SmallBizIT

by

Automated Data Backups Still Need Management

Your business is backing up its data in case of a cyberattack or other disastrous disruption. Yes, you can pat yourself on the back for that, but don’t get too complacent with backing up. Automated backup still needs monitoring and management.

Having decided to back up data, you may feel confident you can withstand an attack or recover from unexpected downtime. But if you simply trust the backup to run at a certain time, you might be surprised. Automated backups can make the job easier. Still, you should be monitoring these backups and checking them, too. There’s nothing worse than finding out months later that something went wrong with your automated backup.

Why you need to monitor backup

A technician can set an automated backup to run on a set schedule. They select a time that causes the least interruption while ensuring up-to-date data. Yet this is too important a process to leave unattended.

Things change. The automated backup is set up for the technology configuration when originally installed. A lot can happen in the meantime as the IT environment evolves.

Blindly trusting automated backup could leave you unaware of problems such as:

  • an unplugged backup device;
  • an altered device letter, which means it isn’t found;
  • moved folders;
  • software updates that might have changed what needs to be done and how;
  • the original plan not accounting for new servers or migration from on-premises to the cloud;
  • insufficient capacity for the backup.

If no one is monitoring that backup, your business could assume it went smoothly. Then, when you need that backup, you could find out the hard way it didn’t go as planned.

 

Keeping an eye on automated backup

 

It’s not that you can’t automate backup, and there is convenience in doing so. Automating the backup of a computer, network, or IT environment can save time and money.

Yet you need someone to pay attention. Monitoring backups ensures that the process is running smoothly.

A managed service provider (MSP) will take a hands-on approach to your automated backups. If there is a failure, they have the skills to address the issue quickly and alert you of any bigger issues. Plus, with an MSP in your corner, you gain IT experts skilled at data recovery, too.

The MSP’s techs can even run data-restore drills, helping you to prepare for challenges such as ransomware attacks or accidental data deletion.

Process automation helps businesses, but don’t rely on it unattended. Optimize data backup by adding a human element. An MSP can ensure quality and fully protect your business. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Data Breaches Are Getting Worse: Know the Basics

The exposure of sensitive information can be disastrous for individuals, businesses, or governments. Yet data breaches aren’t going away. The first data breach compromised more than a million records in 2005. Since then, we’ve seen ongoing news of breaches. But there are some basic steps you can take to avoid falling victim to an attack.

Let’s look just at August 2022:

  • A breach at communications giant Twilio exposes 1900 users’ phone numbers and SMS verification codes.
  • Researchers discover at least 9000 virtual-network computing endpoints exposed online without a password.
  • CISCO confirms a ransomware gang has exfiltrated 2.8GB of data.
  • An American neurology practice notifies 363,833 individuals of a data breach.
  • 4 million Twitter users are thought to have been affected by a data breach at the social media firm.

And that’s all during a 10-day period!

In its annual Cost of a Data Breach study, IBM found the cost of a breach hit a record high this year, at nearly $4.4 million.

How does a data breach work?

A data breach involves any unauthorized access to confidential, sensitive, or protected information, and it can happen to anyone. Data breaches happen mainly when hackers can exploit user behavior or technology vulnerabilities.

The threat surface continues to grow exponentially. We are increasingly reliant on digital tools such as smartphones and laptops. With the Internet of Things (IoT), we’re adding even more endpoints that unauthorized users can access.

Popular methods for executing malicious data breaches include:

  • phishing – emails in which hackers persuade users to hand over access credentials or the data itself;
  • brute-force attacks – hackers use software and sometimes even hijacked devices to guess password combinations until they get in;
  • malware – infects the operating system, software, or hardware (often without the user knowing) and steals private data.

Disgruntled employees or political hacktivists can also be behind data breaches. However, more often than you would hope, the breach is due to human error.

Basic steps to avoid data breaches

Too many data breaches trace back to people using weak access credentials. Yes, there are still people out there using “password” or “123456” to log in at work! Thus, an important step to counter data breaches is enforcing strict password policies.

