Cybersecurity

Cyber Criminals are taking advantage of the COVID-19 pandemic in some of the worse ways. Read on to learn how to avoid their evil scams… 1. Phishing: Phishing (pronounced fishing) occurs when criminals send fake mail, email, or phone calls pretending they are legit. They try to convince you to share your sensitive information like passwords or credit card details. They pretend they are from an organization you know, such as FedEx, UPS, or even a government agency. 2. Fake Products: Keep your eye on e-commerce websites, social media accounts, and emails from people and stores claiming to sell medical supplies currently in high demand. Supplies might include things like hand sanitizer, toilet paper, and surgical masks. When you make purchases from these fake stores, criminals will keep your money, but you will never see the products you purchased. 3. Fake Charity: Individuals and companies, sometimes with real-sounding names, call or email to ask for donations for people and groups affected by the coronavirus. Some of their elaborate backstories sound extremely legitimate and emotional but completely fake. 4. Medical scams: People are getting calls and emails from people pretending to be hospital workers or medical professionals claiming they treated someone they know for the coronavirus and demand payment. 5. Malware. Think of these malicious applications as Trojan Horses. You download them to your computer or phone for some purpose, and behind the scenes, the program is stealing your personal information. Sometimes these record your logins to banking sites, email, Facebook, etc., and send the data back to the hackers. 6. Zoom Bombing. Lots of businesses, schools, and individuals are using Zoom to hold online meetings. To make it easier, meeting hosts often don’t require a password. Unfortunately, not having a password makes it all too easy for hackers to jump on your meeting and flood your virtual room with swear and porn. They can embed virus code in the image files or stealthily share a file with all the participants that have virus or malware code in it. Check our blog next week for details on how to keep hackers out of your Zoom meetings. The number one way to protect yourself from cybercrime is to use strong passwords on your computer, phone, and meetings and make sure your computer is tuned up and secure. If you ever feel concerned that your computer system is hacked or you just want a security checkup, please contact us at 774-241-8600 or submit the quick contact form on this page. We’re always here to help!

Sometimes, it’s obvious, right?  There is a big obnoxious warning that pops up and tells you that you are infected and you need to call for support! Don’t call the number presented because that’s a scam. Call us instead!  Other times, the infection is much more subtle. Here are some things to watch out for… Signs that your computer is infected with a virus or malware Random pop-ups – if you are using your computer, especially the web browser and you are getting a lot of pop-up messages without clicking If you click a link in a web search but get an unexpected, less relevant result If in the bottom right, you are bombarded with notifications and solicitations If your browser has extra “toolbars” across the top or bottom that weren’t always there, or that you don’t see on other computers If you suddenly can’t open documents on your computer that you have always been able to open You are prompted for a password at a strange time. Such as when you are just working on a Word document or browsing a website that doesn’t require login Your virus scanning software is no longer running – malware or a virus may have shut it down If you have any of these problems, please call us for help! If you aren’t sure if you are infected, we are glad to offer a free consultation. Just fill out the Quick Contact form or call us at 774-241-8600.

