Month: November 2022
Endpoints make up much of a company’s network and IT infrastructure. This is a collection of computers, mobile devices, servers, and smart gadgets. As well as other IoT devices that all connect to the company network.
The number of endpoints a company has will vary by business size. Companies with less than 50 employees have about 22 endpoints. Small businesses with 50-100 employees have roughly 114. Enterprise organizations with 1,000+ employees average 1,920 endpoints.
Each of those devices is a chance for a hacker to penetrate a company’s defenses. They could plant malware or gain access to sensitive company data. An endpoint security strategy addresses endpoint risk and puts focused tactics in place.
64% of organizations have experienced one or more compromising endpoint attacks.
In this guide, we’ll provide you with straightforward solutions. Solutions focused on protection of endpoint devices.
Address Password Vulnerabilities
Passwords are one of the biggest vulnerabilities when it comes to endpoints. The news reports large data breaches all the time related to leaked passwords. For example, there is the RockYou2021 breach. It exposed the largest number of passwords ever – 3.2 billion.
Poor password security and breaches make credential theft one of the biggest dangers to cybersecurity.
Address password vulnerabilities in your endpoints by:
- Training employees on proper password creation and handling
- Look for passwordless solutions, like biometrics
- Install multi-factor authentication (MFA) on all accounts
Stop Malware Infection Before OS Boot
USB drives (also known as flash drives) are a popular giveaway item at trade shows. But an innocent-looking USB can actually cause a breach. One trick that hackers use to gain access to a computer is to boot it from a USB device containing malicious code.
There are certain precautions you can take to prevent this from happening. One of these is ensuring you’re using firmware protection that covers two areas. These include Trusted Platform Module (TPM) and Unified Extensible Firmware Interface (UEFI) Security.
TPM is resistant to physical tampering and tampering via malware. It looks at whether the boot process is occurring properly. It also monitors for the presence of anomalous behavior. Additionally, seek devices and security solutions that allow you to disable USB boots.
Update All Endpoint Security Solutions
You should regularly update your endpoint security solutions. It’s best to automate software updates if possible so they aren’t left to chance.
Firmware updates are often forgotten about. One reason is that they don’t usually pop up the same types of warnings as software updates. But they are just as important for ensuring your devices remain secure and protected.
It’s best to have an IT professional managing all your endpoint updates. They’ll make sure updates happen in a timely fashion. They will also ensure that devices and software update smoothly.
Use Modern Device & User Authentication
How are you authenticating users to access your network, business apps, and data? If you are using only a username and password, then your company is at high risk of a breach.
Use two modern methods for authentication:
- Contextual authentication
- Zero Trust approach
Contextual authentication takes MFA a step further. It looks at context-based cues for authentication and security policies. These include several things. Such as, what time of day someone is logging in, their geographic location, and the device they are using.
Zero Trust is an approach that continuously monitors your network. It ensures every entity in a network belongs there. Safelisting of devices is an example of this approach. You approve all devices for access to your network and block all others by default.
Apply Security Policies Throughout the Device Lifecycle
From the time a device is first purchased to the time it retires, you need to have security protocols in place. Tools like Microsoft AutoPilot and SEMM allow companies to automate. They deploy healthy security practices across each lifecycle phase. This ensures a company doesn’t miss any critical steps
Examples of device lifecycle security include when a device is first issued to a user. This is when you should remove unnecessary privileges. When a device moves from one user to another, it needs to be properly cleaned of old data. And reconfigured for the new user. When you retire a device, it should be properly scrubbed. This means deleting all information and disconnecting it from any accounts.
Prepare for Device Loss or Theft
Unfortunately, mobile devices and laptops get lost or stolen. When that happens, you should have a sequence of events that can take place immediately. This prevents company risk of data and exposed business accounts.
Prepare in advance for potential device loss through backup solutions. Also, you should use endpoint security that allows remote lock and wipe for devices.
Reduce Your Endpoint Risk Today!
Get help putting robust endpoint security in place, step by step. We can help! Contact us today for a free consultation.
