More than just offering apps and cloud services designed to boost productivity, Microsoft 365 also provides robust security tools for protecting data from loss and theft. Make the most out of these tools and ensure data security by following these tips.

Take advantage of policy alerts

Establish policy notifications in Microsoft 365’s Compliance Center to help you meet your company’s data security obligations. With these in place, your employees will receive policy tips about sending confidential information anytime they’re about to send messages to contacts outside of the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices

Since employees often use personal smartphones or computers to access their work email, calendar, contacts, and documents — especially if they’re working remotely — securing employee-owned devices should be a critical part of protecting your organization’s data. Installing mobile device management features for Microsoft 365 enables you to manage security policies and access permissions/restrictions, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multifactor authentication

Relying on a single password to protect your Microsoft 365 accounts could lead to account hijacking, which could put your data at risk of being compromised. Instead, enable multifactor authentication (MFA). MFA requires users to supply additional credentials on top of a password before they can access their accounts. This makes it difficult for hackers to access your accounts since they not only have to guess user passwords, but they also need to provide a second authentication factor like a one-time SMS code or a fingerprint scan.

Apply session timeouts

Many employees usually forget to log out of their Microsoft 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to steal sensitive data. By applying session timeouts to Microsoft 365 accounts, email accounts, and internal networks, users will be automatically logged out after a period of inactivity, preventing hackers from taking over users’ devices and accessing private information.

Avoid public calendar sharing

Microsoft 365’s calendar sharing feature allows employees to share and sync their schedules with their colleagues. However, publicly sharing this information is a bad idea because it helps attackers understand how your company works, determine who’s away, and identify vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash malware on unattended computers.

Employ role-based access controls

Access management is another Microsoft 365 feature that will limit the flow of sensitive data across your organization. It lets you determine which users have access to specific files in your company. For example, rank-and-file employees won’t be able to read or edit executive-level documents, minimizing the risk of data leaks.

Encrypt emails

Encrypting classified information is your last line of defense against data breaches. If hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Microsoft 365, where files and emails are shared on a regular basis.

Partner with us to ensure your organization’s Microsoft 365 accounts are always secure and compliant with changing data security requirements. Give us a call today — our team of experts are here to help.

The post 7 Ways to boost data protection in Microsoft 365 appeared first on TechSolutions, Inc..

Popular social media platforms like Facebook and Twitter have been suffering massive data breaches for a number of years now. If you wish to continue using these services, you need to tighten your social media privacy settings. Here are a few reminders and tips to help you secure your personal information on social media.

Lock screens exist for a reason

Always lock all your devices as soon as you stop using them. This way, you are safe from the simplest hack of all: someone opening a social media site on your browser while you’re still signed in.

In case you didn’t know, here’s how to lock your computer:

On Macs:

• Press Ctrl+Command+Q.
• Click the Apple logo on the top left corner of the screen, and click Lock screen.

On Windows devices:

• Press Windows key+L.
• If there are multiple users using the device, click the Start button on the bottom left corner of the screen, then select User > Lock.

Strong passwords aren’t out of fashion — yet

A six-digit passcode may be enough to secure your phone, but you’ll need something much more complicated for your social media account passwords. Create a password that you don’t use for any other account because with the regular occurrence of data breaches, hackers probably already have a long list of your favorite passwords from other websites and platforms.

It is best to use a password manager like 1Password, LastPass, or Dashlane. These allow you to generate, save, and retrieve complex passwords.

You can also enable multifactor authentication, which requires users to fulfill at least one more identity verification step after entering their username and password. The extra step or steps can be getting your fingerprint scanned or entering a one-time passcode on an authentication app. Even if hackers have your password, they won’t be able to log in without the additional authentication requirements.

Make use of social media features

Facebook can help you monitor who’s accessing your account and from where. On a Mac or Windows computer, click on the down arrow located at the upper right corner of your Newsfeed and select Settings and Privacy. Then click Settings > Security and Login to get more information.

Under the section Where You’re Logged In, you’ll see a list of the places and devices you’re logged into. If you don’t recognize a particular location or device, that means someone else has logged in as you and is likely doing things you do not approve of. You need to log them out forcibly (by clicking the ellipsis on the row indicating the malicious login and click Not you?) and then report the incident immediately.

Then, under Setting Up Extra Security, turn on Get alerts about unrecognized logins. Unfortunately, as of this writing, Twitter doesn’t have the same option. This makes implementing multifactor authentication even more necessary.

