Most computer users, including business owners and managers, know that while computers are incredibly useful, they can pose a security risk. While a security breach for personal users can be serious, it is potentially even more so for businesses. This is why, when it comes to company use, those in charge want to make sure that their systems are secure. The problem is that this is seen to be not only expensive but a drain on time and other valuable resources. In truth though it doesn't have to be.

Here are five low-cost things you can do to ensure that your business is secure.

1. Communication is key Many companies take adequate steps to ensure that their systems are adequately protected. The thing is, many security breaches come from within the company. If your employees keep passwords written on pieces of paper that they leave lying around their desks, this is a security issue. It is a good idea to agree with employees where to keep important information and ensure they follow these rules.

Beyond that, if you implement security changes or new systems e.g., new virus scanning software, it is important that you talk to your staff to ensure they know how the system works and how they can use it. You would be surprised at how much effective communication can help to minimize security issues, and best of all? It's free!

2. Educate your staff One of the more common security issues comes from spam and malware found in emails. It is a good idea to educate your staff on how to spot these different types of emails and other malicious websites, as well as how to avoid them.

It is worthwhile ensuring that your employees know their roles when it comes to security too. If you have a secretary who you believe is responsible for ensuring the office is locked at the end of the night, take steps to ensure that this person understands their responsibilities. The same goes for computers your staff use: If they are responsible for conducting security scans let them know this. While this may take some time, the cost is low to free.

3. Keep track of your keys To ensure the security of your IT systems and your physical office, you should keep control of your keys. That is, both the physical keys and those associated with your software (the codes you enter to verify software and unlock full versions).

Keep track of which staff members have a key to the office and if possible number them. The goal here is to know where your keys are at any given time, and if a staff member changes employers make sure you ask for them back.

Many software keys or licenses are single use only. If you invest in software and an employees steals this along with the key, you will likely have to purchase the software again. A good tip is to keep software keys secure and separate from the software itself. The best part about this step is that the cost of doing this is minimal.

4. Keep your software updated Hackers can be a lazy bunch. They will often target those with out of date software, because it's usually easier to hack. To reduce the chance of being hacked, you should take steps to ensure that your software is up-to-date. This includes your virus and malware scanners, as well as browsers and even software you don't use.

Get your staff to perform a 'software audit' on their computers on a regular basis. This means going through their computer and properly uninstalling software that they don't use, while also taking time to ensure their system is completely updated. This step is easy to implement and will cost you next to nothing.

5. Keep important systems off site Many small to medium businesses keep their servers on site. While this is convenient as your systems are right there and easily accessible, this could also create a security issue. One way to minimize this is to work with an IT partner who can host your systems or servers off site or in the cloud. While this involves some cost, working with an IT partner could save you profits and productivity in the long run, as good providers will ensure that your systems are secure and working properly.

If you are looking to make your systems more secure, please contact us today. We may have a solution that will work for your business.

One of the more common security issues revolves around the passwords you use to access various Internet sites, your computer, and even your work systems. Chances are, you don't use the same password for all these different systems and accounts. While this increases the chance of your private information and files remaining secure, it can be a pain to remember so many passwords. That's why a password management system is helpful. The question is, which kind?

Below is a brief overview of the four types of password management system you can use.

1. Cloud or Internet-based These systems are usually cloud based and accessed through an app or browser plugin. Apps ordinarily store your passwords, or generate one to use, and will automatically apply this when you visit a site that requires a password. These systems are great for breaking the one password habit, However, because they store all of your passwords in one place, they could become a target for hackers.

2. Cloud or Internet-based with two-factor authentication The next step up from the cloud-based password management system is one that supports two-factor authentication. Your passwords are still stored in the cloud, but you will need to provide another piece of information before you can access sites.

The interesting thing is that many of the cloud based password systems actually offer this in their premium offerings. So, not only do you get better password protection, but it's with the same system meaning you likely won't have to switch.

The cloud based systems are a good idea if you use more than one system on a regular basis and if you work from outside of the office.

3. Computer-based Computer-based password management systems are similar to the cloud versions, only the passwords are stored on your computer, and accessed using a master password. Because many hackers usually don't go after individual hard drives - they have to get through your network and then find the program and try to break the password - the chances of your passwords being exposed are minimized.