This Article has been Republished with Permission from The Technology Press.
One of the most difficult types of attacks to detect are those performed by insiders. An “insider” would be anyone that has legitimate access to your company network and data. This would be via a login or other authorized connection.
Because insiders have authorized system access, they bypass certain security defenses. Such as those designed to keep intruders out. Since a logged-in user isn’t seen as an intruder, those security protections aren’t triggered.
There are three troubling statistics from a recent report by Ponemon Institute They illustrate the importance of addressing this threat. Insider attacks are getting worse, taking longer to detect and becoming more extensive.
The report found that over the last two years:
- Insider attacks have increased by 44%
- It takes organizations 85 days to contain an insider threat, compared to 77 days in 2020.
- The average cost of addressing insider threats has risen by 34%
It’s important for companies to understand what makes up an insider threat. That’s the first step towards mitigation.
4 Types of Insider Threats
One reason that insider threats can be hard to detect is that there is not just one kind. Employees, vendors, and hackers can all perpetrate insider security breaches. To further complicate detection, some may be malicious and others accidental.
Here are the four main types of insider threats faced by company networks.
Malicious/Disgruntled Employee
A sales employee that is leaving the company may decide to take all their contacts with them. This is a malicious theft of company data.
Another example of this type of insider attack is a disgruntled employee. They may be upset with their manager who just fired them and decide to do the business harm. They could plant ransomware or make a deal with a hacker to give over their login credentials for cash.
Careless/Negligent Employee
Some insider threats are due to lazy or untrained employees. They don’t mean to cause a data breach. But may accidentally share classified data on a non secure platform. Or they may use a friend’s computer to access their business apps. Being completely unaware of the security consequences.
3rd Party with Access to Your Systems
Outsiders with access to your network are also a very real concern. Contractors, freelancers, and vendors can all constitute an insider breach risk.
You need to ensure that these third parties are fully reviewed. Do this before you give them system access. You should also allow your IT partner to review them for any data security concerns.
Hacker That Compromises a Password
Compromised login credentials are one of the most dangerous types of insider threats. This has now become the #1 driver of data breaches around the world.
When a cybercriminal can access an employee’s login, that criminal becomes an “insider.” Your computer system reads them as the legitimate user.
Ways to Mitigate Insider Threats
Insider threats can be difficult to detect after the fact. But if you put mitigation measures in place you can stop them in their tracks. Being proactive keeps you from suffering a costly incident. One that you may not know about for months.
Here are some of the best tactics for reducing insider threat risk.
Thorough Background Checks
When hiring new employees make sure you do a thorough background check. Malicious insiders will typically have red flags in their work history. You want to do the same with any vendors or contractors that will have access to your systems.
Endpoint Device Solutions
Mobile devices now make up about 60% of the endpoints in a company. But many businesses aren’t using a solution to manage device access to resources.
Put an endpoint management solution in place to monitor device access. You can also use this to safelist devices and block unauthorized devices by default.
Multi-factor Authentication & Password Security
One of the best ways to fight credential theft is through multi-factor authentication. Hackers have a hard time getting past the 2nd factor. They rarely have access to a person’s mobile device or FIDO security key.
Couple this with password security. This includes things like:
- Requiring strong passwords in your cloud apps
- Using a business password manager
- Requiring unique passwords for all logins
Employee Data Security Training
Training can help you mitigate the risk of a breach through carelessness. Train employees on proper data handling and security policies governing sensitive information.
Network Monitoring
Once someone has user access to your system, how can you catch them doing something wrong? You do this through intelligent network monitoring.
Use AI-enabled threat monitoring. This allows you to detect strange behaviors as soon as they happen. For example, someone downloading a large number of files. Or someone logging in from outside the country.
Need Help Putting a Stop to Insider Attacks?
A layered security solution can help you mitigate all four types of insider threats. We can help you with a robust yet affordable solution. Contact us today for a free consultation.
This Article has been Republished with Permission from The Technology Press.
