Keeping Your Employee Email Safe

employee email safety_Now IT Connects

Email is one of the most powerful tools you have to stay connected to your team and customers. But because it is so essential to doing business, email is a very popular target for hackers and other bad actors. Here are a few email security tips from the Now IT Connects experts. Which ones will you implement today?

Email Security Tip 1: Encourage Strong Email Passwords

A strong password is an email account’s first line of defense. Encourage employees to set strong passwords and require them to change them every so often. Strong passwords use a combination of lowercase and uppercase letters, numbers, and special characters. They do not include personal information that could be looked up on social media.

To create very strong passwords, ask your employees to think of a memorable phrase (for example, “I Love Now IT Connects”). Then, shorten it to the first letter in each word (ILNIC). Next, add numbers in between each letter (I1L2N3I4C). Put an exclamation point at the end (I1L2N3I4C!), and you have a password that will be very difficult for hackers to guess.

Email Security Tip 2: Require a Secure Internet Connection

A strong password won’t protect an email account that is accessed on public WiFi or other unsecure internet connection. Unsecure networks are easily accessible by bad actors, leaving you and your employees exposed to all sorts of cybercrimes, including identity theft, malware, and ransomware attacks.

Work with your managed IT and network security team to secure your network with a combination of hardware, software, and employee education. Once you have the appropriate hardware and software in place, train your team on why it’s important to only access their email and work applications over a secure network. If they are working remotely at home or at a coffee shop, require them to use a Virtual Private Network, or VPN, that will make it nearly impossible for bad actors to find and gain access to your network.

Email Security Tip 3: Teach Email Smarts

Attacks on email are constantly evolving, which is why it’s important to provide regular employee training on new email threats and how to spot and prevent them. Phishing scams, for example, are becoming increasingly sophisticated. Phishing emails may look completely legitimate to an untrained eye or an employee in a rush. But clicking on a link, opening an attachment, or taking another action from a phishing email can create an IT disaster for your company. Train your employees on the types of cyber threats they may encounter. You can even hire Now IT Connects to test your employees with a fake phishing email.

Protecting your employees’ email keeps your entire network and company safe. Protect your data with robust email security. Contact Now IT Connects for expert email support.

Cloud-Based Spam Filtering with Now IT Connects

cloud-based spam protection_Now IT Connects

Malware and ransomware attacks are big business for bad actors. Dozens of high-profile ransomware attacks have already occurred this year. It’s more important than ever to understand this cyber threat and protect your network with cloud-based spam filtering.

Understanding Email Spam Threats

The most common and troublesome email spam threat in 2020 has been ransomware, a subset of malware. Malware is a program a bad actor puts on a computer, often by tricking an email recipient into downloading an attachment or installing fake antivirus software. Once downloaded, malware can wreak havoc on a computer or entire network.

The most devastating malware attack in recent years has been the ransomware attack. In these types of attacks, malware encrypts all the data on a network, holding it ransom until the network owner pays the hackers. Ransomware attacks are a big deal. Experts predict a business falls victim to a ransomware attack every 11 seconds. Collectively, ransomware attacks are estimated to cost $20 billion by 2021.

Step 1: Encrypt Your Email Data

Protecting your business from ransomware and other cyber attacks starts with a robust, cloud-based spam filtering tool. There are many choices on the market, and Now IT Connects can help you choose the right application for your business. The best cloud-based spam filtering tools encrypt your email data to protect it from the prying eyes of hackers and other bad actors. This makes it harder for cyber criminals to target your network and get their emails through to your employees’ inboxes.

Step 2: Detect and Neutralize Email Attacks

While encrypting your email data can prevent many malware attacks, hackers are constantly evolving their tactics, and some spam will make it through. Your cloud-based spam filter should quickly detect and neutralize these threats so your employees are never tricked into downloading malware onto your network.

Step 3: Continually Update Cloud-Based Spam Filtering

The best cloud-based spam filtering tools are continually learning and updating their protocols to constantly protect your email. This is where cloud-based spam filters outperform anti-malware software you may purchase and download. Since they are based in the cloud, they can be continually updated in real time with no action required on your part. If your spam filter is not cloud-based, you’ll have to remember to update it yourself.

Protecting your email and your employees from malware and ransomware attacks is an essential part of your cyber security plan. Now IT Connects can help you find the cloud-based spam filter that’s right for you and your team. Contact us today.

