5 steps to protect yourself from phishing scams on Cyber Monday

5 steps to protect yourself from phishing scams on Cyber Monday

 

Cyber Monday is filled with online deals on products and electronics.  But did you know, Cyber Monday poses the biggest security threat to your data through phishing scams?

 

Opportunistic hackers regularly use heavy online days, like Cyber Monday, to launch phishing scams. 

Here are 5 steps to protect yourself:

 

Don’t Click That Link

Refrain from clicking any links or download any attachments in the suspicious email. Instead, open up your web browser and go to the website in question by typing it into the URL bar.

 

Read The URL

Phishers are known to use company logos and write in a matter that seems legit.  The URL link often times will be very close to the actual site URL with a minor misspelling or change.  If you notice a link that is close but not quite right you could be redirected to a spoofed domain.

 

Never respond to validate your account without you initiating

If you receive an email asking you to validate a login or account, don’t. If you did not initiate a password reset or account validation then you should not receive communication.  If you are still concerned, go to the site in your browser and log in with your credentials.

 

Never open account login email on a public wifi

Information sent through public wifi is highly susceptible to rerouting.  This means a user may think they are logging into a site.  Instead, a user may be rerouted to a duplicate site where their login information is captured.

 

If you can validate verbally

Many sites are now allowing you to confirm your login or credential changes over the phone.  This is used to protect users from the previously listed dangers.  If this option is available to you, use it.

 

All in all, vigilance will save you the headaches and pain of having your accounts hacked.  Your MSP can and should protect your business.  However, there are still precautions you should take to keep your data secure.

 

Other Articles You Might Be Interested In:

Office 365 Delivers New Tips and Training To Your Users

Office 365 Delivers New Tips and Training To Your Users

Notice: If you receive Office365 through ITonDemand, you and your staff will start receiving emails from Microsoft as part of a special Microsoft Partner program.  On Nov. 29th, 2018, Microsoft will start to send these emails. These emails will be tips and training...

read more
Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand. What is TipsonDemand?  TipsonDemand is our series of 30-second videos that we release on social...

read more

Have a Question?

How would you generally categorize your question?

Why Working at ITonDemand will jumpstart your career – Interview with Career Source

Why Working at ITonDemand will jumpstart your career – Interview with Career Source

Over the summer, ITonDemand was featured in an interview spot with Career Source’s Laura Burns on 96.3 The Source with Larry and Robin. We were able to discuss the in’s and out’s of our work at ITonDemand and what we look for in team members.  If you have ever thought about working at or with an IT company, this interview will give you insight on what it would be like and what is expected on the job. The answer might surprise you.

What does ITonDemand Sell?

We sell easy technology for businesses. Businesses want to focus on what they do. Whether they sell a certain product, insurance, or another service, they don’t want to have to focus on their technology. Partnering with us means getting to focus all of your energy on your own business’s goals and objectives.

 

Is it unusual for businesses to need guidance when it comes to technology?

Absolutely not. When you become our client, or as we say, “our partners”, it means you now have a liaison in the tech industry. We give you guidance on understanding your business and showing you how to build technology around your business’s unique needs.

“When you drive your car, you don’t need to know how to fix it to drive it. You bring it to a mechanic.”

Do you focus on your client’s main goal and build their site around that?

 

Yes, absolutely. Our process is to identify our client’s wants and needs and leverage technology to see their mission through. From the beginning, it is all about making their business work smarter.

 

What does the role, Director of Partner Development entail?

 

It means making sure that we meld with our client’s company and not the other way around. As it goes with developing any business relationship, you have to start by understanding them as a business.

“We are in the business of giving businesses the best user experience possible.”

Then begin to grasp their workflow with technology and how they interface. Then we can learn how to guide them through their technology needs. Every business is different and every user within an organization is too. We strive to make sure that every user gets the most of technology to do their job well.

Being partnered with CareerSource means you must be looking for new employees?

 

Yes, we are always looking for good team members to join our growing company. We have had a wonderful experience working with Career Source and would recommend their services to any business in need of hard-working employees.

 

What are you looking for at ITonDemand?

 

Of course, technical experience that meets industry standards is a must but we find certain soft skills to be even more important in our line of work. We value communication skills, or better yet, translation skills in our team members because not everyone is fluent in “tech-anese”. Being able to explain issues or processes in layman’s terms gets team members focused on the end user’s experience, not their own.

 

How many current job openings are there?

 

As of right now, there are four jobs listed but as stated before, we are always looking and accepting resumes from those that are interested. The review process can be tough and that is in part why we use Career Source. Not every business can have a fully staffed and dedicated human resources department and Career Source steps in and provides a much-needed resource to local businesses.

Likewise, not every small business has the luxury of having a full IT department on hand. That is where ITonDemand comes in.

