Hackers Hide in the Hyperlinks: Spotting Malicious URLs

Whether browsing the Web, using social media, or checking your email, it’s important to exercise caution when encountering links. Cybercriminals actively craft deceptive links to steal personal information or infect devices with malware.

Here’s what to look out for:

Hover Before You Click

To identify a malicious link, you must first see where it goes. Hover your mouse cursor over the link’s text, but don’t click on it. This allows you to preview the full destination address before deciding whether to proceed. Be very wary of links trying to send you to an unknown site other than what’s expected based on the context.

Look for HTTPS at the Start

Legitimate websites will use “https://” to indicate that the page connection is secured using SSL encryption. However, just seeing the “s” does not guarantee safety, so further inspection is needed.

Observe the Subdomain

It’s important to pay attention not just to the overall domain name but also to any subdomains listed before the main domain. This is often just “www,” but it can be anything. You might have seen something like “mail.google.com,” and that’s perfectly legitimate.

However, an attacker could use the subdomain to look like the actual domain. For example, “google-mail-login.fake-domain.com.”

The domain you will go to when clicked is “fake-domain.com,” not Google.

Watch out for Special Characters

Look out for hyphens in the domain name. A hyphen alone doesn’t mean a website is malicious – many websites have hyphens in their domain names – however, it is a common trick to emulate a well-known domain name.

For example, a link to “www.g-oogle.com” would be suspicious, as Google’s actual domain is simply “www.google.com.” The extra hyphen is a red flag that the site could be impersonating Google.

Look at the Extension

Another essential aspect to scrutinize regarding domains is the top-level extension at the end. Common extensions for legitimate websites include “.com,” “.org,” “.edu,” “.gov,” and country-specific endings such as “.ca” for Canada or “.uk” for the United Kingdom. However, cybercriminals may use alternative extensions, hoping to disguise malicious sites. Be wary of unfamiliar extensions or ones that don’t align with the expected use case. For example, a banking site using “.net” instead of “.com” could indicate a phishing attempt.

Staying vigilant and taking the time to inspect links quickly can help shield you from the majority of online threats. If any part of a link raises concerns about where it may lead, it’s usually best not to risk clicking until you’ve had a chance to verify the context through other trusted means.

Maintaining cautious Web habits is the easiest way to help avoid becoming the victim of deceptive scams or malware attacks online.

If you think you have clicked on a malicious link, contact us at 416-645-2469 today and see how we can help.

Unexpected 2FA Codes: Your Cybersecurity Wake-Up Call

We’ve all had those moments of confusion when our phone buzzes with a notification that doesn’t seem quite right. If you’ve ever woken up to a text with some random numbers and wondered what it is, you’re not alone.

Getting a code for two-factor authentication (2FA) from a service you use when you didn’t request one deserves some attention. Rather than ignoring the strange message, it’s a good idea to take action to help protect your online accounts.

Understanding 2FA

2FA, or “Two-Factor Authentication,” is an important security feature many apps and websites use. It adds an extra verification step beyond just a password. After you log in, 2FA will text or email you a special code to enter before you’re given access to your account. This acts like a second lock, keeping hackers out even if they somehow steal your password.

Spot the Warning Signs

When you receive a 2FA code you didn’t request, it’s a clear sign that someone is trying to access one of your online accounts. It often indicates that your password has been compromised through a large-scale data breach or a more targeted attack. Hackers may be attempting to log in using your stolen credentials, and the 2FA code is the only thing standing in their way.

Taking Immediate Action

Rather than ignoring the 2FA code or brushing it off, it’s important to take action right away to secure your accounts.

  • Do not click on any links in the email or SMS. Open a browser, log in to the relevant account, and change your password to something unique and complex. Make sure it’s different from the one you used before and not used for other accounts.
  • Check if your old password was involved in any known breaches using a tool such as HaveIBeenPwned.com. This can help you identify if you have any other accounts that may be at risk.
  • Consider changing passwords for any other accounts using the same or similar passwords in case of credential stuffing attacks. This is when hackers use stolen passwords from one breach to try and access other accounts.
  • Be wary of emails or texts asking you to provide a 2FA code. Legitimate services will never ask for this, and it’s likely a phishing attempt.

This unexpected 2FA code experience is a valuable reminder of the importance of proactive security measures. Two-factor authentication is what saved you this time by blocking the hacker’s attempt to access your account, so take a moment to ensure you’ve enabled it on every site that offers it.

Additionally, using unique, strong passwords for each account is essential to prevent the ripple effects of a single data breach. A password manager can help you generate and store complex credentials, ensuring one compromised password doesn’t put all your other accounts at risk.

