Core Information Technologies Ltd.

Managed IT Services

Core IT’s Blog

System and software updates: Why you shouldn’t be skipping them for later

· ·

System & software updates: Why you shouldn’t be skipping them for later

We all know how annoying it can be when you get a pop-up asking if you’d like to update it or worse still, your system starts to update itself. The general tendency is to put it off until the next time you log onto your device, when you put it off again. We have all experienced it at some point or another, when we are on that important call or have to reply to an urgent email and decide a system update is just not worth the time. But, did you know that it is important to update your computer’s operating system in a timely manner? And that’s not just for your computer, the same applies to your mobile phones, iPads and other tablets too. In fact, there are updates for various software programs and apps that should be installed too.

System and application vendors such as Microsoft, Apple, Adobe, etc., release security updates and patches almost every month, and sometimes, several times during a month.

What are the benefits of installing these patches/system updates?

Safety and security of your data
Cybercriminals are constantly on the lookout to exploit any weakness that software programs may have, to gain entry into your IT network or system. Vendors, on the other hand, have teams that are constantly on the lookout for such weaknesses and work on developing security patches that plug these gaps, so your device/network remains safe and secure. Skipping system/software updates can make you vulnerable to cyber attacks and compromise on the safety and security of your data.

Ensures your device is working at its best
Apart from the security patches, there may also be bug-fixes and enhancements that may be released as a part of the software/system update. Not installing bug-fixes and enhancements means your device won’t be performing at its optimal level and may crash or slow things down. It may also result in compatibility issues when it comes to other programs or applications.

As a business it can be difficult to keep up with software updates, security patches and upgrades, and implement it across your entire organization. Having a service level agreement with an MSP will ensure that all your business devices are updated, patched and secure.

Your employee’ social media account was hacked How does it affect you?

· ·

Your employee’ social media account was hacked. How does it affect you?

Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why. Social media accounts hold A LOT of personal information including name, email ID, date of birth, place of birth, place of work (your business!) high school attended, names of family, friends and pets, anniversaries, and more…which means, they are basically gold mines of Personally Identifiable Data (PII). Plus, if you play games and have your credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. All of this data can then be used to hack into other accounts of the user, including financials. So, hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.

But, how does it matter to you, as a business? If your employee’s personal social media account is hacked, it shouldn’t affect you, as a company, right? Wrong…here’s how it can affect you.

  • If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may be having clients who follow your business account on social media. The whole situation can result in a lot of damage to your business and brand reputation and also result in penalties and possible lawsuits.
  • Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PII to try and pry open a small entryway into your IT network.

You can avoid such mishaps by

  • Training your staff on social media and cybersecurity best practices including advanced privacy and permission settings for social media accounts
  • Ensuring your employees are able to identify and steer clear of phishing and social media frauds
  • Helping your employees understand the importance of practicing good password hygiene across all their online accounts–social, work or personal.
  • Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
  • Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime

Your managed IT services provider will be able to help you in organizing and conducting these kinds of training and awareness sessions at regular intervals for your staff.

Your employee’ social media account was hacked How does it affect you?

· ·

Your employee’ social media account was hacked. How does it affect you?

Did you know that social media accounts are one of the favorite targets for cybercriminals? You may think cybercriminals would prefer to hack online banking accounts or shopping accounts, but that doesn’t seem to be the case. Here’s why. Social media accounts hold A LOT of personal information including name, email ID, date of birth, place of birth, place of work (your business!) high school attended, names of family, friends and pets, anniversaries, and more…which means, they are basically gold mines of Personally Identifiable Data (PII). Plus, if you play games and have your credit card details saved, there’s more information and better the chances for the cybercriminal to commit fraud. All of this data can then be used to hack into other accounts of the user, including financials. So, hacking into someone’s social media account can help cybercriminals gain entry into other, more ‘useful’ and secure accounts.

But, how does it matter to you, as a business? If your employee’s personal social media account is hacked, it shouldn’t affect you, as a company, right? Wrong…here’s how it can affect you.

  • If the employee whose social media account is hacked is the administrator of your company’s official social media handles, you are in big trouble as hackers will gain access to your company account and consequently to customer information, because you may be having clients who follow your business account on social media. The whole situation can result in a lot of damage to your business and brand reputation and also result in penalties and possible lawsuits.
  • Even if your employee doesn’t handle your company’s social handles, the hackers may have enough of their PII to try and pry open a small entryway into your IT network.

