Tech Tips: Securing Your Email Messages

Due to the popularity of email in the business world, it’s an extremely popular method of attack for hackers. They can easily send countless messages to targets all over the world with the click of a mouse. Therefore, you have to take email security very seriously. The repercussions of not doing so could be swift and severe. This week’s tip is dedicated to informing your employees of email best practices for the office environment.

Password Security

Passwords might not be the most convenient way to keep accounts secure, but it’s certainly one of the most popular. It’s a best practice to keep different passwords for each of your different accounts, but your employees won’t see it that way. They’ll see it as an inconvenience at best, and it takes more than just simple passwords that are easy to remember to keep your organization’s data safe.

Too many users simply enter in some personal details about themselves, a significant number, and click done, thinking it’s an appropriate password for them. Hackers and cybercriminals know this, and they try to take advantage of it any way they can. This includes looking up sensitive information about the target that they might find on an employee’s personal Facebook page. These kinds of social engineering tactics can be used to dig up dirt on just about anyone in your organization, providing hackers with just enough information to make targeted attempts at guessing passwords.

So… if your password is based on your dog’s name and the year you were born (and both of these can be found on your page), it’s likely that a hacker can use common tools at their disposal to hack your account. This issue compounds when the password is used for multiple accounts.

This issue can be resolved easily enough through the use of a password manager. These applications can store passwords in a secure, encrypted vault and call them only when they are needed. Depending on the email application used, employees might not even really think about their email passwords because the app doesn’t always ask for it, making it difficult to keep passwords top of mind.

Two-Factor Authentication

2FA is a method used to augment password security by requiring a secondary code to access accounts or information. 2FA works by automatically generating a new passcode that is sent to a secondary email address or phone number each time you try to log into an account. These types of solutions make it so that a hacker needs much more than just your original password. They need access to all of your mobile devices and other accounts, too, making the effort to access your account more trouble than it’s worth.

Stop Clicking on Links and Attachments

If you receive an email and it has a link or attachment, your first instinct might be to click on it. Unfortunately, this habit can lead to a hacking attack, as scammers understand that the need to click on a link or attachment can be somewhat compulsive. An intern and CEO alike could make such an easy mistake, making this an effective method of spreading viruses and malware across systems. These phishing attacks can be tricky to identify, but there are certain giveaways that can make it easier. Links to external sites that are unrelated to the subject matter, poor spelling and grammar, and suspicious email domains are a few examples. Always make sure you trust the sender before downloading an attachment or clicking on a link.

 

Your Emails Won’t Be Secure Without these Safeguards

Are your employees putting your organization’s security at risk due to poor email practices? This is a question that all business owners need to consider–especially if you deal in sensitive information. We recommend that all businesses utilize a two-pronged approach to email security, including both technology measures to secure communications on the technical side and training to secure on the human side.

We’ll discuss some of the various measures you can take to keep your email communications as secure as possible, including encryption, spam protection, and employee awareness.

Email Encryption

Encryption plays a key role in defending your organization’s data from outside eyes. The way that it works is relatively simple to understand. Data sent on an unencrypted connection can be viewed while it’s in transit, making this kind of communications easy enough to intercept. When data is sent along an encrypted connection, the data is scrambled for all those who don’t have the encryption key to unscramble it. This means that even if someone does manage to steal data while it’s in motion, they won’t be able to read it or decipher it without the encryption key found on the recipients’ end.

Depending on your industry, you might even be required to equip your systems with encryption protocols to keep data secure while it’s being sent. Examples include healthcare, government, and other highly sensitive industries that handle confidential information.

Spam Protection

When there are employees using email, there will always be spam messages and phishing attacks that could potentially expose sensitive information or credentials to would-be hackers. It’s a necessity that your organization has an enterprise-level spam protection solution filtering messages that hit your inbox. This essentially minimizes the chance that someone will click on a malicious link or download a suspicious attachment in a spam message. Since spam can be sent to countless users all over the world with the click of a button, it’s an ideal way for hackers to spread their influence without much work.

Phishing attacks, on the other hand, are more difficult to protect against, as they have to be identified as malicious before they can be handled properly. Scammers can personalize messages to the user and get them to act impulsively when exposed to them, creating situations where an otherwise good employee would expose your organization out of fear that they would get into trouble for not acting. This is where the next part of email security comes into play: employee training.

