Educating Your Staff About IT Security

Every CEO should be taking the time to ensure all their employees are upholding rigorous business IT security practices. All computers and devices connected within your company represent a potential vulnerability. It takes one mistake, or malicious act, to open up your computer network to a cyber attack. Taking a proactive approach to your IT security is the best way to mitigate your risks and protect your valuable assets. This begins with a stringent background check on every person you employ but must continue from the day they begin to work for you. 

Firstly, every company should have a business IT policy in place which outlines the responsibilities of every employee in terms of upholding IT security and what to do in the event of a cyber attack. You should not assume employees are practicing relatively simple measures such as changing passwords regularly or not leaving their computers unattended. Every expectation should be spelled out in a document as well as presented at a workshop. This ensures everyone knows what is expected of them and regular meetings or emails serve to remind everyone to always remain vigilant. 

Employees should know what to look out for both in terms of not falling victim to phishing scams but also if their computer or device has been compromised. If they are able to recognise when something is not right, they are in the best possible position to alert the business IT department to a problem. Fast responses mitigate the subsequent losses. 

In every company, there are individuals who are more likely to become targets than others. Those in higher management positions with access to more valuable documents and data are more likely to be the target of a cyber attack simply because the pickings are richer. Similarly, the IT department themselves must be staffed with skilled and trustworthy individuals as they have access to the entire network. It is advised that all higher management meet with the business IT security team regularly to discuss their security practices. 

Once you feel you have educated your staff to the necessary level, it is important to put them to the test. Many penetration tests are designed not to seek access through the IT security system themselves but into the building and onto computers using employees. The front desk is the first line of security for your company and these people must be diligent when it comes to checking IDs and only allowing through individuals with appointments. Similarly, if a USB stick is left in the car park, would an employee pick it up? And if they do, would they plug it into their computer? Would they give out information to a caller posing from a company claiming to be affiliated with your business? These are all examples of social engineering techniques regularly used to instigate a cyber attack. 

There are countless ways in which a company can fall victim to a cyber attack. Remember; you are only as strong as your weakest link. Hold regular meetings and put on periodical, mandatory IT security training sessions to act both as a refresher course and also a way to deliver new and up-to-date techniques. Invest time and effort in educating your staff to ensure your business IT practices remain impenetrable.  

dreamstime_m_14003169
Business IT
Advertisements

The Danger of Lax Mobile Phone Security for Your Company

All CEOs are responsible for protecting customer data and most companies now employ holistic IT security protocols for all of their computing systems. Often forgotten, however, are handheld devices such as tablets and mobile phones, increasingly vulnerable to cybercrime and rarely given the protection they warrant. If your staff are accessing their work emails or other documents on their mobile phones, it is the job of the CEO to ensure your customers continue to be protected. Don’t leave yourself vulnerable to cyber attacks by overlooking all the devices used by your staff.

The first task for any CEO is to make their staff aware of this area of risk. Workers cannot be expected to protect themselves against something they are unaware of but once you have conducted meetings and workshops pertaining to this new element of your IT security, they will be obliged to follow the new procedures. They themselves should be willing to work with the company to secure their phone because it will keep their personal data safe as well. Workshops will equip staff members with the knowledge and understanding necessary to keep themselves and their mobile phones safe from cyber attacks. They should also be taught what to do in the event of a breach or if their phone, tablet or laptop is stolen or lost. Fast action in the face of cybercrime can significantly limit the damage done. 

Every company should have a detailed IT security policy. CEOs should be updating these regularly to keep up with the ever expanding world of cybercrime. Make sure this policy includes mobile phones and tablets. Whether these are company issued or the private property of employees, if they are used for work functions at all, strict security practices should be applied. These include the following: 

  • Using two-factor authentication 
  • Setting strong passwords and regularly changing them 
  • Only installing apps from reputable stores 
  • Backing up data 
  • Not connecting to unsecured Wi-Fi networks 
  • Being careful about who has access to your phone  

There are two kinds of cyber attacks on mobile phones. One which is targeted at someone who is known or believed to have access to valuable information. The other is completely random and involves hackers simply attacking numerous mobiles in the hope of coming across something of value. Of course, the former is the more concerning one to fall victim to because it implies the cyber criminals are well-informed and after something specific. Some people in companies, such as the CEO themselves, may be more at risk than other members of staff but everyone should employ stringent IT security policies when it comes to their mobiles just in case. 

If you think your staff are high-risk targets for cyber attacks, consider requesting them to install a security application specifically designed to protect company data. Although this is a relatively new form of mobile threat defence, companies such as FireEye, Better Mobile and Lookout all have applications available now. The spread of cybercrime from traditional computers to our handheld devices is well and truly underway and every day new developments occur on both sides of the IT security war. The only thing you as a CEO can do is keep up with them and make sure your employees are all working alongside you to secure your company’s valuable data and keep the private information of your customers safe.  