Multi-factor authentication can also help. This way, even if the employee uses a poor password, or their strong password is stolen, the hacker has to work to get access. They might need the user’s physical device to confirm a one-time-use code sent to verify identity.

It’s also important to patch and upgrade software as soon as asked to do so. Manufacturers support security by keeping abreast of hacker attacks throughout the world. They’ll also watch for bugs and any vulnerabilities. Disregarding that message to upgrade or patch could leave your computers at risk.

Encrypting all sensitive data can also cut the risks of a data breach. That way, if the bad guys do get inside your systems, they can’t do anything with the information they access.

With more people working remotely, the number of users doing business on their own devices is also up, which represents another data breach risk. Enforce strict Bring Your Own Device (BYOD) policies to minimize exposure. You might require secure remote desktop services and professional-grade antivirus protection.

Don’t risk data breach damage

Data breaches cause business downtime and can cost your reputation and bottom line. You may lose customers and also have to pay legal fees or compliance fines. Don’t let this happen to you. A managed services provider can install protection and take precautions against data breaches. Call us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.-

by

Beyond the Ransom: Dealing with Ransomware’s Aftermath

Ransomware is on the rise. The estimated 304 million worldwide attacks in 2020 represented a 64% increase. These attacks are growing more costly, too. Ransomware payouts jumped 171% from 2019 to 2020. For businesses in any industry, ransomware is a real threat, and recovery is more taxing than you might think.

With ransomware, bad actors infiltrate your devices or systems and encrypt your files. They demand a ransom in exchange for the decryption key that lets you get back to work. This type of cyberattack is always evolving. If you haven’t been compromised yet, you may want to think of it as only a matter of time.

What to do About Ransomware

There are many ways to cut your risk of becoming a victim of a ransomware attack. These include:

  • educating your employees in security awareness;
  • securing email gateways;
  • limiting remote access;
  • using multi-factor authentication;
  • monitoring remote access points;
  • keeping up with cybersecurity to identify threats.

You’ll also want to install antivirus protection and keep your software patched and up to date.

Maintaining encrypted backups offline can also offer reassurance that you can recover from a ransomware attack.

Recovering from a Ransomware Attack

Protection is essential, but that’s not going to stop the attackers from trying to infect your systems. If your business is compromised, you’ll have to decide whether or not to pay the ransom to unlock your data.

Yet “to pay or not to pay” is not the only consideration when it comes to recovering from a ransomware attack.

First, you need to get to the bottom of the attack and learn how the malware was deployed. Attackers may have used a phishing strategy or exploited weak remote access controls. Find out where they got in and how they moved within your system.

You’ll want to report what you know about ransomware to law-enforcement agencies. If you are in an industry with compliance regulations, you may need to report there, as well. Acknowledging the ransomware may hurt your business reputation, you can at least help others learn about new threats.

You may also need to contact your clients, depending on the laws in your country. You will need to tell them about the hack and what data was released (if any). You might also warn them against opening emails from your business, as they could be compromised.

After the initial steps of recovery, you’ll also need to hunt for any malware remnants on your systems. The ransomware is the final payload, but the attackers would have used a delivery mechanism such as Trickbot, Emotet, or Qakbot. If you don’t discover this malware and get rid of it, you could be a victim of ransomware again.

MSPs Help Combat Ransomware

Managed service providers can support your cybersecurity efforts. They can monitor your systems and keep patches and antivirus software current. They can also manage the backups which are key to a successful recovery. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here..

by

“Save Me the Money”: Why Work with an MSP

The pandemic, a supply-chain crisis, and rising inflation are impacting the economy. In this current climate, your business may be budgeting with caution, and you might question the value of partnering with a managed service provider (MSP). Yet as counterintuitive as it may seem, adding MSP services could save you money overall.

The right MSP supports your business efficiency. You can also cut costs and get more from your IT investment. At the same time, you gain a partner to provide IT monitoring and maintenance. This can help avoid costly downtime and lost productivity from unexpected IT disruptions. Instead of reacting to problems, the MSP proactively manages your tech to ensure it meets your evolving needs.

