31 Flavors: A Variety of Email Threats to Beware of

Every business relies on email to communicate effectively. Unfortunately, email-centralized cyberattacks are a growing trend around the world. For this reason, businesses of all sizes are focusing on email security more than ever before. There are many ‘flavors’ of email threats out there with the potential to harm your network. Let’s take a look at a few of the most common types that are making the rounds in 2017.

Phishing
Phishing attacks are becoming increasingly popular. This is when a cybercriminal impersonates a business or person with the intent to steal personal data or login credentials. It’s usually in the form of an ‘urgent’ message that attempts to scare users into giving up vital information. Defensive technology is important to prevent employees from falling victim to phishing; however, do not overlook the importance of ongoing education and awareness for all users on your network.

Spear Phishing
This type of attack is on the rise in the ever-growing world of social media. Attackers create fake profiles on social media sites to gather information on unsuspecting users. This information is then used in email attacks. It is again important for users to be educated on how to safely navigate social media sites, especially in the workplace.

Ransomware
Ransomware has frequently been in the headlines over the past year or so as more and more businesses, hospitals, and government agencies fall victim to these attacks. Ransomware is a type of malware that encrypts the victim’s data and blocks access to it until a specified amount of money—a ‘ransom’— is paid. This epidemic is spreading quickly through emails that contain malicious links or attachments.

User awareness is an important component of protecting your business from these types of attacks. Along with this awareness, defensive technology also needs to be in place to balance out the risk of human error. Cybercriminals are constantly trying to fool users with new schemes; blocking these malicious emails from your network is your best bet to remain secure. For more information on how to protect your business from email threats such as phishing, spear phishing, and ransomware, contact Infomax Office Systems today.

Why More Businesses Are Embracing Mobile Device Management

It’s no secret that people love their smartphones. People around the world are glued to them for a number of reasons. Businesses too are embracing mobile device technology with the intent of changing the way they operate. Mobile technology gives employees the freedom to create flexible work plans in remote locations. The opportunity to work remotely will drive results that cannot be achieved sitting behind a desk in an office all day.

There are benefits of mobile device management that cannot be dismissed. Many of these benefits revolve around security. Since mobile devices allow your employees to work from multiple locations on a daily basis, security is a top priority. Your business is made up of sensitive data that you need to protect, even while your employees are out and about doing their jobs. Here are some of the ways mobile device management will help you secure your information.

Remote management
You can guarantee the security of the mobile devices connected to your network 24/7 through features such as remote locate, lock and wipe, device restriction settings, restriction of website browsing access, and BYOD (bring your own device) privacy settings.

Compliance reporting
Adherence to regulatory compliance standards is a major concern for many organizations today. You cannot afford to have an unauthorized device on your network. With mobile device management, you will have end-to-end control of your devices through registration and configuration. You can track and monitor your organization’s compliance initiatives, along with analytics and reporting.

Secure Document Sharing
Employees rely on a variety of documents to carry out their daily responsibilities. For example, sales people rely on updated presentations and contracts that vary from customer to customer. With mobile device management, you can securely and quickly share documents amongst the users on your network.

Mobile technology is making it easier to conduct business on the go. With mobile device management, you can implement a secure system that will allow your employees to operate from anywhere without the worry of compromising any of your vital data and information. If you are ready to implement an easy-to-use mobile device management plan for your business, contact Infomax Office Solutions today to learn more.

Is Your Business at Risk?

If you pay attention to the news, chances are you’ve heard about some of the major cyberattacks crippling organizations across the world. For example, cybercriminals recently targeted the United Kingdom’s National Health Service through ransomware, which resulted in hospitals having to postpone surgeries and divert ambulances to other facilities. Some patients weren’t able to receive vital care because of this attack. Organizations in all industries and vertical markets are susceptible to cyber attacks and IT failure, which is why threat management and business continuity is even more important than ever in the Digital Age.

Is Your Business at Risk?

IT failure comes in many different forms. Cyberattacks are simply one example of what IT failure can look like for a business. Another common example of IT failure is a natural disaster or emergency, which can put network servers out of commission. No matter which form IT failure takes, it is essential that all companies have a plan in place to ensure they will be able to operate and access corporate and client information even in the event of a failure.