Since the Coronavirus pandemic outbreak, there has been a massive surge of remote workers. Your information is at risk when remote access is not done correctly! Read on to learn what to avoid when it comes to remote workers. Remote access requires careful thought and planning to keep business data private and safe. As a result of COVID-19, many organizations are rushing to piece together remote access solutions to mobilize their workforce and remain productive while serving customers.  The haste to mobilize has created a dangerous situation for business data.  Since the Coronavirus pandemic outbreak, there has been a massive surge of remote workers. Your information is at risk when remote access is not done correctly! Read on to learn what to avoid when it comes to remote workers. Remote access requires careful thought and planning to keep business data private and safe. As a result of COVID-19, many organizations are rushing to piece together remote access solutions to mobilize their workforce and remain productive while serving customers.  The haste to mobilize has created a dangerous situation for business data.   Here are some of the things I see happening that create the riskiest scenarios: VPN Connections are being set up quickly by inexperienced personnel, and their encryption policies are weak.  Companies lack the knowledge to accurately monitor remote activity to identify and mitigate a data breach that originates from these new remote channels. When a VPN is not available, very insecure connections are being created to remote desktop servers, or directly to desktops. Remote desktop connections that are open to the outside world are vulnerable to all types of hacking. If systems have not been regularly patched and maintained, they are at risk of known vulnerabilities that hackers will exploit. Employees may be using their own computers to log in from home, and the individual’s computers lack adequate security protection.  The lack of sufficient security on the home computers allows an attack from the inside – through the VPN. An attack launched from within the trusted, secure tunnel is tough to identify and close the door on. Entry-level or free versions of software like Team Viewer, Logmein, or GoToMyPC are being used to provide remote control over office desktops. The limited versions of these software packages generally work well but offer limited or NO AUDITING capability. If your system is compromised, you will not know what the thieves stole or how long they had access to your business data. Centrend wants to help.  We are now offering free consultation AND free implementation of remote access solutions to businesses affected by COVID-19. Reach us at 508-347-9550 or submit the Quick Contact form below to get help.

Card keys are fast replacing traditional keys in small businesses. Here are 7 reasons why it might make sense for your small business! Regular keys are bulky, clunky, and slowly going away. Have you been car shopping lately? You will be hard-pressed to find a new automobile that has a traditional door lock or ignition system. Instead, you will unlock the doors with the press of a button on a “fob.” Once in the car, you’ll press a button on the dash to start the vehicle. The card key technology, once reserved only for high-security facilities and fancy hotels, has become much more affordable for small businesses to adopt.  Besides looking professional and high-tech, there are some practical business reasons why card key technology is a great option. If a key gets lost, it’s no big deal.Think of the security concerns that arise when a key is lost or stolen. What expenses might be incurred to change the locks, etc.? With a card access control system, your company can deny access to the card with a couple of clicks of the mouse. The employee that lost their key is assigned a new card key, and no security risk has been incurred. Internal doors can be protected.Access control systems are well suited to protecting secure internal locations such as executive offices or Human Resources file rooms. For example, the janitor and the president can enter the building with their card, but only the president’s key card will open his private office. You’ll Have a History of Building Access.Whenever an employee scans their card, the system records their name, the current date and time, and the door location. If you have internal doors that are secured with key cards, their movement into these secure locations will also be documented. Optionally you can require card key scans to leave the building.It’s possible to require employees to scan when leaving the building. This helps complete the trail of an employee’s movement in, around, and ultimately out of the building. You could pull up a list of anyone that is currently in the building, or anyone that was accessing a particular area at a  specific date and time.  Automation options are nearly endless.A commonly assigned automation is to have the system unlock the doors during business hours, and then lock up automatically at closing time. Electronic access control systems have capabilities far beyond this, however. You can do things like adjusting the room temperature, turning on and off the lights, or triggering a video camera system to start recording activity. Systems are easy to administer.Whether using traditional keys or card keys, you will need to keep track of who has what key and what doors the various keys open. You will have to have a locksmith service provider rekey the locks anytime you have a breach such as a lost key, to keep the facility secure. Electronic access control systems make it infinitely easier to administer. You might use groups to assign access to outside doors and limit entry to only certain times of the day. Simple backups protect your cards and their owners.Centrend’s role in these systems includes installing the software on your computer or server and then making sure that the entire system is backed up. If there is a computer crash, we can have your access control system back up and running in less than 30 minutes. While the computer is “down,” the locks will continue to function correctly. You would be unable to make changes until the computer application is restored. Centrend, Inc. works closely with an excellent resource for installing access control systems. Please contact me if you need help determining if a card key system is right for you. We can help you plan the system and connect you with a local professional to perform the installation.