Network Monitoring Keeps Your Business Safe: A Guest Post by Secure Net Pros

network monitoring keeps your business safe

Cyber criminals never take a break, and neither should your network security. Keeping your business’s technology infrastructure safe is a ‘round the clock job. Fortunately, you don’t have to go it alone. Here’s how network monitoring keeps your business and your data safe.

It’s Tough to Monitor Your Network Yourself

Unresolved security threats can cause downtime, appropriation of intellectual property (IP), theft of confidential information, hardware loss, reputation damage, or worse. Keeping a network safe from cyber-attacks requires a sophisticated set of tools and a great deal of know how. Since cybercrime is always evolving, protecting your network also requires you to constantly stay abreast of new threats and cyber security innovations.

Most small businesses do not have a full-time IT professional on-staff, so it’s no wonder that more than 40 percent of cybercrime victims are small businesses. Protecting your network is a full-time job, which is why it makes sense to partner with a trusted network monitoring company to ensure your technology infrastructure and your company and client data are protected.

Conventional Cyber Security Solutions Aren’t Enough

If you think having a firewall and anti-malware software are enough, think again. Conventional security infrastructure is not adequate to protect your network from today’s cybercriminal. Traditional safeguards do well against external threats, but they do little or nothing to prevent 70 percent of all data breaches and threats, which come from inside your network.

That’s right—employees cause most data breaches and cyber threats. Just 12 percent of these insider threats can be attributed to disgruntled workers, however. It’s more than twice as likely that a reliable employee inadvertently misuses data in a way that allows a cyber security breach to occur. When these well-intentioned employees make an error within your network, they leave your network vulnerable to attack or data loss.

How Secure Net Pros Keeps Your Network Safe

Maintaining a secure network requires constant monitoring and agile technologies. The Secure Net Pros team uses a 360˚ managed security solution to constantly monitor your network, detect threats, and use this information to secure your network. It all starts with a consultation to assess your risk and create your remediation plan. To get started, contact Secure Net Pros.

The Four Fundamentals of Network Security: A Guest Post by Secure Net Pros

network monitoring keeps your business safe

Whether your team is onsite or working remotely, the security of your network is an ongoing concern. Here are the four fundamentals of network security that all organizations should implement to protect their networks.

1. Assess Cyber Risk

Stronger network security starts with a comprehensive cyber risk assessment. It is impossible to prioritize and address security vulnerabilities without identifying what those liabilities are. A thorough assessment will evaluate your hardware, software, system configurations, system entry points, and other security risks.

2. Remediate Security Vulnerabilities

The cyber risk assessment uncovers your network’s vulnerabilities so you can take steps to address them. Some solutions are simple and straightforward, such as strengthening your network’s firewall protection and making all outstanding security updates to your hardware and software. Others require long-term management. This may include uncovering and eliminating any unauthorized wireless connections to your network and erasing unneeded user profiles from software and web-based applications.

3. Detect Cyber Threats

A cornerstone of network security is ongoing threat detection. Many cyber threats against your network come from external bad actors trying to gain access to your systems. But many others come from inside your network itself. Your staff may inadvertently or intentional change security settings or access your network on an insecure device, giving criminals back-door access to your network. Continuous threat detection to identify and remediate these risks is an important part of keeping your network safe.

4. Monitor the Network

Set-it-and-forget-it solutions just won’t cut it when it comes to securing your network. Managed security is a round-the-clock job. The 360-degree managed security solution from Secure Net Pros puts actionable intelligence at our fingertips so our team can act fast to protect your network and your data. For expert help in securing your systems, contact the Secure Net Pros team today.

3 Cyber Threats Remote Workers Face

cyber risk for remote workers_Now IT Connects

Cyber security threats were a concern for businesses before the COVID-19 pandemic. But with many people working from home and accessing systems remotely, understanding and preventing cyber threats has become more urgent. No one knows what the new normal for work will be, but addressing these cyber threats now can put an organization in a better position for handling future attacks, especially if working from home becomes the norm. Here are three of the top cyber threats organizations face and how to reduce the risk of a cyber attack.

Weak Password Security and Other Access Control

With so many employees working remotely, many organizations have implemented web-based project management, file transfer, and video conferencing tools to stay productive. These technologies help teams collaborate and stay connected, but they require strong password security and access control to protect company data. During the pandemic, remote work platforms have become prime targets for cyber attacks.

