Home » Blog » mobile

Tag: mobile

zero day business

Protect Your Firm Against Zero-Day Attacks

Protecting your business against the latest IT threats should always be a top priority. Updating antivirus and patching your operating system is a great way to start. What happens, however, when a threat appears at your door before security firms have had a chance to catch it?

A security threat that exploits a previously undiscovered vulnerability in the computer is known as a zero-day threat. The name “zero-day” is designed to imply how long since the vulnerability was discovered. The term also indicates that system developers have had zero days to fix it.

A newly discovered attack might be packaged into a computer virus or worm. This will allow it to spread far and wide while inflicting the maximum amount of damage possible. When spread successfully, a new exploit has the potential to reach hundreds of thousands of computers before an operating system or anti-virus update can even be issued.

There are a number of ways we can protect your business or lessen the damage from a zero-day attack.

Preventative security

The number one way to mitigate the damage from any attack to your system is to prevent it from happening in the first place. Maintaining a good firewall and up-to-date antivirus is the best step you can take to ensure the security of your system.

A firewall, monitoring traffic in and out of your network, reduces unauthorized entry over the network. Even without knowing the exact nature of the attack, suspicious activity traveling in and out of the system can be stopped.

The same is true of modern Antivirus. Even when it can not identify the specific zero-day threat from its virus database; it can often identify malicious intent from learned behavior in the system.

A Locked Down Network

Should a zero-day threat make it into your network, our next goal should be to limit its effects. By restricting user access to only essential files and systems we can limit the damage done to the smallest number of systems. Good security policy dictates that each account should only have full access to the systems needed to complete the user’s job. For example, users from the accounts department shouldn’t have access to sales department databases.

In this way, the damage of a single compromised account is limited to only the network area it operates in. Such limited impact should be easy to control and can be reversed with regular backups.

Good Data backup

Whether your entire network has been exploited or only a small area has been affected; good data backups are your protection against major lasting damage. Having a good backup means having the procedures in place to both create regular backup copies and make sure they can be restored at a later date.

Reliable and well-tested backups are worth their weight in gold. Knowing your data is safe and your system can be recovered is peace of mind against even the most highly destructive zero-day attacks.

Intrusion Protection

While the precise methods of a zero-day exploit can’t be known in advance, a network intrusion protection system (NIPS) can monitor the firms’ network for unusual activity.

The advantage of NIPS over a traditional antivirus only system is it does not rely on checking software against a known database of threats. This means it does not need updates or patches to learn about the latest attacks. NIPS works by monitoring the day-to-day patterns of network activity across the network.

When traffic or events far out of the ordinary are detected action can be taken to alert system administrators and lock down the firewall. Devices such as USB drives and mobile devices can all introduce threats to the network. They can often make it past the firewall because they are physically introduced to the system.

NIPS protects against threats introduced to the network from both external and internal sources.

Full Cover Protection

Used in combination these techniques can prevent, protect, and mitigate against the kinds of threats that even the top security firms haven’t patched yet. We think it’s important to keep your firm secure whatever it might come up against in the future.

If you could use help protect your business against online threats, give us a call today at 570-779-4018.

Business Tools to Take Your Business Out of The Office

Business Tools to Take Your Business Out of The Office

Being engaged in business used to mean staying wired in at the office eight to twelve hours a day. In the modern day, this is completely untrue. Often the most efficient workplace is spread far and wide and always on the go.

Today you can completely unplug from your desk with just your laptop computer and 4G modem. The freedom to work out of the office and even on the move is a huge advantage gifted to modern business. A simple mobile phone tether is enough to work from anywhere in the world.

The Right Tools for the Job

The most important part of working on the go is ensuring you don’t lose touch with your team. Maintaining total collaboration between team members can be tricky. Luckily, there are tools that will help you to stay on top.

Microsoft Office 365 provides the traditional tools and support of Microsoft office, but adds remote team collaboration and cloud support too. Files can be saved into the cloud, worked on, and accessed anywhere for review. At one time, remote working meant taking a copy of a file somewhere else to work. Changes to the original weren’t reflected in the remote copy and at least one version was destined to be lost forever.

Software packages such as OneDrive allow the entire team to work on a single centralized file saved to the cloud. Whether you edit on a beach, plane, or train; your team in the office gets the same version you do, at the same time.

Collaborative Working

The key to remote working is the ability to collaborate in a digital space with everyone at once. Modern software such as Office 365 allows all team members to be working on a single document at the same time.