One of the first things an MSP will do is get an overview of your business technology environment. The MSP can identify savings with an objective view of systems, software, and hardware. The MSP often lowers IT overheads by looking at all bills and subscriptions to find duplicates and the right fit for your plans. The MSP has provider relationships to draw upon and can help find the right solution at the right price. Unlike software salespeople, there’s no advantage in an MSP attempting to sell you more than you need.

Affordable IT expertise

With an MSP, you also avoid the effort and expense of recruiting, retaining, and training your own IT staff. Bringing in an IT team is increasingly expensive. Demand for such talent is high, and the labor market is tight. But with an MSP, you gain access to tech talent that has a breadth of experience, plus, the MSP is doing the hiring and HR for those experts.

Already have IT people on-site? Keep them happier by giving them challenging projects and inviting them to innovate. They can be contributing to your bottom line while the MSP’s team takes on the routine, mundane IT tasks.

Further, an MSP helps you scale without the challenges of bringing in more IT help or having to let valued staff go. An MSP can help your business migrate to the cloud, where you can grow tech capabilities without having to invest in more staff or systems. If market pressures make scaling back makes sense, you can also do that easily in the cloud with an MSP’s help.

Cost-effective IT solutions with MSPs

The MSP’s goal is to solve your tech problems. Success is boosting business efficiency and finding cost-effective IT solutions. Taking a proactive approach to IT, MSP experts can also cut cybersecurity risk, or, if the worst does happen, they can have plans in place to help your business get back up and running quickly. That can help you save money, too.

Find out more about the value of investing in MSP services. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Avoid This Top IT mistake: The “Wait and See” Approach

Patience is often a virtue, and being budget-conscious is also a plus in business. Yet taking a “wait and see” approach with business tech is a top IT mistake.

There is a lot of uncertainty in the current economy. You may be looking to save money to give your business more budget leeway. But if you don’t make ongoing investments in your IT, your business could suffer.

You might skip software upgrades, but that can put your business at risk from cyber bad actors, who look to exploit weaknesses when people don’t upgrade their systems.

Deciding to put off replacing older devices or legacy hardware, you may be thinking, “What’s one more year?” It can make a big difference, actually. Your systems may have vulnerabilities that cyberattackers will leverage. Your hardware may not be able to keep up with your business during its busy times, and your people could be working on devices that are no longer supported by the manufacturer. If something does go wrong, you’re on your own.

Trying to get by with less when it comes to business technology can hurt your business. We’re not saying you have to throw all sorts of money at every new technology out there, of course; it’s about fitting the right technology to your specific business needs.

Business tech: Better now than later

Businesses today are undergoing digital transformation. Across industries, people see the advantages of IT. The right technology enhances the quality of work and boosts productivity. You have the tools needed to support faster processing and wider information distribution.

Thinking only short-term about technology, as in “it’s working fine for now,” could hurt you in the long run, however, and by not looking after your tech and keeping it current, you could be missing out on:

  • keeping your software and systems patched and protected against the latest cyber threats;
  • enjoying the greater efficiency that comes from streamlined workflows and business process best practices;
  • being able to collaborate seamlessly with team members or clients and customers via the latest cloud communications tools;
  • getting things done more easily with the hardware and software you need to keep up with your business;
  • scaling up or down as your business needs with the convenience of cloud technology;
  • having peace of mind that if there is a data breach or other system disruption, you have a backup to get your business back up.

Moving forward with an MSP

There is an inevitability to investment in business tech. You know you’re going to need it. But taking the wait-and-see approach simply puts you at risk of a cyberattack or other productivity drains. Keeping your IT current and investing in this essential area can benefit employee engagement, customer satisfaction, and your business’s bottom line.

Not sure what technology to focus on while working within your budget? Our IT experts can help. We’ll get to know your systems and your unique needs. Then, we’ll make suggestions about the smartest investment areas for your business. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

Small Business Can’t Sacrifice Cybersecurity

For small businesses, it can be tempting to postpone cybersecurity efforts. There are many common excuses: “There’s so much to do,” “There’s not enough budget,” “Our business is too small to target,” etc. But right now, cybersecurity is a must-have for every business.

