Blog

ThinkstockPhotos 498462398

What Employees Need To Know About Phishing Attacks

Phishing is just one of many tools in a hacker’s repertoire and happens to be one of their most effective.  Through phishing, hackers dangle their bait in front of preoccupied employees who would never dream that their PC could provide an open door for a hacker.  That’s why it is so important that employees understand how phishing works, how costly it can be, and what they can do to avoid letting themselves become an unwitting accomplice to a hacker’s attack on their company.

Phishing

The Nature of Phishing

Phishing involves a malicious entity that sends out emails that look like they are from reputable, well-known companies (maybe even the employee’s own employer) – but these emails are not what they seem.

Sometimes the purpose of a phishing email is to trick the recipient into revealing information such as logins, passwords, or personal information. Other times, phishing emails are used to install malware on the recipient’s computer. Once the hacker behind the phishing attack has succeeded in infiltrating the target system via login information or malware, the damage they cause quickly escalates.

Phishing Can Be Very Costly

So how expensive can phishing be?  Well, consider what happened to a bank in Virginia that fell victim to two phishing attacks in just eight months. Their disaster began when an employee received and opened a phishing email which succeeded in installing malware on company computers.  The malware was able to use the victim’s computer to access the STAR Network, a site used to handle debit card transactions.  Through the STAR Network, the hackers behind the malware were able to steal $569,000 in that one incident alone.

But that wasn’t the end of the matter.  Eight months later, even after hiring a cybersecurity forensics firm and following their advice to better secure their system, the same bank was victimized again through another phishing email.  This time, the hackers again gained access to the STAR Network, but then used the bank’s Navigator system.  Through those systems combined, the hackers were able to credit money to various bank accounts and then withdraw the money using hundreds of different ATMs.  Losses from this incident amounted to almost $2 million.

To make matters even worse, the bank’s cyber insurance provider denied coverage and the bank is now forced to pursue a lawsuit to recover their losses.

The Very Real Dangers Of Phishing Attacks

Phishing wouldn’t be so effective if it wasn’t so easy for busy employees to fall victim to seemingly legitimate emails or innocent-looking attachments.  The malware that was used to initiate the first attack on the bank discussed in this article was embedded in a Microsoft Word document.  Most of us have worked with thousands of Word documents during our careers and have never been victimized by one – but it only takes one time to cost a business millions of dollars.

In this case, once that document was opened, the malware was installed and the group behind it had access to what they needed. The bank in question hired Verizon to investigate both incidents. It was finally determined that the same group of Russian hackers were likely responsible for both attacks.

Common Sense Required

Even the most powerful of cyber security systems is still susceptible to attacks that take the form of phishing or social engineering. As long as people continue to subscribe to the view that firewalls, anti-virus, and anti-malware systems provide all the protection against cyberattacks that a company needs, then successful phishing attacks will continue. Education is one of the forgotten keys to foiling phishing attacks.

Employees need to be taught how to recognize a suspicious email and be given real-world examples of how convincing phishing emails can appear.  They need to be encouraged to view both emails and attachments with a critical eye.  Employees must also understand that, under no circumstances, is there a legitimate reason for someone to ask for their password.

Another aspect of this type of education is making sure that people realize that the targets of phishing are not C-suite executives or IT technicians, but employees from all levels.  Through a connection to the company’s network, any employee’s computer could serve as a launching pad for an industrious hacker’s plan of attack.

Conclusion

Phishing attacks are a reality that must be addressed if a company wants to avoid becoming a victim.  These attacks often result in very expensive losses that may not be covered by insurance.  While the importance of a rigorous cyber security system is never to be overestimated, neither is the importance of employee education.  Too many employees have unwittingly become accomplices in costly cyberattacks because they didn’t recognize a phishing email and never thought they could be the target of one.  The first line of defense against phishing isn’t a network firewall, but a trained employee who knows how to recognize a suspicious email or a questionable attachment.

What Employees Need To Know About Phishing Attacks Read More »

word image

Google’s Recent Speed Update (Questions/Answers)

Google Speed Update Is Now Out.

What Does This Mean for You?

On July 9th, Google began rolling out the Google Speed Update that they first announced in January 2018. So why is Google’s new speed update important for you if you have a business website?

