6 Ways to Prevent Misconfiguration (the Main Cause of Cloud Breaches)
Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for. The user often assumes that they don’t need to worry about security because it’s handled.
This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing the backend infrastructure. But the user is responsible for configuring security settings in their account properly.
The problem with misconfiguration is huge. It’s the number one cause of cloud data breaches. It’s also an unforced error. Misconfiguration means that a company has made a mistake. It hasn’t adequately secured its cloud application.
Perhaps they gave too many employees administrative privileges. Or, they may have neglected to turn on a security function. One that prevented the downloading of cloud files by an unauthorized user.
Misconfiguration covers a wide range of negligent behavior. It all has to do with cloud security settings and practices. A finding in The State of Cloud Security 2021 report shed light on how common this issue is. 45% of organizations experience between 1 and 50 cloud misconfigurations per day.
Some of the main causes of misconfiguration are:
- Lack of adequate oversight and controls
- A team lacking security awareness
- Too many cloud APIs to manage
- No adequate cloud environment monitoring
- Negligent insider behavior
- Not enough expertise in cloud security
Use the tips below to reduce your risk of a cloud data breach and improve cloud security.
Enable Visibility into Your Cloud Infrastructure
Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud use.
When an employee uses a cloud app without authorization, it’s considered “shadow IT.” This is because the app is in the shadows so to speak, outside the purview of the company’s IT team.
How can you protect something you don’t know about? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration.
Gain visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.
Restrict Privileged Accounts
The more privileged accounts you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally open a vulnerability. Such as removing a cloud storage sharing restriction. It could leave your entire environment a sitting duck for hackers.
Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.
Put in Place Automated Security Policies
Automation helps mitigate human error. Automating as many security policies as possible helps prevent cloud security breaches.
For example, if you use a feature like sensitivity labels in Microsoft 365, you can set a “do not copy” policy. It will follow the file through each supported cloud application. Users don’t need to do anything to enable it once you put the policy in place.
Use a Cloud Security Audit Tool (Like Microsoft Secure Score)
How secure is your cloud environment? How many misconfigurations might there be right now? It’s important to know this information so you can correct issues to reduce risk.
Use an auditing tool, like Microsoft Secure Score. You want a tool that can scan your cloud environment and let you know where problems exist. It should also be able to provide recommended remediation steps.
Set Up Alerts for When Configurations Change
Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:
- An employee with elevated permissions accidentally changes them
- A change caused by an integrated 3rd party plug-in
- Software updates
- A hacker that has compromised a privileged user credential
Be proactive by setting up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to force multi-factor authentication gets turned off.
If an alert is set up, then your team knows right away when a change occurs to an important security setting. This allows them to take immediate steps to research and rectify the situation.
Have a Cloud Specialist Check Your Cloud Settings
Business owners, executives, and office managers aren’t cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs.
It’s best to have a cloud security specialist from a trusted IT company check your settings. We can help ensure that they’re set up to keep your data protected without restricting your team.
Improve Cloud Security & Lower Your Chances for a Data Breach
Most work is now done in the cloud, and companies store data in these online environments. Don’t leave your company at risk by neglecting misconfiguration. Give us a call today to set up a cloud security assessment.
This Article has been Republished with Permission from The Technology Press.
The Pros & Cons of Tracking Your Employees’ Every Digital Movement
Since the pandemic, employers around the world have needed to change. They’ve had to shift how their employees operate. Remote work is very much here to stay. Organizations and employees can both benefit from the work-from-home and hybrid work revolution.
Cost savings is a driver for supporting remote work. Employee morale and productivity also can be higher when employers grant this flexibility.
A majority of organizations support some type of remote work. Statistics show that:
- 16% of companies are completely remote
- 40% support hybrid office/remote working
- 44% don’t allow employees to work remotely
While there are benefits, there are also challenges to this new environment. Employers worry about the cybersecurity risks of remote teams. Managers can find it more challenging to make sure employees are doing what they should do.
The remote and hybrid work environment has led to the rise of employee monitoring tools. These tools have mixed reviews from employees.
What Is Employee Monitoring Software?
Employee monitoring software tracks digital movements. This can include everything from general clock-in clock-out tracking to taking screenshots of an employee’s computer several times per hour.
Tracking tools like Hubstaff and BambooHR track many activities on a person’s computer. The information is then sent in a daily or weekly report to the company.
Items that these tools can track are:
- Time clock
- Keyboard activity
- Keystrokes
- Mouse activity
- Websites visited
- Screenshots of the desktop
- Apps used and how long in use
The most invasive of tools can even track the sounds and video of the employee. Tracking can be visible, so the employee knows about it or hidden from the employee. It depends on the tool used and the ethical considerations of the employer.
