Let’s face it, most people are glued to their phones when they have downtime. Many don’t look up to cross the street. With this much dedication to their individual mobile devices you’d think that people would be more careful about what they download.
Apparently, that Instagram feed is just too distracting to worry about individual data security.
Researchers from the mobile security firm Zimperium have discovered a malicious app that pretends to update your Android device, but is just spyware that can steal almost all of your data and monitor your search history and your location. Simply called “System Update” it has tricked many unsuspecting Android users as of this writing.
What Can “System Update” Do?
The spyware, or officially Remote Access Trojan (RAT), attached to this malicious download can only be downloaded outside of the Google Play store, which is fortuitous for many would-be victims of a malware attack like this. The spyware can effectively steal messages, contacts, device information, browser bookmarks, user search history, and can gain access to the microphone and the camera.
What’s more, it continuously tracks a user’s location, which can be really dangerous for anyone. The app starts spying every time the device receives new information, which for any heavy user is constant. After stealing your data, the app will work to erase the evidence of it’s activity, effectively covering its tracks indefinitely.
All-in-all, it is a pretty tough cookie.
How Are People Accessing This Malware?
You won’t be surprised to learn that phishing is the number one way people are being exposed to the corrupt “System Update” app. Google continuously warns people to not install apps from outside the Google Play app store, but as people’s devices age, they aren’t always compatible with older operating systems found on these devices and start looking for options outside of the Google Play app store. This can lead to people downloading apps that seem useful, but are completely nefarious. “System Update” seems to be one of those apps.
What You Can Do to Protect Yourself
While there have been nefarious apps found on the Google Play store in the past, the malicious app rate is extraordinarily low when sticking to the official app store. Users should also consider questioning any situation where an app is suggested for you outside of the app store, even if it seems to redirect you to the Google Play apps store. You just never know what you are going to get when you trust third parties on the Internet.
If you need a comprehensive plan to protect your business data from employee impulse and mobile negligence, give our technicians a call today at 651-234-0895. We can help you with mobile device management (MDM) and Bring Your Own Device (BYOD) which can have all types of benefits for your business.
As one of the biggest cybersecurity considerations the modern business has to make, how to combat phishing has to be at the top of any business’ cybersecurity strategy. Let’s take a look at phishing and why it’s such a big problem for today’s business.
You’ve Probably Been Phished
When trying to explain what phishing is to someone who has no idea about it, we typically start with the namesake. Phishing is the same as fishing. A hacker will bait a hook and users will bite on it. It’s that simple. Instead of worms or minnows, a phishing attempt needs some bait that will fool an unsuspecting computer user into providing information that will allow a hacker to access secured networks and steal or corrupt data.
To say that this method is effective would be an understatement. First of all, the massive breadth of attacks—there are literally millions of these attacks per day—results in high levels (and low percentages) of successful attacks. In fact, 88 percent of organizations that were polled claimed to experience at least one phishing attack in 2019. In 2020, phishing emails were one of every 4,200 emails sent or about 73 million. The pace has actually quickened in 2021.
Successful phishing attacks result in stolen credentials, compromised networks, ransomware and other malware. They all lead to businesses losing money.
Phishing is More Prevalent Than Ever
Phishing has been an issue for quite a while, but the COVID-19 pandemic and the corresponding jump in remote work provided the perfect opportunity for these scammers to operate. In 2020, 75 percent of worldwide organizations were targeted by phishing attacks, while 74 percent of U.S. businesses were successfully attacked in some way. This often led to massive losses, some $3.92 million on average. That’s an average and takes into account loss of productivity from downtime, data theft, deterioration of consumer confidence, and other factors.
It is therefore important that you do what you can to train your staff about how to recognize and thwart phishing attempts before they have a chance to have a negative effect on your business.
Point North Networks, Inc., can help you put together a training strategy, as well as put together tools to help you keep your network and data safe. Call us at 651-234-0895 to learn more.
Most business owners that rely on their IT have heard about managed It services. Many already subscribe to some form of outsourced IT service. It is one of the best ways to cut down your business’ operational costs while gaining value through the use of services that, if they were to be purchased intermittently, would cost a lot more. Today, we thought we’d list some of the most important variables you should consider if you are looking to choose a managed IT services provider.