The only problem with systems like these is that you normally have to log in for the service to work. If you forget to log out and someone walks by, they will be able to access everything. However, for the manager who wants a secure system, this is a better option than the cloud based versions.

4. USB-based There are a number of USB devices that have a smart card in them that can store passwords. When you plug in the USB to your computer, the software on the USB can input the stored passwords when needed. These devices are typically more expensive, with some costing as much as USD$100, but they offer the highest amount of security as your passwords are kept with you.

The main downside to these devices is that they aren't the biggest and are usually about the size of a standard USB stick. This means that they are easier to lose, making getting your passwords back even tougher.

If you are looking for a better way to keep track of your passwords, please contact us today to see how we can help.

Consumerization is the trend in which new information technology first makes waves in the consumer market, and its popularity then prompts businesses to adopt strategies to incorporate it into their processes. But the real questions are: how does it really affect your business, and what should you do about it?

"People say you have better technology at home than at work. That's true. Thirty-seven percent of U.S. info workers are solving customer and business problems using technology they master first at home, then bring to work."ⁱ

So says Vahé Torossian, corporate vice president of the Worldwide Small and Midmarket Solutions and Partners (SMS&P) group at Microsoft. His comment illustrates the growing trend in IT referred to as consumerization, which is when new IT comes out first in the consumer market and is then adopted by business organizations.

With more and more organizations adopting this trend, many companies find it hard to catch up with everything else that comes with the package. For some, consumerization works fine and is beneficial, but there are also those whose operations become more open to risk because of it.

It's become quite clear that, at the very least, companies need to look at both the short and long term effects of consumerization on the way they do business. Studies should be completed on its effects, and policies need to be developed to properly address the trend. The benefits can be significant, but the risks – such as the increased vulnerability of your system due to decreased security when work is done outside the office – can pose a serious threat as well.

While the general consensus is that new trends mean better business, it's the way you handle the details that determines how they affect your organization and your productivity – which is why it's best to fully understand the trend and its impact on you. We encourage you to give us a call so we can sit down with you and discuss strategies and policies you can use to respond to consumerization based on your specific needs.

ⁱ Reference

It seems that there is a security threat or leak in the news almost every week. The majority of these leaks tend to revolve around account information and passwords being stolen and released on the Internet for anyone to view. In truth, most of the passwords released are secure, but not 100% secure. Anyone with a powerful enough computer and the right tools can crack almost any security measure. The only thing you can really do is come up with strong passwords.

If you want to minimize the chances of your password being hacked, here are five things you should NOT do.

1. Don't pick short passwords

While short passwords are easier to remember, they are also easier and quicker to hack. The most common way to hack passwords is by using brute force: Developing a list of every possible password, then trying this list with a username.

Using a mid-range computer like the one many have on their desk, with a normal Internet connection, you can develop a list of all potential passwords astonishingly quickly. For example it would take 11.9 seconds to generate a list of all possible passwords using five lowercase characters (a,b,c,d,etc.) only. It will take about 2.15 hours to develop a list of all possible passwords using five of any computer character. Once a hacker has the list, they just have to try every potential password with your user name.

On the other hand, a list of all 8 character passwords with at least one special character (!,@,%,etc.) and one capital letter would take this computer 2.14 centuries to develop. In other words, the longer the password, the harder it will be to hack. That being said, longer passwords aren't impossible to hack, they just take more time. So, most hackers will usually go after the shorter passwords first.

2. Don't use the same password

The way most hackers work is that they assume users have the same password for different accounts. If they can get one password, it's as simple as looking through that account's information for any related accounts and trying the original password with the other accounts. If one of these happens to be your email where you have kept bank information, you will likely see your bank account drained.

It's therefore important to use a different password for every online account. They key here is to try and use a password that's as different as possible. Don't just add a number or character onto the end of a word. If you have trouble remembering all of your passwords, try using a password manager like LastPass.

3. Don't use words from the dictionary or all numbers

This article published last year on ZDnet highlights the 25 most popular passwords. Notice that more than 15 contain words from the dictionary, and most of the rest are strings of common numbers. To have a secure password, most security experts agree that you should not use words from the dictionary or number combinations that are beside each other (e.g., 1234).