This type of monitoring can benefit an organization worried about “productivity theft.” But it can also alienate good employees and torpedo morale and trust. We’ll go through the pros and cons to weigh before you set up this type of system.
Pros of Activity Monitoring Tools
Helps Managers Understand How Employees Spend Their Day
One feature of many tracking tools is the ability to track time by project. This helps managers understand where employees are prioritizing their time. Knowing how much time employees spend on a project helps with ROI projections.
Reduces Non-Work Activities During Working Hours
One thing that employers worry about with remote employees is that they will waste time. A manager doesn’t want to pay someone only to find out the employee spent half their time on Facebook.
About half of monitored employees spend 3+ hours per day on non-work activities. When employees know that their boss is monitoring their app usage, they’re less likely to goof off.
Can Be an Easy Way to Track Time for Remote Workers
Smaller companies that work with fully remote teams may find tracking tools convenient. Employees or freelancers can track their time at the click of a button. Employers can put an hour-per-week cap on time. They can also manage payments automatically through the app.
Cons of Activity Monitoring Tools
Hurts Employees’ Morale & Productivity
Many employees feel they are put in a cage when monitoring is introduced. Morale can plummet, which takes productivity along with it.
Instead of focusing on work completely, various thoughts go through employees’ minds. Such as, “If I think about this problem too long, is the tracking going to give me a low productivity score?” Or “What happens when I’m on the phone with a customer and not moving my mouse around? Will the tracking make it look like I’m not working?”
Some of the feelings that employees can have when monitored are:
- Betrayed
- No longer trusted
- Loss of company loyalty
- Hurt
- Treated like a number instead of a person
“Activity Monitoring” Doesn’t Mean Productivity
Many of these tracking tools send employees and employers “activity reports.” These reports simply look at keyboard and mouse activity during a specific time.
But what if the employee must solve a workflow issue and needs to use their brain, not the mouse? What if a salesperson is on the phone with a customer, not using their keyboard? Zoom calls bring a similar quandary. If you’re in a Zoom call, your mouse and keyboard aren’t being actively used as they would if you are typing.
Yet, the activity report doesn’t include this information. It will simply give a score of x% based on keyboard and mouse activity. This could make an employer think a worker was goofing off when they were actually working hard.
Costs Organizations Good Employees
Nearly half (47%) of surveyed tech employees stated they would quit if their boss tracked them. Employers implementing monitoring can alienate good employees and make them feel untrusted. They can also feel unappreciated.
When you relegate everyone to a number of keyboard strokes, you constrain creativity. Good employees often stay with companies where they feel appreciated and can grow. Once that’s gone, they’re likely to leave.
Finding a Balance
A few things to think about when finding the right balance between tracking too much or too little are:
- What do you really need to track?
- Should you treat all employees the same?
- What do your employees think about monitoring?
- Are you trying to solve a problem that doesn’t exist?
- What features are unnecessary that you can turn off?
- Is the tool giving you accurate data related to productivity?
Get Expert Advice on the Best Tools for Your Business
Cloud tools are an important part of your business. You should deploy them thoughtfully. Give us a call today to schedule a chat and get valuable advice.
This Article has been Republished with Permission from The Technology Press.
Smart Tips to Stop Money From Being Stolen Through Online Banking
There are a lot of things that have changed since the invention of the internet. One of these is how we bank and access our accounts. You used to have to go into a local bank branch to make deposits and withdrawals. Now, you can take a picture of a check and deposit it from your phone.
Approximately 73% of people around the world use some form of online banking at least once a month. People have never had such convenient account access. But that convenience can come at a cost.
In 2021, account takeover fraud increased by 90%. New account fraud jumped a whopping 109%. As the ease of online banking has increased, so has banking-related cybercrime.
If someone breaches your Facebook account, it can be a real pain. But, if a hacker breaches your bank account, it can be devastating. It can mean significant losses. Losses that you may not be able to recoup from your financial institution.
In this article, we’ll take a look at the mistakes people make that leave their accounts at risk. Then, we’ll go over some important tips on how to keep your bank account better protected.
Mistakes That Allow Criminals to Access Your Account
Not Enabling Two-factor Authentication
Two-factor authentication (2FA) is a simple process that packs a big punch. When you enable this setting in an online account, it requires an extra step to gain access. That step usually consists of receiving a one-time passcode (OTP) by SMS and entering that at login.
Many people make the mistake of leaving this disabled. They either don’t know it’s there or they think it’s too inconvenient. But leaving this setting off makes it much easier for a bad actor to breach your account.
Falling for a Phishing Scam
There are several types of phishing scams that target online banking. Cyber criminals send emails that look like they come from your bank. They’ll even promise incredibly low rates on credit cards.