WiFi has come a long way in terms of speed and reliability. But there is still nothing like those irritating wires that are much faster and more reliable than interference-prone WiFi. Here are some guidelines for when you can go WiFi only and why you might not want to ditch all the wires just yet. This is a simple decision, and if you “Google” the topic, you will find lots of detailed, complicated articles arguing in one direction or the other. It comes down to this: the only place for WiFi is when you need portability and mobility. If your office has a lot of workers moving around and working in different areas of your space, it could make sense to let them be WiFi only. Otherwise, hard wire them and you will have a faster, simpler, and much more reliable network. You have to consider the physical capabilities of your computers and laptops. Are they capable of WiFi? Desktops sold today won’t include WiFi connectivity without specifically adding that capability. Many modern ultra-portable laptops, such as my Microsoft Surface Pro 6, have WiFi but don’t even have an ethernet port. If you order new equipment, make sure you know if it needs to have WiFi based on how and where it will be used. Need help to decide? Give us a call, and we’ll talk it through with you.

So you’ve put your data in the cloud. Should you back it up? The short answer is Yes!  This article explains why I think it’s essential.  We put data in the cloud for different reasons. Sometimes it is the primary access point for our data, and it’s in the cloud for easy access from anywhere in the world. Or we might put the data in the cloud because, with today’s high standards for cloud security, it’s the safest place to manage confidential data. The cloud might be used as a backup of data that resides on our local computers or file servers. Your reasons for putting data in the cloud may vary, but here are the top reasons you should be backing it up yourself:  While the provider may have features that let you restore or roll back files and folders to a previous point, these processes can take a long time, and the copies of files may not go back as far as you need them to. Consider a file that is accessed quarterly, and you don’t notice that in setting up the file for the next quarter, you accidentally overwrote last quarter’s good data.  If your cloud provider only keeps copies for 30 days, your last quarter’s data is lost! A backup is only as good as the last test proves it to be. Many folks don’t find out their backup system doesn’t work until they need to restore something. By then it’s too late. Cloud providers may not be clear about what is backed up, how often, or how long and cumbersome it can be to restore the data when you need to. If your cloud provider experiences a failure, your data will be inaccessible. While it’s unlikely to be a permanent, catastrophic failure, the provider may be down for a long time. What will it cost you or your business to lose access to the data for a couple of days or more? With your local copy, you can restore the file quickly. If your Internet Connection fails for an extended period, you will want to restore your backup locally to get back up and running. You’ll be glad you had a local copy to fall back on!   Cloud data is not impervious to crypto-locker-type viruses. Especially true when you have a drive mapped to the data source. If a folder or group of files is encrypted and this compromise goes undetected for some time, your only recourse will be to restore a local backup. Having a local backup is inexpensive insurance and makes good sense. The ability to restore a backup locally provides your business with a great contingency plan to keep you up and running should the cloud provider go down for any reason.

No doubt, the most secure way to give someone a password or other confidential information is in person or over a private phone call. There are times, however, when you want to send a password or a bank account number via email simply because of the convenience. This article explores how to send secure information safely. Most people find email encryption software to be expensive and complicated to work with. Ephemeral messaging may be the answer. When something is ephemeral, it is considered “temporary” or “only lasting a short time.” A great early example of ephemeral messaging is from the James Bond movies. James Bond would often receive a tape about his secret mission. Upon hearing the message, the final thing it would warn 007 is that the message will self-destruct. SnapChat is a very commonly used application that is a modern example of ephemeral messaging. SnapChat lets users of its phone application send pictures or text that disappear either after a short time or after being viewed. While it’s popular among teenagers and some adults, it’s not practical for business use. The solution I recommend for business is called Shush.  It’s an online service provided free by Articulate, makers of e-learning course authoring tools. You can try Shush out for yourself at this link: https://shush.articulate.com/. You will be pleasantly surprised to find that the service is completely anonymous and does not require a login for either the sender or receiver! You go to the site and enter (or copy/paste) the information you want to encrypt into the presented window: After you enter the content, you then choose how long you want the message to live. You obtain the link by clicking the share button.  Click the Copy button and paste the link into an email message to send to your contact. Once the duration expires, the link will no longer work, and your message can no longer be retrieved. Depending on the duration you set, the message will be viewable to anyone that has the link. The default and most secure solution is “When it’s first viewed.” Upon the first view is an excellent choice for messages that you know will be read promptly as they only last for a maximum of 12 hours. Messages sent this way can only be viewed one time, and then they are gone forever. Messages that are set for a specific duration such as a day or a week can be seen again and again by anyone with the link. Thank you for reading. This blog post will now self-destruct!

