Technology Advisor Blog

Every Employee Matters
Whether your name is on the sign out front, or you're in a leadership role, or you're just an entry-level employee, the success of the business is in your hands. In that role, you know that each department feeds into the overall health of the business, and you need to ensure everyone, and everything is operating at maximum wellness.

Most of these divisions, or departments, within your business are affected first by the employees who are working within them. By getting all employees on board with security awareness you can address a multitude of threats and risks to your success.

It Takes a Village
Strong leadership helps create a culture where each employee and department feels that they are relevant and part of the company’s success. Part of that success means avoiding the threat of a breach which could very likely destroy your business’s future. Asking for their buy-in means making them feel relevant and valued as not just a risk, but as a part of the success. Today's threats are automated and indiscriminate. Employees need to know that it isn’t just high-level executives who are targets for a data breach. Their level of access or knowledge can be used as a gateway to obtaining any information within a company. Everyone matters – and unfortunately, that makes everyone a target.  Turn the conversation around and show how everyone can help!

This can help to facilitate a team environment where no man left behind becomes part of the culture. There is a tendency to look out for each other when you know that one of you is not dispensable. Create and cultivate that culture.  This is more important than ever when considering cyber threats, as the weakest link will become the point of attack.

Get on the Train
We have fire drills and other emergency training sessions that give our team a heads up on how to react in such a situation, but do you take the same precaution when it comes to cybersecurity? Probably not. We need to change that. Look for ways that are engaging and create team building. You can have contests for security awards, ongoing tallies of scores that unify internal divisions to succeed and band together. Individuals can be nominated and rewarded for reinforcing behavior or actions. Regardless of the method you use, make it fun.

Security awareness is as essential to the success and growth of your company as good leadership and solid decision making are. You cannot avoid facing the risk it poses in today’s business environment. What makes it different, is acknowledging that leadership is not solely responsible for taking on the burden it brings to a business. It is a company-wide risk that leadership needs to acknowledge and ensure that everyone knows their value within both the company and avoiding a cyber crime.

Yesterday we hosted a Cybersecurity Awareness Webinar focused on explaining some of the key impacts to SMBs in plain English. 

Here are some of the key take-aways.

We asked listeners to think about how they secure their own homes from outside threats.  Everyone has doors and windows, to keep people out.  People may have dead-bolt locks, security systems, motion sensors, video cameras, a fence, a big dog, etc.   You get the picture.  It's not just ONE thing that you do for security, it's the combination of a lot things put together that help keep you secure.  Also, different people will have a different level of protection needed to feel safe - everyone has a different level of risk tolerance. 

Now imagine a major crime wave hits your town and your neighborhood.  Imagine that several of your neighbors have had home break-ins.  At this point, most people would wisely reconsider ALL their security options, and strengthen each of the layers of protection and add a few more.  Are ALL your windows locked?  Does your family know what to do when an intruder rings the door bell?  Do you have motion sensors?  Is your alarm system up to date and connected to the police department?   Basically, to retain your level of safety, you must respond with more security protection to address the increased threat.

The same scenario is happening in Cybersecurity.  Cyber crime is now larger than all other forms of organized crime.  We've all seen the headlines, but in a way this has led to "cyber fatigue".  Too many SMBs think that when they hear that Marriott or Yahoo has had breach, they are relieved that they're not a big company and hence not a target.  This is NOT how it works.  Threats are automated and half of all threats hit SMBs.  Smaller events don't make national news, but they're happening everywhere.  In our line of work, we sadly hear about a lot of the local events.

We're advising all SMBs in our community to be very clear about what protection you have and what protection you don’t have, so you can make informed decisions about your security gaps and risk tolerance.

By thoroughly understanding the options, each business can make an informed decision about the level of acceptable risk.  Know your security gaps BEFORE disaster hits.

With an greatly increased threat level, the security basics such as antivirus and security patches just aren't enough any more.  After disaster strikes there isn't much you can do but there's plenty to do ahead of time to prepare, so get started!  We hear from too many people who say "I'll just pay the ransom" or "I have insurance so I'm all set".  Think this through now, and get a better plan!