Other scams can involve warning you of unauthorized account activity. But when you click the link to log in, you’re actually on a fake page. One designed to look just like your normal bank website.
These are just a few ways that scammers can get your online banking login details. Once they have them, they’ll act immediately to get whatever they can.
Using Easy-to-Guess Passwords
If your account password is easy to remember, it’s also often easy to guess. Using weak passwords is a common mistake that enables many cyber criminals.
Some best practices for passwords include:
- Make them at least 10 characters long
- Include at least one number
- Include at least one symbol
- Include at least one upper-case letter
- Don’t make them personal (e.g., don’t use your birthdate, etc.)
Downloading Unsafe Mobile Apps
Banking trojans are often hidden in malicious mobile apps. These apps can look like something as innocent as a task manager. But, once installed, banking trojans seek out any details they can find. They are looking for banking and wallet apps.
Logging Into Online Banking While on Public Wi-Fi
One surefire way to give away your online banking password is to log in while on public Wi-Fi. Hackers hang out on public hot spots and spy on the activity of others. You should never type in a password or other sensitive details when connected to public Wi-Fi.
Tips for Improving Online Banking Security
Turn On Two-Factor Authentication
Enable two-factor authentication in your online banking account. This is also known as multi-factor authentication or two-step verification. According to Microsoft, it can block 99.9% of fraudulent account login attempts.
Set Up Banking Alerts
Time is of the essence when an intruder breaches your account. The faster you can notify your bank of the breach, the better. You could reduce the impact on you by having your account locked down immediately.
Set up banking alerts through your online banking. These can include things like low-balance alerts and login alerts.
Install an Antivirus & DNS Filtering On Your PC & Mobile Device
It’s important to have reliable antivirus software on your PC and mobile device. Many people don’t think about protecting their phones in this way. Yet, they shop online and bank via mobile devices.
It’s also good to use a DNS filter. This is a filter that protects you from going to dangerous phishing sites by blocking them.
Take Phishing Training Classes
Do you know how to identify phishing? Are you up on all the newest scams? You can make yourself less vulnerable by taking some phishing awareness classes. There are many of these for free online. You can also contact us for more personalized training options.
Knowing how to spot phishing via text, email, and phone can help you avoid becoming a scam victim.
Get Help Protecting Your Family from Scams
There are some key digital solutions we can put in place to keep your family safer from online threats. Give us a call today to schedule a chat about online security.
This Article has been Republished with Permission from The Technology Press.
Cool Windows 11 Features That May Make You Love This OS
Microsoft released the Windows 11 operating system (OS) over a year ago. It was largely well-received as stable and user-friendly. The OS is not a large departure from the Windows 10 experience. But it does offer a lot of enhancements over the older environment.
Yet with several improvements and a free upgrade for Windows 10 users, it still lags in adoption. As of November 2022, Windows 10 still owns the lion’s share of Windows PCs. It has a 69.75 percent usage share as compared to 16.13 percent for Windows 11.
People are slowly upgrading to the newer OS. But it’s natural for some to take a wait-and-see stance. They want to make sure it’s worth the time to upgrade. Additionally, no one wants to have to relearn their computer desktop.
The good news is that Windows 11 has a similar workspace feel to its predecessor. But it packs a lot of great productivity and security benefits that Windows 10 lacks.
Here are some of the coolest features in this current Windows OS. After taking a look, you may choose to go ahead and take the plunge into the Windows 11 universe.
Snap Layouts
Most people are working with more than one app open at a time. It’s not unusual to need to reference two different windows while doing side-by-side work. Switching back and forth between apps can be tedious. It’s also time-consuming.
Approximately 68% of app users say that switching between apps costs them at least 30 minutes per day. Trying to size two windows next to each other can also be frustrating. You lose the scroll bar or can’t get to the menu items unless you resize.
Enter snap layouts. This nifty feature in Windows 11 solves the multi-app problem. Simply hover over the maximize icon at the top of any window to get access to a snap layout.
Choose the area you want for the active app, and it will snap into place and allow you to choose apps for the other slots.
Master Search
Need to find a document, website, image, or app quickly? Use the Windows 11 master search. Just click the search icon on your desktop. You’ll get a search bar that will populate results from the entered keyword.
As an added touch, Microsoft populates fun topics into the search bar daily. Learn more about James Webb Space Telescope, Coffee Day, or other fun subjects.
Once you enter your keyword, you can further refine your search. Refine it according to the type of search result you want. (apps, documents, web, etc.).
Clipchamp Video Editor
In the latest Windows 11 update, Microsoft gifted users with a free video editor. The new Clipchamp app makes it easy to edit videos. You don’t need to download any extra software.