Whether the project calls for killer spreadsheets, expertly crafted documentation, or a knockout presentation; everyone can pull together and hit it out of the park.

Even when you’re not working out of the office or busy on the road, collaborative software can help to power your team working locally too.

Admin Done Remotely

Modern software has impacted the way in which we do bookkeeping and accounts too.

Similar to being tied to your desk in years gone past; accounting software was once stuck solidly in the desktop too. Previously, batch runs of calculations were required to provide reports on a weekly, bi-weekly, or monthly basis. Today, cloud computing has opened up ways to speed up business in ways we couldn’t have imagined.

Cloud-based accounting packages such as Xero or Quickbooks Online allow for your accounts to be done remotely. Moving the resource and strain out of your firm takes it out of sight and out of mind.

Security and maintenance of your accounts databases, for example, falls to cloud professionals instead of your business. Rather than waste company time on submitting documents and calculating taxes they are done in the cloud and submitted to you instead.

Make your Accounts Work for You

Maintaining your accounts is made as simple as logging into a single portal. This tool allows you to take both your admin and your work out of the office and keep it on the go.

By the time your accounts are due, your accountant simply has to log in remotely and pick up where you left off. By the time taxes are due the work is done and you can get on with the important things.

Getting work done out of the office and on the go is a huge boost to productivity. Modern technology enables you to keep team members up to speed, continue collaborating, and even stay on top of your accounts from anywhere in the world.

Give us a call today at 570-779-4018 to talk about how we can help you unwire from the office.

The Top 5 IT Security Problems for Businesses

The Top 5 IT Security Problems for Businesses

Companies that suffer security breaches nearly always have one of these IT security problems. Is your company guilty of any of them?

No Backups

A shocking number of businesses are not backing up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.

Not only should every business be fully backing up their data, but their backups should be regularly tested to work too. It’s a step that businesses miss surprisingly often. Many businesses don’t find out that their backup can’t be used until it’s already too late.

Reactive and not proactive

The world is constantly changing. The IT world doubly so. Attackers are always figuring out new ways to break into businesses, hardware evolves faster than most can keep up, and old systems fail due to wear and tear far quicker than we would like. A huge number of businesses wait until these issues impact them directly before they respond. The result is higher costs, longer downtime, and harder hitting impacts.

By responding to hardware warnings before it fails, fixing security holes before they’re exploited, and upgrading systems before they are out of date: IT can be done the right way. Being proactive about your IT needs means systems don’t have to break or compromised before they are fixed. The result for your business is less downtime, fewer losses, and lower IT costs.

Weak Passwords

A surprising number of people will use the password “password” to secure some of their most important accounts. Even more still will write their own password on a post-it note next to their computer. In some cases, many will even use no password at all. Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too. When system changes are made it’s often essential that the account that made changes is secured to the right person.

With an insecure password or worse; none at all, tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.

Insufficient Staff Training

Humans in the system are commonly the weakest point in IT security. Great IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate. If staff aren’t trained to use the lock, it’s worth nothing at all.

Often times businesses can justify spending big on security for the latest and greatest IT defenses. The very same firms may exceed their budget and spend almost zero on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat where it takes place, avoiding and mitigating damage, often completely.

Weak Data Controls

Some companies can take an ad-hoc, fast and loose approach to storing professional data. Often crucial parts can be spread across many devices, copied needlessly, and sometimes even left unsecured. Client data can be found regularly on employee laptops, mobile phones, and tablet devices. These are famously prone to being misplaced or stolen out in the field along with vital client and security data.

It can be easy for both employees and firms to focus on the costs of devices and hardware purchased for the business. The reality is that the data held on devices is almost always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since the firm was first founded. Critical data is often held on single machines that haven’t been updated precisely because they hold critical data. Such machines are clearly vulnerable, outdated, and prone to failure.

Common problems with simple solutions

Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.

If you need help securing your IT to protect your business, give us a call at 570-779-4018.

Lost Phone

How Losing a Mobile Device Puts Your Entire Business at Risk

Losing a mobile phone or laptop is an experience that everyone dreads. The expense and inconvenience of buying a new device is unpleasant, but only represents a fraction of the damage done when a device is misplaced. The cost of data contained within every device can add up to many times more than the total value of the device itself.

Chances are, you already use automatic login on a large variety of online services. Each of these services are vulnerable to an attacker having possession of your device.

