Does your business really need a Password Manager?

Yes! Having secure and frequently changed passwords is a key line of defense for businesses looking to tighten their cybersecurity. But if you’re like most people, the inconvenience of remembering umpteen different complex passwords means we’re likely not going to choose safety over ease, putting our personal and business information at major risk.

Enter: The password manager! Implementing this tool for your business will keep your business and employees safe, while making it easier and more convenient for your team to comply.

Team Xperts recommends using password manager Keeper. Our team uses and loves it, and we strongly recommend Keeper to our clients for its ease, best-in-class security, and functionality (great for bridging business and personal use).

But no matter which password manager you choose to use, we strongly recommend you start using one! Let’s review the top 10 benefits to you and your business:

  1. Win major cybersecurity-savvy points! Using a password manager greatly reduces chances of a data breach occurring.
  2. One strong password versus many weak passwords – When you first start using your password manager you’ll create one, strong password to log into the tool. The rest of the passwords are auto-generated and stored so you can quickly and easily update all weak passwords at setup.
  3. Easily generate random, strong passwords – Every time you have to create a new account, the password manager will create and store a new, random, strong password for you.
  4. Autofill ease – Any place you need to log into, simply login to your password manager and it will autofill your username and password to quickly and safely log you in.
  5. Share passwords securely – You can create folders in the password manager that are shared so that everyone has access – say for example your team shares an Adobe account. You can also create private folders just for your personal logins.
  6. Personal AND business use – You can use one password manager for business and personal by creating different folders with different access rights within the tool.
  7. Cross-device convenience – Most password managers will also have a mobile app so you can access your passwords safely and conveniently across devices.
  8. Less social media vulnerability – While you should still be extremely cautious about what information you share on social media, your post about your favorite first pet at age 10 will no longer be a tip off for hackers to socially engineer and hack your accounts!
  9. Bonus: Many password managers will also securely store credit card numbers, addresses, bank accounts!

Again, no matter which password manager you choose, the sooner your business will be that much more protected from a potential data breach.

If you have questions, please reach out to Team Xperts by requesting a consult here or calling 424-242-HELP.

The Ultimate Disaster Recovery Checklist

Is your business prepared for the worst? If you have questions or need help establishing a data backup and disaster recovery (BDR) strategy and plan, Team Xperts can help! Check out our BDR checklist below and reach out to schedule a consultation regarding where we can help fill any gaps you may have. Click here or call 424-835-2964 to schedule with us.

5 Signs That It’s Time for Your Business to Hire a Managed IT Department (MID)

Few businesses can thrive without leveraging IT wisely these days. But for small businesses, limited time and resources can make IT a burden rather than a growing company’s best friend (which it can and should be, if done right!). There comes a time where it makes sense to outsource, but when? Below are five signs that should tell you “It’s Time!” to hire a Managed IT Department (MID).

  1. IT costs are climbing or are unpredictable. “Do I hire a full-time IT person, outsource, or keep trying to fight increasingly expensive IT fires?” Outsourcing to an MID will lock in your costs every month, gaining you cost efficiencies over time. MIDs also come in cheaper than a FTE and can be more efficient and effective with the MID’s collective expertise.
  2. Security is a concern. While costs and time are common reasons to hire a MID, businesses soon realize security and compliance are even more paramount and potentially costly. Businesses of all sizes are vulnerable, but small businesses are extra targeted since cyber attackers are well-aware it’s usually a gap for them. Your MID will be able to implement and maintain cybersecurity protections, detection, response programs, and employee trainings, as well as backup and disaster recovery solutions that are enterprise-level, greatly reducing your risk of breaches and attacks and increasing your chances of recovery if breached.
  3. Productivity is being negatively affected by downtime. A MID will offer 24/7/365 support and maintenance of your IT systems, heading off any unexpected, costly disruptions by monitoring, identifying, and resolving issues proactively and quickly.
  4. Managing IT day-to-day is becoming cumbersome and time-consuming. What would you do with all of the extra time you and/or your staff would get back by outsourcing your IT management? Let’s get you back to focusing on your core activities that will grow your business!
  5. Staying technologically nimble feels like a pipe dream. It’s a full-time job to stay ahead of tech trends, let alone implement them for your business to stay competitive. An MID’s job is to stay in-the-know for you and hone expertise in these areas to bring their client partners best in breed solutions and helping you pivot technologically as needed.