Business continuity refers to the ability of a company to continue providing customers with products and services even after a disruptive incident. For example, you may have employees relocate to another site after a natural disaster to get back to work. Resilience is the name of the game when it comes to business continuity. Threat management refers to network security approaches that focus on identifying and eliminating threats before they have the chance to infiltrate the system. Usually, such network security approaches have multiple layers that interact with each other to make it more difficult for threats to go undetected.

If a company fails to take threat management and business continuity seriously and an IT failure ends up occurring, this scenario can have a disastrous impact on a company. Unmanaged IT failure can have major financial implications. This is particularly true if your business is unable to operate at all after an IT failure, as your company will lose sales revenue until the issue is resolved. IT failure can also damage the reputation of your organization among customers. Many companies have had customers abandon them and switch to their competitors after a major IT failure due to a lack of trust.

As you can probably tell, IT failure has become one of the greatest threats for companies in this day and age. Therefore, it is essential that you refuse to be complacent when it comes to business continuity and threat management for your company. If you’d like to learn more about the solutions available to protect your organization, contact Infomax Office Systems today.

Why You Need to Protect Yourself against Ransomware

Everyone has seen a movie or TV show where a criminal kidnaps a victim and demands a ransom in exchange for their release. What some people do not realize, however, is that demanding a ransom is not just confined to kidnappings. Today, many criminals employ ransomware, a form of malware or computer virus that locks a user’s keyboard or computer and holds their data ‘hostage’ until the victim pays a ransom in exchange for restoring access to it.

Recently, computer criminals used ransomware to conduct the largest cyberattack in history. More than 200,000 Windows operating systems in more than 150 countries—including the United States, England, Germany, and Japan—were infected with the ransomware strain WannaCry or WanaCrypt0r2.0. Victims had the data on their computers encrypted or scrambled, effectively locking them out of it while demanding they pay a ransom of between $300 and $600. The attack was not limited to personal PCs—WannCry victims included hospitals, banks, and government agencies.

So, how does ransomware work? Well, just like in the movies, someone takes something you own and holds it hostage until you send them the money they demand in return. The individual requesting the ransom infects your computer with a virus, usually by sending an email that requests the user to click on a link. Once the virus infects the system, the hacker can lock down the computer’s files and extort the user until he or she is paid the money.

While this may seem like a relatively simple issue to resolve, the problem lies in the information that is being held hostage. Few organizations can operate without their data, and if one doesn’t have this data backed up, the impact of a ransomware attack can be crippling. In addition, the FBI, Department of Justice, and many technology firms suggest you don’t pay the ransom. Doing so does not guarantee you’ll regain access to your data, and since you’ve already been exposed to the virus and shown a willingness to pay the ransom, you’re vulnerable to be re-targeted again in the future.

How can you protect yourself against ransomware? To help prevent these kinds of attacks, there are a few steps you can take to mitigate risk. First, regularly install Microsoft security patches and system updates, frequently backup your files, secure your router, and—perhaps most important of all—don’t open suspicious emails. If it’s too late and a virus has already taken over your system, the most crucial step is disconnecting from the Internet to prevent the virus from spreading. Then, you should report the attack to authorities and file a complaint with the Internet Crime Complaint Center. Finally, wipe your PC and restore your data and files from backups.

Big risks can sometimes yield big rewards, but not when it comes to cybersecurity. Be sure your organization is doing all it can to protect itself from ransomware and other cyberattacks. Contact Infomax Office Systems today to learn how our on-site Managed IT services can help give you peace of mind from ransomware attacks.

Email Best Practices to Keep Your Office Secure

Businesses are constantly targeted by cyber attackers using malicious emails to gain access to their systems. Ransomware in particular poses an enormous threat to organizations, becoming by far the most common form of malware today. Cyber attackers use it to lock down an unsuspecting recipient’s files and deny access to infected data until the victim pays a ransom. As an added bonus, ransomware has evolved to enable criminals to steal personal or financial information from the victim’s system as well, increasing the impact of an infection.

So, how can you ensure email security to protect yourself?

As humans are the weakest link in any company’s security, the first step to protecting itself is through education. Keep up-to-date on the latest cybersecurity trends and inform staff members of the various types of threats out there today. Stress how serious these threats are to your team, that they can and will likely be exposed to them, and how they can avoid falling prey to them.