4. Don't use standard number substitutions

Some users have passwords where they replace letters with a number that looks similar, for example: h31lo (hello). Most new password hacking tools actually have combinations like this built in and will try a normal word, followed by replacing letters with similar numbers. It’s best to avoid this.

5. Don't use available information as a password

What we mean by this is using information that can be easily found on the Internet. For example, doing a quick search for your name will likely return your email address and social media profiles. If you have pictures of your kids, spouse, pets, family, their dates of birth, etc. on your Facebook profile and have put their names in captions, it's possible for a hacker to see this (assuming the pictures are shared with the public).

You can bet that they will try these names as your password. You would be surprised with the amount of personal information on the web. We suggest searching for yourself using your email address(s), social media profile names, etc. and seeing what information can be found. If your passwords are close to what you find, it would be a good idea to change them immediately.

There are numerous things you can do to minimize the chance that your passwords are stolen and accounts hacked.

 

Email has become the main communication medium for companies and the public alike, as it's just so much easier and faster than writing a letter or even making a phone call. Unfortunately, email has also made it easier to commit crimes like fraud. It can be hard to detect a fraudulent company or email, but there are some things you should look out for.

Here's five tips to help you spot email frauds or scams.

Look at the email address One of the easiest ways to spot a fraudulent email or scam is by looking at the email address of the sender. Many credit card application scams use third party email services like Gmail or Yahoo. Some scammers go so far as to set up accounts in the name of the company e.g., AMEX_121@gmail.com.

Sophisticated scammers will actually try to copy the legitimate company's email account - a practice called spoofing. They will usually have a few changes like a missing letter from the address, or an extra . added.

The easiest thing you can do is look for the sender's site on the Internet. For example: You get an email from AMEX OPEN (American Express's small business credit card) and notice that the sender's email address just doesn't look right. Go to Google and search for amex fraud. You'll likely find the fraud page which tells you exactly how the company sends emails. If the sender is a smaller company, most of these will have email contact addresses right on the site, take a look and compare the two. If they are different, the email is likely a scam.

Look at the sender's website If you think an email is fraudulent, try looking up the website associated with the sender. Should you be unable to find the site, it's likely a scam.

If you find a website, click through some pages to see if there is anything that looks out of place. For example a website selling a new financial service has pages with Coming Soon or you get errors when you try to load the page. If it looks fishy, it likely is - delete the email.

It would also be a good idea to go to archive.org's Wayback Machine, copy and paste the website's URL into the The Wayback Machine Search bar and hit Take me back. This will bring up previous versions of the website. If you see that the site in question was something completely different a few months to a year ago (e.g., it is a financial services page now, but six months ago it was a page selling prescription drugs), chances are high it's a fraud.

Call them Many scammers will put phone numbers into emails to make them look more legitimate. If you are unsure about whether this email is legitimate or not, why not try calling the number? Many scammers run more than one fraud operating at the same time and may answer the phone with another name, or not at all.

Similarly, if you call a local number of a supposedly small business and get routed directly to voicemail, it's likely fraud.

Look carefully at the body of the message The body of the email can also be a great way to suss out email scammers and potential fraud. Because many fraudulent emails originate outside of the major English speaking countries, there will often be language that just sounds different from the way people write in your area. One great example of this would be a line like 'We wish to sell you a great product.'

You should also look for spelling errors, grammar mistakes or inconsistencies. While some fraudulent emails will have minor spelling inconsistencies, others will spell common words wrong. If you see mistakes like 'our product are a great deals', this should raise a warning flag.

Spelling and grammar errors are a part of business communication, so don't expect a perfect email from all companies, especially if you see that the company is located overseas. It's the emails with mistakes supposedly coming from companies in your area that should really raise alarm.

The sender asks for money or passwords It's kind of an unwritten rule that when sending out emails you never ask for a person's credit card number or account passwords. Banks, large companies and many social networks will never ask you for passwords or account information, credit card numbers, pin codes, etc of any kind over email. If you notice that an email selling something asks for you to reply with a credit card details so you can make a purchase, it's best to delete the email as it's likely a fraud.