Any other reasons you can think of to hire a MID? We’d love to hear about them. And we’d love to help you create more time, efficiency, peace of mind, and profitability in your business. Request a free consultation and let’s explore what Xperts Unlimited becoming your Managed IT Department will mean for your bottom line! 

Request a free consultation with Xperts by clicking here or calling 424-242-4357. We’re excited to meet you!

RANSOMWARE – What it is, how to handle an attack, and how to prevent your business from being vulnerable in the first place

What is Ransomware?

Ransomware is the most common malware threat out there. A Ransomware attack is a situation in which a hacker keeps your data encrypted until a ransom is paid. It comes in many variants (such as CryptoLocker, Petya, and WannaCry) but it’s constantly evolving, making it very difficult to protect against. And although the average amount of ransom requested is $5,900 (and rising year-over-year), the average cost of downtime from a single attack can be as high as 23x the ransom requested! Here are a few more facts about ransomware:

  1. Who’s at risk? One in five SMBs (small and mid-sized businesses) report they’ve fallen victim to a ransomware attack. SMBs who don’t outsource their IT are more at risk.*
  2. Where do the risks come from? Phishing emails are the leading cause of successful attacks. Lack of cybersecurity training, weak passwords, and poor user practices are among the other top causes.
  3. How can the risks be reduced for SMBs? Four in five clients recovered within 24 hours or less when they had a Business Continuity & Disaster Recovery plan in place with the support of a trusted IT services provider.

How do you handle a ransomware attack?

Hopefully you’re working with Team Xperts or another Managed IT Services Provider to proactively protect and monitor your network so this is less likely to occur. If you’re coming to us after an attack or because of one, you’re likely looking for help and fast! Check out the below checklist to ensure you are taking the right steps, and of course, reach out to us if you need help now or moving forward.

  1. Shut down infected systems immediately – To avoid ransomware spreading, disconnect the infected device from any network it is on and turn off any wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB or external hard drives.
  2. Determine the strain and the scope – Ransomware usually identifies itself so understanding which strain it is can help you decide how to remove it. This is also helpful to know when reporting the attack. Next, determine how many devices were infected, as well as what kind of data was encrypted.
  3. Report the incident – You should let your organization know about the attack but it’s also important to report it to the FBI or your local authorities depending on where you are located. This is to help them gain an understanding of ransomware and its impact on victims.
  4. Evaluate your options – If you don’t have a backup solution, your other options are to do nothing (lose your data) or decrypt your files using a 3rd party decryptor. If all else fails, you can pay the ransom but beware of this option as it increases the chances that you’ll be targeted again.
  5. Prevent future ransomware attacks – The first step in preventing future ransomware attacks is to educate your employees on cybersecurity awareness. You should also invest in endpoint security with a firewall or third-party service that protects against ransomware. Finally, you should implement a business continuity plan. While business continuity can’t prevent ransomware from attacking, it can prevent it from succeeding. Xperts Unlimited can do all of the above for you from employee training to making sure you have the right security and plan in place.

How do you prevent ransomware attacks?

As mentioned in the last point above, educating employees, investing in the best firewall and endpoint security, and implementing a business continuity and disaster recovery (BCDR) plan will mitigate attacks and/or also reduce the success or damage should your business get that dreaded “your files have been encrypted” message.

Give us a call at 424-835-2964 or request a consult to the right to learn more about how to prevent your business from having to go through the above steps at all.

*Source: Strategy Analytics’ proprietary research of the North American SMB market.