Bounce Rates Affect Search Rankings

According to Google data, a 3-second load time increases the bounce rate by 32%. Bounce rate is an Internet marketing term used to evaluate web traffic. It represents the percentage of visitors who enter the site and then leave (“bounce”) instead of remaining to view other pages on the same site. What’s more startling is that if your site takes 5 seconds to load, it can increase your bounce rates by 90%, according to Google. To put it in laymen’s terms, every bounce could mean a prospective customer lost.

Since 2010, Google has determined that site speed is a direct ranking factor. Google sees a bounce as a strike against the site in their rankings. At the time, in 2010, this was a desktop-only search update, but the new update includes mobile sites as well.

Google now suggests that website creators embrace a mobile first attitude to accommodate a large number of people now using mobile devices to browse the web. This means that pages should load in less than a second, as slow sites will pay the price in terms of lower search rankings.

While this new update only affects a small percentage of queries and has no precise sign of percentages, according to Google, it’s still important to investigate how Google’s speed update affects you.

What Pages Will Google Speed Update Affect?

The speed update will only affect the slowest pages; the ones that Google states, “deliver the slowest experience to users”. If you already have a site with pages well optimized for speed, this update is not exact enough for you to troubleshoot ways to lower your load time by milliseconds.

However, if you do have pages with poor load times, the update should cause you to sit up and take notice. Many companies depend on consistent organic traffic to push their business, so poor load times should be a big concern.

How Can You Determine Your Page Speed?

It’s important to determine how fast your site loads and where the holdups are. There are several tools you can use to do this. Here are some helpful tips you can use to measure and troubleshoot website speed and page load times.

Google Page Speed Insights

word image

A good place to start for measuring website load times is Google Page Speed Insights. On this site, type and enter the URL of the page you want to check. You will get a report evaluating page speed and user experience, as well as tips on ways to make your website faster.

Pingdom

word image 1

Pingdom has a website speed test tool similar way to Google Page Speed Insights, but it gives you a report divided into several sections. These include page analysis, a performance grade and a waterfall analysis, helping you identify the most vital causes of website slowdown and how to fix them. It also does a great job of explaining its analytics and testing using a color-coded system.

GTMetrix

word image 2

GTMetrix combines information from other online page speed tools. After you enter your URL into the on-screen box, it generates a report highlighting tons of different aspects of website load times, and it grades each one from A to F. This grading system lets you take a peek at the areas of your site that worked well and the ones that need your help. Also, GTMetrix ranks the serious issues first, in order of importance, so you know what needs the most attention.

Google Analytics

word image 3

Google Analytics shows you which pages are underperforming and gives tips on how to identify significant trends as to whether things are getting better or worse. It does this by including site speed in its reports, which can be found in the Behavior section. The Page Speed Suggestions link shows how individual pages could be improved, allowing you to focus on the most important pages first.

How Do You Fix Website Page Speed Issues?

Once you have identified the holdups on your site, the next move is to fix them. All of the tools listed above make suggestions.

Here is a list of the most common recommendations you find on these tests:

  • Reduce the size of your images
  • Refine your hosting
  • Optimize your code
  • Use a content delivery network
  • Compress your site
  • Use caching
  • Optimize scripts
  • Reduce the number of external services you use

After you make the recommended fixes, it’s a good idea to test your site to establish a benchmark and re-test at regular intervals.

Any Other Suggestions?

One last tip that Google gives about the speed update is, “The intent of the search query is still a very strong signal, so a slow page may still rank highly if it has great, relevant content.”

Although speed is important, it should not take precedence over the strength of your site’s content. Bad content that loads fast will not rank well. Good content is always going to make your site stronger.

However, if you have great content that is performing well, but your site speed is slow, you might as well take the steps to improve your speed to ensure the best rankings.

 

Google’s Recent Speed Update (Questions/Answers) Read More »

ThinkstockPhotos 865947766

Are You Safe From A Cyber Attack? (Business Owner Information)

Cyber threats are continuously advancing with new and more complex threats rising to the surface around the globe. In order for a business to meet its objectives and deliver its product and services, it has to be increasingly dependent on technology, including the Internet. While this increases cyber risks that could cause a disruption to your company, it is a manageable risk with the right cyber security solutions in place.