Just five or six years ago, VoIP was still considered a “different” type of business phone system. One that wasn’t the norm. But the pandemic changed that way of thinking. Now internet-based phone systems aren’t simply the norm. They’re mandatory for business continuity.
During the pandemic, VoIP and video conferencing have skyrocketed by over 210%. This is largely due to the move to remote work and hybrid offices. Sixty-seven percent of surveyed companies say switching to VoIP helps improve call handling.
So, no longer is the business phone system tied to a physical location. This enables fluid management of a business with staff spread out over many locations.
Additionally, VoIP significantly reduces costs for businesses. The technology is much cheaper to use than a traditional landline-based system. Calling plans are also often less expensive, and a company can add new numbers for very little cost.
VoIP has several helpful features for small businesses. But owners are busy and may not have time to have all of them enabled.
What are the best features to drive efficiency, productivity, and positive caller experience?
Here are some of the best features of cloud-based business phone systems to leverage.
Automated Attendant
In many small companies, the person answering the phone also has a lot of other duties. You can free up that person’s time and give the caller a better experience with an automated attendant.
An auto-attendant acts as a company directory. It will forward calls to the correct department or staff member for you. Record a pleasant greeting and ask the caller a few questions. Such as, “Press or say 1 for sales, 2 for technical support,” etc.
The caller gets the person they need without having to explain why they’re calling twice. Once to the person that answers the phone and once to the person they’re transferred to.
Find Me/Follow Me
What’s the most favorite user feature for VoIP? According to 77% of surveyed employees, it’s the Find Me/Follow Me feature. This includes the ability to use a virtual phone number that is accessible from all devices. Staff can also transfer calls from one device to another with ease.
Whether you are on a PC, in a conference room, or on your smartphone, you can get your calls. This feature reduces friction and allows people to give out a single phone number. Callers can then use that number to reach the person via mobile, home office, or onsite office.
Hold Music
Playing pleasant music while your callers are on hold might seem like a small thing. But it can have a big impact on customer satisfaction and lead generation activities.
We found some eye-opening statistics from a study on hold music versus silence. In the study, researchers kept people on hold for 1 minute. Results showed:
- On hold in silence: Over 50% of the callers hung up
- On hold with music: Only 13% of the callers hung up
Additionally, 45% of the silent group that did not hang up thought they were on hold for 3-5 minutes. They were on hold for just one minute. While on the music side, 56% of people thought they were on hold for less than one minute.
So, you can see the power of activating that one simple feature of your VoIP system. You may notice happier customers and fewer leads hanging up before they reach anyone.
Voicemail Transcription to Email
When you’re coming out of a meeting, going through a string of voicemails can be frustrating. You have to listen to each one to figure out the people to call back first.
Voicemail to email in VoIP services, provides recorded voicemails emailed to you. This also comes with a transcription of the message. You can quickly glance through the emails and scan the text to rank callbacks. No need to listen to every message first.
Ring Groups
Ring groups are an especially helpful feature if you have a small team. It allows a group of numbers to ring simultaneously until one person in the group picks up.
This means that another staff member may be able to assist a caller, rather than them needing to leave a message. Ring groups are great to set up for sales teams, accounting teams, and customer support teams.
Call Reporting
Another bonus of VoIP phone systems over analog is that you get real-time call reporting. What are your busiest times when you need more staff? Do you have a problem with calls not getting answered fast enough?
Your call reporting can give you insight into those things and more. Make sure you check out these reports and then automate the ones you like so you’ll see them regularly.
Local Support
This isn’t a system feature, but it’s important to have. If you sign up for VoIP from a company halfway around the world, you don’t have any local support when you need it.
Having someone that can come to your office is important. They can set up VoIP desk phones and help you optimize ring groups, mobile apps, and more. Your business phone system is one of the most important pieces of technology you have. Make sure you have the local support you need to keep it operating reliably.
Looking for Local VoIP Solutions?
Get expert VoIP services and local support. We’ll integrate your cloud-based phone system with your entire technology environment. Contact us today for a free consultation.
This Article has been Republished with Permission from The Technology Press.
