IT Connect Newsletter

by

How to Combat Cybersecurity Fatigue

When was the last time you had to change your password or received an alert to update your device for what felt like the umpteenth time? These are minor frustrations, but ongoing IT requests can add up to cybersecurity fatigue. You can’t stop securing your tech, but you can combat employee annoyance with the process.

The need for cybersecurity isn’t going away, and the human element remains a weak link in every business’s security posture. That means we’re going to continue:

  • creating strong passwords;
  • installing updates and patches;
  • filling in multi-factor authentication prompts;
  • getting tested by social engineering attempts;
  • attending security training to ensure we know procedures and protections.

Yet it all takes time away from the work we want to be doing. Even the few seconds we wait for that push notification to arrive can feel like forever. Our impatience and annoyance grow. Eventually, it can lead to taking shortcuts or neglecting security alerts. That’s cybersecurity fatigue, and it can be a real risk to any business.

Signs of Cybersecurity Fatigue

The constancy and complexity of security measures make people feel overwhelmed or indifferent. That’s when you’re dealing with security fatigue. Signs to look out for include:

  • lack of motivation to follow security protocols;
  • careless clicking on suspicious links, downloading files, or sharing sensitive information without verification;
  • reuse of passwords or using weak passwords rather than complex and unique ones;
  • disregard for software, applications, or operating system update notifications;
  • indifference toward the need to adjust privacy settings;
  • impatience with security measures that add extra steps or delays to tasks;
  • susceptibility to social engineering techniques;
  • delays informing your tech team about incidents, waiting until the issues are critical;
  • connection to insecure networks or using personal devices for work activity.

Any of these can put the business at risk of cyberattack, data breach, or other disruption. Try the following strategies to reduce friction with cybersecurity policies and procedures.

4 Ways to Counter Cybersecurity Fatigue

The importance of cybersecurity can’t be minimized, yet adding more layers can cause fatigue to build. Instead, try these four strategies.

  1. Automate patches and upgrades. Save your employees from direct involvement in this cybersecurity effort. Instead, automate what you can, or work with a managed service provider who can take care of patches and upgrades for you.
  2. Provide password management systems. Make it simpler for your people to keep track of unique, strong passwords. Provide access to password managers such as LastPass.
  3. Choose tools that balance security and convenience. Look for ways to provide enhanced usability without compromising protection.
  4. Turn to remote management. IT pros can access and manage systems from anywhere with an internet connection. With proactive monitoring, they can identify and address potential issues before they escalate.

Partnering with a managed service provider such as CPI Networks can also help you curtail cybersecurity fatigue. We offer flexible and efficient IT support and management. Our experts can enhance cybersecurity without making your people work harder. Call us at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Essentials to Know About Software Licenses

Bet this sounds familiar: A screen full of legalese opens up when you download some new software. You immediately scroll to the bottom and click “I agree.”

Most of us don’t actually read license agreements. This is not a good idea for individual use. Worse, it’s a real risk for businesses.

Even if you don’t read every one of those 60 pages in the End User License Agreements (EULA), it’s important to know the conditions for your license. You can often find this on a sales page or in a feature chart. This helps you understand the basics of your agreement.

After all, a software license legally establishes the conditions of your using that particular software program. For example, you may not be allowed to use the personal or educational license for commercial use in your business.

Why are software licenses important?

Software licenses protect the software developer or publisher and you, the user. The agreement establishes clear guidelines to help prevent misuse and copyright infringement.

You can run into legal and financial difficulties if you don’t understand the agreement; software licenses protect the developer’s intellectual property rights, after all. For example, you’ll often have to agree to a certain number of users for that copy of the software. If your license is for three users, you are risking legal ramifications if you’re using it for ten people in your business.

Keeping track of the number of people using a software license can also save your business money. You might have more licenses than users, for example, which is a waste of resources.

What else do I need to know about software licenses?