Think of it like business insurance. You don’t intend to get sued or have accidents, but you have insurance to cover if the worst happens. Similarly, having cybersecurity in place:

  • saves you time, money, and stress;
  • protects your business IT against damages;
  • provides you and your employees with peace of mind.

But small businesses are not only at risk of cyberattack. According to a study released in March 2022 by cloud security company Barracuda Networks, “on average, an employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.” That makes small businesses three times more likely to be targeted.

In fact, your business may already have been attacked. The Barracuda study found that one in five organizations had at least one account compromised in 2021. And hackers need only one account to launch from. An attack can spread without you knowing if you don’t have the right detection and protection tools in place.

Advice for small business leaders

Digital attacks are on the rise, and you’re going to need help. A report from Blackberry in February suggested that “one million daily security alerts are seen in 25% of security operations centers.”

But you don’t have a security operations center, right, let alone one that can process a million alerts daily. Investing in cybersecurity gives you access to that type of security reporting, plus much more.

Hackers target small businesses because they expect them to have fewer IT resources. That can mean more weak points for bad actors to exploit.

At least you are keeping your software current and patching vulnerabilities with any manufacturer updates, right? And your business probably also uses antivirus and emailing filtering. Yet, traditional email filters are no longer enough: you need to invest in additional security resources.

Take the target off your back

So, we’re back at the beginning again. Investing in cybersecurity is now on your wish list, but you can’t see how you can afford it right now. But you can’t afford not to really. According to the Australian Cyber Security Centre, “Australia spent approximately $5.6 billion on cybersecurity in 2020, and self-reported losses from cybercrime totalled more than $33 billion.”

Plus, you don’t need to do everything from scratch and buy all the necessary software and hardware yourself. Instead, you can work with a vendor to take advantage of economies of scale. Invest in a cybersecurity partner who will do a full risk analysis to find the main vulnerabilities in your business IT environment.

Partner with someone who works to secure many small businesses like yours. They’ll be the ones investing in supplemental technology with machine-learning security to protect against all types of email. They’ll know how to put the right protection tools in place, and they’ll also have the skills to detect and respond to threats post-delivery.

The damage caused by one compromised account can be devastating for a small business. Don’t risk the worst happening: protect your cybersecurity with the help of a managed service provider. We can identify any weak points in your cybersecurity and help put safeguards in place to defend your business. Contact us today at  (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

3 Reasons to Avoid Signing in With Facebook or Google Accounts

Nine out of ten times today when you visit a website you’re asked to sign in. To add convenience, many sites offer the ability to sign in using a Facebook or Google account. Sure, it’s simpler, but this article will share three key reasons why you might want to avoid this easy route.

It’s estimated that we each have an average of 100 passwords. That’s a lot to remember, especially as we need unique logins for every site to lower our risk of cyberattack.

At the same time, every website wants us to set up an account. It helps them get to know their users. This can help them to target marketing and product development efforts. They might also share the information with third parties as another source of income.

Still, the website wants to keep its users coming back, so they allow you to sign in with Google or Facebook accounts to streamline the process. Weigh the value of that added convenience against these three considerations.

#1 Youre giving away more data

By using Google or Facebook to sign in on other websites, you are giving the sites greater access to information about you. Now, they not only know what you do on their sites, but you’re also allowing them to build out their picture of you with data insights from the shared sites.

Google and Facebook have powerful tools to dig deeper into your online activity, and other websites can also extract data from your Facebook and Google accounts. If you don’t read the privacy policies, you may not know what sensitive data the platforms share.

#2 You could lose access

You may join those who are deciding to quit Facebook or leave Google in favor of another platform. If you do so, and you have used that account to access other sites, you’ll have to create new logins.

Even if you’re not ever going to do away with your Facebook or Google account, you could still lose access. If there’s a major outage at one of those two sites, you won’t be able to log in at any of your connected sites either. The other websites won’t be able to authenticate you until Facebook or Google is back up and running.