Cyber Attacks

Businesses face a multitude of cyber threats, some with severe effects that will require strict security measures. As a business leader, you may not need a clear understanding of the technical details, but in this new age, you should know exactly what your IT team is doing to protect your company from cyber threats.

Your team may have security protocols in place, but have you looked deeper into your cybersecurity lately? Where are your biggest weaknesses?

This article provides key questions to guide you in your discussions about cybersecurity risk management with your team.

5 Questions Leaders Should Ask About Cyber Threats

How Is Our Top Leadership Informed About Cyber Risks to Our Company?

Consistent communication between the company head and those responsible for managing cyber risks provides constant awareness of current risks affecting the company and the impact it can have on a business. Since the buck stops with you, the CEO is responsible to manage and oversee the business’ risk management. This

oversight includes the on-going evaluation of cybersecurity budgets, incident reports, risk assessment scores, and policy improvements.

What Is the Present Business Impact of Cyber Risks to Our Company, and What Is Our Plan to Address These Known Risks?

Cybersecurity does not necessarily mean applying a checklist of requirements.  It is ensuring that your company is managing cyber risks to a satisfactory level. Managing cybersecurity risks keeps a strategic framework in place for your team that evaluates and manages cybersecurity risk throughout the company.

Identifying critical data and its impacts from cyber threats are crucial to understanding a company’s risk to exposure of a cyber-attack.  Whether you look at it from a financial, competitive, reputational, or regulatory point of view, risk assessment outcomes and team feedback is important to identify.

Is Our Cybersecurity Program Applying Best Practices and Industry Standards?

An across-the-board cybersecurity plan leverages industry standards and best practices to protect systems that house your company’s important data. Your plan should uncover impending problems before they arise. This proactive strategy enables your team to initiate a timely response if an attack were to occur. Keep a strong recovery plan in place that prevents you from making rash decisions due to panic.

Establishing a good baseline for compliance requirements helps to address specific vulnerabilities, but they do not sufficiently speak to new and active threats or sophisticated attacks. Using a risk-based approach to apply cybersecurity standards and practices will result in much more cost-effective and comprehensive management of these risks than simple compliance activities alone. Consistently asking “what if” questions will help you stay ahead of the attack.

What Types of Cyber Threats Does Your Security Team Identify Each Week?

Your IT department should be able to calculate how much malicious traffic is being stopped by your current security protocols. Awareness of your business’ cyber risk situation needs to involve the timely detection of data breaches, and an awareness of current threats and vulnerabilities to your company. Your IT staff should be consistently analyzing, gathering, and integrating risk data from different sources and participating in threat information sharing with your team.  This will help you identify and respond to threats rapidly. The best scenario is to safeguard your network from attack in the first place.

How Far-reaching Is Our Cyber Incident Response Plan? How Often Do We Test It?

Do you have a network operations center reporting to you? They can provide real-time and trending data on current cyber threats. What about a manager who can identify deliberate risks, such as risks to the supply chain generated by third-party vendors? A high number of cyber-attacks involve third-party vendors who get careless.

An early response can constrain or even prevent an attack on your network. A significant piece of the puzzle includes your company’s cyber incident response preparation. Planning should be carried out in conjunction with other important entities that you interact with day-to-day.  This includes incorporating cyber event response procedures with your current policies. A strong disaster recovery and business continuity plan should already be in place.

Some key players in this security planning could include the following:

  • Chief Information Officer
  • Chief Information Security Officer
  • Business Partners
  • System Operator Partners
  • General Counsel
  • Public Affairs

Wrap Up

When you go through these 5 questions with your team, you will be able to better measure the condition of your current security and ensure you have a plan to proactively manage cyber security for the future. Revisit these questions often to accurately address new cyber threats. Cyber security is a dynamic, ever-changing field that requires vigilance.

Are You Safe From A Cyber Attack? (Business Owner Information) Read More »

ThinkstockPhotos 654499764

What The Sunset Of Windows 7 Means To Its Users

Windows 7 is being “put out to pasture” by Microsoft at the beginning of 2020.  Not all Windows 7 users are aware of precisely what this means and how it can affect their day-to-day business.  Because of impending issues, such as steadily degrading usability and increasing security vulnerabilities, Windows 7 users need to know what to expect and what their options are.