Along with rightsizing your software spending, also track renewal dates. You may have that license only for a year before you have to pay for it again. You don’t want to learn, on a deadline, that you’re locked out of essential software due to license expiration.

Different licenses will have various durations, so keep an eye out for renewal notices, and be proactive. See expiration dates as an opportunity to revisit the number of users licensed. You might also negotiate better pricing, or see this as a deadline to transition to a different program instead.

The software also reaches end-of-life or end-of-support after a set period of time. Typically, it’s ten years from its first release. You might continue using that software, but you put yourself at risk of vulnerabilities. The developer no longer patches and upgrades the software to protect it from cyber threats.

Software license best practices

Using software without a license risks fines, prosecution, and jail time. Companies such as Microsoft and Adobe will prosecute, or even pay rewards to people who report software piracy. The only exceptions are open-source software or freeware licensed for anyone’s use. Even in this case, though, it’s still important to review the sales page or features chart. It might state you can’t use that freeware for commercial use.

Try these best practices to avoid legal and financial concerns:

  • Read the agreements before you agree.
  • Don’t use software without a license.
  • Develop a process for monitoring your licenses.
  • Review your agreements, at least annually.
  • Consider partnering with a managed service provider to handle your software license management.

Our experts can help. Contact us today at (416) 645-2469, (905) 667-0441 or email us to learn more about our comprehensive services.

Want to be notified when our next blog is posted, sign up here.

by

What You Need to Know About Desk Ergonomics

Getting the job done is the focus. Many of us don’t spend much time thinking about how we’re setting up our workspace to do our tasks, yet desk ergonomics can increase productivity, lessen muscle fatigue, and cut work-related aches.

In a typical office setting someone has thought about ergonomics. Most people have a chair at a desk where they can sit with a posture that reduces the risk of pain. Good workspace positioning will see your:

  • feet flat on the floor, thighs parallel, and knees bent to 90 degrees;
  • elbows comfortably below shoulders, bent at 90 degrees, and close to the body (without being jammed against you);
  • shoulders relaxed and back;
  • back against the chair with your body aligned so that your shoulders are over your hips, and your head, over your shoulders;
  • Eyes looking at the top of the screen (rather than up or down at it).

Anything else risks putting your body out of alignment, which can stress your body and lead to painful issues. For example, carpal tunnel syndrome, muscle strain, and lower-back injury.

Rethinking your work-from-home posture

Sorry. Working from bed or lounging in a cushioned chair isn’t going to put you in the right ergonomic position.

It’s best to replicate a traditional workstation. Start with how you sit: Get a desk and office chair, or at least sit at a table. If your feet don’t touch the ground, get a footrest (or even use a stack of books). This helps get your thighs parallel and knees at 90 degrees.

Now, place your computer where you can keep your elbows bent and shoulders back. You want to hover your palms slightly over the keyboard as you type. If you have armrests, this can help you avoid slouching.

Your lower back is the next consideration. Having your back against the backrest can help your alignment. Office chairs are often designed with lower back support. If you don’t have that, you could get a lumbar pillow to help. Otherwise, you might roll up a towel to put against the small of your back while sitting.

Also, consider your screen placement. You might need to raise or lower your monitor so that your eyes are in line with the top of the screen. Laptop users could need to get a separate screen or keyboard so that they can achieve the right angles at once.

Next steps

If you’re a two-screen user, you can put the one you use most directly in front of you. If you work on both regularly, place them side by side, and angle them towards your seat. Tablet users may want to get a stand that puts it at eye level. Otherwise, switch up which hand you’re using to hold it. Plus, if you’re on the phone a lot, use hands-free or a headset to avoid a stiff neck.

You can also take advantage of a standing desk. In that case, you’ll want to make sure your feet are hip distance apart. Then, stack your hips above your feet, followed by your shoulders, neck, and head. Keep even weight distribution in mind too.

Every 20 minutes or so plan to check in on your posture. Also, take 20 seconds to look at something 20 feet away from you to give your eyes a rest. Moving and stretching can give both your body and mind a break.

