processing – making the data within the file inaccessible. Software failure is a leading cause of data loss and is typically the result of bugs in the code. Viruses and malware can also lead to individual data files being deleted and hard drive partitions being damaged or erased.

3. Hardware Failure – Storage devices may be at risk due to age, or they may fall victim to irreparable hard-disk failure. Viruses and hackers can also potentially shut down a hard drive by inserting undeletable malicious code and huge files via open, unprotected ports. If these malicious programs cannot be deleted, the entire hard drive may have to be reformatted, wiping out all the data.

4. Catastrophic Events/Theft – The threat of catastrophic events such as fire, flooding, lightning and power failure is always a concern. Such events can wipe out data in a millisecond with no warning. Theft is also a data loss risk that companies must address. While advances in technology like anytime/anywhere connectivity, portability and the communication/information sharing capabilities of social media and crowdsourcing have revolutionized business – the risk for theft is even greater due to this increased accessibility. More people are doing daily business on their laptop, iPad and mobile phones. They are also carrying around portable media like thumb drives, USB sticks and CDs. Physical theft of any of these devices can spell big trouble.

Data loss is as unique as the various sources from which it comes. The key is to identify the areas in which your business is weak and work towards a mitigation plan for each one of them. An MSP can act as a trusted partner in such cases, holding your hand through the process of safeguarding your data.

Prevent data loss with Cognoscape. CLICK HERE for a free network assessment.

Four Tips for Your Hybrid Cloud Strategy

42It should come as no surprise that many small to midsize business owners take pride in overseeing every aspect of their startup business. Naturally, many are apprehensive when it comes to surrendering control of their servers, their data, and their applications. The downside of this need for control is that operating and maintaining everything onsite can be time consuming, super expensive, and it can make your business more vulnerable to failure related downtime and cyber threats. Although everything can be stored in the cloud at a fraction of the cost, many aren’t responsive to the idea of sharing the infrastructure their technology runs on. The great thing about the cloud is it’s not an all or nothing thing. This is exactly why so many small to midsize businesses have turned to hybrid cloud solutions. Just as they name implies, hybrid cloud solutions are both on and off premises. It’s the best of both worlds. An entrepreneur can still control certain aspects of the business on-site, but simultaneously exploit the cloud’s cost effectiveness and overall scalability. For example, a local server like Windows Server 2012 can be housed and managed on-site but that server, or just specific files, can still be backed up in the cloud with Microsoft Windows Azure and stored far away off-site. This provides a partial disaster recovery solution in the event of a hurricane, flood, fire, or just a basic server crash.

Here are four tips for developing your hybrid cloud strategy:

  1. Honestly assess the current IT strategy – Over time, as your business grows and technology advances, your well-planned and neatly arranged IT infrastructure transforms into a disorganized mishmash of different servers and disconnected software and tools. View this almost as the spring-cleaning of a cluttered garage. What systems or applications are critical to your business right now and which ones no longer support your current or future business initiatives?
  1. Know what you want to keep close – Every business will be different in this regard. Certain companies will prefer keeping large files in-house, in a more controlled private cloud, for easy access but may be okay with having their emails out there in the cloud or vice versa.
  1. See how others are leveraging a hybrid cloud environment – New services once only available to large enterprises are now available to SMBs. This presents an extraordinary opportunity to be more agile, flexible, and better suited for new business opportunities and growth. Remote monitoring, 24/7 support, and disaster recovery solutions can be easily integrated within a hybrid-computing environment – regardless of operating systems, server types, or mobile devices used.
  1. Staged implementation – Be sure to plan your hybrid cloud strategy as a multi-year plan that is deployed in phases. For example, in the beginning, private controlled access to a public cloud service can be granted to internal application developers experimenting with a new business initiative. Or a new customer relations management SaaS (Software as a Service) application can be implemented.

This is the year that even small or midsize enterprises are getting serious about cloud operations and a strategic mix of public cloud services and private cloud may make the transition easier.

CLICK HERE for a free network assessment

What You Can Learn From US Regulator’s Business Continuity Recommendations

U.S regulators have recommended that all fu40tures and securities firms review and update their current data backup, disaster recovery, and business continuity solutions. Prompted by closures in the equities and options market in the aftermath of Hurricane Sandy, Regulators including the SEC, FINRA, and the CFTC contacted firms to assess the impact Hurricane Sandy had on their operations The regulators asked each firm for specifics regarding any backup disaster recovery (BDR) and business continuity plan (BCP) they had in place prior to Hurricane Sandy. The responses they gathered were compiled to develop a list of best practices and lessons learned. The regulators have since gone on to suggest that all firms refer to these best practices and lessons as part of reviewing and improving upon their current BDR and BCP procedures. By doing this, the regulators hope that firms will be better prepared for similar events. Regulators feel that a comprehensive BDR and business continuity strategy will help firms improve responsiveness and minimize downtime. Managed Service Providers (MSPs) have always stressed the importance of the BDR and BCP solutions they offer to small-to-medium-sized businesses. That said, it doesn’t hurt to see what government regulators recommend to those handling our money. We’ve summarized portions of the full report, addressing only the parts that we feel can easily be applied to SMBs. The full report can be read here at http://www.sec.gov/about/offices/ocie/jointobservations- bcps08072013.pdf.

Widespread Disruption Considerations

True business continuity plans go beyond technology. What is the probability of a widespread lack of telecommunications during a disaster? We’re talking no Internet and no cell phone coverage. Large-scale events can knock out power and limit our access to drinkable water and food supplies. Getting around may be complicated. Roadways might be inaccessible and fuel may be scarce. Part of being prepared for the unknown is to assess how any plausible scenario would impact day-to-day operations and services. A critical component to business continuity planning is remote access. Every employee should have the ability to efficiently work from home if a disaster strikes or blocks access to the office. If there is no power or no Internet and phone, alternatives should be defined to carry out key operations.

Alternative Location Considerations

The implications of region-wide disruptions must be factored into the location choices for backed-up data centers. Keeping backups within close proximity may seem like a smart strategy to ensure they’re readily accessible, but this does you no good if it’s a region wide disruption. When it comes to supporting business critical activities at an alternative location, what will be the site’s staffing needs? How about office space, equipment, and available resources? Printed copies of the business continuity plan, contact lists, and other business documents and manuals should also be kept at the alternate site if electronic files can’t be accessed.

Vendor Relationships

Any critical vendor relationships should also have an adequate business continuity plan, as they may be affected by the same event as you. Vendors risk ratings should be considered based on the quality of their BDR and BCP strategies.

Telecommunications Services and Technology Considerations

The telecommunications infrastructure must be enhanced. Consider secondary phone lines, backup mobile phone services with different carriers, emergency Wi-Fi spots, and cloud technology.

Review and Testing

Annual full BCP tests should be conducted. If the business continuity plan changes often, more frequent testing is recommended. All personnel should be trained for their specific role in the plan.

CLICK HERE for a free network assessment.