Fast, Fast, Fast
If your business is going to use a service over hiring your own IT professionals, you have to know that the service provider can provide you with the reaction speed necessary to do the job. At Point North Networks, Inc., we can do you one better. We use some of the most cutting edge management software available to monitor and maintain your hardware and network’s integrity, patch your software before there are problems, and do all of this proactively.
You need an IT service provider who can return your IT to an acceptable standard of working order as quickly as possible, but if it’s always working as intended, that would be better, no? Get proactive and forget downtime.
Many business owners don’t know how to identify a disaster, let alone have a disaster recovery platform in place. With a comprehensive IT services platform from Point North Networks, Inc., you will. Not only does our managed IT service offering come with comprehensive backup and disaster recovery built in, it comes with the experience of our certified technicians who have seen everything and can get your business back up and running quickly after any type of disaster, whether it be malware, user error, or full-scale disaster.
Your staff is going to have computer issues. It goes with the territory. Sometimes they lose their passwords, sometimes the printer won’t print, sometimes the computer they’re using sounds like a small prop plane. No matter what the problem is, Point North Networks, Inc. offers a comprehensive help desk platform. Giving your staff direct access to certified technicians can provide the answers they need or the remote help required to deal with 98-out-of-100 situations.
As mentioned above, our people have seen it all. Our consultants can help you plan out your IT budget for the year, to the dollar. In order to get control over your IT budget, you will need to have a strategy to not only support your staff, service the machines that you have in house, and handle your cloud and software vendor agreements, you will need a plan for the future. We can help you plan out every single aspect of your business’ IT, and do it cost effectively.
Point North Networks, Inc., Managed IT: Peace of Mind
The bottom line, if you don’t have managed IT services, you should really consider it, and if you do have managed IT services, you should know that not all companies deliver equal services. At Point North Networks, Inc., we take pride that our clients are better for having trusted us to look after their business’ IT.
If you would like to learn more about what we can do for your business, give us a call today at 651-234-0895.
One of the most effective means for a business to shave a few dollars off its budget (and potentially boost employee engagement, for that matter) is to adopt something called a Bring Your Own Device policy—effectively, an agreement that allows their team members to access business-owned documents and files on devices they personally own to get their work done. While these policies have been shown to be very effective, they also need to be carefully considered so they can be adopted appropriately.
Let’s take a few moments to review some practices that are recommended for a secure BYOD implementation.
Determine Acceptable Parameters
Device and OS Requirements
For your productivity to remain intact and for your organizational security to be preserved, the tools your team brings to use need to meet the baselines that you set—otherwise, there is likely to be a shortcoming that leaves an opening. Certain workflows may require a specific operating system to be used, simply for the processes to be compatible. Keeping track of your team’s chosen hardware will help you determine if their devices are eligible to participate.
On the topic, your business workflows should have defined software solutions identified for your team to use so that processes can flow smoothly. Make sure your team knows that they are expected to use these titles for their work processes and that they are expected to have certain protections in place on their mobile devices before they can use them to work.
When using a personal device to access your business’ network, there needs to be some supported expectation that the user will ensure that the device remains functional and secure. This could mean that only authorized dealers or professionals are authorized to perform basic maintenance tasks and that these tasks are carried out promptly.
In terms of protecting your data from the prying eyes of hackers, you’d be hard-pressed to find a more effective method than encrypting it. Considering this, it is important that you encourage/require encryption to be put in place as a part of any BYOD policies you implement.
We know, we know… the importance of secure passwords is a topic that has been covered frontways, backways, and every which way for a long time. However, once people start to follow these guidelines, we’ll stop bringing it up. When it comes to strong passwords, make sure your team is using them on all their devices, and that these devices are set to lock if an incorrect password is repeatedly entered.
Data Handling Guidelines
Where your data is concerned, you need to also establish the proper means for it to be stored and accessed while an employee is using a personal device. Ideally, your BYOD plan will have the means to block any data transfers to an insecure device as well as establish the proper procedures for accessing this data.
Data Removal Circumstances
When an employee’s device has access to your company’s data via a BYOD strategy, it is critical that you retain the means to rescind that access as needed—like if a device is lost or stolen, or if an employee leaves the company. You may also want to include the right to review an employee’s device for company-owned data so that it can be removed if they were to leave so that your data isn’t brought elsewhere or abused.
