Where is your data?

Shadow IT – The Risk Lurking in Your Company’s Devices

 

Do you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT team. There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed.

 

In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are becoming more and more tech savvy, and it is less likely that every portion of IT in use has gone through a thorough IT department vetting process.

 

At this point, it is difficult to imagine an organization that is not implementing Shadow IT. Managers and employees are now selecting their own IT services independently. In many ways, this allows employees to be more agile and productive. There are countless tools employees and departments may innocently implement without thinking they need to involve IT.

 

With file sharing solutions like Dropbox and Hightail, to free project management platforms like Asana, employees are constantly finding new ways to efficiently collaborate and share data from wherever they happen to be. They no longer need to be in the office to check the status of a project or access sensitive documents. In fact, Shadow IT also includes hardware, like personal laptops your employees might use to accomplish business-related tasks over the weekend. These devices may not be as secure as what they use in the office, and could expose your files to greater risks.

 

Certainly, no one wants to discourage employees from creating efficiencies. However, as a business owner, you should always balance risk and reward. The cost of increased employee productivity may be security. Not all employees understand when they are sharing sensitive business data in insecure ways. Employees are looking for ways to hit and exceed their goals, not necessarily thinking about cyber security. They are likely to choose programs for ease of use and convenience without noticing a lack of important security features like two-factor authorization or encryption.

 

In addition to an increased risk of data breaches or attacks by hackers, there are also many other hidden monetary costs associated with Shadow IT. Dozens of employees may be using the same application, but all are paying for it individually instead of benefiting from a volume-based discount. Costs like this add up and impact your business.

 

As a Small Business Owner, you don’t have the time to check every device for Shadow IT, or find out about every digital tool your employees are implementing. Your trusted Managed Service Provider has the knowledge to assess your organization’s Shadow IT usage. Sometimes, a gap in your existing, approved IT systems could cause employees to seek outside technology resources. Other times, one or two employees have found a tool that, if implemented correctly and with all proper security procedures, could improve productivity for employees across your business. We’ll bring your company’s Shadow IT into the light. We will help you evaluate the risks and benefits of the Shadow IT in place at your business, and work with you to determine the next steps. Don’t let Shadow IT go unchecked. Contact Net Works today!

 

Spear Phishing – Avoiding the Trap

Phishing is an attack designed to trick Internet users into giving away confidential information, typically by sending an e-mail posing as a legitimate organization (like a financial institution) and linking to a website disguised as one associated with that institution. Spear phishing is a more sophisticated version of phishing that takes these attacks to the next level. Instead of sending mass communications to a large group of people, spear phishing specifically targets individuals using personal information such as geographic location, recent purchases, or a list of friends to make their requests seem more believable.

 

Why Spear Phishing?

Spear phishing is becoming increasingly more common because they are harder to identify than traditional phishing attacks. The e-mails and phone calls are more personalized therefore, many people fall into the trap.

 

What do these attacks look like? As an example, you may be a Mac user who gets a call from an individual claiming to be an Apple representative, requesting remote access to your computer to fix a bug.  Consequently, if you are a Windows user who gets a phone call from someone claiming to be from Microsoft. More likely, it is probable that this is an attack especially if you have not submitted any type of service request – if the communication is unsolicited, be very wary.

 

Social Media

Your social media profiles are an asset to spear phishing attackers. The more personal information that you make publicly available, the more these attackers can personalize their communications to you and pose as a reputable contact. In today’s world, we give away so much information through social media posts, we don’t always stop to think of how that information may be used against us. Maybe we use Twitter to contact a company regarding a customer service complaint- now an attacker knows that we might expect a communication from that company. Our digital footprints are easier to track than ever.  While that doesn’t mean we need to stop communicating with companies through social media, it does mean we need to be vigilant.

 

Signs of Spear Phishing

We will continue with the examples used above. Let’s say you tweet about a specific brand with a customer service complaint. Shortly thereafter, you receive an e-mail from that company apologizing and offering a coupon code for you to use online or in one of their brick and mortar stores. Is there a reason to be suspicious?  In this case, you have reached out to the brand. They may have been able to find your e-mail address if it was on your social media account, or by searching your name and location in their customer database if you have a history of communicating with them. The company is offering you a coupon as compensation, but is not requesting any further information from you to access the discount. Any links in this e-mail go to their official website, not version with a slightly modified name. This is likely to be a communication you can trust.

 

Now, imagine getting a different e-mail. In this message, the company reaches out to you with a letter of apology. They tell you they would like to compensate you, but will need personal information from you to process your gift, like banking details, date of birth, and social security number. The website where you would enter this information may be a somewhat modified version of the company’s official website, (e.g. instead of examplecompany.com you will be sent to examplecompany-gift.com). This email raises red flags!  In this case, we strongly caution you against entering your information, as once collected may be used to access many of your other accounts.

