27 Nov

Reasons to back up your mobile devices

Companies such as Apple, Samsung, and others have turned mobile phones into mini-computers that can serve as a substitute for your laptop, or as a storage device. If you’re using a smartphone as a communications and storage device, backing up now would be a wise move.

 

Malware on mobile

 
More than two-thirds of the world’s population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as extensions of your work computers, backing them up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops are, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

 

Device disasters

 

Malware isn’t the only disaster that can hurt your smartphone. Because you carry it wherever you go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data they contain is not. Here are some security threats to look out for:

 

Data leakage

 

Something as simple as transferring files onto a public cloud storage service, or pasting confidential information in the wrong place could compromise your business. In fact, according to specialist insurance provider Beazley, “unintended disclosure” accounted for 41% of data breaches reported by healthcare organizations during the first three quarters of 2017.

 

Social engineering

 

Tricking people online into handing over their personal and financial data is no longer confined to desktops, as this trend is already happening on mobile devices. In a report by IBM, it was found out that users are three times more vulnerable to fall for phishing attacks on mobile devices compared to desktops. This is because phones are where people will most likely see a message first, making them a popular attack vector by cybercriminals.

 

Wi-Fi interference

 

When we connect our devices to public Wi-Fi networks, we are putting critical information at risk. According to Wandera, nearly a quarter of devices in 2017 connected to potentially insecure networks, and some even encountered a man-in-the-middle attack, where someone anonymously intercepts communication between two parties.

 

Out-of-date devices

 
A vast majority of manufacturers, most particularly on the Android front, are ineffective at providing updates for their devices. This can inconvenience end users, as this exposes them to the many threats lurking online. Some smartphones and tablets may receive a security patch from time to time, but manufacturers eventually stop doing so after a while.

 

Physical device breaches

 

While this may seem unlikely for some, lost or unattended devices can still become a major security risk, especially if they are not employing proper security measures such as PIN codes and encryption.

 

Backup options

 

Performing backups on iOS and Android devices is a quick and painless process. For example, companies that use Office 365 or Google’s G Suite enable company-wide backup settings from a single dashboard. Apple’s backup settings usually need to be configured on each device, but it’s a pretty simple process.
 
There are also robust third-party options to back up all your organization’s mobile devices. The best of these are cloud backup services that sync devices and back up contacts, photos, videos, and other critical files in one neat system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure long-term protection.

 

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call 1-866-BIT-WISE or email sales@eitnetworks.net to ask about mobile backup and other security solutions today.

Share this
04 Apr

How to Guard Against Scareware

You are surfing the web, minding your own business, when suddenly a browser window pops up saying you have a virus on your computer. A phone number is provided, and you are urged to call it for support. It looks scary. It looks official. It’s a scam. You have discovered a scareware popup.

 

What is Scareware?

 

Also called fraudware, deception software, or rogue scanner software, scareware appears as a legitimate alert from an antivirus company claiming your computer’s security has been compromised. Sometimes an audible voice will play through your computer’s speakers, issuing a warning that your immediate attention is required. A phone number or website link is provided in the body of the alert. In the case of browser popups, you may not be able to close the browser by normal methods, as it will appear frozen. All of this is a scam to scare users into purchasing bogus or malicious software, or allowing remote access to fraudsters who can steal personal information.

 

How to Manage Scareware

 

Do not panic! It is only a fraudulent popup. Legitimate companies do not use this type of tactic to sell their products. As long as you do not click on a link or call the number provided, your computer will not be compromised. The best thing to do is simply restart your computer and reopen the browser, making sure not to restore pages (if prompted to do so). If you receive another such popup immediately upon opening your browser, contact your IT company for support. Clients of EIT Networks can email helpdesk@eitnetworks.net to generate a ticket automatically, and one of our technicians will reach out to you as quickly as possible.

 

Scareware has been around for a long time, but in recent times the number of occurrences has increased. Knowing what to do if you receive such a popup can keep your computer from being compromised. If you want to discuss scareware or other types of cyber threats, you can reach us at 1-866-BIT-WISE or sales@eitnetworks.net.

Share this
09 Mar

The Importance of HTTPS

Very few internet users understand the meaning of the padlock icon in their web browser’s address bar. It represents HTTPS, a security feature that authenticates websites and protects the information users submit to them. Let’s go over some user-friendly HTTPS best practices to help you surf the web safely.

 

HTTPS Encryption

 

Older web protocols lack data encryption. When you visit a website that doesn’t use HTTPS, everything you type or click on that website is sent across the network in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be intercepted by anyone with the right tools.

 

HTTPS Certificates

 

The second thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory to translate that text into numerical addresses (e.g., www.google.com = 8.8.8.8) then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.

The problem is, if your computer is hacked it could be tricked into directing www.google.com to 8.8.8.255, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.

HTTPS created a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a false-front website.