Lost or Stolen Device Procedures
On the topic, your team needs to have a reporting process to follow should something happen to their device that will help to ensure that mitigating actions can be appropriately taken. Reinforce that these reports need to be promptly submitted to help minimize the potential impact of such occurrences.
Breach of Policy Consequences
Finally, you need to establish how employees will be reprimanded should these policies go unheeded or disregarded. While the loss of BYOD privileges is a common tactic, you should also seriously consider what is acceptable before an employee should be terminated. Once these distinctions have been made, share that information with your team when they opt into your BYOD implementation, so they are aware of the severity of such indiscretions.
A Bring Your Own Device policy is an essential piece of the modern office’s IT considerations and is something that we can help you out within much more detail. Find out what needs to be done by calling 651-234 0895 today.
Just in case you haven’t been paying attention, online privacy has been highlighted significantly in recent years—in no small part due to the sale of our profiles by the tech giants that provide today’s most (in)famous websites… including and especially Google. Having said this, it is also important to acknowledge that some of Google’s recent policy changes could suggest that this may change at some point.
Let’s dive in and see what we can piece together.
How Google Makes Its Money
In fairness, there are a lot of answers to this question. For our purposes, we’ll focus on just one.
The short answer is simple: by selling advertisements.
Make no mistake about it: whenever you use the Internet, you are being watched. Giant platforms, including and especially Google, monitor your activities while using their services and use it to create a knowledge base of user behavior.
For instance, by using a combination of Google Search, Google Analytics, and Google Maps, Google could likely deduce that a user in Anytown, USA looking up “best pizza in anytown” would be interested in the most popular pizzeria. By analyzing which websites, phone numbers, and navigational directions got the most positive reaction after coming up as a search result, Google’s algorithms can figure out that this user would be happy to get the result for “Mario Rossi’s Fine Italian Ristorante and Pizzeria” and continue through the link to the establishment’s website.
This is that website’s goal—for more users to click into it, where they’ll be more encouraged to do whatever that website is trying to get them to do. As it stands, Google’s search results are organized based on an extensive list of factors far too numerous to go into depth with here… basically, it depends on how much Google likes how your website is put together, how other users have behaved after clicking the link to your website, and again, so much more.
As a result, Google has some leverage here, effectively serving as the gatekeeper for a staggering amount of Internet traffic. This puts them in the position to profit from these other websites.
One way that they do so: selling advertisement space in key positions on their search results pages. Another way: selling ads that are personalized to your web browsing history.
Google’s Recent Announcement, and What it Means
Google’s revelation that they will no longer create or support trackers that can follow an individual’s behavior and activity across the Internet has some significant ramifications regarding privacy and the Internet as a whole.
This is a sizable shock, as it seems to say that Google plans to hamstring one of its profit centers. However, it is important to clarify that this isn’t the entire truth.
Rather than eliminating tracking altogether, Google is simply shifting its approach to doing so. Instead of using cookies to compose in-depth profiles for each user, Google is shifting over to evaluating trends amongst groups of similar users and phasing out the comprehensive data collection that their past efforts were based in.
This “privacy sandbox,” as it is called, will allow users to be anonymously bundled together by browsing behaviors and other interests, with the data these groups generate being sold to advertisers. The idea is that this way, an advertiser can still target their most likely prospects, without that prospect’s information changing hands more than they may anticipate.
Caveats and Conditions
Of course, Google has left themselves a few loopholes in their new strategy. First, if a user signs into a website using their Google account, that information can still be tracked and used to shape advertising. Plus, this change only applies to the websites—mobile apps are still fair game as well.
This new sandboxing approach has already inspired scrutiny from regulatory bodies, with officials in the United Kingdom investigating these tools to catch any anticompetitive features. This comes as Google is also facing numerous antitrust lawsuits stateside, suggesting that this change in tack could be construed as an effort to show how important customer data security is to the corporation.
So Really, What Does This All Mean?
In terms of Google, these tactics seem to telegraph that the company is preparing for a future where data collection is much more controlled than it is now—and that Google is in a place where the downsides of such tracking have overtaken the value that these activities once net them.