While complete online security can never be guaranteed, taking these fundamental steps – enabling 2FA and using unique passwords – goes a long way toward safeguarding your personal information and digital identity.

Struggling With Tech Issues? Avoid the Most Common Help Desk delays

We’ve all been there: an unexpected tech glitch throws a wrench in your works at the worst possible moment. As annoying as it is, staying calm and providing full transparency with your IT friends will have you back up and running in no time.

In this article, we’ll share what essential details to include in a help ticket to get you up and running quickly.

Describe the Specific Behavior

Start with a clear description of what the problem entails: what is and isn’t functioning as expected. Be as specific as possible about error messages or unusual symptoms and which computer it is happening on. For example, instead of simply stating, “Wi-Fi isn’t working,” elaborate that “the Wi-Fi network doesn’t appear in the list of available connections on my laptop.” This level of detail paints a fuller picture.

Supply Contextual Details

Include any relevant contextual details about your setup, recent changes, or activities preceding the issue. Ask your coworkers if they are experiencing the issue as well. Help desk staff need background to diagnose root causes properly. For instance, note if a new device was added to the network or an access point was moved. Mentioning you were transferring large files before the problem arose provides valuable context clues.

When Did It Last Work Correctly?

Providing a timeline of when the problem first appeared and any relevant events helps pinpoint the scope. Note when it last worked correctly and if the way it has been behaving has changed or has remained consistent. This timeline helps technicians determine whether the cause lies in recent system changes or an ongoing intermittent issue.

Impact on Your Workday

Tell your IT support exactly how the problem impedes your work. Does it fully prevent tasks from being completed or just create minor inconveniences? Is the inability to access certain files delaying an important deadline?

Prioritizing showstoppers ensures the swiftest attention to those who need it the most.

We’re here to make your life easier during stressful times, so help us help you.

Taking a few extra minutes to craft comprehensive help desk tickets ensures you receive truly helpful, convenient support when you need it most.

Want to be notified when our next blog is posted, sign up here.

Is It Worth Fixing My Aging Office Computer?

If your trusty office PC has started showing its age, with more issues cropping up lately, you may be wondering if it’s finally time to say goodbye to your old friend. Or could some TLC in the form of repairs get it back in the game?

We are often asked to help clients make this decision. Several important factors must be considered when determining the best path forward.

How Old Is It Really?

While it may seem like you just bought it yesterday, some computers have relatively short lifespans in technological terms. If your machine is more than 7 years old, it’s likely well past its prime. Parts can become difficult to source, and repair costs may exceed the original value.

What Issues Are Cropping Up?

Minor glitches that cause annoyance but don’t hamper use, such as a faulty keyboard, can often be fixed for $50-$150. On the other hand, multiple hardware failures, a dying motherboard, or other major component replacements indicate deeper underlying issues. For problems of that magnitude, repairs may run to 50%-75% of a new comparable model.

Will Parts Be Readily Available?

Specific key components may go out of production after a few years, especially with aging laptops. If it’s determined that your motherboard, screen, or other vital piece needs swapping out, there’s a good chance we won’t be able to get a replacement. This significantly increases repair costs and turnaround time, due to custom orders or used-part sourcing.

How’s the Performance Over Time?

Modern computing demands continue to grow exponentially with each passing year. If your PC has been steadily slowing down over the last 6-12 months and is struggling to run even basic tasks, it may be time for an upgrade.

What’s Your Budget Situation?

For clients on a tight budget, we’re always willing to thoroughly diagnose issues and provide affordable repair options to squeeze out a little more usability from an older machine. However, if an attractive new model is realistically within your means, an upgrade may give you several more years of smooth sailing.

Let’s Diagnose Your Situation

Rather than taking guesses, we always recommend bringing your computer for a thorough diagnosis. We can carefully assess its overall condition, identify any underlying problems, provide repair estimates, and help you weigh up the costs and benefits of fixing versus upgrading based on your unique needs and budget.

With the right solution, you’ll be back to enjoying your computer for many more years to come! 

Want to be notified when our next blog is posted, sign up here.

This Familiar Pop-up Could Be Hiding a Nasty Surprise

If your business uses Microsoft 365 applications, you or your employees may have encountered a pop-up window requesting permission to access various account data.

In this article, we’ll cover choosing the safest option next time you encounter this pop-up.

What Is the “Permissions Requested” Pop-up?

This innocuous-looking window pops up from time to time within programs such as Outlook, Teams, SharePoint, and others. It prompts users to grant a specific app or add-in permission to access parts of their Microsoft account.