Watch the full interview below. 

Other Articles You Might Be Interested In:

Office 365 Delivers New Tips and Training To Your Users

Office 365 Delivers New Tips and Training To Your Users

Notice: If you receive Office365 through ITonDemand, you and your staff will start receiving emails from Microsoft as part of a special Microsoft Partner program.  On Nov. 29th, 2018, Microsoft will start to send these emails. These emails will be tips and training...

read more
Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand. What is TipsonDemand?  TipsonDemand is our series of 30-second videos that we release on social...

read more

Have a Question?

How would you generally categorize your question?

Are Cloud Services Secure?

Are Cloud Services Secure?

On google search, if you start to type in the phrase “Are Cloud Services..”, right behind “Are Cloud Services Taxable?” is “Are Cloud Services Safe?” 
Cloud services aren’t new. In fact, “The Cloud” has been around since the early days of computing, it just went by a different name back then. I am sure some of our “wiser” visitors remember something called a “Main Frame”. This old IBM article from the 90’s does a great job of explaining, in terms of the time, what it is. Doesn’t sound much different than today’s explanation of the Cloud, does it? The main difference in today’s version of this old technology is one of scale. Here is where the question of security becomes extremely important.

Today’s Cloud (yesterday’s Main Frame) is available not only to individuals within a company, inside their building, on their local network. It’s available, by design, to the entire world. This is both its strength, in that it has revolutionized the way we interact in every facet of our lives and its weakness. The virtues of the transparent, accessible, always on and connected cloud expose important information in a way that can be devastating. That is why the consideration of security in the cloud has some fundamental principles that you should use when you approach any cloud service.

Cloud security isn’t one simple answer but rather a series of different aspects to observe. While there are several aspects to security, we’re going to focus on two in this article; the technology and the user.

 

The Technology

The first thing to consider is whether the technology itself employs key components of a secure system. The short answer, generally yes. Here are the key things to look for as telltale signs that you are using cloud services that are “technically” secure.

 

Encryption

An absolute must-have for any cloud technology, including websites, is encryption. Cloud services encrypt data to keep it in the right hands. What this means is that your data is run through an algorithm to hide your data from anyone trying to get ahold of it that isn’t you. If a hacker were to get ahold of your data, they would need the encryption key and even then it would take a large amount of work and time to process any of that information.

 

Multi-Factor Authentication

When you go to get a driver’s license or a passport, the DMV asks for two forms of identification to make sure you are who you say you are. Cloud Security uses Multi-Factor Authentication in the same way for the same purpose. To gain access to an account via a username and password, you will also need to verify your identity through an associated phone number, email account, or fingerprint.

 

Frequent Updates and Upgrades

Developers are constantly working to maintain and improve their platform’s security. When a developer identifies a vulnerability in their code, they will address it in the form of an “update, upgrade, or patch”. These aren’t just to improve the cosmetics of the UI, but to make you more secure. If users continuously hit “Remind me tomorrow” on necessary updates, they are putting themselves in a position to be victims of data loss.

 

The User

“User Error” is absolutely the easiest and most common point of exploitation to any system. Setting up solid security practices across your digital life is your best line of defense.

It might be You, not them

Both cloud services themselves and the settings you decide on such as password and two-factor-authentication have a lot to do with your cloud security.

You may remember the infamous Apple iCloud hack from 2014. Hackers were able to access the personal data of celebrities and released it to the public. What you never heard from the media, however, was that Apple was never breached. Rather, the hackers were persistent enough to guess the passwords and security questions of the 26 victims.

Following the attack, Apple increased its use of multi-factor authentication, mentioned above, to protect users, however, it didn’t make it the default setting so unless users opted-in, they were left out.

Password Policies

To protect yourself, have a strong password, unique to each account you have using at least 8 characters, mixing upper and lowercase letters, numbers, and special characters. Don’t use any name or number associated with your identity and change it every six months.

Here’s a way to make any password you have more secure.

Say your password was carnival87.

By using alternating upper and lowercase letters, and inserting special characters for comparable letters you could make it C@rN!vAL87. Just by making those small adjustments, your password is now significantly more secure and less likely to be guessed.

 

Phishing

Phishing is the term for hackers that attempt to obtain information from anyone that can be tricked into believing them. Some scams even contain website landing pages that are well designed and allow you to “reset your password” and can even send you a confirmation email after the fact. 

Learning how to identify phishing attacks and even training your staff to do so can protect your cloud accounts from a data breach.

Ask yourself-

  • Is there something weird about the email address?
  • If I hover over a link in the email, does the URL look strange? (DON’T CLICK)
  • Are there spelling mistakes or vague pronouns like “Dear Customer“?

Other things to remember are to not to open attachments, and don’t be fooled by an email just because it appears to be marked “urgent”.