Reconfiguring your desk ergonomics can help reduce muscle strain and improve productivity. It’s up to you to sit correctly to take away workplace pain, but we can help you with the pain of problematic IT. Contact us today at (416) 645-2469, (905) 667-0441 or email us to contact us.

Want to be notified when our next blog is posted, sign up here.

by

What Is Zero-Click Malware?

You know not to open an email attachment from someone you don’t know. You also avoid downloading unexpected files or questionable popups when you go online. But did you know there’s malware that requires zero action from you? Zero-click malware can infect your device without any interaction on your part.

Traditional malware required the user to click a link, download a file, or execute a program. It often relies on phishing and social engineering to fool you into taking action.

Zero-click malware exploits vulnerabilities in your operating system (OS) or applications. It uses carefully crafted, undetected code to access and execute a payload automatically, and there’s no trigger. If one is present on the system you’re using, you’ll navigate right into it.

This makes zero-click malware attacks all the more dangerous. After all, they happen without your knowledge or consent. Meanwhile, attackers can use zero-click malware to:

  • gain access to sensitive data, such as passwords or financial information;
  • take control of your device;
  • impersonate you and send out messages on your behalf;
  • carry out additional attacks.

Understanding zero-click attacks

Zero-click attacks exploit bugs, misconfigurations, or design flaws in an application or OS. They can come in many forms as attackers:

  • target email applications and messaging apps such as WhatsApp or iMessage;
  • build malicious websites;
  • hack and infect legitimate websites;
  • exploit vulnerabilities in network protocols or services.

In one well-publicized example, Amazon CEO Jeff Bezos suffered a zero-click attack. A WhatsApp message compromised his texts, instant messages, and potentially even voice recordings.

Another well-known attack targeted the WhatsApp accounts of journalists, activists, and human rights defenders in several countries. The attackers installed the Pegasus spyware on the targeted device simply by placing a phone call to the device, even if the user did not answer the call. The malware could extract messages, photos, contacts, and other sensitive data from the device, as well as activate the device’s camera and microphone to record the user’s surroundings.

How to protect against zero-click software

Protect against zero-click malware by keeping your device’s software up to date. These attacks are often designed to exploit unknown vulnerabilities in software, enabling automatic updates can help ensure you run the latest, most secure software.

Also, install and use security tools such as antivirus software and firewalls, which help detect and prevent the malware from infecting your device, and remain cautious about clicking on links or downloading files from unknown sources.

Further reduce your risk by using strong passwords and two-factor authentication. Plus, limit your device exposure to public Wi-Fi networks and unknown devices.

In case of a zero-click malware or other types of data breach, regularly back up your data, too. Store backups on a separate device that uses strong encryption and two-factor authentication, or use a secure cloud storage service.

Not sure about the strength of your online protections? We can help secure your devices. Contact us at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Leave that USB Drive Where You Found It

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the car park of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don’t do it. Risks abound.

Consider this jaw-dropping example. That’s how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the car park.

From there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network.

 

Risk of thumb drive attack

 

Now, you might be thinking, “but I’m not an Iranian nuclear facility.” But that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact, one study found that 60 percent of people were likely to connect random thumb drives found near their building. If the business logo was on the drive, the number went up to 90 percent.

USB stands for Universal Serial Bus. Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors.

Hackers can pre-program USBs to act maliciously once connected to the network. They might:

  • steal a user’s data;
  • gain access to the user’s keyboard;
  • monitor the user’s screen;
  • encrypt user data in exchange for a ransom;
  • spread infection.

Most of these can happen without the user even knowing it, as the malware runs in the background.

Avoid USB drive attacks

How do you keep your business safe from infected USB drives? First, don’t insert unknown flash drives. Hackers will try to take advantage of human curiosity or their desire to help.

It’s also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

We’re here to help. Call us at (416) 645-2469, (905) 667-0441 or email us to contact our experts if you suspect a security threat or want to update your security posture.