Users are quick to press the Accept button to remove the pop-up; however, as with any unsolicited request, caution is key, especially considering the sensitive nature of the business data in your Microsoft 365 account.

Understanding the Dangers of Overly Broad Access

At first glance, a request for permission may seem minor or necessary to use a certain program feature, but have you considered what exactly you may be granting access to? And more importantly, WHO are you granting it to?

You could be granting a third-party the ability to:

  • access all files within your account, both reading and writing;
  • read all of your emails and send emails as you;
  • read and modify any calendar you have access to;
  • read all of your contacts;
  • read Teams chat messages;
  • read all full user profiles within Microsoft 365;
  • and much more.

By approving these requests without understanding, you could unwittingly hand over control of your entire Microsoft environment and any contained data to an unknown third party. They would have ongoing access, potentially even after the app is removed.

Legitimate Uses

Certain apps and add-ins within Microsoft 365 do have legitimate integration needs. For example, your job scheduling CRM may require calendar and email access.

A project management tool allowing teams to collaborate directly within SharePoint may also need permission to upload files on behalf of users.

In these cases, granting an appropriate amount of permission makes sense.

What to Look For in a “Permissions Requested” Pop-Up

The key is to carefully review the proposed permissions for all external apps and add-ins, and understand precisely what access is required.

For example, reviewing the name of the requesting app or add-in can help determine if it’s something your company has purposefully installed or a potentially suspicious third-party program. If it says “Unverified” or “This app may be risky,” it might be best to press the Cancel button for now.

Check which specific permissions are being asked for. Does it make sense for a graph-making add-in to ask for full access to your emails and their contents? Probably not.

Checking with Your IT Team

If any aspect of the request seems ambiguous, vague, or overly broad in scope, it’s always best to approve it only once it can be validated by your company’s IT staff or managed service provider.

Their oversight helps ensure all access to Microsoft 365 data aligns with approved usage policies and does not inadvertently enable unauthorized or unintended access that could pose future risks. Even if it requires delaying approval, taking these extra precautions is well worth it to help maintain a secure environment.

After all, it’s much easier for your IT staff to investigate before sensitive data is exposed than to deal with potential security issues or breaches later. you can also purchase your Microsoft 365 license through CPI Networks and let us be the administrators to ensure these kind of requests are legitimate.

If you have any questions or are concerned that you may have given an App too much access in the past, reach out to us at (416) 645-2469, (905) 667-0441 or email us.

 

Want to be notified when our next blog is posted, sign up here.

When Your IT Goes Wrong, Who Do You Call?

It’s a Wednesday afternoon, and you’ve just sat down to focus on an important project. But suddenly, you notice your internet connection isn’t working. A few minutes later, the printer on the other side of the office starts beeping with an error. Then, a pop-up appears on your computer saying your antivirus subscription needs to be renewed.

You sigh in frustration. Not again! In the back of your mind, you see the notification from last week that your backup failed, but you haven’t had time to look into it.

Who do you even call for these issues? Which company provides your internet? Is it the one that also sets up the printer? Or did you get them from separate vendors at different times? You can barely remember all the various IT products and services you use on a daily basis, let alone who’s responsible for each one.

It’s a common dilemma business owners face. Over the years, technology solutions have been patched together from various sources, but now, when problems crop up, you’re left scrambling to determine who handles what.

When multiple providers are involved, finger-pointing becomes common. “It’s not our problem; you need to call someone else.” This runaround can drag problems out for days or weeks.

Wouldn’t having one trusted IT advisor on your side be a relief, rather than frantically searching for answers when problems strike? Imagine this: instead of making call after call, you open an app on your phone and quickly send a message explaining the issue. Then, you can relax, knowing CPI Networks is already working to resolve it.

CPI Networks is trained to see the bigger picture of your entire technology ecosystem. They can work with you proactively to design integrated systems that work as a cohesive unit, eliminating compatibility issues caused by patchwork solutions over time. And with 24/7 monitoring, CPI Networks is often alerted to problems even before they affect you.

Rather than waiting for problems to disrupt your work, CPI Networks shifts you to a proactive model where they work behind the scenes to pre-empt as many issues as possible, so there is no more feeling stressed each time a new pop-up or error message appears!

Imagine your busy day without worrying about when the next IT glitch may strike. With CPI Networks as a dedicated MSP partner, you can gain that peace of mind.

Contact us today at (416) 645-2469, (905) 667-0441 or email us to find out how CPI networks can help tame your technology problems. 

 

Want to be notified when our next blog is posted, sign up here.