 

Finding what’s right for you

Cloud services aren’t a one-stop shop. Some are built to be more versatile and accessible while others are intended for extreme security.

All Cloud Services weren’t created equal

When it comes to cloud storage, different services function differently. SpiderOak, for example, encrypts your data before it is sent to them and leaves the encryption key local to your device. This means it’s only accessible by you; not even SpiderOak employees.

If you want to learn more about different services and how they function, you can read more here on TechAdvisor.

While there are many different functions of cloud services, security needs to be thought about this way:

 

If the answer to those questions are all yes, then your cloud services are secure.

Other Articles You Might Be Interested In:

Office 365 Delivers New Tips and Training To Your Users

Office 365 Delivers New Tips and Training To Your Users

Notice: If you receive Office365 through ITonDemand, you and your staff will start receiving emails from Microsoft as part of a special Microsoft Partner program.  On Nov. 29th, 2018, Microsoft will start to send these emails. These emails will be tips and training...

read more
Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand. What is TipsonDemand?  TipsonDemand is our series of 30-second videos that we release on social...

read more

Have a Question?

How would you generally categorize your question?

Is My Website Really Secure?

Is My Website Really Secure?

It’s pretty normal for someone to go weeks without looking at their own website. After all, if you know what you put up there, why would you unless you wanted something changed?

Imagine, to your dismay, receiving a phone call or email from a long standing client, troubled by your website. You go on only to see the content on your site altered maliciously and your reputation tarnished, both personally and professionally.

That’s not the time to wish that you had a more secure site.

To know if your site is really secure, ask yourself these questions and if it’s not, we have 4 tools for you.

Is it up to date?

When a hacker tries to seize control of a site, what they look for is vulnerabilities in your sites code. They can do this in various ways but generally, it doesn’t take them frantically pounding away at a keyboard like they do in the movies.

Just as hackers work against your site, the developers behind your site constantly work to make their code more secure. When developers find an area of weakness, they will send out updates, patches, etc. that fix the issue. If you don’t keep both your site and its plugins up to date, hackers are going to be more likely to exploit those areas.

 

Does your site use HTTP or HTTPS?

Sites use HTTP by default. It stands for Hypertext Transfer Protocol. HTTPS stands for Hypertext Transfer Protocol Secure. You probably see where I’m going with that.

HTTPS is for sites that utilize SSL or Secure Sockets Layer. This means that information that is transferred between the visitor’s browser and the website’s server is encrypted. For someone to decipher the information, they would need the encryption key that is only available on the web server.

SSL certificates are cheap, if not free with most hosting services. If you are utilizing any type of online shopping, HTTPS is a must but overall, it will make your site more secure. 

Does your site use parameterized queries?

This one is a little more involved but the main idea is this; instead of entering a username and password into a field, hackers can enter bits of code aimed at corrupting systems or retrieving information inside of your website. This process sets “parameters” for what can be entered into a “query”. For more information, check out this article from Microsoft.

 

How strong are your passwords?

I can’t believe I’m saying this but in 2018 the most commonly used password is still “123456” followed by answers like “QWERTYUIOP” (which is just the first row of letters on the keyboard.)

Having a company-wide password policy that dictates the strength of passwords will keep your site secure from a would-be-hacker getting access.

 

So is your website really secure?

Ask yourself these questions and you will get your answer. There’s no one-sided answer to your security and as threats continue to evolve, your security will need to evolve with it. If you are questioning your security, check out these tools.

Wordfence – Firewall and Malware Security

At over 2 million downloads, Wordfence is one of the highest rated security plugins for WordPress and has over 2 million active installations. Wordfence’s free plugin blocks malicious traffic going to your site and their premium version offers more robust features.

VIP Scanner

VIP Scanner scans the code of your site, including all themes and files you may use to identify any potential security loopholes that may leave you vulnerable. 

iThemes

iThemes bans users that have previously attacked other sites by blocking their IP address.

BBQ – Block Bad Queries

This plugin protects websites from injection-related attacks. At over 90,000 downloads and a perfect 5/5 in reviews, this is a simple but comprehensive solution with a BBQ Pro version available.

Other Articles You Might Be Interested In:

Office 365 Delivers New Tips and Training To Your Users

Office 365 Delivers New Tips and Training To Your Users

Notice: If you receive Office365 through ITonDemand, you and your staff will start receiving emails from Microsoft as part of a special Microsoft Partner program.  On Nov. 29th, 2018, Microsoft will start to send these emails. These emails will be tips and training...

read more
Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand. What is TipsonDemand?  TipsonDemand is our series of 30-second videos that we release on social...

read more

Have a Question?

How would you generally categorize your question?