6 Entryways for Cyber Criminals to Access Your Business

Tomorrow is October and the first day of National Cyber Security Awareness Month! Team Xperts spends a great deal of time and energy working to make sure our clients are cyber-secure and cyber-savvy, not to mention our efforts in staying on top of all the ways to stay ahead of the bad guys for you! Let’s review all the ways hackers look for vulnerabilities so you can be aware, vigilant, and take action to protect your business. And of course, know when to call in the Xperts – we’re here to help and answer any questions. Just request a consultation!

What keeps us up at night

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small-to-midsize business, you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards, or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers, and birthdates of your clients. Personal information is a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

  1. Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website database. They are able to find the loopholes and hack into systems.
  2. Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates.There is nothing about your business that these hackers don’t know. Imagine how devastating this attack can be.
  3. Mobile devices used by your employees: If you allow your employees to use their mobile devices to conduct business, you have another security issue to worry about. You don’t know how secure their mobile phones, iPads, laptops, or tablets are against a security breach. You don’t know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal critical business data.
  4. Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems.
  5. Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with preloaded software can be hacked using an unsecured, Wi-Fi network. This fraud has a direct impact on an individual’s finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  6. Your email: Email is another venue that hackers use to infect computers with malicious software.They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts, and accessing data without authorization.

To handle all of these possible gateways, you need a comprehensive approach to data security. It can’t be done piecemeal. Plus the potential damage to your business and brand if you don’t address every possibility cannot be overstated. The best solution is to solicit the help of a trusted technology partner who can design a complete security blueprint to address all of these areas.

Learn more about how Xperts Unlimited can help. Contact us at 424-835-2964 or . Or request a consultation here.

The Dark Economy and How to Keep Your Business Safe

“This pandemic is great for my business!” said very few people.

Unless you’re a hacker. And then it’s likely that business is booming. We don’t think of cybercriminals as businesspeople. We tend to think they are individuals lurking about in hoodies in their basement. Quite the opposite – or so we have found through investigations and the exposure of organizations that steal our information. These are well organized and structured businesses that thrive – or fail – within their own economies. That means that supply and demand dictate prices and demand. Stolen credentials, compromised accounts, credit card information, identification details, and the list goes on – they all hold a value that will rise and fall as dictated by their economy.

Recently the Dark Web Price Index 2020 revealed the menu of cybercrime options and their current value. Starting at just $15, you can acquire a cloned Mastercard WITH the PIN. And over here, for the low, low price of $20, you can be hooked up with credit card details that include an available balance of up to $5000!

It is sickening. And very disheartening to think that one quick mistake can lead to hours and hours – days in fact, of lost time trying to recover what was stolen from you so quickly and sold at such a minuscule amount, comparatively speaking. And that is just on the personal identification front. Imagine if those credentials came linked to a business? The damage that is incurred goes beyond one individual and can destroy multiple lives with job loss, lawsuits, and so on.

Supply and Demand

There has been a move away from certain types of cybercriminal activity based on the economy of the dark web. For instance, the cost to obtain someone’s full identity has decreased from recent years because of a surplus in available credentials due to the success of several large breaches. Yes, just like sugar and wheat, if there is too much, the cost goes down.

Ransomware has been on the decline as of late, and DDoS attacks have risen in popularity. Why? It seems that the low cost of $10 per hour to deploy one offers a discount that can’t be passed up. The scale and bandwidth of the damage is greater as well, offering more ‘bang for your buck’.

Furthermore, according to the Global Risks Report 2020, the punishment is unlikely to occur in the United States – IF they are ever even caught. Low risk, high payout. You can see how the rise in cybercrime isn’t going away anytime soon. Ok, let’s be honest, it’s never going away.

How to Deal

You deal with the rise and the risk by not ignoring it. Take action AHEAD of time. Acknowledge that the danger is present, the damage may not be repairable, and you need to make a plan to be proactive as well as reactive. We say it over and over and again, but you can’t wait for the ‘one day’ – you need to take action today and train, inform, remind, educate, protect – utilize ALL of the ways to make the point to your employees, your clients, and your family and friends. It matters.

Request your Xperts Consultation and we’ll help make sure your business and employees are aware and protected.