Hackers can also take over your Facebook and Twitter accounts through third-party services to which you’ve given access to your profiles, so make sure to double-check what you have approved. Here’s what you need to do:

• Facebook: Go to Settings > Apps and Websites to view and manage third-party services that use Facebook to log you into the accounts you have with them.
• Twitter: Go to Settings and Privacy > Apps to check and edit the list.

Lastly, check the permissions Facebook and Twitter have on your smartphone or tablet.

• Android: Go to Settings > Apps > App permissions.
• iOS: Go to Settings > Privacy to manage which service can access which parts of your phone (such as the camera and speaker).

Less personal info, fewer problems

These steps are just the beginning of what you should be doing. You should also limit the personal data you share on your social media accounts. Avoid oversharing.

By following these tips, you can significantly prevent Facebook and Twitter hacking.

Cybersecurity is a sprawling issue — and social media privacy is but one of the many things you need to stay on top of. For 24/7 support, call our team of experts today.

The post Protect your Facebook and Twitter from hackers appeared first on TechSolutions, Inc..

Don’t give your customers any reason to feel insecure when dealing with your business. When they visit and use your website, you must engender feelings of trust and security instead of alarm and distrust. Don’t worry — you can easily do this with these three tips.

Tip 1: Use HTTPS

Short for Hypertext Transfer Protocol Secure, HTTPS indicates that a website has an extra layer of security for its users. This layer encrypts data exchanged between a user’s browser and the web server that delivers the data requested by the user. To use a simpler comparison, imagine someone tapping your landline, but instead of getting to listen in on your conversations, they’ll hear people speaking in tongues instead.

In August 2014, Google Chrome, the world’s most popular browser, announced that having HTTPS makes your website rank higher in its search algorithm. And since October 2017, the browser began flagging non-HTTPS websites as not secure whenever users try to fill out something as simple as a contact form on it. In July 2018, Chrome started showing a “not secure” warning on any website that does not implement HTTPS, whether or not users are filling out a form there.

Because of Google’s measures, the security protocol has been widely adopted. Even if your website does not contain or ask for sensitive information, implementing HTTPS engenders trust and a sense of security among internet users, while remaining on HTTP will make web visitors abandon or avoid you sooner or later.

Tip 2: Embrace multifactor authentication (MFA)

Since account credentials can be easily stolen via phishing attacks, username and password combos are no longer enough to keep bad actors at bay. To ensure that the one accessing an account is truly that account’s owner, additional identity authentication steps must be implemented.

These steps can involve the use of the account holder’s device — the one logging in must first verify their phone number, receive a one-time password on their smartphone, then enter that code in the access portal before the code’s validity lapses. Alternatively, MFA may ask for a face, retina, voice, or fingerprint scan for authentication.

MFA can be a bit of a hassle for your internal and external users, but a little inconvenience is a small price to pay for immensely effective cybersecurity.

Tip 3: Update browsers and devices

Did you know that dated versions of browsers, operating systems, and even other software packages can create an easy entry point for hackers? Often, new updates are created specifically to fix security holes. However, people tend to procrastinate and leave applying updates for another day. Hackers take advantage of this by searching for outdated devices to infiltrate while their victims watch YouTube on last year’s version of Firefox.

Yes, installing an update might take 15 minutes of your time, but this time investment can pay dividends in terms of preventing a security breach that could cost you or your business thousands.

Looking for more tips to boost your internet security? Get in touch to find out how we can help.

The post Make site visitors feel secure with these tips appeared first on TechSolutions, Inc..

Encouraging staff to work from home is extremely vital in the midst of the COVID-19 outbreak. By minimizing social interactions and contact risks, you can reduce the spread of the virus. But be warned. Transitioning from a fully managed business environment to a home office can leave you vulnerable to cyberattacks and online scams. Here’s what you and your staff must do to mitigate the cybersecurity risks.

Fortify user accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers do manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all your accounts, consider password managers like LastPass, Dashlane, and Keeper.

To further strengthen your accounts, however, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes generated by SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily known for circumventing geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy, and mitigating the risk of hackers stealing company information.

Patch your software regularly

Although installing software updates can be a major nuisance, they cover critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and distribute the most recent updates on a company-wide scale.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll also want to implement antivirus software to detect and remove any malicious programs that do manage to find their way onto your device. Just remember to constantly update the software so it can effectively detect the newest malware.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change your router password as soon as possible because hackers can easily break into them once they know the router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have this setting, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like ransomware or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with setting up firewalls, avoiding scams, and even enabling MFA, we can provide the IT support you need in this difficult time. Call us now.

The post How to work from home securely appeared first on TechSolutions, Inc..