Understanding how to keep your WiFi more secure

Understanding how to keep your WiFi more secure

When you log into WiFi at a public place, such as a library, a school, a business, a restaurant, or the like, it’s likely your anti-virus software will warn you of logging into an unsecure network.

But, did you ever think that when logging onto the WiFi at your home or business you may still be facing some security issues? Are you aware of the risks involved with not securing your WiFi? It’s important to keep in mind that WiFi is a target for hackers. Securing your WiFi may be way easier than you think.

Here are a few tips on how to do that.

 

Change the name

One of the first steps is to create a strong name for the WiFi network to replace the default network name, such as xfinitywifi, AT&T or Netgear (My neighbor uses FBI as his network name). Fossbytes says most hackers have access to tools such as “rainbow table” that can break into most any network simply by knowing the default SSID name.

 

Protected Access

Another security measure to use is enabling your WiFi protected access. When setting up the router, the setting can be seen as WPA2 or WPA-PSK. Fossbytes said older routers will have something called WEP, or Wired Equivalent Privacy, but that’s not much of an effective deterrent to modern hackers.

 

Firewalls

One tool to use, if it’s built-in, is a firewall for your router, which can obscure a hacker’s view of the network, Fossbytes said. Another thing to consider is turning off the Universal Plug and Play protocol on the router. Although this is meant to make connecting devices easier, Fossbytes said the use of it makes a potential entry point for hackers.

 

VPN

Another way to protect your WiFi network is to create a Virtual Private Network, which encrypts data traveling between a computer and a server. Through a VPN, even if a computer is logged onto a public WiFi, any hacker paying attention to traffic will only see encrypted data shared, Techify said in a recent article on ways to protect a WiFi network. VPN works by “giving your location anonymity on its server and even creates its own firewall to protect your network traffic,” Fossbytes said.

 

Change your password

Lastly, one simple, but crucial point of protection, and one that we here at ITonDemand stress over and over again, change your password. Using a strong password, or perhaps an even stronger pass phrase, can cut down on a hacker’s ability to penetrate a network or computer.

If you’re still concerned about setting up a secure network, don’t hesitate to reach out to ITonDemand for help. It’s better to be safe than sorry.

 

Other Articles You Might Be Interested In:

Office 365 Delivers New Tips and Training To Your Users

Office 365 Delivers New Tips and Training To Your Users

Notice: If you receive Office365 through ITonDemand, you and your staff will start receiving emails from Microsoft as part of a special Microsoft Partner program.  On Nov. 29th, 2018, Microsoft will start to send these emails. These emails will be tips and training...

read more
Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand. What is TipsonDemand?  TipsonDemand is our series of 30-second videos that we release on social...

read more

Have a Question?

How would you generally categorize your question?

(800) 297-8293  ·  info@ITonDemand.com

 instagram logo

Public Charging Stations: Are they secure?

Public Charging Stations: Are they secure?

If you have spent any time traveling through an airport, you have seen a public charging kiosk. you might think, how convenient. Especially if your alternative is moving onto the floor closer to an outlet in the terminal.

But before you plug your phone into one of these kiosks, there are some security issues to discuss.

One such security threat is, “juice-jacking”. TechAdvisory.org defines juice-jacking as the process by which, “user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.”

Juice-jacking can affect any phone, both Android or iPhone. They both have the same weak spot: the charging cable. Data runs through this cable same as the power supply.  Once the hacker has been able to access your data, it doesn’t matter that you have unplugged from the kiosk.

Juice-jacking is a security concern worth noting. But juice-jacking is not as large a problem as getting your phone/tablet stolen or downloading corrupt software by mistake. Still, we all should take precautions. Consider some of the safety measures:

  • Keep your device charged. Have your phone charged and ready to go before making a trip or going to an event. This prevents the need to charge in public.

  • Carry a personal charger. These nifty devices are inexpensive and take up very little space in your bag. You can charge on the go without tethering yourself down to a public kiosk.

  • Keep a spare battery for all of your devices.

  • Lock your phone. If you lock your phone (type in a passcode to open), it will not pair with the kiosk.
    Tip: Make sure you lock your phone before plugging it in. Pairing only takes seconds!

 

If you feel you have a corrupted phone after charging at a public kiosk, we would be glad to assist in solving the issue.

 

Other Articles You Might Be Interested In:

Office 365 Delivers New Tips and Training To Your Users

Office 365 Delivers New Tips and Training To Your Users

Notice: If you receive Office365 through ITonDemand, you and your staff will start receiving emails from Microsoft as part of a special Microsoft Partner program.  On Nov. 29th, 2018, Microsoft will start to send these emails. These emails will be tips and training...

read more
Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand. What is TipsonDemand?  TipsonDemand is our series of 30-second videos that we release on social...

read more

Have a Question?

How would you generally categorize your question?