8 Warning Signs That You’ve Received a Phishing Email

Since March 2020, the increase in business’s cybersecurity vulnerabilities due to cyber scams has increased exponentially, with an uptick in phishing scams being a major risk to companies and their now-remote employees. Cyber criminals are looking to exploit people’s fears around recent global events, and while some phishing scams can be easy to identify, many are sophisticated enough that even a cyber-savvy business owner may fall prey to thinking it’s a legitimate email concerning their business.

Before we jump into how to spot a phishing email, a quick refresh on what Phishing emails are. A phishing email is a form of cyber scam in which a scammer sends an email to a user that is designed to look like a reputable organization that is requesting you to turn over personal information. Some are easy to identify, but many are not.

Here are 8 signs that an email is fraudulent:

  1. Something just doesn’t feel right or an offer seems to good to be true
  2. Poorly written, highly unprofessional, or doesn’t make sense
  3. Addressed vaguely such as “Dear Valued Customer” or no greeting at all
  4. You’re asked to surrender personal information (credit card, bank, or password info)
  5. Sender address looks strange or doesn’t match contents of the email
  6. Subject uses urgent or threatening language
  7. You are being offered a lot of money for no reason
  8. A request is being made that was not initiated by any action you’ve take

The consequences of clicking on and responding to phishing scams can be devastating for small business, especially during an already challenging time. Making sure you’re educating and training your employees is a simple yet effective way to mitigate the risk that any one of your employees may expose your business to a cyber hacker in this way.

Request a call with Team Xperts to learn how to train your team on phishing scams and other cyber threats during this time.

Small Business Cyber Security Myths

Cybersecurity was a top issue for small business CEOs and owners before March 2020. Now this topic is even more top of mind for small businesses with most staff working remotely, creating exponential cyber vulnerabilities. Many think of cyber attacks as a threat to only larger companies – a myth that’s even less true now! Cyber attackers are well aware that small businesses are usually less savvy, protected, and ready when it comes to cyber attacks, and they’re capitalizing on that now more than ever.

Here are 4 cyber security myths to dispel and compel small business leaders:

  1. “Cyber criminals are only after larger companies” – Almost half of cyber attacks target small businesses today. Cyber criminals are well aware that smaller businesses often lack in-house security expertise and sufficient protections.
  2. “We’re protected enough with our antivirus software and firewall” – These two tools are only a piece of the puzzle. Even with those tools in place you’re still exposed to malware installations on web applications and websites (WordPress). Invest in scanning and correcting tools to fix these vulnerabilities.
  3. “Cyber attacks only originate from bad guys trying to hack in” – Unfortunately, employee user error is one of the biggest causes of data breaches. Password managers, VPNs, two-factor authentication, and continued education can help mitigate the chances of employees creating vulnerabilities.
  4. “We don’t collect customer payment info so we won’t be targeted” – It’s likely you do collect customer data though, and cyber criminals would love to steal and sell your customers’ PII on the dark web (names, email, addresses, passwords, etc.). Many phishing scams and ransomware attacks are born of this hack.

Protecting your data, your customer’s data, your website, and now your employee’s data, is mission critical. Comprehensive cybersecurity solutions and resources are out there for small businesses – here’s a link to small business resources from the FCC. But if keeping up with the cybersecurity landscape feels daunting, you’re not alone! Small businesses opt to entrust the management of their IT and cyber security program to companies like Xperts Unlimited, relinquishing you of the work and stress of doing it all yourself. It’s our job to continually stay ahead of the latest and greatest cyber security solutions, provide prevention education to your staff, effectively monitor your business, and mitigate your risk.

Let the Xperts make your business cyber-smart and bring you peace of mind. Go here to get started by requesting a call. We look forward to helping you and your business stay safe and productive!

3 Steps to Optimize your Small Business for the Future of Remote Work

Having the right policies and technology in place will be the difference between your business thriving or simply surviving through COVID and beyond. For most small businesses, remote work life has been a huge shift on many levels. A couple of months in and leaders and employees are starting to find their new way of doing business, but many still with hopes that we’ll be back in the office soon. The reality is that it could be a while, and it’s likely your business will have to adjust to remote work being here to stay. But how do you make remote work an advantage for your business rather than a source of risk and lost productivity/profit?