To protect their data and their systems, organizations must work with staff to implement strong passwords and provide training on password best practices. Businesses should also implement all recommended security protocols for their technologies, including passwords and waiting rooms for video conferencing platforms and two-factor authentication for cloud-based file storage and project management applications.

While some hackers attack systems directly, many pursue phishing and other scams that target staff. Strong passwords will not protect a network against staff members getting duped into sharing those passwords with bad actors. That’s why it’s important to continually train employees on how to spot and report potential phishing scams. The Now IT Connects team can provide this important training remotely.

Vulnerable Home and Public Networks

Strong passwords and other access control practices offer good protection for your online applications. But with employees working from home, insecure home and public internet connections can provide cyber criminals easy access to your data. Home wireless routers that lack strong password protection can be easily hacked by bad actors.

Remote workers should change the names and passwords of their home WiFi networks from the default settings. A strong password is at least 20 characters long and includes letters, numbers, and symbols. Companies should help workers activate WPA2 network encryption to make data unreadable to criminals as it is being moved across the wireless network. Some companies may consider providing remote workers with firewall hardware as additional protection.

Insecure Hardware

Insecure hardware can leave a company’s network vulnerable to cyber attack. Staff members who use their personal computers, tablets, and smart phones for remote work may be putting the company’s network at risk. It is impossible for a company to establish a security standard on devices it does not control.

Instead, companies should provide employees with hardware and devices to use for remote work. That way, organizations can be certain the hardware of a worker’s computer, tablet, and smart phone is secure. Companies can also require staff to make regular system and security updates to their hardware to ensure it is continually protected.

The pandemic will likely change how employees will work in the future. The Now IT Connects team believes remote work will become more common, even when the threat of COVID-19 has passed. That’s why companies should take the time now to protect their web-based applications and their networks. For expert help in securing your systems, contact the Now IT Connects team today.

Do People Really Fall for Email Phishing Scams? Oh Yes.

email phishing scams_Now IT Connects_Clearwater Minnesota

If you consider yourself a savvy email user, you probably have a hard time believing people actually fall for spam and phishing email scams. How can they not tell the email is fake?

Email scams are becoming increasingly sophisticated. We’ve seen some that spoof a company owner’s name, email address, and even email signature, complete with logo and headshot. As employees get savvier, so do the hackers.

Recently, a Now IT Connects client asked our team to test their employees’ email acuity. Here’s a look at what happened.

Something’s Phishy

The Now IT Connects team designed a phishing email that spoofed one of the company’s leader’s emails. The email looked as if it came from the leader and used their name in the From line of the email. The email asked employees to submit their network username and password through a link in the email. The link appeared to be the login page for the company network, but that was fake as well. If employees took the bait, it would allow us to capture their network credentials and log into the company’s actual network.

. . . or Not

The email looked as though the boss was asking for an employee’s credentials, which seems legit. But reassuringly, 93 percent of employees thought the email looked phishy and ignored it.

However, 7 percent of employees took the bait! Of that number, four actually tried to submit their credentials to the fake login page. Fortunately, none of them remembered their credentials, so no sensitive data was compromised.

The Debrief

After our test, our customer asked us to come in and speak with their team. We explained that the email was indeed a fake, but that some people in the company fell for it. Then, we helped everyone understand what to look for when judging whether or not an email is legitimate. The test was a real-world example of how easy it is to be tricked by a phishing or spam email.

Now IT Connects offers these email tests to anyone who would like to evaluate the email acumen of their staff. You do not have to be a current client of ours to take advantage of this valuable service. If you’d like to schedule an email test for your company, contact Now IT Connects today.

More Scary Tales from the Dark Web

dark web scary stories_cyber security_Now IT Connects_Clearwater Minnesota

In March, we told you all about the dark web, the shadow version of the internet we all know, use, and love. This month, we wanted to give you an idea of what’s been going on in the shadows since then (if you need a refresher on what the dark web is, read our March blog). Here’s a memorable tale from the dark web for April, May, and this month, too.

Netflix, Hulu, and Spotify User Data Stolen and Sold

In April, the Australian version of the FBI arrested a 21-year-old for allegedly selling stolen login data from streaming sites, including Netflix, Hulu, and Spotify. How much did this guy make before he was caught? $300,000.