A friend of mine and I were together at a venue, and I asked him if he was able to get on the local free Wifi that was provided. He said, “I usually don’t go on public wifi because I don’t think it’s secure.” This article describes what I told him I thought the real risks were so he could decide if he could use it safely. First, when connecting a Windows PC to public WiFi, the computer will ask what kind of network you are connecting to. It usually offers three choices: Public, Home, and Work. What you choose here makes a big difference in how secure your computer will be as it adjusts the firewall along with controlling your file-sharing features. Always select the public type when connecting to a public WiFi. Second, I explained that as long as whatever he was doing had a secure connection, denoted HTTPS: in the address bar, then the communications between his computer or phone and the web server are encrypted. Having HTTPS before the address in the browser means that anything he typed into the browser and sent on a form or anything he read from the site would not be observable to a third party. Sure, someone could intercept the transmission and look at it, but they would see gibberish. Hackers can snoop unencrypted communication that is without the S on the end of the HTTP in the address bar very easily. This allows them to see things like your login name and password in plain text. They can use this information to log into your account at will and wreak all kinds of havoc. So, make sure what you do on public Wi-Fi is encrypted. Third and perhaps most importantly, I explained that any real danger from using public wifi comes from poor security on your end. In other words, if the device you are using to access the public WiFi is not correctly configured and secure, you are at risk of threats.  What kind of security problems can leave you vulnerable?  Well, here are a few examples: Your computer’s firewall is turned off You fail to identify open WiFi as a public type of network Your computer is not up to date with the latest security patches Your computer’s antivirus is not up to date. I told my friend, he can use the WiFi safely as long as he’s made sure that the necessary security requirements of his computer have been taken care of and the sites he’s communicating with use a secure protocol.  To be even more secure and private, you can use a Virtual Private Network (VPN) which holds all your communications inside an encrypted tunnel. Not only does a VPN provide excellent security for your PC but it protects you from honeypots as well, but we’ll save that for another blog article.  Do you feel safe using public Wi-Fi? Have you had any concerns or bad experiences with public Wi-Fi? Please feel free to comment below, and we’ll discuss!

Even the most reliable systems can go down, and you deserve to know what is happening! Here are some thoughts on what you should be able to find out when a critical piece of your Information Technology fails. As a managed service provider, we take great care to keep our customers’ systems up and running with minimal downtime. Things do break occasionally though, and it’s very important to keep our customers informed. Take a look at my blog entry about unexpected power issues for example. When a key piece of your technology goes down, you need the problem quickly acknowledged and you should be kept up to date as to the progress of its resolution. On Wednesday this past week, the part of Google’s GSuite that controls Calendar and Hangouts conversations stopped working for a few hours for us.  Rather than beat my head against the wall trying to see if the problem was on my end, I went out to their status website at AppStatus and saw there is a service outage affecting the areas of the product I was having problems with. Though it was frustrating to have systems that I rely upon be inaccessible, I appreciated how well Google communicated the status of their systems. By clicking into the details, they very expertly communicated what systems were having problems, the target time for when they believe it will be resolved, and finally, the news of it being fixed and fully operational again. While we can’t all have as robust, automated systems as Google for communicating outages, several essential things are good practices that IT Managers and managed service providers should follow. Acknowledge the problem. Scope the problem – are all systems down or some?  Are all users affected or only some users? When can a fix be expected? Announce when the problem is resolved. Conduct a root cause analysis to see what steps can be taken to avoid a recurrence of the problem. Following the above steps at a minimum will help keep your users informed and at least amicable while you work toward a solution to their issues.