Clipchamp has a lot of the features you’d expect to have to pay for. These include templates, effects, video resizing, green screen, and more.
MS Teams Video, Audio & Text Messaging
Video calls have become the norm since the pandemic. But not all video software is easy to use. Most of us have had to wait on someone late to a call because they were struggling with the app.
Windows 11 comes with Microsoft Teams preinstalled. This gives you a simple click-to-call experience. You can easily invite someone to a video or audio call. The person does not need to have a Microsoft account to connect with you. This makes things easy on both sides.
Another great feature of the Teams app in this OS is the fact that you can use it for SMS messaging. Instead of having to drag out your phone, just text someone from your desktop.
Accessibility Features
Windows 11 has some great accessibility features. They’re designed to help ensure everyone can use their computer as they want. Those with disabilities can enjoy these features. As well as those that like the extra flexibility they offer.
Four of the newest accessibility features in the OS include:
- System-wide live captions
- Focus sessions
- Voice access
- More natural voices for Narrator, Windows’ built-in screen reader
Collections in Microsoft Edge
Microsoft Edge is the default browser for Windows. It’s worth checking out if you haven’t yet. Especially because of a feature called “collections.”
If your bookmarked favorites are becoming a mess, you’ll love this Edge capability. If you click the “plus” icon at the top of an Edge browser window, you’ll get the collections panel. Add a collection subject and click to add webpages.
You can see a preview of what you’ve added, and everything is nicely organized. Collections are easy to access and easy to delete when you’re finished with them.
Microsoft Defender SmartScreen
Phishing remains the biggest online security threat. It’s used to enable many forms of cyberattacks, from ransomware to credential theft. A significant number of phishing messages send users to malicious websites. You often don’t know until it’s too late that you’ve landed on a malware-laden site.
Windows 11 includes Microsoft Defender SmartScreen. This app helps protect you from those dangerous phishing sites. The app checks URLs in real-time against a dynamic list of reported phishing sites. It will warn you if a site is potentially dangerous.
Want an Expert to Help with Your Windows 11 Upgrade?
It can be intimidating to upgrade your system’s operating system. Why not get a pro to help? Give us a call today to schedule a chat about a Windows upgrade.
This Article has been Republished with Permission from The Technology Press.
4 Proven Ways to Mitigate the Costs of a Data Breach
No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)
These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that, and lost customer trust. A business could also have extensive legal costs associated with a breach.
According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.
Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.
It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.
Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack.
All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.
Cybersecurity Tactics to Reduce the Impact of a Breach
Use a Hybrid Cloud Approach
Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.
Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.
What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.
Put in Place an Incident Response Plan & Practice It
You don’t need to be a large enterprise to create an incident response (IR) plan. The IR plan is simply a set of instructions. It’s for employees to follow should any number of cybersecurity incidents occur.
Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. IR plans improve the speed and effectiveness of a response in the face of a security crisis.
Having a practiced incident response plan reduces the cost of a data breach. It lowers it by an average of $2.66 million per incident.
Adopt a Zero Trust Security Approach
Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:
- Multi-factor authentication
- Application safelisting
- Contextual user authentication
Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach.
Use Tools with Security AI & Automation
Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.
Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.
How to Get Started Improving Your Cyber Resilience
Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.
Working with a trusted IT provider, put together a roadmap. Address the “low-hanging fruit” first. Then, move on to longer-term projects.
As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.
A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.
Need Help Improving Your Security & Reducing Risk?
Working with a trusted IT partner takes a lot of the security burden off your shoulders. Give us a call today to schedule a chat about a cybersecurity roadmap.
This Article has been Republished with Permission from The Technology Press.
Mobile Malware Has Increased 500% – What Should You Do?
Cybersecurity researchers uncovered an alarming mobile statistic. During the first few months of 2022, mobile malware attacks surged by 500%. This is alarming both in scale and because many people aren’t yet protecting smartphones.
For years, mobile phones have become more powerful. They now do many of the same functions as a computer – just with a much smaller screen. Yet, people tend to secure their computers better than they do their smartphones.
This is a behavior that needs to change. Over 60% of digital fraud now occurs through mobile devices. That makes them highly risky if proper safeguards aren’t followed.
Many of these are the same types of protections you have on your computer. It’s time to start thinking about your smartphone as a mini-computer and keeping it just as secure.
Tips to Improve the Security of Your Smartphone
Use Mobile Anti-malware
Yes, your mobile phone needs antivirus/anti-malware too! Malware can and does infect smartphones and tablets. You need to ensure you have a reliable mobile anti-malware app installed.
And beware of those freebies. Freebies are great when you’re talking about food, but not security apps. Malware is often hidden inside free apps. These apps are ironically supposed to make you more secure.