 

What to do if you’ve been attacked 

Spear phishing attacks continue to get more sophisticated, and mistakes can happen. If you are caught in an attack, what can you do to mitigate the damage? The first step is to contact a dependable and qualified managed service provider.  At Net Works, we are your trusted technology resource.  We will help figure out exactly what was stolen by the hackers and help to unwind the damage that was done.  Don’t face the underbelly of the internet all on your own! Get Net Works on your side, contact us today!

Ransomware…..right in your backyard

Ransomware attacks continue to make headlines therefore, being proactive is critical. Hospitals, universities, SMBs and even government offices have found themselves a victims of these attacks. You must take every precaution against Ransomware attacks, especially as they become more and more frequent. In this climate of threats, it is necessary to add as many layers of protection as possible. That’s where File Folder Sharing (FFS) comes into play.

 

FFS is the practice of sharing or offering access to digital information or resources, including documents, multimedia (audio/video), graphics, computer programs, images and e-books. It is the private or public distribution of data or resources in a network with different levels of sharing privileges.

 

FFS is convenient, and allow your team members to work on projects and collaborate no matter where they are; it also gives you the added layer of protection necessary in today’s world. Securing backups in the cloud can save files that would have been compromised. Your device may be infected, but with files backed up in the cloud, you can restore them quickly and thwart the attack.

 

At first glance, FFS products may appear to be identical. But the features they offer vary, and certain systems offer more protection than others.

 

How do you know which FFS option is right for your business? Should you make choices based on cost or are there certain “must have” features? Is a popular, well-known and widely used product best, or does it simply have the best name recognition? Is it worth spending more for a product that offers end-to-end encryption to avoid higher costs in the event of an attack?

 

To answer these questions accurately and assess which FFS product is right for you takes time, research, and expertise. Do not try to make this important decision on your own!  You need a specialist to guide your choice.

 

At Net Works —we are experts who stay knowledgeable on both current cybersecurity best practices and the tools available in the market today.

 

The right FFS product can make a critical difference for you if a Ransomware attack strikes. Differentiate yourself from your competitors who are not investing in security.  Avoid the pitfalls of Ransomware attacks by talking to Net Works to determine the best strategies and products to meet your security needs. Don’t be caught off guard if an attacker strikes.

School’s Back!!! Want us to grade your Network?

Keeping your organization running smoothly and moving forward can sometimes feel like a juggling act.  Personnel issues, supply chain snags, and long term planning; your days can just fly by.  It is tempting to just put your IT network in the back of your mind and only deal with it when problems arise.  However, unless you have performed a full Network Assessment you could be heading for trouble.

 

A Network Assessment is a complete review of all your organization’s existing IT infrastructure, security protocols, management, and performance.  Once you have a comprehensive view of the state of your IT, you will be able to identify areas of improvement and make strategic business decisions.  Don’t wait until you are contemplating a big project or until your organization has grown to the point that you aren’t quite sure of exactly what is going on throughout your network; by being proactive, problems will be caught early, solutions found, and your network’s performance can be tracked over time.

The four main areas a Network Assessment will help identify: 

Weaknesses in your cyber security protocols that need immediate attention to avoid any adverse impacts to your operations and networks.

Overused or underused technology resources. The technology needs of your teammates can differ widely and some departments may require more network resources than others.  By looking at your entire system you will be able to optimize your resources.

Bandwidth bottlenecks.  As more and more organizations move their operations into the cloud, more bandwidth is oftentimes required.  Streaming videos, running programs, and downloading files can all slow down your network.

Advantages and potential problems of rolling out new technologies.  A full Network Assessment will allow you to plan for your future technology needs by identifying how any changes will fit into your current framework.  What should the timeline for any improvement be?  What integration points do you need to keep in mind or prepare for?  With a full Network Assessment, you can employ a strategic approach to your technology plans rather than just keeping up with your organization’s needs.

 

A full Network Assessment is key to any comprehensive technology strategy.  Don’t drop the ball when it comes to your IT.  Your technology is too important for you to ignore.  Get Net Works, as your IT partner.  We will perform a Network Assessment across your entire IT environment.  Together, we will map out a course that will continue to move your organization forward.  Stop trying to juggle your IT needs!  Contact Net Works Today!

We’ll help to keep you organized and efficient so you can do what you do best!

As a business owner, you have enough on your plate keeping your organization moving forward and getting ready to face new challenges.  You need to be prepared to take advantage of new opportunities when they come your way.  Are you losing sleep over IT worries?  How can you ensure that you are moving in the right direction when most of your time is consumed with figuring out IT issues?  Even more, are you ignoring your IT and hoping for smooth sailing?  That is the surest way to end up in the middle of an IT disaster!  This 4th of July as we celebrate our nation’s independence, declare your independence from IT worry!  With Net Works, you can rest easy knowing that we have your back and are working in your best interests.