Data entry can be a real drag for salespeople. The time they spend on administrative tasks is time away from customer interactions. But that data is vital.
It’s important to capture customer orders, quotes, needs, and more. Lead and sales reporting help sales managers know where to direct their attention. Analytics also help drive more efficient ways of closing the deal.
Microsoft has taken up the mantle of this challenge. It is about to launch a new digital experience for sales teams. Microsoft Viva Sales is part of the “Viva” line of applications. These include things like Viva Insights for improved staff wellbeing. As well as Viva Learning for staff development.
The Viva apps natively integrate with MS Teams and the Microsoft 365 ecosystem. They include automation designed to eliminate boring tasks and enable more work engagement.
Viva Sales is a “CRM helper” application. We’ll go through some of the most asked questions about the app, its features, and when you can get it.
What Is Microsoft Viva Sales?
Viva Sales is an application that will provide sales and lead insights. These insights populate throughout Office 365 and Microsoft Teams. The focus of the app is to cut unnecessary manual entry to give sellers more time to sell.
How Does Viva Sales Work? Is It a CRM?
Viva Sales is NOT going to replace your normal CRM platform. Instead, it connects to your CRM and other sales-related apps. It leverages the data from these connections. This makes it easier for salespeople to get the prospect data they need to enable their work.
Salespeople spend approximately 34% of their time on administrative tasks.
Viva Sales Basics
Some of the core advantages of Viva Sales are:
- Eliminate Forms: Data entry for sales professionals is greatly reduced. This frees them up for more customer relationship building.
- Powerful Data Leveraging: Viva Sales connects to several platforms. This includes non-Microsoft programs and CRMs. The integration allows salespeople to cross-reference data points and gain valuable insights.
- AI-Driven Help: Salespeople will get prompts that are AI-driven. These suggestions and reminders help them along in the sales process with a lead.
Interconnected Interface
Microsoft Viva Sales provides sales-specific insights throughout the various M365 applications. Salespeople natively see important customer details, wherever they are. Including in their Outlook Calendar or when in their Microsoft or non-Microsoft CRM.
Viva Sales Features
Tag to Capture Sales Interactions
Tagging is also known as using someone’s “@name” to get their attention. Tagging is a popular software integration used throughout many cloud-based apps. It’s also used within Microsoft 365.
Salespeople can use the familiar tagging function. They can use it to capture data from another M365 application for a prospect or customer. This includes adding someone to a list of customers by using a tag for their Viva Sales name. The system will capture the contextual information on the lead or customer.
Collaborate
Viva Sales makes it easier than ever to collaborate with your team on a sales prospect or customer. You don’t have to chase down information to copy/paste into a message. Use that tagging function to populate lead information from Viva Sales in seconds.
You can also easily edit or open a lead/customer record. No need to look for and open another app. The process gets you where you need to go in as few clicks as possible.
Call Summaries & Integrated Data
One thing that customers and salespeople hate is a lack of understanding. For example, when a salesperson doesn’t know about a recent customer interaction.
This can happen when company communication systems store data from different sources separately. Such as phone call messages being in one place and a customer’s website chat session being in another.
Viva Sales brings all that customer engagement data together into a single view. This allows the salesperson to see call summaries and capture call action items.
Download & Customize
Salespeople that prefer an Excel view of their contact list can get this from Viva Sales. Download lead and customer lists. Customize the application per the organization’s needs.
When Will Viva Sales Be Available?
Microsoft has announced that Viva Sales will be “coming in Q4 2022.” There is no exact date for the launch yet, but you can be sure that we will keep an eye on this!
In the meantime, you can watch a video explaining the application on Microsoft’s site here.
Take Advantage of Microsoft Viva Automation
Microsoft built the Viva suite of digital experience apps for productivity. These apps help employees find information faster, feel more connected, and work more productively.
Now is the perfect time to explore those that have already launched and get ready for Viva Sales.
Contact us today for a free consultation to improve your team’s digital experience.
This Article has been Republished with Permission from The Technology Press.
Digital footprints cover today’s modern workplace. Employees begin making these the moment they’re hired. They get a company email address and application logins. They may even update their LinkedIn page to connect to your company.