Don’t Download Apps from Unknown Sources
Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like:
- Apple App Store
- Google Play
- The Microsoft Store
- Amazon Appstore
You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later.
Don’t Assume Email is Safe
Many people prefer checking email on their phone rather than PC because it’s so handy. But they have a false sense of security about the safety of emails when viewed on a mobile device.
You can’t assume an email is safe just because you’re not on your computer. Be just as wary about unexpected emails and scam emails masquerading as legitimate.
It’s difficult to hover over a link without clicking when on a smartphone. If you see something questionable and want to check the link, open the email on your PC where you can do that.
Beware of SMS Phishing (aka “Smishing”)
In March of 2022, text spam outpaced robocalls. Unwanted text messages rose by 30%, ten percent higher than robocalls. Many of those spam texts are smishing.
Smishing is the text version of phishing. These texts usually contain malicious links. A hacker can potentially breach your device if you click them. The message may also ask you to text back personal information.
Be on the lookout for text messages that don’t quite make sense. For example, getting a shipping notification when you haven’t ordered anything. Also, beware of texts from unknown sources.
Phishing via text message is a growing concern. It’s also one that most people aren’t aware of yet, so they often get caught in its trap.
Remove Old Apps You No Longer User
Approximately 2.6 million apps haven’t had an update in a year or more. Apps are often abandoned by the developer. This can leave security vulnerabilities on your device. Hackers seek out these types of vulnerabilities to exploit. If they aren’t addressed, then they remain a danger.
Go through your device and remove old applications that you are no longer using. There is no reason to keep them around, potentially leaving your device at risk.
Additionally, look at the time of the last update. If it’s over a year, then you may want to consider replacing that app with something more current. App updates often include security-related items. It’s not good when a year or more goes by without the developer making any type of update to the app.
Keep Your Device Updated
Speaking of updates, you also need to keep your device’s operating system updated. Are you using the current version of Android or iOS? Not installing updates can mean your phone has vulnerabilities. These vulnerabilities allow hackers to breach your data.
Automate updates as possible. If you have a company with several devices, then it’s a good idea to include your phones on a managed IT services plan.
Use a VPN When on Public Wi-Fi
Public Wi-Fi is dangerous. Most people understand that, but many connect to it out of necessity anyhow. You may worry about going over your data plan allotment. Or your mobile carrier reception may be slow. Both cases are reasons people opt to connect to unsecured public hot spots.
You can connect to public Wi-fi with less risk if you use a VPN application. VPNs stand between your device and the internet. They route your data through a secure server. This keeps it away from prying eyes that may be lurking on that public Wi-Fi.
Mobile Security Solutions to Prevent a Data Breach
Don’t wait until your phone is infected with malware to secure it properly. We can help you with automated solutions that protect your device, accounts, and data. Contact us to schedule a consultation.
This Article has been Republished with Permission from The Technology Press.
How Is the Metaverse Going to Change Business?
The new buzzword around town is “metaverse.” But what does that actually mean for businesses? Is it just something that social media companies need to be concerned about?
According to people like Apple’s CEO Tim Cook, the metaverse is coming. He stated that “Life without AR will soon be unthinkable.” Whether that’s a short-term or long-off prediction, companies need to be ready.
First comes the understanding of what the metaverse is. Metaverse is a general term – hence why it’s not capitalized like a proper name. The metaverse refers to a collective upgrade of the internet to a 3D virtual environment. This would be a world interconnected between various sites. These sites would reflect the immersive games that you see today.
Did Facebook/Meta invent the metaverse? No.
The idea of connected 3D immersive worlds has been around for decades. Several online gaming companies have staked a territory in the metaverse. But their applications are less interconnected.
What’s one of the best representations of the early metaverse? It’s a short-lived software called Adobe Atmosphere. This 3D immersive experience included interconnected online worlds. It also gave people the ability to chat with others. It was a bit before its time but shows how the concept of the metaverse has been around for a while.
The metaverse is getting attention now because technology has advanced. It has begun to catch up to the needs of such a world. This includes fast internet connections and immense processing power. It also includes a delivery method for 3D that works on most PCs.
Are we there yet? Not quite. But the metaverse is picking up steam. Recently, Microsoft announced a partnership with Meta. This partnership is to bring Microsoft 365 apps into the metaverse. This means collaboration in an entirely new way. Microsoft notes that 50% of Gen Z and millennials expect to do some of their work in the metaverse in the next two years.
How Does the Metaverse Impact Your Company?
With companies like Microsoft looking at the future of AR/VR, it could be a reality soon. You can expect the metaverse to touch your own company in some way in the next few years. Here’s a preview of what it may impact.
Where to Advertise
When the internet was first introduced, companies didn’t immediately realize its potential. Now, most companies wouldn’t consider operating without a website. It’s a necessity for driving leads and converting sales.