The Power of Rebooting: Your Quick Fix for Tech Troubles

As the stereotype goes, when you report a problem to your IT team, their first question is often, “Have you tried turning it off and on again?” While it might seem annoying, the reality is that many issues can indeed be fixed with a reboot. The longer you keep your computer running without a restart or shutdown, the higher the chances of encountering problems.

Over time, it’s normal for a computer to exhibit decreased performance when left running without a restart for a long time.

This phenomenon occurs because a reboot effectively frees up memory space, restarts frozen applications and eliminates temporary files accumulated from various software applications.

A computer restart can also be a solution for network drive-related problems. If you encounter difficulties in connecting to one or all of your network drives, performing a computer reboot forces it to make another connection attempt.

Rebooting your computer also resolves problems related to freezing or unresponsive applications. In cases where your computer becomes unresponsive, and you can’t access the start menu to perform a restart, you can manually power it down.

This process is done by pressing the power button for eight seconds until it turns off and then pressing the power button again to restart it.

Whenever you install a Windows update, it is essential to restart your computer as the changes may not have taken effect, and you may only be protected once you do.

Frequently rebooting your computer, especially when encountering the described problems, can significantly reduce IT support inquiries.

It streamlines troubleshooting for your IT team, as they will know that a reboot has been attempted before seeking their assistance. And, perhaps most importantly, being able to confidently respond with “Yes, indeed!” when asked, “Have you tried restarting your computer?”.

Are issues still persistent in your computer after a reboot? We can help! Contact us today at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

6 Fresh Ways to Mark National Computer Security Day

Not worrying about bad actors infiltrating business technology would be a cause to celebrate, but that’s not a reality. So, instead, National Computer Security Day reminds us to promote computer security.

As technology advances, securing electronic devices and online systems grows more complicated. We now have October as Cybersecurity Awareness Month to encourage education and motivation. Also, since 1988, November 30 has been devoted to keeping online data safe and secure.

National Computer Security Day can remind staff about digital threats and best practices. For example, every business employee should:

  • use strong passwords;
  • protect their devices;
  • install updates and patches to secure against vulnerabilities.

Still, staff may not welcome more training on security procedures and protections. Counter their cybersecurity fatigue with these fresh ways to keep security awareness top of mind.

#1 Try trivia

Cybersecurity is not trivial, yet you can organize a cybersecurity-themed trivia quiz to gamify your information sharing. You might ask questions about online safety, best practices, or recent breaches, and offer prizes to the winning team.

Questions might include:

  • What’s a common two-factor authentication (2FA) method aside from SMS codes?
  • What type of malware encrypts your files and demands a ransom for their release?
  • What term describes the manipulation of individuals into revealing personal or confidential information?
  • What is the purpose of a virtual private network (VPN)?
  • Name one popular piece of antivirus software.
  • Name a recent high-profile data breach or cyberattack on a well-known company.

 

#2 Offer free lunch

 

Promote participation in cybersecurity by inviting employees to attend a lunch ‘n’ learn. Plan an interactive workshop and woo them with free food. Have hands-on activities addressing passwords and authentication, malware and viruses, or incident response.

 

#3 Set up a scavenger hunt

 

You might do this around your office or set one up online. Set up prompts to identify security threats, recognize phishing, or locate cybersecurity resources. Before awarding prizes, discuss correct answers to challenges and provide insights on cybersecurity.

 

#4 Put together an escape room

 

Like the scavenger hunt, you could set up an escape-room challenge. Have teams solve cybersecurity puzzles and complete tasks to protect their digital identity. Time the different teams and award prizes to the fastest escapees.

 

#5 Host a movie night

 

Show a cybersecurity-related movie or documentary after hours in the office. Provide popcorn while you show The Social Dilemma (2020), Cyber Crime (2019), or WarGames (1983), then have a brief discussion of the film afterward.

 

#6 Send out cybersecurity quizzes

 

Throughout the day, send out fun, informative quizzes. Every quiz completion can count as an entry in a raffle towards top prizes. Tailor your short, multiple-choice quizzes to your employees and industry.

 

Prioritize Ongoing Cybersecurity

 

Marking National Computer Security Day in one or more of these ways is great, but you should continue the cybersecurity conversation all year round. A managed services provider can help you stay ahead of cyber threats. We’ll review your cybersecurity posture regularly.  Call us at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

Neglected Software Vulnerabilities and Their Costs

Cyber insurance is essential for the internet-connected business. Yet, when was the last time you reviewed your policy? You may find new text outlining coverage for neglected software vulnerabilities. You may not even know what that involves. This article explains these vulnerabilities and how to avoid their associated costs.