The hacker had been collecting login data for two years before he was arrested in April. He didn’t steal the data himself. Instead, he found previously stolen creds on the dark web, collected them over a number of months, then sold them for $2 a month.

Why would someone purchase your Netflix login? Aside from possibly accessing your billing and other sensitive information, $2 a month for Netflix is a lot cheaper than the $16 a month legit premium subscribers pony up each month.

Wall Street Market Shut Down by German Authorities

In collaboration with Europol (Europe’s version of the FBI), German police shut down the world’s second-largest dark web market in May. German authorities arrested three suspects and seized more than $615,000 in cash.

Wall Street Market was a dark web marketplace where bad actors could purchase drugs, fake documents, stolen data, and malware. The site had more than 1.5 million users. While this was a win for law enforcement, several other dark web markets were waiting in the wings to take its place. The battle against bad actors on the dark web is a marathon, not a sprint.

Bitcoin Brings Down Three Dark Web Drug Dealers

The digital currency Bitcoin is a favorite tool of bad actors. Bitcoin is attractive to criminals because it is not tied to a central bank and it does not divulge any personal information. But in Boston, Massachusetts, Bitcoin brought down three men who are now charged with selling drugs on the web.

Over the course of the investigation, undercover federal agents had met with one of the men to exchange $200,000 worth of Bitcoin into cash. Once the criminal made the transfer, he was arrested. Later, the remaining men were caught red-handed, filling an order for illegal drugs with their dark web vendor page open on their computer.

While these tales make for good campfire stories for IT and cyber security pros, they needn’t scare you if you have an IT team on your side. Contact Now IT Connects to learn how we can keep your data safe.

Cyber Security for Your Business: Who’s Watching the Farm This Summer?

cyber security during vacation_Now IT Connects_Clearwater Minnesota

Noticing an extra skip in your step this week? That’s what the arrival of cabin season does to us here in Minnesota. The kids are barely out of school, and all we can think about is casting a line and enjoying a cold one up at the lake. And after this winter (and April!), who can blame us?

It’s becoming more typical for businesses to give their teams Friday afternoons off during the summer. If you’re a business owner, maybe this has been your tradition for years. While we hope you enjoy your well-deserved time off, please remember that your business is still up and running without you. And so are the hackers.

Cyber Security Is a 24/7 Job

The internet gives bad actors round-the-clock opportunities to attempt to invade your networks and cloud-based systems. Fish may be the only things awake at 6 am out on the lake, but it’s midday across the world. Hackers are trying to invade your network and your cloud-based systems on their lunch breaks.

Just because there are people out there who want to steal your data or hold your network ransom doesn’t mean you shouldn’t take vacation. But you should invest in cyber security measures that will keep your business’s data safe while you’re out-of-office.

To Stay SaaS-y, Stay Safe

Cloud-based software-as-a-service, aka SaaS, is a large and growing part of the IT industry. It’s revolutionized how we work and where we can access the tools we need to collaborate with our teams and complete projects. But if one or more of your SaaS applications are compromised, so is the rest of the data you store on the cloud. What’s more, most SaaS providers are not responsible for securing your user data (that’s why it pays to read your terms & conditions!).

We think SaaS solutions are great, and we encourage you to stay SaaS-y if you’ve found tools that work well for you. Just be an aware consumer. Invest in an extra layer of encryption, and keep your anti-malware tools updated regularly. Be vigilant with monitoring your activity logs. Take note of any changes to access permissions to users, admins, and third-party APIs. If something looks fishy, call in the IT pros.

Get Help So You Can Relax Up North

Cyber security is incredibly important. But it shouldn’t get in the way of you enjoying your summer. Now IT Connects is here to help.

We offer managed IT services, network security, cloud solutions, and email and spam protection for small businesses who want the peace-of-mind knowing someone is minding the farm while they’re out. Our sister company Secure Net Pros can help with cyber-specific threats to keep your data safe, too. Contact us today to learn more.

Who’s Afraid of the Dark (Web)?

dark web_Now IT Connects_Clearwater_Minnesota

Ever wonder what happened to all the data stolen in the 2017 Equifax breach? The attack affected more than 148 million Americans. Unfortunately, there’s a good chance that your data was compromised.

According to the Government Accountability Office, the Equifax breach involved a single web server at the credit bureau. The server had out-of-date software, which allowed attackers to access it 9,000 times over 76 days (if you haven’t installed the latest updates on your servers or other hardware, contact us to eliminate this vulnerability at your business). In that time, attackers stole credit card numbers, driver’s license numbers, Social Security numbers, email addresses, and dates of birth.

