Core Information Technologies Ltd.

Managed IT Services

Core IT’s Blog

A “Free” Covid Vaccine can give you a virus (and infect your IT network)

· ·

A “Free” Covid Vaccine can give you a virus (and infect your IT network)

With the pandemic still raging in most parts of the world, cybercriminals have come up with yet another novel technique to lure unsuspecting victims and steal their data–the free Covid-19Vaccine scam. This is how it typically works.

You get an email or a text message that says you are eligible to receive the vaccine for Covid-19 free of cost. The message will have a link which will take you to a form, where you may be asked for your personal information. Once you fill that in and hit submit, cybercriminals have access to your PII (Personally identifiable information) and can virtually wreck havoc now.

There have been some variations of this message, one being a rebate offer, where you are asked to “book” or “preorder” your vaccine by paying for it online, with a promise of credit/rebate/refund in a week. Not only will your card be charged for the “cost of the vaccine”, your card details may also be stolen using secret key loggers, and the damage to your credit may be much more than the amount you were actually billed for.

Why should you be wary of this, as a business?

So, if the scam seems to target individuals, why is it important for businesses to be aware of this? Well, for the simple reason that you need to alert your employees to this. With the pandemic having almost completely changed the typical office set up and more and more people working remotely, using their own devices for work purposes, there’s a chance that an employee who falls for the vaccine scam may end up compromising your company’s data unknowingly. If a cybercriminal gets access to their device, chances are high that they will most likely have a gateway to your IT network and subsequently, your data.

What can you do?

Data safety is not just about getting the best antivirus software, it is also about people who have access to your data. Apart from installing anti-malware software programs and firewalls, educate your employees about the COVID-19 vaccine scams that are in play. Help them identify phishing scams and conduct mock drills and tests to assess their understanding of the concept.

No time to do all this by yourself? Core IT is an experienced Managed service provider with extensive experience in cybersecurity. We can help you keep your data safe by deploying the latest technology and also by training your employees to identify hacking and phishing attempts BEFORE they become a victim.

Are your data security measures strong enough?

· ·

Are your data security measures strong enough?

Let me start this blog by asking you a question. How did your business respond to the security threats brought on by the COVID-19 pandemic? The reason we are discussing this is because a recent survey conducted by Password Keeper and Ponemon Institute revealed that during the 2020 Coronavirus pandemic, the effectiveness of organizations’ IT posture in terms of cybersecurity dipped by almost 30%.

One of the main reasons for the compromise in IT security was the hurried transition of so many businesses to the remote work model. Working from home often meant the staff were using their personal computers to access work data, sometimes, even on shared WiFi networks without the latest software updates, security patches and firewalls–all invitations to cybercriminals. But, the research also pointed out that almost 50% of the respondents were also concerned about the physical safety of their data. When employees work from home, business data is stored on their personal devices. This includes personal laptops, desktops, thumb drives, external hard disks and sometimes, even smartphones and tablets. Ensuring the data stored in such a manner is not lost, stolen or inadvertently made public is a huge challenge. The cloud can help resolve this challenge to some extent. By migrating your data to the cloud you get a range of benefits such as

  • It is easily accessible-from anywhere, anytime using an internet enabled tablet, computer or even a smartphone
  • The cloud service provider offers multiple layers of security to keep your data safe from prying eyes
  • There is no chance of losing data due to misplaced thumb drives or computer hard disk crashes

An MSP offering cloud services will be able to assist you in making the transition from physical data storage to the cloud smoothly. They can also address cybersecurity concerns and offer solutions. However, migrating to the cloud alone is not the solution to all data security issues. You will still need to train your staff on how to identify and avoid malware attacks, phishing scams and to practice basic password hygiene and data security best practices.

Cyber Security training basics: Password best practices

· ·

Cyber Security training basics: Password best practices & phishing identification

As a business you know the importance of ensuring that your data is safe from the prying eyes of cyber criminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cyber criminals. This blog offers a list of what you should cover in cybersecurity awareness training.

Password best practices

This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know

  • Not to share passwords
  • How to share passwords safely (if at all it has to be done)
  • How to set strong passwords
  • The importance of changing passwords often
  • Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it

You could also invest in a password tool as it will help you enforce your password policy better.

Phishing

Train your employees to identify phishing attempts. Phishing is when cyber criminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with malware. Though anti-malware software programs generally identify such communication and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is very important, because even a single email that slips through the crack can result in a huge disaster.