In terms of the Internet as a whole, a player as large as Google might inspire other large providers who have not yet addressed how they balance data collection and data privacy. Having said this, Facebook’s current battle against Apple’s privacy-boosting features show that this approach will certainly not be universally accepted, either.
One way or another, this move will likely create some shifts to the Internet as a whole—and should reinforce how you need to be careful about your own organization’s data collection and storage practices.
Point North Networks, Inc., can help you out in that regard. To find out how our solutions and services can make your company more secure, efficient, and compliant, reach out to us at 651-234-0895.
Hardware is expensive, this much is certain. When a small or medium-sized business is looking to get the most bang for buck from their technology investments, they have to consider hardware to be the most crucial part of the equation. One option that businesses can take advantage of today is to use virtualized environments. Whether these computing environments are hosted onsite or in the cloud, a business can extend the usefulness of their IT budget by utilizing them. Let’s take a look at some of the benefits of virtualization on your business.
Business Computing is Shifting
There was a time, not too long ago, where there weren’t a lot of options when it came to business computing. The small business that wanted to expand its computing infrastructure would buy a server and use it for a dedicated purpose. This strategy gives the business the most control over their hardware, data, and applications, so for the business that has an onsite IT support team, it’s logical.
It’s also very expensive.
One of the main problems with this organizational computing strategy is that it doesn’t utilize the capacity of these servers. The servers are used for a specific purpose and that can leave a significant amount of resources unused. This underutilization is a wasted opportunity. By using virtualized environments, new hardware can be more effectively utilized, and therefore, can help control hardware costs.
Here’s How Virtualization Works
Instead of running one server for every mission-critical application, you run several virtual machines on one server. Each virtual machine only uses the hardware resources that it needs, meaning that three or four servers can be consolidated into one. You will get the same performance out of one server with many virtual servers on it as you would get from multiple in-house servers.
Pros of Virtualization
Outside of the admittedly hefty upfront cost of virtualization, the reduction in hardware costs you see down the road make the strategy a sound one for almost any business. Not only do you save money on buying servers, the environments are accessible from nearly any device. This means that you cut down on your workstation spend, and you can take full advantage of remote workers. All-in-all, businesses that commit to virtualization can save between 40-to-60 percent on their organizational hardware costs, and see reduced management, utility, and maintenance costs as well.
This also allows you to spend more time driving your business forward and less time managing it. Virtual servers can deploy new environments in minutes, expediting the process by a substantial amount. Virtualization also makes security and data redundancy much easier as your IT admins only need to work on one server rather than several, and back up one piece of hardware.
Your Company in the Cloud
Another consideration is hosting your virtual environments in a bigger virtual environment. Cloud computing is more affordable and secure than ever and companies have been paying attention. By using cloud offerings to extend the benefits of virtualization you’re effectively paying to host your company’s servers in the cloud. This can be even more cost effective than using virtualization on your own in-house servers, but it does remove some of the control you and your team have over your hardware.
Either way, if you aren’t considering virtualization, you are probably wasting money. If you would like to learn more about virtualization for your business, contact the IT professionals at Point North Networks, Inc., at 651-234-0895 today.
With all the communication tools that businesses use today, there still is no more important option than the telephone system. Unfortunately for small businesses, the telephone system can be expensive and hard to manage. However, there is a way for you to get a fully featured telephone service with some of the most important tools your business needs, at a fraction of the price you currently pay for your enterprise telephone system.
With that, we’d like to introduce you to VoIP.
What Is VoIP?
VoIP, or Voice over Internet Protocol, is a telephone system that uses your business’ Internet connection to fuel its telephone system. Rather than paying the antiquated telephone company an arm and a leg, you can now use your existing Internet connection to host a dynamic and reliable telephone platform. There are different tiers of VoIP, but today’s most cost effective, and popular, is a VoIP platform that is hosted in the cloud.
Using a VoIP system can frequently provide a business with a variety of operational perks:
- VoIP is easily manageable – Your VoIP solution will either be hosted on your in-house infrastructure or in a dedicated cloud server, making management simpler and reconfiguration possible in just a few clicks.
- VoIP enables mobility – A VoIP system doesn’t restrict your employees to only using their business telephone while physically at their desk. While it will work with a dedicated business phone, your employees can also leverage a mobile device via a dedicated application.