Want to be notified when our next blog is posted, sign up here.

by

Stop Using Windows 8.1 and Windows 7 – Do It Now!

Few of us are big fans of change. It can be easier to keep on going down that same path or use that same computer software; it’s comfortable and familiar. As of January 10, 2023, however, Microsoft has stopped providing support for Windows 8.1, which means you need to make a change.

It’s time.

If you’re still on Windows 7, it’s really time. Microsoft stopped providing security updates and technical support for that in January 2020. Microsoft did launch an extended service update (ESU) period for Windows 7, but that’s over, and there’s no ESU program for Windows 8.1.

Microsoft recommends moving to a new device that can run Windows 11. They warn against “performance and reliability issues” with older, unsupported operating systems. Another option? Upgrade your current device and install a newer operating system on it.

Now, you might be suspicious, thinking, “they just want more of my money,” but the manufacturer has already been providing support for both of these tools for ten years. Plus, computing is changing enough that they need to keep up with new iterations of Windows. Then, they focus their attention on keeping the latest releases updated and secure.

Benefits of upgrading to Windows 11

According to Statcounter data in 2023, Windows 11 is only on 15.44 percent of Windows systems right now. Windows 10 has the majority (over 70 percent), but if you’re one of just under 10 percent of users still on Windows 7, make the change now.

Cybercriminals know that people will wait to make the change, and they find ways to exploit the weaknesses of unsupported software. You are particularly vulnerable when relying on Windows 7 or Windows 8.1.

Windows 11 is the latest Microsoft offering. They have worked to reduce risk from the latest cybersecurity threats. With Windows 11 you can better protect your files and cut the risk of today’s viruses and malware.

The new operating system is built to be more efficient. Microsoft has tweaked the Windows layout and navigation to help users find what they need and perform tasks more easily.

Not sure what version of Windows you’re using? In the bottom left of your screen, click on the Start Menu and press the Windows button on your keyboard. Then, type “system”. Click either the System or System Information icon. You’ll see your Windows version listed at the top of the window that opens up.

Upgrading to Windows 11 from 7 or 8 isn’t free. Only Windows 10 users can upgrade at no cost. Also, to upgrade to a Windows 11-compatible device, you’ll need to make sure you get a security chip called TPM 2.0. It’s unlikely you’ll find that chip on a computer more than four years old.

Need help with your Windows software? We can help. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Watch the Little Things in Cybersecurity

Author Richard Carlson tells the world, “Don’t Sweat the Small Stuff” in his popular book. Yet he’s not in the cybersecurity realm. When it comes to protecting your business, you do want to watch the little things. Avoiding small matters could bring big risks.

You’re already keeping an eye on the big things such as ransomware or data breaches, and you’ll also be ensuring have a data backup and disaster recovery plan in place. But don’t overlook the small issues that come up – they can be just as vital to your cybersecurity.

For one thing, don’t undervalue physical security for your business technology. In America, there have been reports recently of attacks on power stations, but these aren’t sophisticated cyber hacks. Attackers with guns are breaching the physical premises and shooting transformers. It goes to show that you focus on preventing cyber threats at the expense of perimeter protection.

This also means reminding employees not to let unknown personnel into the building and telling them to take down those post-it notes on their PCs with their passwords on them.

Allowing your people to work on software that’s past its support date could also be a bigger deal than you think. The “if it ain’t broke, why fix it?” mentality could leave you open to attack. Hackers seek out vulnerabilities tied to outdated systems. They can leverage small openings to wreak havoc on your business.

Small steps can make a big difference

Similarly, don’t fall for the idea that cybersecurity effort needs to be complicated to do the job. There are small steps your business can take to protect itself.

Cyber hygiene is a good starting point. Ensure your people aren’t reusing weak passwords across accounts. Make keeping track of complex passwords easier by using online wallets such as LastPass.