Cyber insurance typically helps cover the costs associated with the following common risks:

  • network security failure;
  • class action litigation;
  • regulatory fines related to violating standards or privacy legislation;
  • business interruption.

Still, cyber threats always evolve. As a result, insurance companies continually rewrite their policies to cover risk areas. More insurers are adding neglected software vulnerabilities to their policies. Here’s what that means for your business.

 

What is a neglected software vulnerability?

 

Keeping your software current is an important best practice. It’s your responsibility to check for vulnerabilities and protect your systems. The National Vulnerability Database (NVD) informs businesses globally of known threats and patches available.

Patching the vulnerability helps prevent business losses, yet you may not be able to do so right away. You may need to test the update’s compatibility and capacity before installing it.

Still, once the NVD publishes a vulnerability and its patch, many insurers give you 45 days. If you fail to address a known threat, that’s considered neglect. The longer you neglect that vulnerability, the more responsibility you’ll bear.

The costs of a neglected software vulnerability

Software vulnerabilities can lead to network failure, business interruption, and liability. You could end up needing to cover:

  • IT forensics;
  • data restoration;
  • legal expenses;
  • lost profit;
  • credit monitoring and identity restoration;
  • expenses for implementing workarounds.

Yet insurers cover neglected software vulnerabilities on a sliding scale. Once you know about a vulnerability, you’re expected to patch it. So, the longer you wait, the more you’ll pay.

Chubb, for example, shifts more risk to their policyholders after 46, 91, 181, and 366 days. The limit of insurance covered might start at $1,000,000 with zero percent coinsurance costs. For neglected exploits 46-90 days old, the coverage falls to $500,000, and coinsurance increases to five percent.

 

Addressing software vulnerabilities

 

Cybercriminals continue to exploit publicly known vulnerabilities. Why? Because organizations continue to neglect patching and upgrading against known security risks.

Your attack surface grows when your business adds applications, merges with another organization, or allows employees to bring their own devices to work. Using legacy software that has reached it’s end of life can also leave you vulnerable.

Scanning your software for vulnerabilities could expose many risks. You may need to prioritize which to patch first. It can help to consider which ones pose the greatest risk to your mission-critical systems.

Lack the expertise to detect and mitigate vulnerabilities? CPI Networks can help keep your software up to date to prevent exploitation.  Call us at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

Free Yourself from Daily IT Distractions

Everyone who runs their own company knows the constant challenge of wearing many hats and trying to manage everything yourself. As much as you’d like to focus your time and energy solely on core business operations that drive revenue, other ancillary tasks often demand attention too, and keeping IT systems running smoothly is a frequent culprit.

Between the minor daily issues, users face implementing new infrastructure or software projects, security maintenance, backups, and disaster recovery planning, it’s easy for even basic IT administration to balloon into a full-time job. As a small outfit, you likely have yet to devote in-house experts or even just one employee who can handle everything. That’s where partnering with a managed service provider makes a lot of sense.

CPI Networks takes that entire IT weight off your plate by remotely monitoring, maintaining, and managing your networks, systems, security, and more, proactively addressing issues before they negatively impact your business. Here are some key ways they can alleviate the top IT pain points most small companies encounter:

Small Daily Tasks. When users constantly bother you with password resets, installing software updates, troubleshooting simple login problems, and so on, those minor interruptions throughout your day add up. An MSP handles all routine break/fix work, so trivial matters don’t waste your time.

Coverage During Time Off. Taking vacations, attending to family emergencies, or getting sick is inevitable. Still, when your only IT contact disappears even for a couple of days, problems will arise. An MSP is your always-available backup support to ensure nothing slips through the cracks.

Continuity Through Turnover. Retaining knowledgeable employees is tough, so high turnover for internal tech roles is expected. But with sensitive company data, you can’t afford disruptions from employees departing with institutional knowledge. An MSP keeps complete system documentation and access independent of individual staffers coming or going.

24/7 Monitoring. Most businesses don’t have devices and networks consistently watched around the clock. However, outages, downtime, and security breaches often happen outside office hours. 

Taking the Administrative Burden. Between ensuring backups are routinely performed, keeping security appliances and software patched, tracking software licenses, upgrading old hardware, and more, administrative IT functions multiply your plates. Having a group of certified experts take ownership of those chores allows you to rest easy.

In the end, any time you’re pulled from concentrating on direct revenue activities to stabilize unreliable infrastructure or solve technician-level issues, that’s money going out the window. CPI Networks exists to efficiently address those nagging IT problems holding small companies back.

Reach out to us today to see how we can help your business. Call us at (416) 645-2469, (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.