 

What this means for daily browsing

 

Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:

If your browser marks a website as “unsafe” do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted.
There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is great for Chrome and Firefox).
HTTPS certificates don’t mean anything if you don’t recognize the company’s name. For example, goog1e.com (with the ‘l’ replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site.

 

Avoiding sites that don’t use the HTTPS protocol is just one of many things you need to do to stay safe when browsing the internet. When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing, give our office a call. You can reach us at 1-866-BIT-WISE or sales@eitnetworks.net

Share this
08 Dec

Cybersecurity Essentials: VPN

Installing powerful antivirus software and setting strong passwords are no longer considered the bare minimum in cybersecurity. With hackers, government agencies, and ISPs constantly monitoring networks and your online habits, hopping onto a Virtual Private Network (VPN) is crucial for keeping your surfing habits private. Here’s why.

 

What is VPN?

 

Simply put, a VPN is a group of servers you connect to via the internet. Once you’ve established a connection, your computer acts as if it’s on the same local connection as the VPN, making it seem like you moved to a different location.

When you surf the web through a VPN, all the data transmitted and received is also encrypted, preventing anyone — from hackers to government agencies — from monitoring your online activities.

 

Why should you have one?

 

Of course, security and privacy are major reasons why you would want a VPN. For example, if you’re connected to a public WiFi network — like the ones you typically see in local cafes and airports — using a VPN encrypts the information you’re sending or accessing online. This means things like credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

VPNs are also useful for accessing geo-restricted websites. If you’re traveling abroad and certain US websites are blocked in that region, you can simply connect to a VPN located in the US to access the sites you need.

 

Which VPN should you choose?

 

Given the increasing demand for secure online privacy, VPNs are surging in popularity. The following considerations can help you find the right one.

1. Cost
While free VPNs are available, we strongly suggest you avoid them. These keep logs of your internet activity, and in some cases sell them to the highest bidder. Maintaining a VPN service is also expensive, which means the free ones will likely plaster ads on your browser to make a quick buck.

Paid VPNs like SurfEasy and StrongVPN often come with more robust features and configurations that keep you secure. What’s more, they don’t keep a record of the sites you visit and hound you with pop-ups that lead to dangerous websites.

2. Location
The physical location of VPN servers is important if you want to access region-blocked websites. So if you’re planning on accessing a UK-based service, your VPN provider must at least have servers installed in London.

3. Capacity
Read through a VPN provider’s terms of service to determine how much data you’re allowed to use. If possible, find out how many servers a VPN provider has. If they have plenty of servers online, you can rest assured that they have the capacity to support your internet browsing.

4. Device compatibility
Another important factor to consider is whether the VPN can be used across multiple devices. Nowadays, employees work on laptops, tablets, and smartphones, so you’ll want a VPN that’s compatible with all these.

5. IP leaking
Finally, a great way to evaluate a VPN service is to sign up for their free trial service and visit https://ipleak.net/, which will allow you to check whether your real IP address is actually being leaked. If it manages to track your physical location, you need to opt for a more reliable VPN service.

 

VPNs are now a vital component of cybersecurity, and if you need help selecting the right one for your business, consult with our security experts today. We also offer comprehensive cybersecurity services so no hacker or third party can get their hands on your data. You can reach us at sales@eitnetworks.net or 1-866-BIT-WISE.

Share this
28 Apr

What is Virtual “Sandboxing?”

<Virtualization comes with several benefits for small- and medium-sized businesses. One of the most important is cybersecurity, but even within that subset are several strategies for protecting your organization. One of such strategy is referred to as sandboxing, and it’s worth learning about.

 

What is sandboxing?

 

Sandboxing is one of the rare concepts in virtualization that the average person can usually grasp in just a couple short sentences. Essentially, sandboxing is the practice of tricking an application or program into thinking it is running on a regular computer, and observing how it performs. This is especially useful for testing whether unknown applications are hiding malware.

Obviously, it gets far more complicated once you delve into the details of how you implement a sandboxing technique, but the short answer is that it almost always involves virtualized computers. The program you want to test thinks it’s been opened on a full-fledged workstation of server and can act normally, but it’s actually inside of a tightly controlled virtual space that forbids it from copying itself or deleting files outside of what is included in the sandbox.

 

An effective way to quarantine

 

Virtualization is no simple task, but the benefits of sandboxing definitely make the effort worth it. For example, virtualized workstations can essentially be created and destroyed with the flip of a switch. That means:

  1. You aren’t required to manage permanent resources to utilize a sandbox. Turn it on when you need it, and when you’re done the resources necessary to run it are reset and returned to your server’s available capacity.
  2. When malware is exposed inside a sandbox, removing it is as simple as destroying the virtual machine. Compare that to running a physical workstation dedicated solely to sandboxing. Formatting and reinstalling the machine would take several hours.
  3. Variables such as which operating system the sandbox runs, which permissions quarantined applications are granted, and minimum testing times can be employed and altered in extremely short periods of time.