Conditioning Your Employees for Security

As is the case with most network security, you can’t truly achieve it without the help of your employees. Since they are the ones handling your organization’s data in email, they need to be aware of how their actions could expose your business to malicious entities. One way you can do this is by providing them a list of best practices to check for when in doubt of an email’s authenticity. You should have them look for the following:

  • Sender email address: If the email address comes from an obscure email domain that doesn’t have any rhyme or reason to it, it’s likely that it’s a spam message.
  • The sender’s intent: If the sender is urging you to take immediate action, like paying a bill or claiming a reward, think twice before clicking on any links or making any payments.
  • Spelling and grammar: Often times hackers come from countries where English isn’t necessarily their first language, making emails from them filled with spelling and grammar errors. If the message doesn’t look professional, it’s best to avoid it.
  • Unrequested attachments: Hackers like to spread threats like malware and viruses through email attachments. If you receive a message with an unrequested attachment, think twice before downloading it. Double-check who it comes from and whether or not it’s legitimate.
  • Sketchy links: Before clicking on any links in an email, hover the mouse over it to see where the link goes. If it doesn’t go where the link says it goes, don’t click the link.

 Of course, the biggest thing to keep in mind is when in doubt, ask your IT department about the message. This is especially the case if the message seems to be from Windows support or an IT company asking to remote into the device. If your business wants to get started protecting its assets and reinforcing email security, look no further than KiteTech. To learn more, reach out to us at 855-290-KITE.

 

How Your Backup System Provides an Immediate ROI

Data backup has the nasty misconception that it’s only worth having if you actually use it, but this isn’t necessarily the case. Businesses let this misconception get in the way of an important aspect of business continuity, simply because they don’t want to waste money on something that they won’t actually need. Little do they know that data backup is the only thing standing in the way of your organization failing forever.

There are certain parts of backup and disaster recovery that business owners like yourself need to determine before investing in a solution. You can break the average enterprise-level data backup solution into three distinct parts–all of which work together to ensure you reap a positive return on your investment, with or without a data loss incident.

Data Backup

First, you’ll need to choose a backup platform. Small businesses have a lot of options, like network attached storage, hard disk drives, and tape backup drives, but by far the most efficient one is cloud storage. No matter the system you use for your data backup, though, you should always look at your data as an asset. Therefore, it needs to be protected in whatever way you can to ensure its continued safety and longevity.

Kite Technology can offer you a comprehensive data backup and disaster recovery solution that uses network-attached storage to push copies of your data to the cloud, where it’s safe from external threats. This is the kind of data backup that every organization needs–the end-to-end data backup that keeps an infrastructure safe even under the worst scenarios.Some data isn’t necessarily important, though. Small businesses collect a lot of data, and it can be difficult to gauge the importance of some of the minor data that you collect. Data analytics help your business determine what data is most important, and what you can do to keep it safe.

Data Recovery

If you want to yield a positive ROI, data recovery is where this begins. Your organization needs to set acceptable parameters for how much data you want to restore. You’ll need to clearly define both a recovery time objective (RTO) and a recovery point objective (RPO). It’s critical that you should have both of these outlined before investing in a data recovery system.

Your recovery point objective is determined by how much data you need to have restored to keep operations going, while recovery time objective is how much time can your business sustain itself without it’s data. These figures aren’t necessarily static, as they will likely change over time as your business’ needs change. Different systems might carry different data, so naturally they will have varying RTOs and RPOs.

The ROI Equation

Now it’s time to put together your return on investment in the form of a calculated equation. This is great for determining value because numbers are hard to argue with, whereas an opinion might only provide a subjective value that can easily be discarded.

● Determine your business’s hourly realized revenue. This will be the amount of revenue your organization takes in over the year and divided by the total working hours of your staff. ● Identify how much you can stand to lose both with and without a data backup system. ● Multiply the hourly realized revenue with both figures you calculated in the last step. Next, take down the difference. This will represent your total avoided loss in the form of dollars. ● Once you’ve done this, plug the figure into the following formula to measure your backup system’s ROI.

ROI = (Avoided loss – Cost of backup and recovery system x 100%)

The numbers say it all–a data backup solution yields a positive return on investment, with or without your organization suffering from a disaster. If your business wants to get started with data backup, reach out to us at 855-290-KITE.

 

Tip of the Week: Leveraging Two-Factor Authentication on Facebook

If you’re like its over 2.19 billion other active users, Facebook has quite a bit of your personal information stored in it, and the risks that this implies only grow if your business is also represented on the social network. If your account isn’t protected as much as it could be, you could find yourself at risk of identity theft or other crimes. This is why we recommend activating two-factor authentication on Facebook.

Two-factor authentication (or 2FA) has actually been available on Facebook for quite some time. However, before a few much-needed changes were made recently, there were a few drawbacks to using it. First and foremost, the user needed to provide Facebook with their phone number, which many people didn’t really want to do. This wasn’t helped by the fact that, just a few months before the changes were made, Facebook announced that their previous 2FA system had a bug. This bug caused any replies to mobile Facebook notifications from 362-65 (the 2FA number Facebook would use) to post on the user’s profile page.

Now, Facebook plays nice with applications like Google Authenticator and Duo Security, and has made the setup process much more utilizable for the average user. The timing on this change couldn’t be better, either, as quite a few two-factor authentication hacks have surfaced from the weaker SMS-based 2FA – meaning that your best move is to avoid using texts to enable your 2FA permissions. Admittedly, an extra layer of security isn’t a bad thing to have, but there’s evidence that hackers have the capability to snatch your 2FA codes to access your accounts.