Keep computers updated and software patched. Manufacturers keep up with threats and upgrade their code to address known vulnerabilities. All you need to do is allow the update when it’s offered. It can be an inconvenience, but agreeing to that update can save you a big problem down the road.

Educate employees about using public Wi-Fi networks. They may think they are being productive by logging in while in line at the coffee shop, but that public access point could be putting your systems at risk. One big problem is that an attacker could be set up on that hotspot to intercept sensitive data.

Encrypt data. This helps you protect data wherever it may be, not just on-site. A hacker intercepting that data would still need decryption capabilities to get access.

Multi-factor authentication also helps to protect your business. After all, a criminal could get access to an employee’s username and password from a phishing attack. If you don’t add a second layer (at least) of authentication, they can easily log into your network and do damage.

Need help with cybersecurity issues? We can help you with the big and the small. Contact us today at 555-5555.

by

Tackle These Four False Assumptions about Cyber Attackers

There’s one big assumption about cyber attackers that we regularly refute: “It can’t happen to me.” At this point, most businesses do recognize the serious nature of the cyberattack threat. Yet other assumptions about cyberattackers may also make your business vulnerable. Educate your employees about these four main misconceptions. Raising their awareness can help secure your systems against social engineering attacks.

Start with the assumption that any technology is 100 percent safe. This is as misguided as the idea that your business won’t be a victim of a cyberattack. Some employees may believe that Google and Microsoft activity is always secure. That’s not the case.

Google and Microsoft have massive market shares, and it makes sense that bad actors target their cloud storage and content distribution. Once they’re in, they have ample opportunity to scam people.

Another false assumption is that threat actors go in blind with a scatter-shot approach. In fact, many social engineers do their research first. They learn what they can about your employees, your org chart, and what your business does. This helps them to develop more credible attacks.

Cybercriminals take the time to build rapport before initiating an attack. They may send unassuming conversational emails first, which helps them lull your people into seeing them as a trusted source. After establishing false security, criminals make an urgent request or plea for help.

 

Counter these misconceptions too

Cyberattackers may also make their play over the phone. So, don’t assume that your online interactions are the only thing to protect. There are hundreds of thousands of “vishing” threats every day. The bad actor may send an email without any malicious links or attachments, but there’s a number to call. If your employee calls in, they’ll talk with a convincing criminal. The bad actor might act as a call center or customer service agent.

Also warn employees against the assumption that responding to an existing email is always safe. It is much easier than they might think for someone to hijack a colleague or client’s email inbox. Then, the criminals use a pre-existing email thread to send a malicious attachment or URL, or use the connection to ask the employee to perform some action for the threat actor.

Finally, emphasize the point that anything is fair game. Cybercriminals will attack anyone, in any way they can. This includes leveraging current events, pop culture, and even international health crises. One campaign exploited victims by offering early access to Season 2 of the streaming success “Squid Game”, and during COVID lockdowns, hackers offered free masks or free tests to get people to download infected files.

There is money in cybercrime – a lot of it. The bad guys are highly motivated and always looking for new ways to exploit human weaknesses. Discuss cybersecurity assumptions with your employees and put protective measures in place to secure your IT. Our experts can help. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here..

by

What You Need to Know About Browser Extension Risks

With “Googling it” now a common expression, it’s safe to say you do a lot online. To do it all you’re using a Web browser (such as Chrome, Edge, Firefox, etc.). To do it all more efficiently or effectively, you could be using browser extensions, but this article is going to warn you against doing so.

To clarify, browser extensions are code add-ons that you connect to your browser. You can use them to personalize your surfing experience, and they accomplish many different things, including:

  • saving time (e.g. Scribe, Evernote, StayFocusd);
  • checking your grammar (e.g. Grammarly);
  • managing your passwords (e.g. Keeper, LastPass);
  • securing your online activity (e.g. DuckDuckGo, Ghostery)

Even though we’ve just said they can help secure your online activity and manage your passwords, the problem is that they are also risky.

Consider the fact that we said this represents added code. Now, how much coding do you know? Most will say “not a lot.” That means you’re blindly trusting that browser extension.