Usernames and passwords – An obvious place for an attacker to start is the likely long list of usernames and passwords saved for future use by your browser. This is often done to save time when logging into sites that you visit often. Almost universally, people opt to save login information so that they don’t have to attempt to remember it every time they return.

In only a short amount of time, a browser is trained to log in to your Facebook, cloud storage, and bank details just by visiting the page using your regular device. These details, called up by the browser, are saved in a single list accessible to anyone with access to the device. For an unscrupulous stranger with a found device, this list represents a goldmine of information. Simply by finding a phone misplaced in public they may gain access to a huge array of services.

The problem can be made many times worse where a single password or a combination of similar passwords have been used across several accounts. In some instances, an attacker need only gain access to a single one and reuse the same stolen credentials across many sites and services.

Email – Email accounts are a key target for attackers looking for access to your personal information. It is a service that many take for granted, logging in once the first time they set up the device and using automatic login every time after. It is a service that also unlocks a great deal more than just private messages. Of course, an attacker having free access to read your personal emails is bad news, but with email access a malicious user can gain access to many of the most commonly used web services online.

Using the “forgotten password” button on many sites triggers a response that emails a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords to one of their choosing. Doing this both grants themselves access to your account and denies you access to rescue it.

Contacts – One of the best features of instant messaging is that your contacts know the messages come from you. When a message is sent from your device to someone you know it displays along with your name, details, and likely a photograph too. This can lead to identity theft, one of the biggest concerns of a lost or stolen device.

With contact information already programmed in an attacker has an opportunity to impersonate you when speaking to anyone in your contacts list. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.

Social Media – Your social media accounts are often the face of your brand. They can be a primary way to reach out and contact customers. They are almost always the first point of contact a client has with your business. They are also extremely vulnerable to being hijacked from a stolen device.

Fraudulent social media access can allow attackers to harvest both client and business data. Even without profiting directly, posting privileges can be used to cause irreversible damage to a business.

Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer.

We can help you to stay secure and remain in control even in the face of losing a device. Give us a call at 570-779-4018 and let us help secure your business.

Getting tech new business

How to Get the Right Tech for Your New Business

Congratulations on your new business! Start-up costs can easily escalate, and tech is often one of the bigger expenses. It’s not that everything is high priced, but the sheer number of technologies available can overwhelm smart decision making. The latest tech is dangled in front of you with amazing features you didn’t know you needed, and suddenly your budget has gone boom!

Here’s how to get the tech right for your business, without the headache and drama.

1. Check if you actually need it

In a lot of cases, using a cloud application means you can skip the big server purchase, along with the on-site technician to manage it. Many of your business programs will have a cloud option that allows you to get all the benefits without the big expense. Before you make the tech purchase, work out which applications you’ll be running and whether a local installation or cloud access is preferred. As part of this stage, think about how you’d like to use the applications – perhaps remote access is a priority, or perhaps collaboration will underpin your business culture. This level of clarity is often overlooked and the number 1 reason why tech expenses spiral.

2. Get expert advice

It’s easy to ask friends and family what to buy, but there are many more factors to consider than just their personal preference. You trust their opinion, of course, but they may be speaking from a consumer perspective or basing their recommendation on brand loyalty. Every business is different and pairing the correct technology with the business will save you a lot of money in the long run.

3. Buy business grade

Unfortunately, the computers and laptops you see in department stores aren’t up to business standard. They’re designed for home users to perform quick tasks, not run a full 8 hour (or more) workload. Business grade systems have additional features that your business needs, plus longer warranties and better support. Even the attached devices like networking or printers are built to a higher standard, to last longer and perform better. Considering the cyber climate we live in, taking a special interest in the security offered by the business grade technology is a wise decision.

4. Prioritize flexibility

Businesses evolve rapidly during their first few years and the last thing you want to do is go out and buy new tech, playing catch-up with your vision and smushing together an assorted mismatch of devices. Your new technology should be as scalable as your business, which means making purchase decisions based on strategy, not price. Perhaps this means instead of workstations for employees, you only need tablets. Rather than having a fixed point of sale system, you might choose mobile checkout devices so your staff can assist customers on the go. These examples highlight how easy it is to commit to certain tech because it’s ‘what you do’ but later discover you’re locked into a certain way of doing business. Trying to change your processes down the line impacts productivity, efficiency and culture in a big way, so we recommend buying with your future success in mind.