There’s no such thing as 100% security, but the more layers of protection you have, the safer you are against data loss, breaches, and downtime.  The cyber threat level has increased dramatically over the past few years, and to even maintain the same level of risk, you'll need to increase security.  

Are you still running Windows 7 or Server 2008 in your office?   Microsoft will be ending support for Windows 7 and Server 2008 on January 14, 2020. Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009. When this 10-year period ends, Microsoft will discontinue Windows 7 support so that they can focus their investment on supporting newer technologies.

This is a standard part of the Microsoft product life cycle. After January 14, 2020 technical assistance and automatic updates that help protect your PC and Server will no longer be made available for these products. Your systems will no longer have security protection and will be out of compliance for all major security compliance requirements (MA Data Security Law, HIPAA, etc), so it’s extremely important to be aware of this deadline and start the planning process now.

For everyone on a managed service plan with Ekaru, the operating system report is included in your monthly report, so that’s a good starting point to look at which systems will be affected.  Many newer systems can be upgraded in place and you don’t need new hardware. Older systems will need to be fully replaced.

As a general rule, if the system is relatively new you can upgrade the operating system in place, so your cost is just the license cost for Windows 10 and a small amount of labor.   Our general guideline is that a system less than 3 years old, that has i5 Processor (or better) and solid state drive would fine to upgrade in place.   For an older system that has light usage needs it may also make sense to just upgrade the operating system in place.   Older systems should just be replaced.   In business, after a system is five years old, it's time to replace in general.   There's not point in putting more money into an old system, and your business will be held back by the slower performance of an older system. 

Note that in the early days of the release of Windows 10, many systems were sold as Windows 10 systems, with "downgrade rights" to Windows 7, so you may be lucky and already have a Windows 10 license.  Typically we would start the upgrade and then if a new license key doesn't need to be activated, you will be all set.  In our experience, we can typically tell in advance from the Serial Number, but it hasn't been 100%.

Other cost factors to consider are your Microsoft Office licenses and other line of business applications you may have that can't be transferred to a new system, or won't run on Windows 10 (Office will be fine, but some line of business applications may not).  We want to work with you on planning to help minimize surprises.  You may need to run older applications in "compatibility mode".  An "OEM" license for Microsoft Office can never be transferred to a new system, so you would need to purchase a new license, or consider moving to Office 365, and we we would advise you to factor in this cost to the process.  Also, note that we can now provide hardware on monthly subscription basis, so this may be a fit for many businesses. 

All of these factors are why it's not always just a simple answer as to upgrade in place or replace.   

Sometimes there are activation issues with Microsoft licenses, so we generally plan on a window of two hours to do an upgrade in place.  Typically the upgrades are much faster than this, but if there are license activation issues and we need to contact Microsoft, it may take longer.  

For Server 2008, the system will need to be replaced, or it may be time to consider moving the the cloud.  

We’re advising everyone in our community to have a Windows 7 / Server 2008 end-of-life plan in place by June 15.  

Last week, Ekaru hosted a Cybersecurity Awareness Training session at the Cameron Senior Center in Westford, MA.  It's part of our mission to raise cybersecurity awareness for EVERYONE.  

Everyone needs to know how to stay protected in today's environment, and it's important to know what protections need to be in place for the people who you work with who are trusted with protecting your information.

The presentation covered the current state of the cybersecurity landscape, and offered some practical tips to spot the most common scams.

The world has changed a lot over the past years, and so much of our lives are conducted on line through banking, health records, social media, and more.  By now, everyone knows the Cybersecurity Basics:

• Protect your computer with Antivirus Software
• Keep your security patches up to date
• Use STRONG passwords
• Backup your data

The thing is, the bad actors know this too and they’ve developed some new tricks using social engineering to trick you into divulging your personal information or bypassing your security.  Cyber-crime is now bigger than all other forms of organized crime, and its important to know how you can protect yourself.

The rise of cryptocurrency has allowed criminals to collect money anonymously, and this has led to an explosive growth in cyber-crime.  With basic protections in place by most users, email has become one of the most common attack vectors.