Here are 3 steps your small business can take to remain safe, productive, and thriving:

  1. Develop a remote workforce plan and policy for your unique business

Remote work was likely a huge shift for operations for your company. Keeping your staff productive and your business competitive will depend on a clear plan and communication. Create a plan and policy that will clearly guide your employees on how to stay connected, supported, and safe from their remote workplace. The plan should include implementing the right technology to keep your business productive and secure. The policy should include guidelines and tips for employee communication best practices, how to use tools you’ve implemented for more streamlined remote work, how to do their part for creating and maintaining a secure workspace, incident handling and response, and additional security tips on awareness around phishing scams and cyber safety.

  • Work with your trusted IT partner to implement the right technology

As businesses rushed to move to remote work and provide remote access for all employees,  many have lost connectivity to servers, phones, and one another, and also created a hole in their cybersecurity. Having the right technology in place to keep operations flowing is key. If you don’t have one already, seek a technology partner than can make sure you have the right tools in place to allow your business to operate as normally and securely as possible. This may include having installing softphones, selecting the right secure remote access, implementing device management policies, and even considering a move to cloud services to enable a more fluid and secure work environment for the long term.

  • Monitor all environments to keep security vulnerabilities mitigated

With employees working remotely, a window of opportunity has opened for cyber attackers to take advantage of the lack of security created by people now working from home. Make sure your systems and all devices are monitored and protected, password protections are in place, and that your staff is trained to be vigilant of phishing scams. Your company’s security policy now has to cover every remote worker in their home.

While this is a stressful time for business owners and employees alike, putting the right plan, policies and technology in place will keep your teams and business moving forward, and even position it for growth, with more peace of mind and less potential roadblocks to doing business.

If you need help taking the above steps to fortify your business, we’d love to get introduced and discuss how we can team up to optimize you IT to help your employees and business not only survive but thrive during COVID times and beyond. We even have a remote work policy template, employee guide, and security checklist we’d be happy to share. Request a free consultation and let’s talk!

Request a free Xperts consultation HERE or call 424-835-2964

More Malware Threats Ahead For Web Enabled Devices

If recent events are any indication, Botnets are going to be in the news a lot more in coming months.

Less than a month ago, a massive army of hacked internet devices broke records when it attacked a French Internet Service Provider, OVH, which hit them with traffic peaks of over 1 Terabyte per second. Not long after that, Dyn, a company that handles domain name resolution, was brought down by another Botnet, which knocked significant portions of the US Internet offline.

At the root of the problem is the Internet of Things. We have a growing fascination with “smart” devices, and manufacturers are churning out an increasing number of internet connected dishwashers, refrigerators, washing machines, toasters, door locks and the like.

Unfortunately, the devices currently being manufactured have only the most basic security protocols, if they have any built-in security at all. That makes it easy for even a hacker of moderate skill to take control of them, and that’s exactly what’s been happening.

Now, researchers have unearthed a new form of malware they’ve named Linux/IRCTelnet.
Like the Mirai malware, which was responsible for the recent attack on Dyn, this newly discovered software is coded in C++. For communication between the hacker and his Botnet, the new software borrows a trick from another bit of software called Kaiten, using an IRC (Internet Relay Chat) channel so that the controlling server can send commands in text format to the Bot army.

Yes, you read that correctly. Bots are getting their orders via text messages.

A deeper investigation into the new malware indicates that it may be of Italian origin, and it can currently infect 700 devices a day. At that rate, it would not take long for the malicious code to generate a sizable force of unprotected internet devices to do the bidding of the software’s as yet identified owners.

Until and unless manufacturers take steps to increase security on the devices they sell, this problem will only get worse. Our own convenience devices are being turned against us, and it’s proving shockingly easy to do.

Used with permission from Article Aggregator