If the metaverse takes off as a new 3D iteration of the internet, it could be just as important. This means exploring metaverse-type advertising in virtual worlds. Also, potentially creating your own VR site or showroom.
How to Service Customers
As the popularity of social media took off, companies realized customers used it to reach out. Seventy-nine percent of consumers expect companies to respond to a social media message. And they expect that response within a day.
To address that need, many businesses have a social media presence. They use this for marketing and to answer questions and inquiries from customers.
The metaverse may be the next step. If people begin hanging out there, they will expect to interact with businesses in that space. Just like they do now with social networks.
This means companies need to be aware of how customers may be using the metaverse as it grows. Adding a question about metaverse use to a year-end customer survey could be a way to be proactive on this topic.
Employee Training
One of the touted benefits of the metaverse is its ability to enable more immersive training. This could greatly increase training capabilities for everyone from doctors to forklift operators.
Imagine being able to replicate a task more closely in a virtual world. A person could safely make mistakes there. Then they could grow proficient before doing that thing in real life.
Start thinking about the types of training that your employees need. Then, look at ways that a VR world may make the training safer or more efficient. The metaverse may not have what you’re looking for now. But with the pace of technological advancement, it could in a year or two.
More Immersive Remote Team Collaboration
Virtual meetings skyrocketed out of necessity during the pandemic. Now, meeting by Teams or Zoom is commonplace. The next generation of online team meetings may end up being in a virtual world.
As we noted earlier, Microsoft is already working on bringing its apps into a virtual space. Add a few avatars and an immersive setting. Suddenly, you have a completely different meeting experience.
What’s one more way to enhance remote team collaboration in the metaverse? It has to do with building design and maintenance. Imagine being able to walk through a 3D recreation of a space before it’s built. Then fine-tuning the construction while inside that space.
Is Your Business Ready for the Next Digital Transformation?
What are your digital transformation plans for the next 12 months? The next three years? If you’re not sure where to begin, we can help. Contact us today to schedule a technology brainstorming session.
This Article has been Republished with Permission from The Technology Press.
5 Things You Should Never Do on a Work Computer
Whether you work remotely or in an office, the line between personal and work tasks can become blurred when working on your company computer. If you’re in front of a computer for most of your time during work, then it’s not unusual to get attached to your desktop PC.
Over time, this can lead to doing personal things on a work computer. At first, it might just be checking personal email while on a lunch break. But as the line continues to get crossed, it can end up with someone using their work computer just as much for personal reasons as work tasks.
In a survey of over 900 employees, it was found that only 30% said they never used their work PC for personal activities. The other 70% admitted to using their work computer for various personal reasons.
Some of the non-work-related things that people do on a work computer include:
- Reading and sending personal email
- Scanning news headlines
- Shopping online
- Online banking
- Checking social media
- Streaming music
- Streaming videos/movies
It’s a bad idea to mix work and personal, no matter how much more convenient it is to use your work PC for a personal task during the day. You can end up getting reprimanded, causing a data breach at your company, or possibly losing your job.
Here are several things you should never do on your work PC.
1. Save Your Personal Passwords in the Browser
Many people manage their passwords by allowing their browser to save and then auto-fill them. This can be convenient, but it’s not very secure should you lose access to that PC.
When the computer you use isn’t yours, it can be taken away at any time for a number of reasons, such as an upgrade, repair, or during an unexpected termination.
If someone else accesses that device and you never signed out of the browser, that means they can leverage your passwords to access your cloud accounts.
Not all older PCs are stored in a storeroom somewhere or destroyed. Some companies will donate them to worthy causes, which could leave your passwords in the hands of a stranger if the PC hasn’t been wiped properly.
2. Store Personal Data
It’s easy to get in the habit of storing personal data on your work computer, especially if your home PC doesn’t have a lot of storage space. But this is a bad habit and leaves you wide open to a couple of major problems:
- Loss of your files: If you lose access to the PC for any reason, your files can be lost forever
- Your personal files being company-accessible: Many companies have backups of employee devices to protect against data loss. So, those beach photos stored on your work PC that you’d rather not have anyone else see could be accessible company-wide because they’re captured in a backup process.
3. Visit Sketchy Websites
You should assume that any activity you are doing on a work device is being monitored and is accessible by your boss. Companies often have cybersecurity measures in place like DNS filtering that is designed to protect against phishing websites.
This same type of software can also send an alert should an employee be frequenting a sketchy website deemed dangerous to security (which many sketchy websites are).
You should never visit any website on your work computer that you wouldn’t be comfortable visiting with your boss looking over your shoulder.