It’s been nearly two years since the Equifax breach. What happened to all that data? It’s likely it’s available for sale on the dark web (or will be at some point in the future).

What is the dark web?

The dark web is part of the internet. Its websites are built with the same code that mainstream sites are and can be accessed with popular search engines. The difference is the internet connection. You connect to the mainstream web directly through your internet service provider (ISP). Your ISP creates a tag to identify you and your network, called an IP address.

The dark web requires special software to access. This software does not establish a direct connection between your network and your ISP. Instead, it encrypts and routes the connection through several different servers across the world. This type of connection keeps the identities of the websites and users on the dark web private. It also makes it safer for bad actors to sell stolen data, drugs, and other illegal goods and services.

Who can access the dark web?

Anyone with a little time and a little know-how can access the dark web. Some people use the dark web to ensure their internet searches remain private, while others use it to buy and sell illegal goods and services. Then, there are the white hats—users who access the dark web to identify its vulnerabilities and help shut down its sites. The dark web is often combed over by federal investigators, too.

Why should I care about the dark web?

Think about the Equifax breach for a moment. Cyber security experts believe the attackers who stole that information waited until outrage over the breach died down to use or sell the data they stole. On the dark web, you can purchase someone’s personal information or their entire identity, often for as little as $25. It’s possible your personal information is for sale on the dark web right now.

How can I protect myself from dark web bad actors?

The biggest defense against bad actors who may sell your data on the dark web is a robust and comprehensive cyber security plan. Network security, email protection, and cloud security are all important parts of your cyber security strategy. Now IT Connects can help you understand your vulnerabilities and implement a security plan to keep your data and your customers’ data protected. Don’t end up on the dark web. Contact the white hats at Now IT Connects today!

Don’t Leave Cyber Security Up to Luck This Year

As we predicted in January, cyber security remains a top concern of businesses in Minnesota and across the country. What have you done this year to keep your business’s sensitive data safe? If your answer is “Nothing yet!” we encourage you to give us a call to talk through why you can’t afford to ignore cyber threats.

If improving your business’s cyber security is one of your goals for 2019, here are a few tips you can implement this week.

Include Hardware and Software in Your Network Security Plan

Securing your network should be your top cyber security concern for your business. If your network is vulnerable to cyber-attacks, it compromises every element of your business. Your financial information—and that of your customers—could be stolen. Your supply chain or project management software could be hacked or held hostage by ransomware. Or, your entire network could go down, rendering every connected device useless. That’s a true cyber emergency.

From firewall appliances to anti-malware programs, a robust network security strategy includes both hardware and software solutions. Now IT Connects partners with the top names in cyber security to provide you with solutions that fit your unique needs.

Keep Your Email Secure

If you couldn’t access your email, or if the content of your inbox and folders suddenly disappeared, what would happen? How would you feel? Would your business grind to a halt? If your organization is like most businesses, panic would likely ensue.

Viruses, malware, and inadequate storage can hamstring email use and threaten the security of your messages and attachments. We partner with Microsoft and Barracuda to offer our clients cloud-based email storage and security. Not only does this allow you to access your emails from the cloud anywhere, anytime, it ensures you always have an email backup and are using the most up-to-date security tools.

Protect Your Information on the Cloud

The cloud isn’t just for email storage and backup. It provides a very stable, secure, and scalable way to store and back up all your business data. But without strong passwords, two-factor authentication, file protection, and other security measures, you could leave your cloud-based data exposed to threats.

Now IT Connects thoroughly vets every cloud-based service we offer to ensure every service provides strong cyber security protection without sacrificing the ability to share files and collaborate with your team online.

Consider Purchasing Cyber Security Insurance

If cyber security is part of your 2019 plan, consider adding cyber insurance to your business insurance policy. Insurance companies rarely include cyber security in your general or professional liability policy, but many offer separate cyber security coverage. Speak with your insurance agent to add this layer of protection to your cyber security plan.

Get Professional Advice and Service

Adequately protecting your business and your data from cyber-attacks is a complicated and ongoing process. The Now IT Connects team is here to help. Our experts can design and maintain a cyber security plan tailored specifically to meet the unique needs of your business to ensure you’re appropriately protected. Contact us to learn more about your cyber security options.