Core Information Technologies Ltd.

Managed IT Services

Core IT’s Blog

VPN 101: Remote access and safety

· ·

VPN 101: Remote access and safety

As we know, the Coronavirus pandemic has brought about a paradigm shift in the way businesses function. Home is now, ‘The Office’. With WFH taking root, companies and employees alike are experiencing so many benefits that it looks like it is here to stay. This has given a boost to various technologies that enable businesses to operate smoothly in the WFH environment. Examples include video conferencing applications such as Zoom, Microsoft Teams, Google Meet, Cloud data storage options, VoIP, etc., In this blog, we discuss one such technology, Virtual Private Networks, more commonly known as VPN.

A VPN or virtual private network is a mechanism to connect to private IT networks using the internet. This gives you the ability to access private networks remotely, yet safely. Thus VPNs play a key role in the remote operations model. Using remote access VPN, employees can access their ‘work computers’ using the remote desktop mechanism. Plus, using VPNs to access data adds an additional layer of security. Here’s how-

  • VPNs don’t allow third parties to track the user’s IP, location from which they are accessing or their online activity
  • Unlike the regular browsers, VPNs don’t store browsing history, recent activity logs, log-in credentials, etc.,
  • If there is a glitch in the secure connection offered by the VPN, the connection is automatically cut instantly, instead of allowing the user to browse unsafely

VPNs need not be limited for work purposes alone. As you can see, considering the various benefits discussed above, it makes sense to use a VPN when online for personal purposes. Especially if you are using a public network such as the WiFi network at airports, malls, coffee shops, etc. Also, since home networks are less secure compared to business networks, it is a good idea to use VPN when performing activities that may involve financial transactions such as online banking, insurance renewals, or even when shopping online. (Your credit card details could be stolen as you are busy purchasing that pair of shoes on sale!)

A word of caution, though. There are many VPN services available in the market, and a lot of free ones too. While some are genuine, there have been cases where cyber criminals have masked a malware to seem like a VPN application and used it to steal sensitive information. So, make sure you do your research before downloading a ‘Free VPN’ application for personal use. If you are a business owner, then you should absolutely opt for a paid, trusted VPN service. Your MSP will be able to recommend one that’s right for you.

How the Coronavirus crisis is the gateway to the other kind of virus

· ·

How the Coronavirus crisis is the gateway to the other kind of virus

To say the COVID-19 pandemic gave the whole world a tough time would be an understatement. Economies collapsed, joblessness rose, people lost their loved ones and livelihoods to the disease. Adding to this situation was the need for social distancing and self-isolation which took a toll on mental health of millions across the world. 10 months into the pandemic or perhaps even before, people started growing tired of it and just when it seemed like humankind will give up collectively, there was a light at the end of the tunnel–Vaccines.

While the news of the first vaccine being approved and then administered in December 2020, was a huge victory for humankind and rightly welcomed with claps and cheers, cybercriminals were cheering too. For cybercriminals, this was a great opportunity to exploit the eager, mentally fatigued and vulnerable populace. Emails were sent with phishing links disguised as genuine which urged the recipients to fill a form to access their vaccination schedule and vaccine information. Some emails were made to look like it came from the FDA, United States CDC or the NHS (UK). Some had attachments that required recipients to download them and run exe (executable) files that planted malware into their systems. “E-commerce” sites were created overnight on the dark web and enticed people into ‘placing orders for vaccines’ at $250 each, in the ‘Black market’.

The point is, this is not the first organized cybercrime modus operandi and certainly won’t be the last. So, how do you protect yourself? Here are a couple of tips.

  • Do not download or open attachments or click on links from unknown, unverified sources or a source that you don’t trust.
  • Sometimes, the email or message may seem to be from someone you trust, but their account may have been compromised and used to send out the malicious link or attachment to you. Or, there may be a slight variation in the email ID (spelling), so while you get the impression it is a genuine email, the reality is different.
  • If something doesn’t add up, or if it doesn’t feel like the message was in fact written by the person you know, either ignore or call and verify if they did indeed send it to you.
  • Install firewalls that have the capability to identify and block dangerous sites, so you will be alerted of possible security threats and inadvertent clicks won’t take you to dubious clone sites
  • Make sure your antivirus software is up-to-date

From a business perspective, discuss a strong cybersecurity plan of action with an MSP. This includes investing in the right anti-malware tools, ensuring all your software programs are updated, and updating security patches released by your software vendors as soon as they are available. Educate your staff on common cybercrime tactics so they don’t accidentally expose your IT network to cybercriminals.