 

Never again will you have to waste valuable time ensuring your hardware is running properly or fixing any issues that come up.  At Net Works, our technicians hold the most up to date certifications and are there to handle any issues you have.

 

Never again will you have to worry if all your software is up to date or if you are vulnerable to malware because of a missed patch install.  At Net Works, we handle all of your updates and security protocols.  If you ever face a disaster natural or otherwise, you can rest easy knowing that your data will be safe in our data center.  Ensuring that your office can continue to function even if your physical location is compromised.

 

Never again will you have to deal with a blown IT budget because of unexpected problems.  At Net Works, we partner with all of our clients to map out a comprehensive plan for their technology infrastructure.  With a plan in place you will know that any of your future technological needs will be met without any surprise costs.

 

Never again will you have to wonder if your organization is falling behind the technological curve.  At Net Works, we have the knowledge and the resources to allow you to exploit the newest technological advances quickly.  You will always be one step ahead of your competitors’.

 

At Net Works, we are information technology experts.  We will handle all of your technology needs so you can get back to focusing on your business.  Declare your freedom from IT worries Get Net Works, on your team.  Contact us today!

 

 

 

Find Time and Outlook Add-Ons

Any SMB owner knows that time is money.  At Net Works, we are always looking for ways that you can maximize your and your team’s productivity.  In our collaborative work environments, meetings are essential to hold, but also can be a nightmare to schedule.  Team members can be working remotely, members outside your organization can be on the road based in any region of the country, or even around the world; making scheduling a meeting a challenge.   Fortunately, Microsoft has a solution to ease this burden.  Find Time is a free add-on to their nearly ubiquitous Outlook email program.  It is simple to use and very convenient.  Once the add-on is installed, you will see a button in the upper right hand bar of your Outlook dashboard.  Once you click  the button, the steps to scheduling a meeting are easy!

  • Choose the attendees you wish to invite
  • Propose a few different days and times to meet
  • Let people vote on the time that works best for them.
  • Once a consensus is reached the meeting invites are automatically sent out.

There are a couple of other great features in Find Time.  You can alert people to your preferred meeting time; allowing your invitees to see if they can make that time work.  You can see the time most people within your organization are available; allowing you to see if you can move things around to meet with people at their most convenient day and time.  With Find Time you can spend your time meeting rather than sending out numerous emails and making phone calls trying to find a time to meet.  At Net Works, we work to stay abreast of all new developments that will help you to increase your productivity.  Net Works is your IT department.  We stay current, and alert you to all recent upgrades in the tech world so you don’t have to.  When it comes to serving your business I.T. needs, we’re IT!  Contact us today.

Disaster Planning 101: A Guide to help you plan for the worst

IT disasters are devastating to the infrastructure of any organization.  In a modern office environment IT is the hub of any type of business.  Disasters can disrupt IT processes to the point that businesses are significantly impacted.  When it comes to disaster recovery many firms believe they will never need a back-up plan; convincing themselves that the likelihood of their organization being affected is minimal.  In reality, threats to your IT infrastructure are growing no matter what segment of the economy you operate within.

In each sector an IT disaster can be classified into two different categories: Natural, such as floods, tornados, or earthquakes; or man-made, primarily sabotage or cyber-attacks and more benign causes like human error or power outages.  Whatever the cause of your IT downtime, a comprehensive Disaster Recovery Plan is the key to getting you up-and-running in an efficient manner and with the least amount of disruption.

While every organization has its own unique structure and needs, there are a few key areas that must be considered before deploying a Disaster Recovery Plan.  According to the National Institute for Standards and Technology (NIST) special Publication 800-34, Contingency Planning for Information Technology Systems, a comprehensive structure for an IT disaster recovery plan begins with the following:

  1. The plan development team should meet with the technology team to establish the scope of the plan.
  2. Gather all relevant network infrastructure documents (network diagrams, equipment configurations, databases, etc.)
  3. Obtain copies of any existing IT and network DR plans (if any) as well as any history of previous outages and how they were handled.
  4. Identify the most probable threats to the IT infrastructure, e.g. fire, power loss, human error, cyber threats.
  5. Identify the most serious vulnerabilities such as lack of backup power, out dated copies of databases.
  6. Identify what are the critical IT assets.
  7. Determine the maximum acceptable outage time.
  8. Choose your IT Disaster Recovery Technology. Choices range from onsite backups to enterprise level cloud disaster recovery. The best recovery strategy depends on the most likely threats to any given organization’s IT operations and resources.  The most robust strategy is a fully mirrored recovery site at a physically separate facility.

A quick glance at the news will tell you that you cannot afford to hope for the best when it comes to disaster recovery planning, but where do you even begin?  An incomplete plan will not serve you well in the case of a disaster.  At Net Works we will partner with you to craft your unique Disaster Recovery Plan.  Business continuity is too important to ignore!  Don’t risk your organization with poor preparation.  Get Net Works in your corner.