It’s every business user’s responsibility to protect their computers and data from cyberattacks. The good news is that you don’t need to be an IT security expert to keep them safe. You can start increasing your knowledge by learning some of these basic cybersecurity terms.

Malware

For a long time, the phrase “computer virus” was misused to refer to every type of attack that intended to harm or hurt computers and networks. The more appropriate term for these harmful programs and files would be “malicious software” or “malware.” Whereas a virus is a specific type of malware that is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as malware.

Ransomware

Don’t let all other cyberthreats ending in -ware confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is “ransomware,” which is malware that encrypts valuable data until a ransom is paid.

Intrusion prevention system (IPS)

There are several ways to safeguard your network from malware, but an IPS is quickly becoming one of the nonnegotiables. An IPS sits inside your company’s firewall and looks for suspicious and malicious activity that can be halted before it can exploit or take advantage of a known vulnerability.

Social engineering

Not all types of malware rely solely on fancy computer programming. Experts agree that the majority of attacks require some form of “social engineering” to succeed. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or protected information. For cybercriminals, complicated software is totally unnecessary if they can just convince potential victims that they’re a security professional who needs the victims’ password to secure their account.

Phishing

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of defrauding people using an app or a website that impersonates a trustworthy or often well-known business in an attempt to obtain confidential information. Just because you received an email that says it’s from the IRS doesn’t mean that it is. Don’t take such emails at face value — always verify the source, especially if the emails are requesting your sensitive data.

Antivirus

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well-known malware variants.

Zero-day attacks

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to fix the gap in security. However, if cyberattackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

Patch

When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest malware.

Redundant data

When antivirus software, patches, and intrusion prevention fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.

Our cybersecurity professionals are always available to impart more in-depth knowledge of the many different kinds of cyberthreats. Get in touch with us today and find out how we can help you with your IT security woes.

The post Top IT security terms everyone should know appeared first on TechSolutions, Inc..

Encouraging staff to work from home is extremely vital in the midst of the COVID-19 outbreak. By minimizing social interactions and contact risks, you can reduce the spread of the virus. But be warned. Transitioning from a fully managed business environment to a home office can leave you vulnerable to cyberattacks and online scams. Here’s what you and your staff must do to mitigate the cybersecurity risks.

Fortify user accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers do manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all your accounts, consider password managers like LastPass, Dashlane, and Keeper.

To further strengthen your accounts, however, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes generated by SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily known for circumventing geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy, and mitigating the risk of hackers stealing company information.

Patch your software regularly

Although installing software updates can be a major nuisance, they cover critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and distribute the most recent updates on a company-wide scale.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll also want to implement antivirus software to detect and remove any malicious programs that do manage to find their way onto your device. Just remember to constantly update the software so it can effectively detect the newest malware.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change your router password as soon as possible because hackers can easily break into them once they know the router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have this setting, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like ransomware or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with setting up firewalls, avoiding scams, and even enabling MFA, we can provide the IT support you need in this difficult time. Call us now.

The post How to work from home securely appeared first on TechSolutions, Inc..

Do you spend hours obsessing about the inner workings of DNS-layer security, intrusion prevention systems, and data encryption? If you’re not a managed IT services provider (MSP), you probably don’t. Instead, you’re probably looking for a business partner to manage those nitty-gritty details for you. However, there’s one thing you really ought to know: What exactly are “proactive cybersecurity” measures?

Understand the threats you’re facing

Before any small- or medium-sized business (SMB) can work toward preventing cyberattacks, everyone involved needs to know exactly what they’re up against. Whether you’re working with in-house IT staff or an MSP, you should review what types of attacks are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every company device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cybersecurity field and auditing your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measures versus your reactive measures.

Before you can start improving your cybersecurity approach, you need to know where your baseline is. Devise a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint weak spots in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategy needs to be. With an experienced technology consultant on board for the entire process, you can easily synthesize the results of your simulation into a multi-pronged approach to proactive security:

• Security awareness seminars that coach all internal stakeholders – train everyone from the receptionist to the CEO about effective security practices such as password management, proper mobile device usage, and spam awareness
• Front-line defenses like intrusion prevention systems and hardware firewalls – scrutinize everything trying to sneak its way in through the borders of your network
• Routine checkups for software updates, licenses, and patches – minimize the chance of leaving a backdoor to your network open
• Web-filtering services – blacklist dangerous and inappropriate sites for anyone on your network
• Updated antivirus software – protect your data and systems against the latest and most menacing malware

As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cybersecurity by giving us a call for a demonstration.

The post Is your IT security proactive? appeared first on TechSolutions, Inc..

Both businesses and individuals across dozens of countries are scrambling to fix their computer systems after a ransomware, named WannaCry, caused major disruptions earlier this month. Like most ransomware, WannaCry encrypts files and demands a Bitcoin payment for their release. What’s worse, more WannaCry variants will likely be developed in the near future, according to security researchers. Fortunately, there are some common strategies you can use to mitigate the damage of the ransomware.

Update your software
The first (and probably best) defense against WannaCry ransomware is to update your operating system. New research from Kaspersky shows that machines running Windows XP, 7 and outdated Windows 10 versions were affected by the ransomware. To check whether your systems are up to date, open your Windows search bar, look for Windows Update, click Check for Updates, and install any major updates.

Also, don’t forget to download the latest security patches for your business applications and security software.

Run security programs
Many antivirus programs now have mechanisms for detecting and blocking WannaCry malware; so when you’ve fully updated your security software, run a full system scan.

Keep in mind that antivirus isn’t a foolproof security solution. Instead, run it alongside other security applications like intrusion prevention systems and firewalls.

Use data backup and recovery tools
If WannaCry does infect your computers, only a solid data backup and recovery solution can save your business. Before ransomware strikes, periodically back up your files in both an external hard drive and a cloud-based backup service.

External hard drives will serve as your local backup solution for quick recovery times. However, we recommend keeping the external drive disconnected when it’s not being used and plugging it in only when you need to back up files at the end of the day. This is because when ransomware infects a computer, it will usually look to encrypt local backup drives as well.

Cloud-based backups, on the other hand, allow you to store files in remote data centers and access them from any internet-enabled device. When selecting a cloud services provider, make sure they provide the appropriate cloud protections to your files. For example, your backup vendor should provide reporting tools to keep track of any anomalies in your files. Document versioning features are also important. This allows you to recover older versions of a document in case the current version is encrypted.

After your local and cloud backups are set up, perform regular tests to ensure your disaster recovery plan works.

Stay informed
Finally, it’s important to stay on guard at all times. WannaCry is just one of many ransomware strains affecting businesses today, and in order to stay safe you need to be constantly up to date on the latest cybersecurity- and business continuity-related news.

For more ransomware prevention tips and services, call us today. We’ll make sure hackers don’t hold your business hostage.

The post How to defend against WannaCry appeared first on TechSolutions, Inc..

There has been a movement among technology providers to promise “proactive” cyber security consulting. Small- and medium-sized businesses love the idea of preventing cyber-attacks and data breaches before they happen, and service providers would much rather brainstorm safeguards than troubleshoot time-sensitive downtime events. But it’s not always clear what proactive cyber-security means, so let’s take a minute to go over it.

Understand the threats you’re facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

• Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
• “Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
• Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
• Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
• Antivirus software that specializes in the threats most common to your industry.

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security by giving us a call for a demonstration.

The post What exactly is preventive cyber-security? appeared first on TechSolutions, Inc..