4. Allow Friends or Family to Use It
When you work remotely and your work computer is a permanent fixture in your home, it can be tempting to allow a friend or family member to use it if asked. Often, work PCs are more powerful than a typical home computer and may even have company-supplied software that someone wouldn’t purchase on their own.
But allowing anyone else to use your work computer could constitute a compliance breach of data protection regulations that your company needs to adhere to.
Just the fact that the personal data of your customers or other employees could be accessed by someone not authorized to do so, can mean a stiff penalty.
Additionally, a child or friend not well-versed in cybersecurity could end up visiting a phishing site and infecting your work device, which in turn infects your company cloud storage, leaving you responsible for a breach.
At least 20% of companies have experienced a data breach during the pandemic due to a remote worker.
5. Turn off Company-Installed Apps like Backups and Antivirus
If you’re trying to get work done and a backup kicks in and slows your PC down to a crawl, it can be tempting to turn off the backup process. But this can leave the data on your computer unprotected and unrecoverable in the case of a hard drive crash or ransomware infection.
Company-installed apps are there for a reason and it’s usually for cybersecurity and business continuity. These should not be turned off unless given express permission by your supervisor or company’s IT team
How Secure Is the Device You Use to Work from Home?
Whether you’re working remotely and worried about causing a data breach or are a business owner with multiple remote team members to secure, device protection is important. Schedule a device security checkup today.
This Article has been Republished with Permission from The Technology Press.
Alarming Phishing Attack Trends to Beware of in 2022
In 2020, 75% of companies around the world experienced a phishing attack. Phishing remains one of the biggest dangers to your business’s health and wellbeing because it’s the main delivery method for all types of cyberattacks.
One phishing email can be responsible for a company succumbing to ransomware and having to face costly downtime. It can also lead a user to unknowingly hand over the credentials to a company email account that the hacker then uses to send targeted attacks to customers.
Phishing takes advantage of human error, and some phishing emails use sophisticated tactics to fool the recipient into divulging information or infecting a network with malware.
Mobile phishing threats skyrocketed by 161% in 2021.
Your best safeguards against the continuous onslaught of phishing include:
- Email filtering
- DNS filtering
- Next-gen antivirus/anti-malware
- Ongoing employee cybersecurity awareness training
To properly train your employees and ensure your IT security is being upgraded to meet the newest threats you need to know what new phishing dangers are headed your way.
Here are some of the latest phishing trends that you need to watch out for in 2022.
Phishing Is Increasingly Being Sent via Text Message
Fewer people are suspicious of text messages than they are of unexpected email messages. Most phishing training is usually focused on the email form of phishing because it’s always been the most prevalent.
But cybercrime entities are now taking advantage of the easy availability of mobile phone numbers and using text messaging to deploy phishing attacks. This type of phishing (called “smishing”) is growing in volume.
People are receiving more text messages now than they did in the past, due in large part to retailers and service businesses pushing their text updates for sales and delivery notices.
This makes it even easier for phishing via SMS to fake being a shipment notice and get a user to click on a shortened URL.
Business Email Compromise Is on the Rise
Ransomware has been a growing threat over the last few years largely because it’s been a big money-maker for the criminal groups that launch cyberattacks. A new up-and-coming form of attack is beginning to be quite lucrative and thus is also growing.
Business email compromise (BEC) is on the rise and being exploited by attackers to make money off things like gift card scams and fake wire transfer requests.
What makes BEC so dangerous (and lucrative) is that when a criminal gains access to a business email account, they can send very convincing phishing messages to employees, customers, and vendors of that company. The recipients will immediately trust the familiar email address, making these emails potent weapons for cybercriminals.
Small Businesses Are Being Targeted More Frequently With Spear Phishing
There is no such thing as being too small to be attacked by a hacker. Small businesses are targeted frequently in cyberattacks because they tend to have less IT security than larger companies.
43% of all data breaches target small and mid-sized companies, and 40% of small businesses that become victims of an attack experience at least eight hours of downtime as a result.
Spear phishing is a more dangerous form of phishing because it’s targeted and not generic. It’s the type deployed in an attack using BEC.
It used to be that spear-phishing was used for larger companies because it takes more time to set up a targeted and tailored attack. However, as large criminal groups and state-sponsored hackers make their attacks more efficient, they’re able to more easily target anyone.
A result is small businesses receiving more tailored phishing attacks that are harder for their users to identify as a scam.
The Use of Initial Access Brokers to Make Attacks More Effective
We just discussed the fact that large criminal groups are continually optimizing their attacks to make them more effective. They treat cyberattacks like a business and work to make them more profitable all the time.
One way they are doing this is by using outside specialists called Initial Access Brokers. This is a specific type of hacker that only focuses on getting the initial breach into a network or company account.