- VoIP provides cost reductions – One of VoIP’s most attractive benefits is how it can scale back your communication costs in multiple ways. VoIP eliminates the need to pay for phone services on top of your Internet service, and most “premium” features are generally included.
- VoIP incorporates integrations – VoIP solutions can be integrated into your other management and line of business solutions.
- VoIP offers advanced features – VoIP has some built-in options that can really be a huge benefit for your business. These include call waiting, call forwarding, instant and text messaging, and video and audio conferencing.
Naturally, higher-tier plans will have a greater selection of these features available, allowing you to boost your operations even further.
Would you like to know more about VoIP? Call Point North Networks, Inc., and our IT professionals today at 651-234-0895 to get more information.
Unfortunately, the more people lean on technology, the more data breaches there are. The correlation makes sense, but with so much innovation in data security and data systems, it’s a shame more can’t be done to keep businesses and individuals from losing data to opportunists and scammers. That’s why knowing how to circumvent these forces is essential to keep your data safe. Let’s take a look at how the people that are best at it keep their data secure.
Best Practices Keep It Simple
To avoid negative data situations like this you will want to ensure that your best practices are being followed. In this particular case, they aren’t very complex. They include:
- Keeping data (particularly sensitive data) organized in secure locations
- Keeping data on a need-to-know basis via access controls
That’s the list. It’s not a lot to consider on the surface, but let’s unpack them a bit. By keeping data in a secure location, it makes it easier for the professionals that manage your data and infrastructure to respond to a breach; and, by controlling who can access what, they can easily identify where the problem comes from and work to remedy it.
Detecting When You’ve Been Breached
Obviously, to remedy against data breaches, you actually have to know that you’ve been breached. Unfortunately, attackers are using more sophisticated methods than ever to hack into your network, making evasion a priority. This means that the speed in which you identify a data breach is taking place is one of the most important factors.
Businesses today are using smart technology to consistently monitor and automate a response. A Netwrix 2020 Data Breach and Security report suggests that organizations using automation were better able to detect data breaches in minutes rather than hours or days. Comparatively, most of those without (56 percent) measured their detection time in days.
It can be quite off putting to consider that people are trying to break into your network. This is why you have all those procedures in place, after all. For those that haven’t gotten around to concocting a cyber threat response strategy for their team, it’s important that it is standardized and consistent; it makes it easier to follow should you have to deal with it.
Your business will definitely have to train its staff on what to do if they are confronted with a cyber threat. Training your staff on phishing, password hygiene, and more will put your workforce in a position to help you sustain a record of security, not hinder it. On top of testing, you should consider evaluating each worker individually to better understand who needs more training and who is competent to effectively respond against these threats.
Staying On Your Toes
Having the tools to recover from a data breach is almost as important as thwarting one. Your business may be on solid footing today, but one scam, hack, or situation brought on by outside forces can floor your business. Not only do you need to have the infrastructure and the support team in place to deal with a potential data breach, you have to know that your business can recover from one. This is why you need a business continuity plan with a full data backup and recovery strategy in place. Additionally, the exploit you have dealt with could have come from a vulnerability on your network (not a human). You will need to ensure that your team’s access credentials are updated and all software patched to their most current versions.
This is not a situation you have to handle alone. Call the IT professionals at Point North Networks, Inc., today at 651-234-0895 to learn about how we can help you protect your business against cyber threats, and provide you with the tools and support to handle any situation that comes your way.
It’s been reported that a hacker virtually broke into a Floridian water treatment facility and briefly increased the levels of sodium hydroxide in the Pinellas County water supply. Fortunately, onsite operators noticed the spike and reduced it right away, keeping the public from risk of increased levels of poison in their water. This is just the latest story in a seemingly never-ending supply of them that have to do with public utilities being at risk from cyberattacks. Today, we will take a look at this issue.
Protecting Online Utilities
Today, most systems are not only run through the use of computers, they are perpetually online so that remote operators have access to manage these systems. This provides hackers a wider-range of opportunities to carry out attacks against public infrastructure. Despite the massive amount of capital invested to ensure that these systems remain secure and reliable, all it takes is one situation to cause a great deal of public harm. The event in Florida just accentuates how important the security protecting these systems is.