The best way for users to protect themselves is by exercising caution in their email inbox. Never, ever, open an attachment or click on a link in an email from someone you don’t know, especially if it seems out of context. If you’re suspicious, contact your IT department before proceeding.

In addition, hackers are adept at spoofing who an email is coming from, making them appear to be sent by someone you know. If someone asks you to provide sensitive information via email, do not trust them. Verify their request by telephone or another form of communication before providing this information.

Perhaps the most effective defense against threats such as ransomware is to frequently back up your data. Even if a business does pay the ransom, there is no guarantee that the hackers will release the files being held hostage. By consistently backing up your data, you can avoid paying the ransom by simply restoring your files.

Hackers are skilled and shrewd enough to bypass SPAM filters and email security. Don’t let them lull you into a false sense of security that leaves you and your business vulnerable. Contact Infomax today to learn more about email best practices and our dedicated security solutions.

Protect Your Office from Cyber Attacks: A 6-Point Action Plan

With all of the publicity garnered lately by cyber attacks on huge nationwide companies, small and mid-sized businesses (SMBs) may be developing a false sense of security. In reality, 43 percent of businesses attacked are SMBs, so make sure your company is protected against the threat posed. In this blog post we cover some of the ways you can mitigate the risk of a cyber attack.

Educate Employees — When it comes to digital security, your employees are both your first line of defense and your biggest vulnerability. Use consistent training and education to develop a culture of caution. Unexpected email attachments, messages requesting login information, and unknown links are all to be avoided.
Update Software — All of your software should stay up-to-date, because new patches and security adjustments are being constantly being developed. Keep your operating system, programs, and antivirus software current at all times.
Tighten Security — Most cyber attacks come from inside a company, either due to malicious intent or vulnerability caused by human error. Limit access to sensitive data and make use of audit trails for your files. Require that all passwords contain at least one of each of the following: an upper case letter, a lower case letter, a number, and a special character.
Evaluate BYOD Policies — Employee devices are the norm today, so make sure your policy addresses security issues that they present. Powerful tools include remote wiping, cloud-based business software, and anti-malware apps.
Have a Disaster Recovery Plan — A data breach can ruin your business if you don’t have a robust backup and recovery system in place. Backup data should be current enough to be useful, but make sure you have access to clean data that dates to before a breach and has been stored at a different location.
Get Insurance — Despite your best efforts, the worst may still happen. Protect yourself and your company from expensive litigation with insurance against cyber attacks. You may be glad you did.

Cyber attacks are a real risk for SMBs, so don’t neglect to protect your digital ecosystem. For help managing your Iowa-based business’s data security, backup, and recovery, contact Infomax Office Systems today.

Fend Off Phishing: Tips to Avoid Phishing Scams

Cybersecurity isn’t a concern reserved for big-name corporations or social networks. Clever criminals are always working to stay a step ahead of the game, whether they’re targeting personal or business information. Phishing is an email tactic used to trick the recipient into disclosing private information such as passwords and account numbers, and it isn’t always caught by email spam filters. Read on to learn how to avoid phishing scams.

Recognize Phishing
• The email. Phishing emails are designed to look genuine. They use real company names—banks, lenders, service providers, etc.—precisely copied branding, and “spoofed” email addresses that look legitimate but have slight variations (companyname1.com for example, or companyname.othersite.com).
• The call to action. Often featuring an urgent or threatening tone, phishing emails usually request “confirmation” or “verification” of your account or billing information. You may be told that your account is at risk of being suspended, or that suspicious activity has been detected. It’s a clever ploy to get you to act without thinking.

Protect Yourself
• Don’t click on “phishy” emails. Use bookmarks or type URLs directly into your browser’s address box.
• Don’t email confidential information. Whether business or personal, don’t send financial or account information via unsecured email.
• Don’t enter private information in pop-up windows. This is rarely a secure way to transmit your sensitive data.
• Install security software. A multi-purpose suite will include your firewall, spam filter, anti-virus, and anti-spyware tools.
• Keep ALL software up to date. Always download the latest patches for and versions of your software.
• Monitor your accounts regularly. Keep an eye on your account dashboards and review your monthly statements.