You can avoid such mishaps by

  • Training your staff on social media and cybersecurity best practices including advanced privacy and permission settings for social media accounts
  • Ensuring your employees are able to identify and steer clear of phishing and social media frauds
  • Helping your employees understand the importance of practicing good password hygiene across all their online accounts–social, work or personal.
  • Ensuring they realize that their Facebook or LinkedIn account is not ‘just another online socializing platform’, but an actual gold mine of information and only those who they really trust should be able to access them.
  • Sharing regular Day Zero Alerts and relevant news articles with your staff that keeps them updated on the latest modus operandi and happenings related to cybercrime

Your managed IT services provider will be able to help you in organizing and conducting these kinds of training and awareness sessions at regular intervals for your staff.

A “Free” Covid Vaccine can give you a virus (and infect your IT network)

· ·

A “Free” Covid Vaccine can give you a virus (and infect your IT network)

With the pandemic still raging in most parts of the world, cybercriminals have come up with yet another novel technique to lure unsuspecting victims and steal their data–the free Covid-19Vaccine scam. This is how it typically works.

You get an email or a text message that says you are eligible to receive the vaccine for Covid-19 free of cost. The message will have a link which will take you to a form, where you may be asked for your personal information. Once you fill that in and hit submit, cybercriminals have access to your PII (Personally identifiable information) and can virtually wreck havoc now.

There have been some variations of this message, one being a rebate offer, where you are asked to “book” or “preorder” your vaccine by paying for it online, with a promise of credit/rebate/refund in a week. Not only will your card be charged for the “cost of the vaccine”, your card details may also be stolen using secret key loggers, and the damage to your credit may be much more than the amount you were actually billed for.

Why should you be wary of this, as a business?

So, if the scam seems to target individuals, why is it important for businesses to be aware of this? Well, for the simple reason that you need to alert your employees to this. With the pandemic having almost completely changed the typical office set up and more and more people working remotely, using their own devices for work purposes, there’s a chance that an employee who falls for the vaccine scam may end up compromising your company’s data unknowingly. If a cybercriminal gets access to their device, chances are high that they will most likely have a gateway to your IT network and subsequently, your data.

What can you do?

Data safety is not just about getting the best antivirus software, it is also about people who have access to your data. Apart from installing anti-malware software programs and firewalls, educate your employees about the COVID-19 vaccine scams that are in play. Help them identify phishing scams and conduct mock drills and tests to assess their understanding of the concept.

No time to do all this by yourself? Core IT is an experienced Managed service provider with extensive experience in cybersecurity. We can help you keep your data safe by deploying the latest technology and also by training your employees to identify hacking and phishing attempts BEFORE they become a victim.

Are your data security measures strong enough?

· ·

Are your data security measures strong enough?

Let me start this blog by asking you a question. How did your business respond to the security threats brought on by the COVID-19 pandemic? The reason we are discussing this is because a recent survey conducted by Password Keeper and Ponemon Institute revealed that during the 2020 Coronavirus pandemic, the effectiveness of organizations’ IT posture in terms of cybersecurity dipped by almost 30%.

One of the main reasons for the compromise in IT security was the hurried transition of so many businesses to the remote work model. Working from home often meant the staff were using their personal computers to access work data, sometimes, even on shared WiFi networks without the latest software updates, security patches and firewalls–all invitations to cybercriminals. But, the research also pointed out that almost 50% of the respondents were also concerned about the physical safety of their data. When employees work from home, business data is stored on their personal devices. This includes personal laptops, desktops, thumb drives, external hard disks and sometimes, even smartphones and tablets. Ensuring the data stored in such a manner is not lost, stolen or inadvertently made public is a huge challenge. The cloud can help resolve this challenge to some extent. By migrating your data to the cloud you get a range of benefits such as

  • It is easily accessible-from anywhere, anytime using an internet enabled tablet, computer or even a smartphone
  • The cloud service provider offers multiple layers of security to keep your data safe from prying eyes
  • There is no chance of losing data due to misplaced thumb drives or computer hard disk crashes

An MSP offering cloud services will be able to assist you in making the transition from physical data storage to the cloud smoothly. They can also address cybersecurity concerns and offer solutions. However, migrating to the cloud alone is not the solution to all data security issues. You will still need to train your staff on how to identify and avoid malware attacks, phishing scams and to practice basic password hygiene and data security best practices.