Quick Background On Windows 7

Windows 7 was released in October of 2009.  Its purpose was to serve as an incremental upgrade to the not-so-well-received Windows Vista operating system. Windows 7 included some much-needed improvements to Windows Aero, the new user interface that Microsoft introduced with Vista, and with improved performance.  Users responded far more positively to Windows 7 than they did Vista, primarily because it addressed so many of Vista’s deficiencies.  The Windows 7 Service Pack 1 came out in 2011, and a platform update was released a few years later in 2013.

By 2014, however, Microsoft began preparations for the retirement of Windows 7 as they began stopping its retail sales.  Next, mainstream support for the operating system came to a halt.  In 2016, PCs were no longer shipped with Windows 7 pre-installed.  Microsoft then announced that on January 14, 2020, extended support for Windows 7 would end.  That was the official sunset announcement.

What Sunset Means

Sunset begins with Microsoft no longer offering extended support for Windows 7.  It also means no more security updates, bug fixes, or service packs.  That, in turn, means the usability, security, and performance of Windows 7 will begin to degrade with time.  On the surface, applications and the operating system will generally perform all right, but there will always be exceptions.  Over time, however, there will be a definite trend toward more issues, steadily poorer performance, and serious security vulnerabilities.

Why This Important to Windows 7 Users
Here is what a Windows 7 user can expect to see after sunset begins:

  • Software, utilities, and features may become incompatible
  • Applications no longer receive updates that apply to Windows 7
  • New devices (g., printers or webcams) may not be able to connect with Windows 7
  • Antivirus will not be updated, and third-party virus protection software will eventually stop supporting Windows 7
  • Software bug fixes are no longer patched, leaving the system open to exploitation
  • Online banking transaction systems may expire if their authentication and encryption methods cannot be supported by Windows 7

Also, incompatibility can quickly become a problem for companies whose customers or partners need them to use or interface with software that simply will not run correctly on Windows 7.  Running a sunset operating system can also cause problems when attempts are made to add devices or install new software.

The most serious issues with sunsetting are those involving security.  Hackers will know that Windows 7 has become vulnerable and will seek out ways to exploit those weaknesses.  This leaves a system susceptible to malware, ransomware, and viruses.  The probability of suffering from an attack that renders your computers unusable will continue to increase with time.

Windows 7 Sunset

Options Available to Windows 7 Users

If you are running Windows 7, then now is the time to start migrating to a new operating system.  The most straightforward upgrade path would be Windows 10, which still has some of the look and feel of Windows 7 with a plethora of new features and even better usability.

The other option for most businesses is switching to Mac OS.  This means an entirely new work environment for traditional Microsoft users. This option can involve a steep learning curve.  While some Microsoft packages, such as Office, are available for Mac OS, they work a bit differently and it will take some time for new users to become proficient. Macs can also be more expensive than a Windows-based computer system, but have a reputation for being more reliable.

Unless a business is heavily involved in video production or graphic design, Windows 10 is probably the best option.

Getting Ready to Migrate

Before migrating, perform an inventory of software and group each application into one of three groups: unwanted, optional, or required.  Some software may require an upgrade to run on a newer operating system.  Next, prepare a similar inventory of hardware.  As with the software, some hardware may need to be updated or replaced to remain compatible with the new operating system. Also, check the requirements of the replacement operating system, paying special attention to available hard drive space, physical memory, and processor or CPU needs.

Please note that if a machine is already getting a bit outdated (e.g., 7 or more years old), it might make sense to purchase a new machine with Windows 10 pre-installed. The Trump tariffs will cause an increase in the price of computers, scanners, printers, servers and even their components. So now is definitely the best time to buy!

Conclusion

With the sunset of Windows 7 impending, now is the time to start the process of migrating to a new operating system, whether it be Windows 10 or Mac OS.  Failure to upgrade will not only lead to issues with compatibility and performance, but will involve serious security risks.

What The Sunset Of Windows 7 Means To Its Users Read More »

ThinkstockPhotos 488637271

What Is The Best Mobile Scanning App?