Remember this is not a one-time thing. Cybercriminals are always at work devising new strategies to steal your data. You need to train new employees as they join your organization and update your existing employees with any new cybercrime modus operandi. You can offload this task to an experienced managed service provider who specializes in cyber security. Being a part of the industry, they would generally be up-to-date with the latest risks and advise you and your team accordingly.

WFH is here to stay Are you ready?

· ·

WFH is here to stay. Are you ready?

The year 2020 was nothing like what we had seen before. At a certain point in time, it felt like the world would come to a standstill. With lockdowns and travel restrictions imposed across the world, businesses were pushed into a ‘new normal’. One of the things that was a part of the ‘new normal’, was working from home. This WFH set up brought along with it multiple challenges, especially to those organizations which weren’t into this model already. Accessing critical work information, carrying out meetings on Zoom, attending conferences remotely and even setting up trade show booths online, were all new concepts. While the pandemic may be temporary, one thing is certain–the remote work culture is not.

WFH existed even before the Coronavirus pandemic. There were a sizable number of companies–primarily in the IT industry that routinely hired remote workforce. Freelancers operated remotely too for the most part. However, the pandemic forced every company that can operate remotely to adopt the WFH model. While the initial switch was cumbersome, challenging and even frustrating, the benefits offered by the WFH model can’t be discounted.

Here’s how it benefited employees:

  • Helped save time and money that would otherwise be spent on commuting from home to work
  • Offered greater flexibility, as working from home let employees choose their working hours, at least in some cases
  • They needed fewer days off as things like staying home and caring for a sick child/spouse or an elderly parent didn’t mean having to take a day off work anymore
  • With lesser workplace oriented distractions, they were able to accomplish more in lesser time, which means they had more personal time and a better work-life balance

From the organizational perspective, work from home:

  • Meant more productive, focused, energetic employees with workplace distractions and long commutes eliminated
  • Resulted in lesser absenteeism as employees had flexible work schedules and could be home when their presence was needed, without having to take a day off
  • Helped them save on costs related to maintenance, utilities and employee recreation that they would be otherwise incurring
  • Can help companies save on huge rental expenses by trading larger office spaces for smaller/shared workspaces and conference rooms

So, there’s no doubt that the trend of WFH will continue well beyond this pandemic and become a norm in daily lives. It seems to be creating a win-win situation for both, the employees and the organizations they work for. However, for WFH to function smoothly, you need to have a solid IT infrastructure ensures the transition from the traditional office setup to the WFH model is smooth and the integration between the various elements involved in the new WFH environment is seamless.

Are you ready to switch to the WFH mode? It’s time to get in touch with a managed IT service provider who can help you make this move.

Cyber Security training basics: Password best practices

· ·

Cyber Security training basics: Password best practices & phishing identification

As a business you know the importance of ensuring that your data is safe from the prying eyes of cyber criminals. While anti malware software programs and firewalls are essential to doing this, another important element is, training your employees to identify the traps laid by cyber criminals. This blog offers a list of what you should cover in cybersecurity awareness training.

Password best practices

This should be number one on your list. The easiest way to steal your data is by stealing your password. Hence you should educate your employees on password best practices. They should know

  • Not to share passwords
  • How to share passwords safely (if at all it has to be done)
  • How to set strong passwords
  • The importance of changing passwords often
  • Your organization’s rules regarding passwords, i.e. your password policy and associated penalties/actions that will be taken if they fail to adhere to it

You could also invest in a password tool as it will help you enforce your password policy better.

Phishing

Train your employees to identify phishing attempts. Phishing is when cyber criminals pose as someone trustworthy and attempt to steal data. Studies show that the number one reason businesses become victims of cybercrime is because their employees fail to recognize a phishing attempt. For example an email may be disguised to look as though it came from a coworker or vendor, or even a government agency such as the IRS, and may contain a request for sensitive information. Some may have attachments that the receiver may open unknowingly and end up infecting the whole network with malware. Though anti-malware software programs generally identify such communication and either mark them as spam or issue warnings when the receiver tries to open them or download the attachment, training your employees to recognize phishing attempts is very important, because even a single email that slips through the crack can result in a huge disaster.

Remember this is not a one-time thing. Cybercriminals are always at work devising new strategies to steal your data. You need to train new employees as they join your organization and update your existing employees with any new cybercrime modus operandi. You can offload this task to an experienced managed service provider who specializes in cyber security. Being a part of the industry, they would generally be up-to-date with the latest risks and advise you and your team accordingly.