The Shifting Utilities Landscape
Over the past year, more people have been asked to work remotely to help keep the COVID-19 pandemic from spreading. This has not only led to more people working remotely at jobs that would typically require on-site staff, it also has helped push a degree of automation (using artificial intelligence and machine learning) to help identify incongruencies and threats to critical IT systems. This means that more people are relying on unfamiliar tools to do their jobs remotely. One can understand how this can lead to some confusion when trying to thwart very specific and targeted attacks.
Threats Against Utilities and Infrastructure Are More Severe
A recent report from the Ponemon Institute suggests that threats against utilities are becoming shockingly more sophisticated. 54 percent of utility managers stated that they expect to have to deal with at least one cyberattack on critical infrastructure in 2021. That means that half of the people that work in electricity, water treatment, solar and wind, and gas think that they will be directly dealing with a major event triggered by a cyberattack this year. That’s completely unsettling considering how important these systems are to the sustainability of our society.
What is Being Done?
This is where it gets a little tricky. Utility companies spend a lot of time and resources securing infrastructure. There’s a reason most of these places are surrounded by razor wire. To secure themselves against cyberattacks, however, they are taking much the same approach that your average enterprise would. They will try to secure systems by learning from past mistakes, innovating the tools they use, and simply being more vigilant.
Some innovations to speak of are similar to the ones you might see at your business. Using the integration of AI to actively search for and identify threats can end up being quite beneficial. AI can go through a lot of data extraordinarily quickly, meaning that it can identify potential problems quicker and thwart bad actors’ attempts at sabotage. Another technology that is being used in energy distribution is the Internet of Things. Utility companies are starting to utilize smart meters that modulate the flow of electricity and water. While you’d think that the integration of IoT devices would actually make the systems less secure, utility companies identified that from the outset and spent time and resources securing those systems before they were ever deployed in the field.
If you are an avid reader of our blog, we are constantly saying how there are always a growing number of threats. This is true. Two-in-every-three business owners consider that their cybersecurity risks are increasing each year. The other third must not focus on them, and that is a problem. In fact, many business owners don’t give the proper respect to cyberthreats and many of those businesses pay the price. This is why every business should consider a security and compliance audit a mandatory part of their yearly IT assessment.
Explaining the Security and Compliance Audit
Since there is a constant stream of threats coming at your business from the Internet, it stands to reason that you need to come up with a strategy to reduce or completely eliminate those threats’ path to your business’ IT infrastructure. Traditionally, that means installing security software solutions such as firewalls and antivirus, training your staff on how to navigate potential scams, and doing your best to monitor the threats as they come in. This seems comprehensive, right? Unfortunately, these efforts are unlikely to prevent a breach of your network or a corruption of your IT infrastructure.
The IT infrastructure that continues to grow.
If you consider that every year more and more is added to your IT infrastructure, it’s not a stretch of the imagination to not only gain more to support, but also additional points of potential exploitation. New systems can create new vulnerabilities in your network, and more to support can add even more holes in your existing system. These are the avenues hackers use to access your network and steal your data.
Additionally, the more complicated your IT infrastructure gets, the more difficult it will be to stay in compliance with any regulations your business operates under. As issues with data privacy start to be taken seriously by lawmakers, expect more regulations; and additional focus on compliance.
A security and compliance audit is basically the full assessment of your cybersecurity situation. It goes far beyond your average vulnerability scan as it takes into account how your technology is used and provides you with specific criteria that you need to take into account. This profile will go above and beyond your cursory network and infrastructure scan. COMPANYNAME has the certified technicians on staff to comprehensively conduct such an assessment. We can provide you with information on where your business is weakest and what you can do to bump up your network security to stay in compliance and keep your network resources safe.
Go Even Further
Our security and compliance audit can tell you what you need to know, but once you have taken the steps to patch the potential vulnerabilities in your network and infrastructure, you will need to keep it up. We can conduct penetration testing to ensure that the steps you take work to fix the vulnerabilities in your network. This can function as assurance that your business isn’t caught up in two terrible situations: a data breach or fallout from non-compliance.
If you would like to talk to one of our IT professionals about getting a security and compliance audit, or if you would like to talk about how our managed IT services can work to thwart all types of negative situations, give us a call at 651-234-0895 today.