_96012299_gettyimages-507473994
IT security

5 Reasons Why Every Small Business Needs IT Support

The importance of IT support is often overlooked by small business owners, especially in the case of start-up companies. Although few small businesses are able to afford a full time IT technician, nor have the need for one, it is still important to have access to IT support. In the modern world, businesses are unable to operate without technology and when problems arise, returning your systems to full working order as fast as possible is essential. Here are five reasons why every small business needs IT services:

1.    Security 

Cyber attacks are not only becoming more common but they are increasingly targeting small businesses. Why? Because these organisations typically have low IT security, making them easy targets. Working with a qualified IT technician to improve your firewalls and install a virtual alarm system enables you to not only reduce your chance of being hacked but also allows you to take immediate action if the unfortunate does happen. IT support is more than just helping when something goes wrong: comprehensive IT services are preventative as well as reactive.

2.    New Technologies 

The number of new programs and systems which are released every week is staggering. It is the job of professional IT technicians to stay up to date when it comes to software which can help your business. They can not only install these systems but conduct IT support workshops to teach staff how to use the new software.

3.     Storing Data 

While hard drives have been used to back up and encrypt sensitive data for decades, many companies are now using virtual cloud-based hosts. These are often considered more secure and easier to manage. IT support teams can help your company transition from physical data storage systems to virtual ones, advising you on the best provider and helping you to change relevant company policies. As cyber attacks before more prevalent and the consequence for businesses suffering a breach increase, IT services are placing greater emphasis on the importance of secure data storage.

4.     Stay Connected 

So much of your business is likely conducted through IT systems. Whether it is internal or external phone calls, emails, social media management or an online store, an inability to communicate online can be catastrophic for businesses. IT services can not only install and set up these systems but they are also able to maintain them and ensure you remain connected at all times. When every second you are disconnected costs money, this aspect of IT support is of paramount importance.

5.     Productivity 

There are always techniques which can make business processes more efficient. Technology is advancing fast and being up to date with the latest tools and systems can help your business significantly increase its productivity. IT technicians are always up to speed on the latest software and are able to install them for you as part of their IT services. The more productive your business, the more money you can make.

Interested in securing IT support from expert IT technicians? Ctrl IT is a Melbourne-based IT services provider who specialises in small business. Call today to find out more about how we can help your business and deliver a range of IT services to suit any budget.

dreamstime_m_20595544
It Support Melbourne

Tech-Savvy Employees Can Be Dangerous

Most job advertisements these days cite the importance of computer literacy. From Microsoft Office packages to social media management to coding to graphic design, there is always use for technological skills in business. Although every employer wants a tech-savvy team behind them, there are some cyber crime risks to filling your company with these people. While these skills can be used to boost your business, they can also be used to exploit it, taking advantage of weakened internal IT security and launching cyber attacks from inside.

Here’s a horror story for bosses around the world. A former security officer, Yovan Garcia, has been found guilty of bypassing IT security, hacking his former employer’s systems and conducting a number of cyber crime activities. Firstly, Garcia changed his timesheets to show he worked significantly longer than he did, entitling himself to additional overtime pay. His cyber attacks went further than simple financial rewards, however, and he stole records and details when enabled him to set up a competing business. Garcia was found guilty and ordered to pay back $318,611.70 to his former employer, with additional legal costs potentially added in the future.

It is often far easier to launch these kinds of cyber attacks internally. Garcia managed to get hold of login credentials which enabled him to gain access to the systems. He had not been authorised to do so. However, speculation suggests another employee may have handed them over, intentionally or otherwise. People are automatically more likely to trust their colleagues and not suspect them of being an IT security risk. With the company’s guard down, this environment can be rich pickings for black hat hackers who want to use their skills for cyber crime.

Of course, this is a highly pessimistic view of society and the vast majority of people are not going to set out to maliciously exploit their employers through cyber attacks. However, the fact remains that an increasing number of people have, in theory, the capacity to commit cyber crime. Once you know your way around a computer, you can use your skills in any way your moral compass tells you to. So the question you should ask yourself when you’re hiring new tech-savvy employees is: are they white hat hackers or black hat hackers?

The best way to protect your own company is to heighten every aspect of your IT security. If your software is up-to-date and you have strong firewalls, your weak-points are your employees. Firstly, you need to conduct regular training sessions to ensure every one of them understands the importance of constant vigilance when it comes to cyber crime. Secondly, you need to employ people you trust. High staff turnovers leave your vulnerable. When you must hire new employees, references from previous jobs are essential. Don’t let your guard down and be sure to scrupulously uphold your IT security protocol to ensure you too don’t fall victim to an internal cyber attack.

For more support and advice on this topic, contact Ctrl IT and speak to one of our experts.

_96012299_gettyimages-507473994
IT Security

No More Passwords?

Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.

Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.

Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!

Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.