Email fraud is a big deal, and unfortunately it will likely become even more common in the near future. This means you should be able to spot potentially fraudulent emails. If you think an email is a scam, it's best to just delete it immediately. Don't respond or forward it to colleagues or employees. If you need to let people know, write another email that describes the suspected email but has no links. You can also forward a screenshot to your colleagues or friends to illustrate the scam.

Looking for more ways you can protect your company? Contact us today. We can work with you to develop a security system that will meet your needs.

Computers, while used in nearly every office, still mystify the vast majority of users. Sure they know how to operate one, but when it comes to ideas like the Internet and viruses, malware, trojans, etc. most people are lost. This is largely because of the large number of myths and lies about things like viruses, it's hard to know what is fact or fiction.

Here are five common myths about viruses that confuse people, and the truths associated with them. Before we delve deeper it would be a good idea to explain what a virus is.

A virus is a computer program that infects a computer and can generally copy itself and infect other computers. Most viruses aim to cause havoc by either deleting important files or rendering a computer inoperable. Most viruses have to be installed by the user, and usually come hidden as programs, browser plugins, etc.

You may hear the term malware used interchangeably with virus. Malware is short for malicious software and is more of an umbrella term that covers any software that aims to cause harm. A virus is simply a type of malware.

Myth 1: Error messages = virus A common thought many have when their computer shows an error message is that they must have a virus. In truth, bugs in the software, a faulty hard drive, memory or even issues with your virus scanner are more likely the cause. The same goes with if your computer crashes, it likely could be because of something other than a virus.

When you do see error messages, or your computer crashes while trying to run a program or open a file, you should scan for viruses, just to rule it out.

Myth 2: Computers can infect themselves It's not uncommon to have clients bring their computers to a techie exclaiming that a virus has magically appeared on the system all by itself. Despite what some may believe, viruses cannot infect computers by themselves. Users have to physically open an infected program, or visit a site that hosts the virus and download it.

To minimize the chance of being infected you should steer clear of any adult oriented sites - they are often loaded with viruses, torrent sites, etc. A good rule of thumb is: If the site has illegal or 'adult' content, it likely has viruses that can and will infect your system if visited, or files downloaded from there.

Myth 3: Only PCs can get viruses If you read the news, you likely know that many of the big viruses and malware infect mostly systems running Windows. This has led users to believe that other systems like Apple's OS X are virus free.

The truth of the matter is: All systems could be infected by a virus, it's just that the vast majority of them are written to target Windows machines. This is because most computers run Windows. That being said, there is an increasing number of threats to OS X and Linux, as these systems are becoming more popular. If this trend keeps up, we will see an exponential rise in the number of viruses infecting these systems.

Myth 4: If I reinstall Windows and copy all my old files over, I'll be ok Some believe that if their system has been infected, they can simply copy their files onto a hard drive, or backup solution, reinstall Windows and then copy their files back and the virus will be gone.

To be honest, wiping your hard drive and reinstalling Windows will normally get rid of any viruses. However, if the virus is in the files you backed up, your computer will be infected when you move the files back and open them. The key here is that if your system is infected, you need to scan the files and remove the virus before you put them back onto your system.

Myth 5: Firewalls protect networks from viruses Windows comes with a firewall built into the OS, and many users have been somewhat misled as to what it actually does, and that firewalls can protect from viruses. That's actually a half truth. Firewalls are actually for network traffic, their main job is to keep networks and computers connected to the network secure; they don't scan for viruses.

Where they could help is if a virus is sending data to a computer outside of your network. In theory, a firewall will pick up this traffic and alert you to it, or stop the flow of data outright. Some of the bigger viruses actually turn off the firewall, rendering your whole network open to malware attacks.

What can I do? There are many things you can do to minimize the chances of infection. The most important is to install a virus scanner on all of your systems, keep it up to date and run it regularly. But a defensive strategy like this isn't enough, you need to be proactive by:

• Not installing programs from sources you don't know or trust
• Being weary of any program that asks you for your password
• Not installing any browser add-ons or plugins suggested by websites. Instead, download them from the browser's app store, or the developer's website.

If you are worried about the security of your systems and network, call us today. Our team of security experts can work with you to provide a plan that will meet your needs.