When an employee leaves a company, there is a process that needs to happen. This is the process of “decoupling” the employee from the company’s technology assets. This digital offboarding is vital to cybersecurity.
You don’t want a former employee to maliciously email all your customers from their work email. Sensitive files left on a former staffer’s computer could leak months later.
20% of surveyed businesses have experienced a data breach connected to a former employee.
Digital offboarding entails revoking privileges to company data, and much more. This is a critical process to go through for each former staff member to reduce risk.
Below, we’ve provided a handy checklist to help you cover all your bases.
Your Digital Offboarding Checklist
Knowledge Transfer
Vast corporate knowledge can disappear when a person leaves an organization. It’s important to capture this during a digital offboarding process.
This could be something as simple as what social media app someone used for company posts. Or it may be productivity leveraging. Such as the best way to enter the sales data into the CRM.
Make sure to do a knowledge download with an employee during the exit interview. Better yet, have all staff regularly document procedures and workflows. This makes the knowledge available if the employee is ever not there to perform those tasks.
Address Social Media Connections to the Company
Address any social media connections to the former employee. Is their personal Facebook user account an admin for your company’s Facebook page? Do they post on your corporate LinkedIn page?
Identify All Apps & Logins the Person Has Been Using for Work
Hopefully, your HR or IT department will have a list of all the apps and website logins that an employee has. But you can’t assume this. Employees often use unauthorized cloud apps to do their work. This is usually done without realizing the security consequences.
Make sure you know of any apps that the employee may have used for business activities. You will need to address these. Either change the login if you plan to continue using them. Or you may want to close them altogether after exporting company data.
Change Email Password
Changing the employee’s email password should be one of the first things you do. This keeps a former employee from getting company information. It also keeps them from emailing as a representative of the company.
Accounts are typically not closed immediately because emails need to be stored. But you should change the password to ensure the employee no longer has access.
Change Employee Passwords for Cloud Business Apps
Change all other app passwords. Remember that people often access business apps on personal devices. So, just because they can’t access their work computer any longer, doesn’t mean they can’t access their old accounts.
Changing the passwords locks them out no matter what device they are using. You can simplify the process with a single sign-on solution.
Recover Any Company Devices
Make sure to recover any company-owned devices from the employee’s home. Remote employees are often issued equipment to use.
You should do this as soon as possible to avoid loss of the equipment. Once people no longer work for a company, they may sell, give away, or trash devices.
Recover Data on Employee Personal Devices
Many companies use a bring your own device (BYOD) policy. It saves them money, but this can make offboarding more difficult.
You need to ensure you’ve captured all company data on those devices. If you don’t already have a backup policy in place for this, now is a good time to create one.
Transfer Data Ownership & Close Employee Accounts
Don’t keep old employee cloud accounts open indefinitely. Choose a user account to transfer their data to and then close the account. Leaving unused employee accounts open is an invitation to a hacker. With no one monitoring the account, breaches can happen. A criminal could gain access and steal data for months unnoticed.
Revoke Access by Employee’s Devices to Your Apps and Network
Using an endpoint device management system, you can easily revoke device access. Remove the former employee’s device from any approved device list in your system.
Change Any Building Digital Passcodes
Don’t forget about physical access to your building. If you have any digital gate or door passcodes, be sure to change these so the person can no longer gain access.
Need Help Reducing Offboarding Security Risk?
When you proactively address digital offboarding, the process is easier and less risky. Contact us today for a free consultation to enhance your cybersecurity.
This Article has been Republished with Permission from The Technology Press.
The holiday shopping season is taking off. This means that scammers have also revved up their engines. They’re primed and ready to take advantage of all those online transactions.
Don’t forget to stay safe online during the buying frenzy that occurs this time of year. An ounce of cybersecurity prevention is definitely worth a pound of cure. It can also save you from a financial or privacy nightmare.
Here are some of the most critical safety tips to improve your online holiday shopping.