This strategy has been around for nearly two decades, and some cybersecurity experts have spent their entire careers working toward the perfect virtual sandbox.
 

Containers: the next step in this evolution

 

Recently, the virtualization industry has been almost totally consumed by the topic of “containers.” Instead of creating entire virtual workstations to run suspicious applications in, containers are virtual spaces with exactly enough hardware and software resources to run whatever the container was designed to do.

Think of the metaphor literally: Older sandboxes came in a uniform size, which was almost always significantly larger than whatever you were placing into them. Containers let you design the size and shape of the sandbox based on your exact specifications.

 

Quarantined virtual spaces fit nicely into the sandbox metaphor, but actually implementing them is impossible without trained help. Whether you’re looking for enhanced security protocols or increased efficiency with your hardware resources, our virtualization services can help. Call us at 1-866-BIT-WISE or shoot us an email at sales@eitnetworks.net.

Share this
20 Feb

Understanding Cyber-Security

As technology consultants, we’re stuck between a rock and a hard place. We want to provide our clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most foundational aspects of our cyber-security would most likely put you to sleep before convincing you of our expertise. But if you really want to know, here are a few summaries of how we focus on proactive strategies rather than reactive ones.

 

Understand the threats you’re facing

 

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

 

Reevaluate what it is you’re protecting

 

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

 

Create a baseline of protection

 

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

 

Finalize a plan

 

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
“Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
Antivirus software that specializes in the threats most common to your industry.

 

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security. Give us a call at 1-866-BIT-WISE or email us at sales@eitnetworks.net.

Share this
07 Nov

Download iOS 10.1 ASAP

If you want to make sure that your iPhone reliably works the way it should and that all the information in it is secure, you should always pay special attention to updates as soon as they become available. Although you may be hesitant to immediately download the latest iOS 10.1 update, you should get to know more about why you should download this update right away.

 

The latest update for iPhone and iOS users, referred to as the iOS 10.1 update, was launched on October 24, 2016. Its primary purpose is to address a serious security issue with the previous version of iOS. This security vulnerability should be of major concern to any iOS or iPhone user.

 

The security vulnerability addressed by the iOS 10.1 update was originally discovered by Tencent’s Keen Lab, specifically by a researcher named Marco Grassi. This vulnerability left a hole in the iOS programming that would allow a hacker or attacker to seize control of the phone, changing the code and performing commands after the iOS user opens a JPEG file (image file) that has been “maliciously crafted.”

 

Essentially, what this boils down to is that without the iOS 10.1 update, a corrupted image file could allow another person to control your device (iPad or iPhone). Even without downloading the file, this security hole could be taken advantage of by a hacker. If this is not enough reason to download the iOS 10.1 update, it also addresses other security issues and concerns that involve specific apps, the ability to see login password lengths through workaround hacks, and the like. Because of these specific issues and more, the iOS 10.1 update is a must-have for users of iPhones or iPads.

 

If keeping your phone and personal information secure are two of your biggest concerns, the iOS 10.1 update is a no-brainer. The sooner you update your device, the sooner you can feel safer using your iOS devices.

 

Installing security updates may be inconvenient, but they’re a necessity. If you need help managing software updates and keeping your business safe, contact us today at 1-866-BIT-WISE or sales@eitnetworks.net.

Share this
23 Sep

Cybersecurity Terms YOU Should Know

Everyone, from doctors to lawyers, needs to continue learning to stay ahead of the times. Business owners might have it worst of all, oftentimes needing to stay on top of several industries to keep their company running. Keep reading for a refresher on all the latest trends and buzzwords used in the cybersecurity sector.

 

Malware

 

For a long time, the phrase ‘computer virus’ was misappropriated as a term to define every type of attack that intended to harm or hurt your computers and networks. A virus is actually a specific type of attack or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as a type of malware.

 

Ransomware

 

Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.

 

Intrusion Protection System

 

There are several ways to safeguard your network from malware, but intrusion protection systems (IPSs) are quickly becoming one of the non-negotiables. IPSs sit inside of your company’s firewall and look for suspicious and malicious activity that can be halted before it can deploy an exploit or take advantage of a known vulnerability.

 

Social Engineering

 

Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite difficult to pin down, experts agree that the majority of attacks require some form of what is called ‘social engineering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account.

 

Phishing

 

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known, business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value — always verify the source of any service requesting your sensitive data.

 

Antivirus

 

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known malware variants.

 

Zero-day attacks

 

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

 

Patch

 

When software developers discover a security vulnerability in their programming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.

 

Redundant data

 

When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s office ensures that if there is a malware infection, you’re equipped with backups.

 

We aren’t just creating a glossary of cyber security terms; every day, we’re writing a new chapter to the history of this ever-evolving industry. And no matter what you might think, we are available to impart that knowledge on anyone who comes knocking. Get in touch with us today and find out for yourself. Call 1-866-BIT-WISE or email sales@eitnetworks.net.

Share this

© 2016 EIT Networks, LLC. All rights reserved.