What if you come across a suspected phishing message?
Avoid opening the email, and whatever you do, don’t respond or click on any links within it. Report the email to your company’s security contact, followed by the FBI’s Fraud Complaint Center. If you think your information has been stolen, the Federal Trade Commission has advice on what to do next.

To protect your team and your business from phishing, always be smart, skeptical, and security-minded. Visit the Anti-Phishing Working Group for a list of current attacks and the latest phishing news.

Is Your Network Secure?

From sending email to opening a file, connecting to Wi-Fi to browsing the web, critical business data on your network must be protected. There are dozens of opportunities to protect your network from unwanted access, but here we’d like to share some of the simplest and most effective network security strategies. Is your network secure?

● Are passwords robust? Make sure passwords are eight characters in length or more, and include at least one upper- and one lower-case letter, a number, and a special character. Avoid actual words and letter substitutes—hacking software is sophisticated enough to recognize when you use “$” instead of “S”.

● Are passwords changed regularly? The longer a password exists, the more vulnerable it is. Tired of managing dozens of passwords that change all the time? Consider an enterprise password management service application, so you’ll only need to remember one.

● Are all inactive accounts disabled? Every account is a door that can be breached, so don’t delay—each individual account should be disabled as soon as an employee leaves.

● Is your data regularly backed up offsite? Whether in another office or with a cloud-based server, make sure your data is recoverable even if your office is lost to a fire or disaster.

● Does every computer and mobile device have antivirus software installed? Don’t be a sitting duck for spyware, ransomware, viruses, and other malware. Ensure every piece of hardware in your network has active, up-to-date antivirus software installed. Also, don’t wait to update! It is crucial that all of your devices are running the latest version of antivirus software available to ensure the security of your data.

● Do you use WPA2 encryption? Short for “Wi-Fi Protected Access 2,” WPA2 encryption ensures that your Wi-Fi connection is secure. So, don’t leave your virtual front door open. WPA2 authentication is easy to set up and simple to comply with.

● Is your equipment physically secured? Don’t leave your physical doors open, either. Store critical hardware in a locked room with limited accessibility. A data thief doesn’t need to worry about hacking the network if they can walk in and physically remove the device they want to access.

If you answered “No” to any of these questions, you have work to do. Take these few simple steps and get your network secure and your data protected.

What’s Your Policy? Corporate Mobile Device Rules to Consider

We live and work in a mobile world, and mobile access is increasingly critical to business communications and workflows. Whether your employees use a laptop computer, mobile phone, tablet, or portable drive, a few well-executed, thoughtful policies can provide some assurance for your employees and your company.

Consider the following rules when crafting your mobile device policy.

● Devices must be password-protected. Employees may object to the inconvenience of having to unlock their device, but this is a must-have rule. Note that swipe patterns and facial recognition are less secure than a strong password.

● Stored data must be encrypted. Strong encryption—typically 128-bit Advanced Encryption Standard (AES)—is a necessity to protect data on all mobile devices. Talk to your IT professionals specifically about encryption when developing your policy.

● Users must use encrypted network connections. In other words, make sure your staff doesn’t use free Wi-Fi connections! Options vary, but approved connections usually include SSL for Virtual Private Network (VPN) connections, or WPA2 for Wireless Local Area Network (WLAN) connections.

● Mobile devices must be stored securely. Physical theft is as much of a risk as data-only theft, so make sure to stress that mobile devices shouldn’t be left unattended to your staff.

● Lost or stolen mobile devices must be reported to the company within 24 hours. Increased exposure time means increased risk. Make sure your team knows to notify you when devices are lost, so you can take action quickly.

● Devices must have remote data wiping enabled. If it’s not possible to recover a lost device, the only way to protect company data is to remove it completely.

● No texting or emailing while driving. No business communication is worth the life of your employee, or that of another driver or passenger. Stress responsible texting in your mobile policy. As the saying goes, it can wait.

● Noncompliance has consequences. Make sure employees know that repercussions associated with violating internal data sharing rules also apply to mobile data. Accidental exposures of non-sensitive data may warrant a simple written warning, while intentional data theft or exposure may call for termination.

Embracing mobile technology is vital to competing in today’s economy. With a few smart device rules and staff training, your company can thrive in the mobile world. Call Infomax Office Systems to optimize your mobile device strategy today.