Setting up 2FA for Facebook is pretty straightforward:

  • Access Settings
  • Navigate to Security and Login
  • Select Use two-factor authentication
  • Choose the account you want to use as your authenticator.

2FA is just an extra piece of security to keep your information safe.

 

How to Identify If an Email is a Security Risk

There’s one major reason why email is the preferred method of spreading threats like ransomware and other types of malicious software. The sheer number of messages that can be sent through email on its own increases the odds that a user will click on the wrong link or download the wrong attachment. How can you know the legitimacy of any message you receive in your email inbox?

It all starts by being aware of the issue at hand and staying vigilant of any potential threats. You should actively look for reasons not to click on links in suspicious emails. You can never be too careful, especially when there is so much on the line. Here are three warning signs that you can look for to avoid a malware attack via email.

Spelling and Grammar Errors
Nobody has perfect spelling and grammar, and it’s forgivable if they make a mistake here or there, but when an email is filled with errors that make it hard to believe its authenticity, perhaps you’re staring a red flag in the face. Professional messages will at least contain passable grammar that makes them easy to understand, but a malicious message might be filled with all sorts of nonsense that urges you to click on a link or download an attachment. Sometimes you might encounter a phishing email that’s very discreet, but this is more of an exception than the norm.

Links Leading to Suspicious or Unfamiliar Targets
Let’s say that you receive a message from your bank. When you hover over a link in the message, it shows that the link doesn’t lead to any site you’re familiar with. This is a clear indicator that you might be looking at a very well-orchestrated phishing scam. Before clicking on any link, just hover your cursor over it without clicking on it. In a bar at the bottom of your browser, you’ll see the target of the link. If it looks suspicious, you can easily disregard it or report it to IT.

Messages from Unknown Senders
Who did you receive the message from? If you know who sent the message, then perhaps the message is legitimate. However, it’s easy for hackers to spoof an email address and make it appear that someone else is sending a message. Remember, suspicion is better than falling into a trap. In a worst-case scenario, even a CEO or upper-level employee could have their account spoofed in a phishing or whaling scheme. If you suspect that this has happened, notify your IT department immediately so that measures can be taken against these efforts.

Thankfully, with a little bit of thought and caution, you can avoid most fraudulent emails, but it would be nicer if you didn’t have to worry about seeing these messages in the first place. An enterprise-level spam filter can keep fraudulent and spam messages at bay. To learn more, reach out to us at 855-290-KITE.

 

More Victims of the Equifax Breach Discovered

The 2017 Equifax leak was a disastrous scenario, but recent revelations have discovered that even more victims were affected than was previously thought. Nobody ever wants to hear this kind of news, but there is an upside to this that shouldn’t be ignored – learning from the mistake. We’ll start with a refresher on what happened exactly, and what these new developments mean for your organization.

The Breach of 2017
Equifax is one of the three major credit reporting organizations, and it suffered a major data breach in 2017. Over 143 million users were affected by this breach and potentially had their personal information stolen or provided to hackers. For those who are curious, this is about 44 percent of the United States total population. It’s pretty wild to think about. In October 2017, an investigation yielded more information that showed about 2.5 million more users were exposed than the original numbers let on. Thus, the total number of victims reached a staggering 145.5 million, or nearly one half of the entire U.S. population. If anything, this new development showcases that this number is not set in stone and that it could potentially increase over time.

For example, Equifax has discovered even more victims; 2.4 million more who have had their names and partial driver’s license numbers stolen. Unlike other information that holds greater value, a hacker can only do so much with this data, but it’s still problematic.

Lessons from the Breach
One of the most important lessons that you can learn from a data breach is that there is always going to be another data breach. Businesses just hold onto too much valuable data, and too many people are looking to steal it, for there to be any other outcome. The fact that so much information is shared and distributed all over just makes it more likely that information will be breached. Therefore, measures must be taken to ensure that your company doesn’t suffer the same fate as Equifax.

You have to understand that your data will be potentially stolen or exposed, and not because of you. It could be the fault of any company that holds your information. Just like Equifax, any companies that work with your data could potentially lose track of, and expose it, too dangerous entities. Even if you do nothing wrong, it could happen. You need to take measures to both protect yourself and prevent attempts at identity theft due to the negligence of others. You can start with credit freezes, locks, and alerts.

The next step is to be careful of who specifically you share this information with. If you share information and it’s compromised in any way, you could find yourself at odds with your clients and customers. Therefore, it makes sense that you take measures to limit this risk as much as possible.

Don’t let a data breach that your business suffers from be the reason why your organization implements security. Call us today at 855-290-KITE and learn about the proactive measures you should be taking for protecting your organization.