Ransomware, which is a type of malicious software designed to block access to a computer until a sum of money is paid is one of the most damaging threats.  You may think that your data wouldn’t be worth much to a criminal, but that’s not what matters.  How much is your data worth to you?  Typically, Ransomware is spread through email, so watch carefully for messages that contain links for documents, and keep in mind that the bad actors have many tricky tools to use to trick you into opening that message.

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information or payment.

There are three common types of phishing scams:    Brand impersonation, Business eMail Compromise (BEC) Scam, and Blackmail

In a Brand Impersonation email, you may get a fake message from Microsoft to update your password, or a fake email regarding a FedEx Delivery.  Amazon, LinkedIn, UPS, and Bank of America are commonly impersonated brands.

In a Business eMail Compromise Scam, you may get an email that looks like its from a trusted source like boss, attorney, or friend, but it’s not!  Beware that many people have lost money in fake wire transfer scams through email.  If you’re buying or selling a home watch out for any last-minute bank changes.  People have lost their homes over this! 

Losses due to BEC (Business Email Compromise) scams have doubled in 2018, compared to 2017 figures, and have reached a whopping $1.3 Billion, according to the yearly FBI internet crime report.

Blackmail emails will contain threatening language and ask for a payment to prevent further harm.  They can be very detailed and scary, but they are just mass-marketed threats. 

Things to watch for:  Watch out for a sense of urgency in the email, names that may be slightly off, and other threats.  Be extra careful opening attachments or clicking on links. 

Trust your gut, and call the company directly to speak to someone who can verify the request.  Don’t reply to the email and don’t call any numbers listed in the email.

Stay safe on line and Think Before you Click!

A screenshot is an image of whatever's on your screen.  Simply pressing the PrtSc button will save the image of your screen to your clipboard.  If you then go into a document or email, you can hit "paste", or Ctrl+V to insert the image.  Pretty simple!  This is a great short cut when you need to show someone something on your screen or perhaps provide instructions to someone.

Here's a few additional twists on this simple tool:

Save Your Screenshot as a File

Hit the "Windows button" plus PrtSc and you can save the image file to your pictures folder.  The Windows button is near the lower left hand corner of your keyboard - it looks like a square of four squares.  This is a great time saver if you need to collect a lot of screen shots and want to save them for later use.

Take a Screenshot of Part of Your Screen

If you just want to take a screen shot of part of your screen, you can do so by selecting the Windows Key plus the Shift Key plus "s" and this will gray out your screen and allow you to select the region you want to take a screenshot of by dragging your cursor.

Take a Screenshot of Just One Window

If you have a lot of open windows and just want a screenshot of the active window, hit the "Alt" key plus PrtSc.  

Often when we're working with users to troubleshoot a problem we'll ask for a screenshot to see what the error message is.  These shortcuts are also helpful whenever you're creating a document such as instruction steps from your computer.  

Microsoft will be ending support for Windows 7 and Server 2008 on January 14, 2020. Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009. When this 10-year period ends, Microsoft will discontinue Windows 7 support so that they can focus their investment on supporting newer technologies. This is a standard part of their product life cycle.

After January 14, 2020 technical assistance and automatic updates that help protect your PC and Server will no longer be made available for these products. Your systems will no longer have security protection and will be out of compliance for all major security compliance requirements (MA Data Security Law, HIPAA, etc), so it’s extremely important to be aware of this deadline and start the planning process now.

As part of the planning process, it's very important to consider the impact on Line-of-Business Applications.  These are the more specialized applications you may use to operate your business like tax preparation software, electronic medical records, resource planning applications, etc.   Typically, all standard business applications like Microsoft Office (of course), and routine things like Quickbooks will run on Windows 10 just fine, but even though Windows 10 has been in the market for five years, we continue to see some interoperability problems with some line of business applications.  It's very important to understand this before the change is made.  In some cases, vendors haven't kept up and ironed out all the bugs, but in other cases, if you're running an old version of an application, you'll need to upgrade to a more current version to be able to run on Windows 10, and this needs to be factored into the plan, budget, and schedule.  The same considerations are needed for upgrading from Server 2008.