5. Choose an IT partner

During your set up and moving ahead through growth, you’ll need an IT partner who can not only help with your purchase strategy but support you through any tech problems as they arise. That’s the difference between a partner and a supplier, they’re committed to driving long-term business success.

You’ll be able to call on your partner and know they’re immediately up to speed with your business, they know how IT can help leverage your competitive advantage and which critical systems they should focus on. Getting good tech in place shouldn’t be seen as just an expense. It improves productivity and allows you to serve your customers better while enjoying consistent growth.

If you need an IT partner to help your business grow, give us a call at 570-779-4018.

New ‘KRACK’ Wi-Fi Security Issue: This Affects All of Us

The invention of Wi-Fi has been a science fiction dream come true. We can use our laptops anywhere in the house, our phones are using home internet instead of sucking down our cellular data, and our gadgets are all communicating. It’s essentially the backbone of the smart tech boom for home and business alike. Most networks are password-protected with an encryption called “WPA2” and this has been safe and secure, until now.

Recently, a security flaw called KRACK was discovered that allows hackers to break into Wi-Fi networks – even the secured ones. Your laptop, mobile phone, gaming console and even your smart fridge are possibly vulnerable as a result.

How KRACK works: The Key Reinstallation AttaCK isn’t a problem with your device or how it was set up. It’s a problem with the Wi-Fi technology itself. The attack gets between your device and the access point (eg router) to reset the encryption key so hackers can view all network traffic in plain text. Since we rely on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, chat messages, emails, photos and more.

NOTE: The hacker must be in physical range of your Wi-fi to exploit this flaw, it doesn’t work remotely like other attacks we’ve seen recently. Given most Wi-Fi ranges extend well past your own home/business, this is small comfort, but important to know.

How to protect yourself

Run your updates: Software updates are being released which fix the flaw. Microsoft has already released one for Windows, Apple has one coming in a few weeks. Take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update, or if they’re older, may not get an update to fix this issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support.

Be very careful with public Wi-Fi: While your local business center, library or school campus has expert IT professionals keeping guard over your security, it’s a very different matter at your local coffee shop. It’s unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them a dollop of private information with their coffee.

Check your browser security: Before sending anything secure over the internet, check you’re using a HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.

If you need help updating your devices, or want us to check if you’re safe, give us a call at 570-779-4018.

Four Simple Steps To Paperless

So your desk is buried in paper, your shelves are overcrowded with stacks of documents, and you’ve carved out just enough space for your keyboard, mouse, and coffee? It’s time to go paperless, not just for your own sanity, but to streamline the entire business. It’s the one move that saves time and space while gaining flexibility for your mobile workforce. When you’re ready to adopt paperless processes, consider these 4 steps:

  1. Leverage the cloud for storage and search: Documents can be uploaded, viewed and edited only by those with permission. Google Drive is the easiest tool to begin implementing paperless storage and collaboration, though Evernote and Microsoft OneNote are also strong contenders. No matter which you choose, you’ll be able to easily find files using search functions, and no longer need to remember whether it was filed by name, subject or category – just enter what you need and let the system locate it for you. Then simply update, share or email the file as required. No more filing cabinets or archive rooms, just clutter-free workspaces, room to breathe, and possibly even lower overheads now that you could fit into a smaller office space. Digital files will also allow remote access, perfect for working on the go or telecommuting staff. Access files at any time using your secure login, on any device, from any location.
  2. Provide training across the board: Establish ongoing training to ensure all workers are up to speed with the new system and the way you’d like things done. This is the time to set standards for file and folder names, new collaboration norms and security protocols. Long-term adoption will require cooperation from workers at all levels of the business, and training for everyone will go a long way towards success.
  3. Scan necessary papers: The move towards digital files often requires a step back to scan necessary files into the system. Many of the office grade multifunction printers offer double-sided feed scanning, so you can quickly scan papers into the system and then dispose of the paper. Alternatively, you can obtain special scanning hardware like the Fujitsu Scansnaps. Any new paper documents can be scanned likewise, and even faxes can be set to accept digital files only. Each file will digitize to quite a small size, so running out of hard drive space shouldn’t be a concern.
  4. Prioritize backups: The best way to prevent file and document loss is to have a robust backup system, including a regular off-site backup. Treat your backups as a vital insurance policy, so that your files are readily available and intact if required. Use your backups to address any issues as soon as they arise and keep your new paperless files well-managed and secure.

Ready to go paperless? We can help. Call us today at 570-779-4018.