The increasing use of these experts in their field makes phishing attacks even more dangerous and difficult for users to detect.
Business Impersonation Is Being Used More Often
As users have gotten savvier about being careful of emails from unknown senders, phishing attackers have increasingly used business impersonation. This is where a phishing email will come in looking like a legitimate email from a company that the user may know or even do business with.
Amazon is a common target of business impersonation, but it also happens with smaller companies as well. For example, there have been instances where website hosting companies have had client lists breached and those companies sent emails impersonating the hosting company and asking the users to log in to an account to fix an urgent problem.
More business impersonation being used in phishing attacks mean users have to be suspicious of all emails, not just those from unknown senders.
Is Your Company Adequately Protected from Phishing Attacks?
It’s important to use a multi-layered strategy when it comes to defending against one of the biggest dangers to your business’s wellbeing. Get started with a cybersecurity audit to review your current security posture and identify ways to improve.
This Article has been Republished with Permission from The Technology Press.
Important Steps to Take Before You Recycle a Mobile Phone Number
It’s not unusual to change a mobile number from time to time. For example, when you move, you may want a number that is local to the area you just moved to. Companies also may end up recycling mobile numbers throughout their staff as people come and go.
If you don’t properly detach your mobile phone number from all the accounts it’s used with, you can leave yourself open to identity theft, credit card fraud, and other crimes.
In a 2021 Princeton University study, it was found that 66% of mobile numbers listed as available by major mobile service providers were still connected to accounts on popular sites (Amazon, PayPal, etc.).
So, after the former owners had turned in the number, it was available for someone else to use when signing up for mobile service. And that number was still being used on the former owner’s cloud accounts, allowing those accounts to easily be breached.
Because our mobile numbers are connected to much of our online and offline life, it’s important to take certain steps to ensure that you don’t leave yourself at risk when recycling your phone number.
Change Your Phone Number for Online Accounts
We all generally have more online accounts than we immediately remember. The average person must juggle 100 passwords, and most of those passwords will be to a website or cloud app service of some kind.
The first thing you want to do is begin visiting your online accounts and cloud applications to update your mobile phone number. Many of these apps now use a text message to your number as a form of verification if you’ve lost your password.
You want to ensure any password reset messages go to you and not someone that has requested your old number for the express purpose of identity theft or account compromise.
Change Your Number for Social Media Accounts
Technically, a social media account is also an online account, but many people think of them as a separate entity. When a Facebook or LinkedIn account is compromised, the hacker often will send social phishing messages out to your friend connections to try to gain access to sensitive data or scam them out of money.
Make sure to change the phone number listed in your social media accounts. If you are using WhatsApp, which is tied directly to your mobile number, make sure to follow their instructions on changing your number so your communications will remain secure.
Change Your Phone Number for Service Providers That Send You Texts
Text messaging is beginning to replace email for many types of communications. This includes things like shipping notices, confirmations of payments from utility companies, appointment reminders, and sale notices from retailers.
This puts you more at risk if you change your mobile number because the texts you receive from various service providers can be used for identity theft.
Make sure to connect with any services you use that contact you by calling or texting your mobile number to update your information. These offline services could be a:
- Plumbing or HVAC company
- Dentist or doctor’s office
- Pharmacy
- Local retailer
- Utility company
Double Check All Your Multi-Factor Authentication Prompts
One of the big dangers of having a stranger able to receive your text messages is that they could have access to your codes for multi-factor authentication (MFA).
MFA is designed as a safeguard to help prevent an account breach, even if the perpetrator has your username and password. But if the criminal gets the MFA codes sent to your old number, they can easily get in and change your password, locking you out of your own account.
As you go through the process to update your mobile number in your online accounts, double-check the MFA prompt for any that use this form of authentication security. You want to make sure it’s been properly changed to send a message to your new number.
Review Your Text Message History for Anything You’ve Missed
Inevitably, there will be online accounts or service providers that you’ve missed. For example, that place you always order flowers for on a loved one’s birthday every year but never visit at other times.
Scroll through your text message history to find any other accounts that you may have forgotten to update.
Text Friends, Family & Colleagues from the New Number
Once your online security is taken care of, you want to stop friends, family, and colleagues from accidentally texting your old number. This can happen in both one-on-one and group SMS chats.
Send a text message from your new number asking them to immediately update your contact with that number when they receive it. Then go the additional step by asking them to delete any messages that used your old phone number. This can help prevent them from accidentally grabbing that message instead of your new one when texting you in the future.
How Secure Is Your Mobile Device?
Mobile devices are increasingly being attacked by malware and phishing. Is your device properly secured? Don’t leave yourself at risk, request a mobile security check to protect your personal data and identity.
This Article has been Republished with Permission from The Technology Press.