#3 Your attack surface gets bigger

If you have one, unique login credential for a website, you risk your data there only if that site gets hacked. However, if you use Facebook or Google login, and bad actors compromise that account, they can access any shared sites.

Think of it like dominos. The Facebook or Google account is the first to fall, but all those other accounts you “conveniently” login to using those credentials will come tumbling down soon after. Don’t think the attacker won’t bother looking for other connected accounts. All they have to do, once they breach one account is go into your settings to see what you have connected.

Social media accounts are also a prime target. Don’t believe us? Bet you’ve seen a post from a Facebook friend (or ten) telling you to ignore strange activity due to a hacked account.

Protect your online identity

Account compromise is a top cause of data breaches worldwide. Protect your online identity by following best practices for cyber hygiene.

Need help with password security? Our IT experts can set you up with a password manager or provide other online security help. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

How to Spot Email Spoofing

The number of emails we get daily can be overwhelming. We could be excused for not looking at them all closely – well, almost. Except that not taking care to review emails for signs of spoofing could be a real risk to your business. Learn about email spoofing and how to avoid it in this article.

First, what is email spoofing? Don’t confuse this with the foreign prince’s plea for money. Email spoofing is much more nuanced; it’s still a cyber bad guy at work. They try to get you to download malware, enter personal credentials, or give money. Yet now they are mimicking a reputable company or source of an email. The email will, at a hurried glance, appear to be legitimate, and that’s how it works. The spoofer takes advantage of our lack of attention to accomplish their aim.

With email spoofing, the scammer tries to trick you into thinking they are a source you recognize. This might be a supervisor, a colleague, a vendor, or some other entity you work with regularly. Their goal is to get you to take an action you would not otherwise do.

The email will usually look convincing. The would-be attacker will duplicate design elements and mimic the sender’s style. So, you need to be aware.

How to Identify Email Spoofing

There are several signs to look for to identify a spoof email. First, you’ll want to check the email header information. This is a good place to look for tracking information about the message.

To view headers:

  • In Gmail, open the email you want to check headers for. Next to Reply, click the three dots and choose “Show Original”.
  • In Apple Mail, open the email you want to see headers for, and click View > Message > All Headers.
  • In Outlook, open the email you want to check, and then click File > Properties.

Check to see:

  • if the “from” email address matches the name of the person displayed as the sender;
  • that the “reply-to” address is the same as the sender or the site that the email purports to be from;
  • that the “return-path” is the same as the reply-to – you don’t want to think you are replying to “John Doe” when your response will go to “Scammy McScammer”.

The email header is a good starting point, but you’ll also want to ask yourself about the content of the message. If you weren’t expecting a message from that individual or organization, think twice. Also, look out for spelling or grammatical errors. A difficult-to-read message could indicate an unsolicited email from someone with a limited grasp of English.

If the email is pressuring you to act quickly or making an emotional plea for you to do something, be wary. Scammers often rely on urgency or our desire to help. That’s how they trick people into clicking on links or open attachments.

Better Safe Than Sorry

If you aren’t sure about an email’s legitimacy, slow down. Before you act, go to your contact list and send a direct message to that sender’s address to confirm the request. Or call the sender or company the sender apparently represents to verify that the email is a real one.

A managed service provider like CPI Networks can help you better manage email safety. Ask our IT experts to help set up email filtering and monitoring to avoid malware infection. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.

Want to be notified when our next blog is posted, sign up here.

by

How to Prevent Password Spraying Attacks

Bad cyber actors are what the kids these days would call “try hards.” They do everything they can think of to get into your accounts. One tactic is password spraying. In case you don’t know about it, this article gives the basics and shares strategies to prevent this type of attack.

You’re probably familiar with hackers trying many different password combinations with the username. Web security services know about this form of attack, too. That’s why you can get locked out of your site for trying the wrong password too many times.

This brings us to password spraying. The cyber criminals have found a way to get around the-three-tries-and-you’re-out-of-luck defense. Instead of one user and many passwords, they use one password with many different usernames.