Pause for a minute and think about how you use the Internet. Chances are you visit a handful of sites on a regular basis, and likely have accounts with them e.g., a Facebook profile. Do you remember when you signed up for them? You were given the option to read and agree to the Terms of Service or Privacy Policy. Did you read it? If you did, did you know that these terms and and policies change on a regular basis, often without you knowing? Luckily, there is a way to keep track of most Terms of Services and policy changes.

Terms of Service for websites change on a fairly regular basis, and many of us simply have no way of knowing if and when such changes have been made, and what exactly has been changed. That's why a group of lawyers and professionals started Docracy. According to the website, "Docracy is a home for contracts and other legal documents, socially curated by the communities that use them." The company aims to make legal documents freely available.

Part of this site is the Terms of Service section which is a database of over 1,000 popular websites' Terms of Service and Privacy policies. It tracks them and notes when changes are made, and highlights these changes so they are easily found.

If you visit the site here, you can see a list of changes that companies have recently made, and clicking on one should give you basic change information. Clicking on See Full Changes will bring up the full doc with the recent changes highlighted.

Selecting See Full Directory will bring up every policy that the website tracks, and allow you to read them.

Is this useful for my business? Online law is very complicated, and many companies that run websites that you may have accounts with often don't make it easy for you to find legal contracts or policies. A good example of where Docracy is helpful is if you want to know who exactly owns your content stored on a popular cloud service. You can go to Docracy's database and quickly find the related Terms of Service. From there you can download the document and look through it, or view it on the site.

Basically this site can help you get a clearer picture on the various contracts you sign with websites, and how these websites plan to use your data. For many business owners, knowing exactly what other companies are going to do with your data can help you find a more secure solution. After all, being prepared with the correct knowledge is half the battle.

If you would like to learn more about Docracy, or how a change to a Terms of Service could affect your business please contact us today.

A large portion of our daily lives is now spent online. We are usually connected at work and when we go home will probably sit in front off the TV while browsing on our phone or laptops. Pause for a minute and think about all the different websites you have accounts with. If you're like most people, the vast majority of these sites have your private information, which you freely give. Do you take steps to protect this information? If not then it may be time you did.

Here's three things you can do to help secure your personal data shared online.

1. Realize your online actions are risky Read any tech related blog, or even syndicated news articles and it's not hard to see that identity theft and cybercrime in general is not only serious, but on the rise. Let's face it, our online actions are risky. As with any plan, the first step is realizing that there is a problem that needs to be fixed. The first step is to educate yourself about online security, what steps you should take, and what exactly it is.

For example, here's a great article written in the middle of February about how different age groups react to Facebook changes, and if they take steps to minimize who can view their personal data. It's kind of interesting to see that the younger generations take more steps to secure their profiles than their parents, yet you still see people with reputation damaging pictures that can be viewed by anyone.

2. Take matters into your own hands Many people already know their personal information online is at risk, but there are further things you should do to minimize any dangers:

1. Don't rely on websites to keep you secure - Websites like Facebook are companies. They exist to make money. How do they do it? Often by selling information you have given them access to. That's not saying site owners don't look out for their customers' best interests - many do. What you need to do though is look at all the sites you have accounts with and ensure your information is secure to the level you are happy with.
2. Provide the least amount of information possible - Think about the last time you joined a social network, or mailing list. You likely were asked to provide your name, address, birthday, etc. Did you know that you don't have to provide all the information requested? Most sites only require your name and birthday, the rest is optional - usually used to provide better service or targeted ads. Many sites will put an asterisk beside required information to let you know that you have to supply this.
3. Think twice before signing up - It's a good idea when signing up for a new account to think twice. Do you really need this account? Or can you get by without it?
4. Use separate email accounts and passwords - Setting up different email accounts is a good idea. One should be for personal use, so the address is given only to people you know. Another could be for all of your online accounts, with a final one strictly for password recovery. It would be best to make the addresses as different as possible. Beyond that you should have separate passwords for each account and every service. This will limit hackers from being able to gain access to multiple accounts.
5. Secure your browsing - Almost every website that asks users to sign up for accounts offers a secure version of the site. Enter https://www. before the site address, e.g., https://www.facebook.com. https is a secure communications protocol that ensures one is communicating directly with the website - you're actually looking at Facebook, not a phishing site designed to steal passwords.