We’re advising everyone in our community to have a Windows 7 / Server 2008 end-of-life plan in place by the end of Q1. For everyone on a managed service plan with Ekaru, the operating system report is included in your monthly report, so that’s a good starting point to look at which systems will be affected. Note that we can now provide hardware on monthly subscription basis, so this may be a fit for many businesses.

Please reach out to us with any questions and to help with the planning process.

Big businesses make the headlines but small businesses are NOT immune to Cyber Attacks!  

Industry leader Datto surveyed over 2400 IT professionals who deal with ransomware and other cyber threats every day, and the results are something every SMB needs to be aware of.

From 2016 to 2018 there has been a 79% increase in ransomware attacks.  35% of IT pros reported multiple attacks for the same SMB in the same day.  Only 1 in 4 attacks are reported, so the news is not making it to the general population.  The cloud and Apple products are NOT immune.  The average cost of the downtime associated with an attack is $46,800.  

One of our missions at Ekaru is to help SMBs create a technology roadmap and we recommend that you download the Ransomware Report to get started. We highly recommend sharing these statistics with your team to raise awareness in your organization.  Ongoing training is one of the key components to help keep your business safe.  Also, please ask about new technologies you can put in place to help safeguard your business.  Antivirus and firewalls are no longer enough to protect against advanced threats, and if you haven't completed a security risk assessment in the past year, now is the time!

Keep your data safe!

We do a lot of cybersecurity training at Ekaru and one of things we tell people is to "THINK BEFORE YOU CLICK".  But what do we need to look out for?

Here's an example of an email received today. It sounds pretty important.  The message is saying that there is a security alert for your account, and there's a sense of urgency around clicking on the link to make sure you're protected.  Sounds like something to act fast on, right?  Actually, its just a fake message designed to get you to click on the link which could be a link to "phish" your email credentials, or to trick you into installing malware.  In either case, danger lurks ahead.

One of questions we get a lot, is "how do I know the message is a fake?".  First, assume if you have any doubt whatsoever, this is probably a good "gut" reaction that you shouldn't proceed.

In this case, the email was sent to an "alias", not an actual mailbox, so that was a big giveaway, but perhaps subtle for many users.  An alias is an address that may be used to go to a particular role in your company or to a group of users (like sales, info, techsupport, etc...)  That was the first warning that it's not even an actual mailbox.

The second warning is that if you were to hover over the link, you'll see the link goes somewhere unexpected.  This is also somewhat subtle because many users don't know that what you print in the email, and the actual link can be completely different.   Also, great care must be taken to not actually slip with your mouse and click through.

The third warning is that if you look at the "properties" of the email, the "path" of the email can be revealed in the technical header of the email.  This is also something that would be simple for an advanced user, but most users aren't aware that the "from" address can be easily faked.

With all your security protection in place, all it takes is ONE user clicking on ONE wrong link to do a LOT of damage to your business.

Given that your team probably isn't composed of a team of tech experts, what should you tell your team?

1. Bring examples of fake messages to your staff meetings and SHOW your team what a spoofed (fake) email looks like.  Years ago they were fully of typos and obviously fake.  Today's messages can look VERY real.
2. Educate users to trust their gut.  If you have ANY doubt about the email, listen to your instincts.  CALL your tech support to find out if there is a problem with your account.  Call a number you already have, NOT any number included in the email (same goes for any fake credit card alerts, etc.)
3. Speak up!  Did you click on the link?  You will need to be disconnected from the network and have your system cleaned.  Keep in mind that many advanced threats are designed to run on timers so you may not notice anything right away and keep working.  Create a culture where people feel free to speak up.  Trying to hide something could do a LOT more harm.

Many messages are designed to get loyal and diligent employees to make a mistake.  The bad actors are working all the time to develop new threats.  With the availability of cryptocurrency, cyber crime is now bigger than all organized crime.  

Talk to your employees about security on a regular basis.  THINK BEFORE YOU CLICK!

This week an astonishing 773,000,000 records were released in a monster breach.  Security researcher Troy Hunt first reported the data set which includes 772,904,991 unique email addresses and over 21 million unique passwords, all recently posted to a hacking forum.