Think how easy this could be. Your company database is online for people to contact your employees. The bad actor takes john@yourcompany.com, jane@yourcompany.com, jamal@yourcompany.com, and so on, or they buy a list of usernames on the Dark web. Then, they try common passwords for every one of those individuals.

“Abc123,” “123456,” and … ugh … “password” are still frequently in use worldwide as passwords. So, it’s not that much of a stretch for a hacker to be able to get in with one of these common permutations.

The brute-force attack runs through a long list of users before trying the next “wrong” password. So, by the time it has finished going through the list of users with the password “abc123”, enough time has passed to avoid lockouts, and the hacker tries another password from the user list.

What to do about password spraying

The most obvious thing? Stop using any of the passwords that appear on the most commonly used worldwide lists! Do you think no one would still be using these obvious options? In 2021, there were more than 3.5 million reported uses of the “123456” password. “Password” came in second with 1.7 million reported uses. Both take less than a second to crack.

So, prefer more complicated passwords. This doesn’t have to mean that users add seven numbers, six symbols, and three capitalized letters. The National Institute of Standards and Technology (NIST) guidelines suggest length is more important. So, users can create longer yet easier-to-remember passwords.

IT administrators can also force users to change passwords at their first login to new applications. NIST further recommends checking every new password against a breached password list.

Multifactor authentication helps, as well. This requires the user to verify themselves with access credentials and extra authentication. This might be a code sent via text to a smartphone or could involve an authentication app such as Manage by MYKI .

It’s also a good idea to segment your networks so that users access only what they need to. Limiting user access can minimize the damage done if there is a breach.

Put password best practices in place

Keep your business secure with the help of CPI Networks. We can spearhead the installation of lockout policies and other security measures such as implementing company controlled MYKI Password & 2FA Management system. Our experts also stay current with the latest vulnerabilities to proactively protect your organization.

Call us at (416) 645-2469 or (905) 667-0441 or email us to discuss if CPI Networks is the right IT partner for your business? 

Want to be notified when our next blog is posted, sign up here.

by

How to Choose Home Computer Repair

There’s a lot of talk about the best places to use your laptop. We’ll recap that discussion briefly below, but the real focus of this article is where it’s best to put your desktop PC.

First, why does it even matter? Of course, you care how your workstation looks, but beyond the aesthetics, airflow is important too. Computers cool themselves with fans to suck in cool air and expel hot air out the back or top. If you’re not leaving room for the computer to “breath” it can overheat.

When a computer overheats it can become unstable or suddenly shut down. The hot air can also damage internal components. This is true of both laptops and desktops.

That’s why you’ll hear that it’s a good idea to put your laptop on a raised, slatted service where air can reach the vents. A table over a furnace duct or in direct sunlight should be avoided too.

OK, But Where Do I Put My PC?

You don’t want to put your computer somewhere it is going to get dusty, which is a good reason not to put it on the floor. It’s exposed to more dust, hair, and other junk that way. Since the computer’s fans are sucking in cool air, they can suck in the debris too.

Also, on the floor, you risk accidentally hitting or kicking the PC. Sudden jolts are bad for mechanical hard drives. Plus, USB drives or anything else plugged into the front could be knocked out, which damages the port.

Some desks have cabinets under the desk where you can put the computer. But, these may not have been designed with enough airflow.

It’s best to set up your computer on a stable surface to avoid any bumps or drops. You also want to position it so that the cord is not going to create a tripping hazard. If you fall, you could damage the power connection or, worse, knock the computer off your table or desk.

Since the big thing is airflow, you also don’t want to set the PC too close to the wall. This can damage cables in the back if they bend too much. Or, when the hot air exhausts out the back, it will be harder to expel the heated air.

Securing Your Desktop PC

Putting your PC parallel to the monitor, safely stable on your desk or table, with good airflow and room for the cords is your best option for the safety and longevity of your desktop computer.

Need help setting up your desktop PC or finding the best place to position it in your home? Our tech experts are available to help. Contact us today at (416) 645-2469 or (905) 667-0441 or email us to discuss if CPI Networks is the right IT partner for your business? 

Want to be notified when our next blog is posted, sign up here.