If you download a malicious one, that code can wreak havoc. Suddenly, your default search engine gets changed, or you get redirected to a start page with malware on it. You might face an onslaught of pop-ups or ads. They can also track your browsing history without you knowing it.

That’s just the beginning

Many browsers today want to keep you safe from malevolent extensions. They’ll have permissions in place before allowing access. Yet you still end up giving that extension a lot of access. For example, an extension modifying google.com needs access to all your Google activity. That means your Gmail, too.

Browser extensions access everything you’re doing online. So, a malicious extension could also function as a keylogger capturing passwords or credit card details.

A browser extension can also be sold to or hijacked by a bad actor. Then, it’s easy enough for them to push out an update that turns your trusted extension into malware.

What to do about this issue

Does this mean you should do without browser extensions? There are even browser extensions out there to block other browser extensions, but abstinence from extensions is not your only solution.

Instead, we’d recommend reviewing the safety and credibility of that extension. This means you should:

  • Check to see who published the extension.
  • Look at the reviews. A high number of positive reviews is a good sign. Thousands of people are unlikely to give five stars to a malicious extension.
  • Pay attention to the permissions required. If an extension claims to modify only one website, check that it accesses that site only.
  • Protect yourself with a good antivirus solution.
  • Keep your antivirus solution and other software updated.

It’s also easier to stay safe by limiting the number of installed extensions you use. If you have browser extensions that you aren’t using, uninstall them. This can cut your exposure to potential threats.

Another way to secure your online activity? Work with our IT experts. We can check permissions and review your extensions. We’ll also ensure your antivirus and software are up to date. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Making Smart IT Purchases with CPI Networks

There is no shortage of business technology out there to choose from. The sheer volume of options is overwhelming, and it can be challenging to identify the right solution for your business. This article provides ideas to help you make smart IT purchases.

You want to get the most out of your IT budget in 2023, but these common factors can derail smart IT purchases:

  • Many small and medium-sized business owners don’t have a lot of technical expertise.
  • Making buying decisions based only on a budget can lead to getting tech that won’t suit your needs.
  • People get drawn in by marketing appeals or salesperson charisma.
  • Buyers want to simplify their lives, so it seems to make sense to go with the same supplier or brand. But that’s not always the best answer.

All this means that even the best-intentioned buyers can choose the wrong technology. Maybe that new system isn’t compatible with existing software and hardware. You make things more difficult for your employees instead of improving productivity. Or you can end up wasting money on something you don’t need, or getting the perfect product but at an exorbitant price.

Strategies to Support Better Tech Purchases

When it’s time to buy technology, several strategies can improve your results.

Establish your requirements

This is more than thinking, “I want X to do this and that.” Map out your current technology to see what might already meet those requirements. Plus, learn what compatibilities will be essential to effectively use the new tech.

Talk to your employees

Ask about what they would change and what they like best about the tech you’re replacing. They’re the ones who are going to be using your tech purchases on a daily basis. Buying decisions made in isolation could saddle staff with IT that frustrates them.

Think long term

This can prevent you from getting caught up in glitzy marketing or salesperson enthusiasm. Yes, it’s human to want that cool, shiny gadget with all the bells and whistles, but it may not be what your business needs, either today or down the road.

In fact, if you’re oversold technology, you could face IT budget woes in the future. On the other hand, you don’t want to buy something that you’re going to have to replace soon. That’s setting yourself up to do this all over again. You want to make a choice that is the right fit for your current requirements but that can also scale with you.

The Solution to Tech Purchase Miscues

Of course, all this takes time – a long time if you lack IT expertise. That’s time away from running your business and revenue-generating activity. Partner with a managed service provider (MSP) like CPI Networks to simplify the process. We can look at your existing setup and learn what you need. Then, we’ll use our experience and vendor connections to get you the best deals on smart tech purchases. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Do you want to be notified when our next blog is posted, sign up here.