Hunt reports that the data was posted on line for anyone to take and not even up for sale in the dark corners of the web.  In fact, not only is this the largest breach to become public, it’s second only to Yahoo’s breaches which affected 1 billion and 3 billion users, respectively. Fortunately, the stolen Yahoo data hasn’t surfaced, yet, but there's a good chance that if your information isn't out there yet, it will be soon.  

What can you do?

After your data appears in a hacker forum or somewhere on the Dark Web, there's no way to take it back.  For many, this is a wake up call to take better care of password safety.

1.  Use STRONG passwords.  In this particular case, it doesn't matter how strong your password is, if its out there its out there, but using strong passwords is a general safety tip to help prevent many other types of cyber attacks.  
2. Use UNIQUE passwords.  NEVER use the same password (or simple variation) for multiple sites or applications.  Your banking passwords should not be the same as your gym membership password.
3. Change your passwords frequently.  When you hear about a major breach, this is a good reminder to change your passwords as it could be a long time before your credentials wind up for sale.  Think of it like changing batteries in your smoke detectors.  Use some calendar (daylight saving time?) to trigger the change.  Anything other than using the same password for years.
4. Use a password manager.  Think about it.  If you need to use STRONG passwords, and UNIQUE passwords, that you change regularly, there is no way to remember these.  If just one employee in your organization cuts corners, this could put you and your organization at risk.
5. Get Dark Web Monitoring to protect your business.  When breaches make the headlines, everyone takes notice, but this activity happens frequently, and your data can be for sale on the Dark Web long before anyone publicly announces a breach.  Think of Dark Web Monitoring as an early warning system.
6. Use Two Factor Authentication wherever possible.  If your password is compromised, no one can get access to your stuff without the second authentication.    Many users see this as an inconvenience, but it's a critically important safety measure to safeguard your information.
7. Educate your employees on cybersecurity.  One weak link and your business may be at risk.  Too many users still think "it won't happen to me", and too many SMBs think they're under the radar because they're too small.  

For more information on the latest breach, check out a comprehensive summary in  Wired Magazine.  

At Ekaru, we're on a mission to provide enterprise-call service to small businesses.  Please give us a call if you have any questions, or to assess your current security situation.  We're here to help!

 

 

 

It's a new year and a great time to get organized so you can achieve your goals for the year.  January is a great time for business planning, and how you effectively use your time will have a big impact on your ability to achieve your goals.

• Before leaving work each day create a To-Do list of your priorities for the next working day.  Don’t forget to do this on Fridays.  It will help you become more organized.
• As you begin your To-Do list never spend more than 30 minutes being confused. Stop ask for help or - you are wasting time.  These are the boundaries you need to set for yourself.
• One benefit of time management is that if you follow your daily list, it will reduce your stress level.
• Set up deadlines on your projects. Put a time limit on your tasks.
• Follow your prioritized list by completing the most critical and demanding tasks first thing in the morning if possible.
• Schedule a break if needed every 90 minutes for a quick glass of water or a cup of coffee. This will help you maintain high productivity throughout the day.
• Exercise and regulating your sleep patterns also helps with time management. Any form of relaxation is important.   Exercise is also considered a great stress reliever.  Going to bed the same time every night and waking up the same time every day helps with your overall wellbeing.  Many presenters have brought this up during the Hubspot Inbound conference.
• Never procrastinate. You know the famous saying ‘Why put off tomorrow what you can do today? Procrastination wastes your time and your company’s time. I recently saw 'Mary Poppins Returns', and Emily Blunt said "Today or Never" - a great motto to live by!
• This one is tricky: Learn how to multitask!  When working in a fast paced environment it’s the only way to survive some days.  This is not easy and may take lots of practice!
• Start each day by being on time at work. Everyone has traffic to deal with and family morning rituals, but always give yourself extra time to get to work. If you start your day late everyday then you should stay later to make up your time so why start off late everyday…It’s a waste of your time!

 

If you need a little help with time management try a popular app called Toggl.  This app helps you improve what you are doing during the day.  Toggl will help you see where your time is spent and it will help improve your daily routines.