Check for Device Updates Before You Shop
Computers, tablets, and smartphones that have old software are vulnerable. While you may not want to wait through a 10-minute iPhone update, it’s going to keep you more secure.
Hackers often use vulnerabilities found in device operating systems. Updates install patches for known vulnerabilities, reducing your risk. Make sure to install all updates before you use your device for online holiday shopping.
Don’t Go to Websites from Email Links
Yes, it’s annoying to have to type in “amazon.com” rather than just clicking a link in an email. But phishing scams are at an all-time high this time of year. If you click on an email link to a malicious site, it can start an auto download of malware.
It’s best to avoid clicking links, instead visit the website directly. If you want to make things easier, save sites as shopping bookmarks in your browser. This is safer than clicking a text or email link.
Use a Wallet App Where Possible
It’s always a risk when you give your debit or credit card to a website. The risk is even higher if you’re doing holiday shopping on a site you haven’t purchased from before.
Where possible, buy using a wallet app or PayPal. This eliminates the need to give your payment card details directly to the merchant. Instead, you share them with the wallet app service (Apple Pay, Google Pay, PayPal, etc.). But the retailer doesn’t get them.
Remove Any Saved Payment Cards After Checking Out
There are many websites (including Amazon) that automatically save your payment card details. This is bad. Yes, it may make the next buy more convenient, but it puts you at risk. A hacker with access to your device or account could make purchases.
There is also the risk of a data breach of the retailer. These are common and can leak sensitive customer payment information. The fewer databases you allow to store your payment details, the better for your security.
Immediately after you check out, remove your payment card from the site. You will usually need to go to your account settings to do this.
Make Sure the Site Uses HTTPS (Emphasis on “S”)
HTTPS has largely become the standard for websites now. This is instead of “HTTP” without the “S” on the end. HTTPS means that a website encrypts the data transmitted through the site. Such as your name, address, and payment information.
You should NEVER shop on a website that doesn’t use HTTPS in the address bar. An extra indicator is a small lock icon in front of the website address.
Double Check the Site URL
We all make typos from time to time. Especially when typing on a small smartphone screen. One typo can land you on a copycat site (such as Amazonn(dot)com).
Hackers buy domains that are close to the real ones for popular retailers. Then, they put up copycat sites designed to fool users that make a mistake when typing the URL.
Take those extra few seconds to double-check that you’ve landed on the correct website. Do this before you start shopping.
Never Shop Online When on Public Wi-Fi
When you connect your device to public Wi-Fi, you might as well expect a stranger to be stalking you. Hackers LOVE the holiday shopping season and will hang out in popular public Wi-Fi spots.
They spy on the activities of other devices connected to that same free hotspot. This can give them access to everything you type in. Such as passwords and credit card information.
Never shop online when you’re connected to a public Wi-Fi network. Instead, switch off Wi-Fi and move to your mobile carrier’s connection.
Be On High Alert for Brand Impersonation Emails & Texts
Phishing scammers were very active during the holiday shopping season of 2021. There was a 397% increase in typo-squatting domains connected to phishing attacks.
While you need to be careful all the time about phishing, it’s even worse during the holiday season. Attackers know that people are expecting retailer holiday sales emails. They also get a flurry of order confirmations and shipping notices this time of year.
Hackers use these emails as templates. They impersonate brands like Target, UPS, Amazon, and others. Their emails look nearly identical to the real thing. They trick you to get you to click and/or log in to a malicious website.
Be on high alert for brand impersonation emails. This is another reason why it’s always better to go to a site directly, rather than by using an email link.
Enable Banking Alerts & Check Your Account
Check your bank account regularly. Look for any suspicious charges that could signal a breach. One way to automate a monitoring process is to set up banking alerts through your online banking app.
For example, many banks allow you to set up alerts for events such as:
- When a purchase occurs over a specified dollar amount
- When a purchase occurs from outside the country
How Secure Is Your Mobile Device?
Mobile malware is often deployed in holiday shopping scams. How secure is your device from malicious apps and malware? Contact us today for a security checkup.
This Article has been Republished with Permission from The Technology Press.