System and software updates: Why you shouldn’t be skipping them for later

· ·

System & software updates: Why you shouldn’t be skipping them for later

We all know how annoying it can be when you get a pop-up asking if you’d like to update it or worse still, your system starts to update itself. The general tendency is to put it off until the next time you log onto your device, when you put it off again. We have all experienced it at some point or another, when we are on that important call or have to reply to an urgent email and decide a system update is just not worth the time. But, did you know that it is important to update your computer’s operating system in a timely manner? And that’s not just for your computer, the same applies to your mobile phones, iPads and other tablets too. In fact, there are updates for various software programs and apps that should be installed too.

System and application vendors such as Microsoft, Apple, Adobe, etc., release security updates and patches almost every month, and sometimes, several times during a month.

What are the benefits of installing these patches/system updates?

Safety and security of your data
Cybercriminals are constantly on the lookout to exploit any weakness that software programs may have, to gain entry into your IT network or system. Vendors, on the other hand, have teams that are constantly on the lookout for such weaknesses and work on developing security patches that plug these gaps, so your device/network remains safe and secure. Skipping system/software updates can make you vulnerable to cyber attacks and compromise on the safety and security of your data.

Ensures your device is working at its best
Apart from the security patches, there may also be bug-fixes and enhancements that may be released as a part of the software/system update. Not installing bug-fixes and enhancements means your device won’t be performing at its optimal level and may crash or slow things down. It may also result in compatibility issues when it comes to other programs or applications.

As a business it can be difficult to keep up with software updates, security patches and upgrades, and implement it across your entire organization. Having a service level agreement with an MSP will ensure that all your business devices are updated, patched and secure.

Your employee’ social media account was hacked How does it affect you?

· ·

Your employee’ social media account was hacked. How does it affect you?

Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why. Social media accounts hold A LOT of personal information including name, email ID, date of birth, place of birth, place of work (your business!) high school attended, names of family, friends and pets, anniversaries, and more…which means, they are basically gold mines of Personally Identifiable Data (PII). Plus, if you play games and have your credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. All of this data can then be used to hack into other accounts of the user, including financials. So, hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.

But, how does it matter to you, as a business? If your employee’s personal social media account is hacked, it shouldn’t affect you, as a company, right? Wrong…here’s how it can affect you.

  • If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may be having clients who follow your business account on social media. The whole situation can result in a lot of damage to your business and brand reputation and also result in penalties and possible lawsuits.
  • Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PII to try and pry open a small entryway into your IT network.

You can avoid such mishaps by

  • Training your staff on social media and cybersecurity best practices including advanced privacy and permission settings for social media accounts
  • Ensuring your employees are able to identify and steer clear of phishing and social media frauds
  • Helping your employees understand the importance of practicing good password hygiene across all their online accounts–social, work or personal.
  • Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
  • Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime

Your managed IT services provider will be able to help you in organizing and conducting these kinds of training and awareness sessions at regular intervals for your staff.

Your employee’ social media account was hacked How does it affect you?

· ·

Your employee’ social media account was hacked. How does it affect you?

Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why. Social media accounts hold A LOT of personal information including name, email ID, date of birth, place of birth, place of work (your business!) high school attended, names of family, friends and pets, anniversaries, and more…which means, they are basically gold mines of Personally Identifiable Data (PII). Plus, if you play games and have your credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. All of this data can then be used to hack into other accounts of the user, including financials. So, hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.

But, how does it matter to you, as a business? If your employee’s personal social media account is hacked, it shouldn’t affect you, as a company, right? Wrong…here’s how it can affect you.

  • If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may be having clients who follow your business account on social media. The whole situation can result in a lot of damage to your business and brand reputation and also result in penalties and possible lawsuits.
  • Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PII to try and pry open a small entryway into your IT network.

You can avoid such mishaps by

  • Training your staff on social media and cybersecurity best practices including advanced privacy and permission settings for social media accounts
  • Ensuring your employees are able to identify and steer clear of phishing and social media frauds
  • Helping your employees understand the importance of practicing good password hygiene across all their online accounts–social, work or personal.
  • Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
  • Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime

Your managed IT services provider will be able to help you in organizing and conducting these kinds of training and awareness sessions at regular intervals for your staff.