It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.

dreamstime_m_36206735
IT Security

Protect Yourself Against Cyber Theft

Have you ever wondered how someone could steal from your company over the Internet? Cyber theft is an ever more prevalent problem faced by small businesses just like yours. Here we explain what cyber theft is, how the computer hackers come to gain access and, most importantly, how you can improve your IT security to keep you, your company, your customers and your assets safe.

Firstly, cyber theft is defined as the act of stealing personal and/or financial information from computers to be used illegally. This can include your bank details themselves as well as your passwords, security answers and other information which can then be use to hack into your account. The people who breach your IT security systems to gain access to this information are called computer hackers and most sell on this data to third parties who can further exploit this information. Large scale examples of cyber theft include Target (70 million customers’ card details), Ebay (145 million users’ login details), Yahoo (1 billion users’ data including passwords and security information) and Anthem (80 million records hacked into at the USA’s biggest health care insurers).

Computer hackers gain access to confidential records and sensitive data in a variety of ways. Most can penetrate your systems remotely but sometimes a physical act is used to hack a computer. Leaving your computer unattended in a public space offers a computer hacker the opportunity to plug in an infected USB stick and embed malicious software (malware) on the machine. Old school, malicious and opportunistic but effective. Alternatively, an infected email as part of a phishing scam could contain a link to a malicious website or begin a download with malware embedded within it. And then there’s the good old fashioned hacking whereby simple passwords can be guessed, leaving your accounts open to tampering and exploitation.

As a business, you have a responsibility to keep the information of customers safe which is why you need to be vigilant when it comes to IT security. Make sure you run regular training sessions with all of your employees to ensure they are aware of the risks and dangers which come with working online. As well as using more complex passwords, be sure to regularly change them (once every month or two is recommended) so computer hackers can’t repeatedly abuse your systems. It is also worth investing in cloud data protection. This ensures all of your files and data are backed up in a far more impenetrable system than a physical hard drive. Finally, install anti-virus software and, most importantly, keep it up to date. Regularly released updates are not there to annoy you. They are there to patch weaknesses and vulnerabilities in the existing version. Computer hackers like easy targets and computers running an old version of software is something they specifically search for.

It’s a dangerous world out there and IT security should be a top priority for any small business. While multinational corporations such as Yahoo and Google have suffered breaches in the past, day to day computer hackers typically target smaller companies because their IT security systems are weaker and easier to bypass but they often have healthy bank balances and large reams of customer data which really deserve better protection. Don’t make yourself a target for cyber threat and invest in your IT security to protect not only your own finances but those customers who entrusted their private details to you.

dreamstime_m_33462521
IT Security

iCan Help You – Apple Computer Support

Technology is confusing enough without having to constantly keep up-to-date with different operating systems and endless updates and changes to the way in which your computer works. Every company needs access to the advice of a competent computer tech who can support other staff members when it comes to their computers. However, few small businesses can afford such a luxury. If you’re looking for Apple support in Melbourne, contact Ctrl I.T. today and find out more about our IT support services. Here’s a brief overview of what we offer.

One of the most popular brands in the world, over the past few years Apple has seen a significant rise in computer sales as many companies switch from PCs to Mac. While many argue that the operating system in an iMac is easier to use and more intuitive, it can take time to become acquainted with the new technology. Ctrl I.T. offer workshops and training seminars to companies who are looking for hands-on Apple support in Melbourne and our accomplished Apple-savvy computer techs can give your staff the basic tools needed for in-house IT support. There are many little tricks, shortcuts and handy tips our computer tech want to share to help you and your staff make the most of your iMac product.

When things go wrong, our computer techs can troubleshoot most issues over the phone, talking your staff through step by step when it comes to problems on their machines. Alternatively, one of the benefits of hiring your local Apple support team in Melbourne is our willingness to perform site visits. If you have a problem and need to see a computer tech quickly, Ctrl I.T. pledges to have someone with you by the end of the day. We understand how important your technology is to your business and work hard to keep all of our clients connected.

We also offer preventative maintenance, long-term IT support to minimise risks to your computer systems. In the unlikely and unfortunate event of a system malfunction, our computer techs are adept at data recovery. Once we have your files back, we will strengthen your IT security system and make sure you are not at risk again as well as providing further training to your staff about risks, vulnerabilities and dangers online and within computing systems.

Ctrl I.T. can even provide you with computers and equipment. Thanks to our connections to a wide range of tech suppliers, we receive considerable discounts when we buy our computers and pass those savings onto you. Whether you need one MacBook Air or want to equip your entire office with iMacs, Ctrl I.T. should be your one stop shop for all your computing needs.

Every company needs expert IT support just a phone call away. We don’t mind if you’re a newbie or a seasoned Mac user, call us today and find out more about our range of Apple support in the Melbourne area and discover what our computer techs can do for you.

dreamstime_m_29087790
Apple support in Melbourne