3. Encourage others to think It's not enough to just take action yourself. Encouraging colleagues, friends and family to also take steps to protect their online information and identities, is worthwhile. There are many great ways to help spread the word about safety, including the National Cyber Security website, which has information on Internet related security. Check it out, and share it!

If you would like to learn about how we can help you keep your information and data safe online, please contact us today for a comprehensive solution!

Possibly one of the most frightening things we can experience is suddenly finding out that our work laptop, or phone has gone missing, and with it vital data. This can be a devastating setback, as there is a pretty high chance you may not recover your device. Luckily, there is a solution that can help you track down lost tech.

Prey is an Open Source - free - program that you can install on your computer or mobile device and track it when it's missing, or been stolen.

How it works First you have to download the software - from here - onto your computer (Windows, Mac or Linux are supported), and sign up for an account. You have a couple of options here: You can either sign up for an account with Prey and access a control panel through the website, or install it as a standalone which is recommended for advanced users as it requires some server configuration.

If you chose to go with the Web option you sign up for an account and install the software then register your main device along with extra ones like an Android, or your iOS device. Once you have downloaded Prey and linked them together, you are ready.

When your device is lost, you log into the Web Control Panel on Prey's site and can report it as missing. You can also turn on different actions which allow you to track the computer's location, network status and hardware usage. There are also other options like the ability to snap a picture using the webcam (if you have one), or even sound an alarm. You can even lock the system or phone ensuring people can't access it.

For mobiles, you can send these a text (from the Web Control Panel) which will initiate the established options you have pre-set for when your phone goes missing.

How Prey finds your device's location depends on the device. For laptops, it can turn-on your Wi-Fi connection and try to connect to the nearest access points. It can take the IP address of each Wi-Fi access point and from there get an approximate location - in some areas as close as 200 feet. On your phone, it turns on the GPS (if available) and tries to connect to Wi-Fi networks in range. These two combined can generate a fairly accurate location.

All this tracking information is sent to your inbox in the form of a report, which can be tailored to meet your needs.

What makes this program different from other similar ones is that it can be installed across multiple platforms and managed from one account. It's also free, which makes it even more attractive. There is also a Pro version which allows you to track more devices, for a monthly fee (USD$5 for 3 devices up to USD$399 a month for 500 devices).

Prey is just one of the many device tracking programs, and installing one may be a good idea, to give you a greater chance of retrieval if your phone or computer is lost or stolen. Do you use one already? If so, which one? If you would like to learn more about Prey and the other device tracking programs please let us know, we may have a great solution for you.

With the increasing popularity of social media services, it's not surprising that hackers are constantly testing the security a site and its users employ. From time-to-time the hackers are successful. For the most part, what the hackers do is either publish user passwords or bring the system down. The first big security breach of the year has just been reported.

It only took one month for the first major security breach of a social network, and this time it happened to Twitter. On the first of February, Twitter announced on their blog that slightly over 250,000 accounts had been compromised.

At this time, Twitter doesn't know who is responsible for the attack but according to the blog post they know that, "The attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords."

Yes, the hackers did get access to passwords, although the company noted that they got the 'encrypted/salted' versions, this means they didn't actually get the passwords themselves. To get the account passwords they would have to decrypt the information first, something many hacker's don't bother with.

What does this mean for my company? If you or your company has a Twitter account, you would have already have received an email if your account was breached. While 250,000 sounds like a high number, keep in mind that there are over 72 million active accounts (users who post more than once a week).

While this is a drop in the proverbial bucket, it's still a security threat that you should act upon. At the very least you should take steps to change your password. You can do this by logging into Twitter and pressing the cog in the top right of the tool bar. Select Settings followed by Password. Enter your current password, followed by a new password and verify it. Press Save changes and you are done.

It is a good idea to pick a completely new password, one with numbers, letters and if possible special characters like !, $ or ^. At the very least, it should be different from any other passwords you use.

Looking to learn more about the security breach or if Twitter is right for your business? Give us a shout, we'd be happy to talk social media with you.