With the business world rapidly moving towards the digitization of documents, mobile scanning apps are becoming necessary for both work and personal use. However, in our day-to-day interactions, we encounter entities, such as the government or doctor’s office that require old-fashioned forms that are printed on paper.

Mobile Scanning App

Sometimes we are handed a business card from someone with important contact information we need to retain. Because not everything has moved to digital media, the most useful resolution is to quickly transform any paper you’re handed into digital data, which you can store and edit on your computers and mobile devices. Once stored, you have them practically forever if need be.

Think about the amount of physical information you encounter daily that you need to retain for your professional and personal life: spreadsheets, software information, receipts, financial records, old photographs your parents have, etc. If you need to capture that data or images for future use, having a scanner at your beck and call is an efficient way to operate.

The availability of a mobile scanning app that runs off your smartphone and uses your phone cam to snap the image can allow you to capture more information. This gives you the freedom to correctly analyze and pull out the important stuff for later.

Let’s look at some of the best mobile apps out there. Some of these scanning apps are free, while others are highly affordable. Try to match up your needs to the right app.

What Are The Best Free Mobile Scanning Apps?

Microsoft Office Lens for Android

Microsoft recently launched Office Lens for Android, a scanning app that lets you shoot photos of written materials like notepads, printed documents, and whiteboards, converting printed words in the image to editable text through OCR. Microsoft has other mobile scanning apps such as Evernote, but they’ve added some remarkable functions to this new app. The Office Lens gives you the ability to scan documents, cards, and whiteboards with your Android phone, making them more readable and editable. Best of all, it’s a free app!

Evernote Scannable for iPhone

If you are already an Evernote user, this app scans anything you put in front of it and sends it to your Evernote account, or another place that you designate. It has the capability to share the files with other people very easily, as well. Imagine you’re in a meeting with a number of team members or clients. You can use the app to scan a few files from the meeting, and Scannable will instinctively ask you if you want to share the images with the people in your meeting. If you have already listed the attendees in a meeting invite and you’ve granted Scannable access to your calendar, it will send them the data immediately. How’s that for convenience?

Adobe Scan for iPhone

If you already have a paid Adobe Document Cloud or Creative Cloud account and use it regularly, this app is a no-brainer. Sometimes you have a piece of paper that you need to get into digital form. The Adobe Scan app can not only produce a PDF using your smartphone camera, but it can also employ optical-character recognition (OCR) to the scanned image so that you can freely edit its text. For an app that automatically detects, captures, and converts printed text to digital form, Adobe Scan is a perfect app. But once again, you need a paid subscription to get all its impressive features.

What Are The Best Mobile Scanning Apps Under 5 Dollars?

Abbyy FineScanner

Abbyy has been in the scanning technology business for a very long time, and that gives them a leg up on the new and robust competition. Experts have been impressed with its use on older high-end desktop scanners. Its mobile scanning tool Abbyy FineScanner, is impressive as well. FineScanner does a terrific job of scanning any type of printed document. It’s very fast at snapping the photo image and also gives the user the option of color or black-and-white.

The one downside to the Abbyy FineScanner is its price disclosure. You can download a free version, but the free version doesn’t support the software’s best feature, its optical character recognition (OCR). For this feature, you need to pay either $4.99 a month or $19.99 for the year. If you sign up through the website, a free month of premium subscription is available.

Intsig CamScanner

This mobile scanning application has a unique feature that sets it apart from other apps under $5. The Instig CamScanner will separate the document acquisition process (take a picture of the image and turn it into text) from the document management process. If speed is important to you, this app is very fast at taking the image and converting it for you. Intsig CamScanner’s optical character recognition (OCR) is not as accurate as some of the other apps. If accuracy is crucial for you, Instig CamScanner might not be the right scan app for you to download.

TurboScan

TurboScan, a $4.99 app for Android and iOS, is an unpretentious app that precisely saves documents and images for you to edit elsewhere. It is not the fastest, nor does it have a processing niche like the other featured mobile scanning apps. What it does have is consistency in both its accuracy and quality at an affordable price.

Wrap Up

Technology is moving forward at a lightning fast pace. Be sure to check often for the latest and greatest scanning apps and you might be surprised at what some tech guru has come up with.

 

What Is The Best Mobile Scanning App? Read More »

Call Now Button