Network Security Archives - NuTech Services LLC

Nov, 2022

Network Segmentation is a Smart Move for Business Cybersecurity

When it comes to your network and its security, you cannot give all of your users access to all of your assets. It’s just not a good practice, and doing so can potentially put your resources at risk. Let’s discuss how network segmentation can make a world of difference for the integrity of your network and the data found on it.

Explaining Network Segmentation

Network segmentation can best be described as the practice of segmenting your business’ network into different parts with the intention of protecting its various resources.

To use a practical example, consider how a bank might be set up. The bank isn’t just secured at the front door; it’s also secured at various points within the building, including security cameras and multiple locked doors, safety deposit boxes, and vaults, all of which require different keys to access.

Network segmentation works in the same way, providing multiple different opportunities to partition off various parts of your network for authentication and access control. This helps to handle not just external threats, but internal ones as well. It’s just one major component of a zero-trust architecture model, and it’s an important one.

How Does Network Segmentation Protect Your Business?

Network segmentation works by keeping certain people based on roles and responsibilities away from specific data on your infrastructure, thereby reducing the risk that it can be compromised or stolen. This helps your business against cybercrime and helps to limit employee access to data they have no business accessing.

For example, you wouldn’t want anyone on your sales team to have access to the personal or private data shared with human resources, and you wouldn’t want any regular employee handling payment information from a client or the financial information for your company’s banking. Each department has its own data that is required for it to function, and you don’t want to put yourself in a compromised situation because you let the wrong employee access the wrong kind of information.

If your business’ network is properly segmented, you can limit access to this information based on user role. Your HR department can have access to all of the records they need to do their jobs, and the same goes for accounting, IT, or any other part of your organization. This is especially important for positions like executives and IT administrators, who might have super admin access to the network, thereby granting considerable permissions for the entire network. Imagine if that account got hacked and used against you; you don’t want to think about it.

Let Us Help to Protect Your Network

NuTech Services can help your business handle all of its issues related to network security. To learn more, contact us at 810.230.9455.

Oct, 2022

The Tell-Tale HDD

If Edgar Allan Poe worked in an office, here’s what one of his works would sound like:

True!—nervous—very, very dreadfully nervous I have been and am, but why will you say that I am mad? The office had sharpened my senses—not destroyed—not dulled them. Above all was my sense of hearing. I heard all things in heaven and on earth and many things in…the other place. So, how then am I mad, especially when I can so healthily and calmly tell you this story?

It’s impossible to say how the idea first entered my brain, but once conceived, I couldn’t get it out of my head. There was no reason for it, there was no feeling behind it. I really liked my boss. He had never wronged me, he had always respected me. I wasn’t even that jealous of his money. I think it was his eye…yes, it was this. Whenever we were working in the office, his gaze would fall upon us and my blood would run cold. After a while, very gradually, I determined that I needed to take my leave of the company, and rid myself of his critical gaze.

To do so, I would take the company’s data along with me to make me more valuable to the next company I found.

Now, this is the point, and why you probably think I’m nuts. Here’s the thing, though…would a crazy person so carefully and cautiously make such a plan as I had? I was the ideal employee for the boss. Every day, after the boss had left, I would copy a bit of the company’s data onto a hard disk drive I kept hidden in my desk. I did this for an entire week, adding a little more data to my drive each time. Every morning, when work began, I would stride in confidently and greet the boss, asking him how his evening was. So, he would need to be very quick to suspect that I was siphoning away some of his data after he left.

On the eighth night, I set up my hard drive to copy more data than ever, and I felt more accomplished than any night prior to this one. There was so much data that I now had to offer a new employer. To think I had managed to collect so much valuable data, little by little, and for the boss to have no idea. I couldn’t help but chuckle to myself. The boss heard me, and he came out of his office quite suddenly. You’d think that I’d be concerned—but no. The office was dark, with most workstations asleep, and the door could only be opened from the inside. I knew that I was hidden from his sight, so I continued my work.

Suddenly, my workstation beeped, and the boss turned to my direction, crying out—”Who’s there?”

I stayed very still at my desk. For a whole hour I didn’t move a muscle, and he didn’t close his door after he returned to his office. He was waiting there, listening, just as I had done each night of the preceding week.

After a moment, he groaned, and I knew he was scared. This wasn’t a groan of pain or grief—oh, no—it was the sound that comes when someone is stifling back deep terror from their soul. I knew it well, because the same feeling would hit me in the late hours of the night, and would make a similar sound myself. I knew how my boss felt, and almost pitied him. Almost. I could hear him muttering to himself, trying to explain away his nerves. He quickly gathered his things, continuing to explain away his nerves to himself, and promptly left—still never discovering me at my workstation.

I waited a long time, listening for the elevator doors, the sound of his car driving away, before I resumed my work. The glow of my display illuminated my hands as I copied file after file to my hard drive. With quiet determination, I took a copy of every file, my hidden hard drive whirring away as data was added to its stores.

Suddenly, I hear it—a rhythmic, quiet clicking, emerging from the drawer containing my hard drive, punctuated by high-pitched squeals. Panicking, I turned off my workstation, killing power to the drive, and swiftly left the office and made my way home. In my haste, the drive was left in the drawer. Returning home, I slept a fitful and restless sleep.

When morning came, I returned to the office filled with confidence, yet tired from my restless night. As such, I was on edge. I sat at my desk, with little patience for the droll chatter that my coworkers were sharing around me. I booted up my workstation, smiling despite myself, knowing that in the desk I sat at laid the proof of my triumph. I smiled, greeting my coworkers politely, keeping up the ruse to avoid any suspicion.

My coworkers suspected nothing, my cheerful demeanor and casual spirit giving them no reason for concern. Before very long, however, I grew more tired and my head began to ache. Meanwhile, I began to hear a quiet screeching which grew louder and louder as the day passed. I continued talking to try and drown out the sound, but it wasn’t long before I realized that the sound wasn’t just in my head.

I felt myself grow pale, although I continued to confer with my teammates to try and drown out the sound. Yet the sound continued to grow. I spoke louder, more animatedly, but the sound still grew louder. I continued to speak, more and more aggressively, but the noise still grew more and more pronounced. How could my coworkers not hear the clicking and squealing coming from my drawer? I kicked my feet against the side of the desk where the hard drive was kept, but the noise was still drowned out by the squealing and clicking. Yet my coworkers still chatted pleasantly and cordially. Could they really not hear it? No, that was impossible. They knew—and not only that, they were mocking my attempts to hide it.

I couldn’t take it any longer. Louder, louder, and louder the clicks and screeches grew, and I could no longer stand to look at their calm faces, hear their trifling conversations. I needed to scream, or I would explode. Louder, and louder, and louder, again and again and again—

“FINE,” I screamed. “I can’t take it anymore! I admit it, I was stealing data! Here, look in my desk—here, here it is—the clicking and squealing of the horrible hard drive I used!”

We understand how scary the thought of an insider threat can be, nevermind the idea that it could be your business’ equipment that fails in such a spectacular fashion. We’re here to help protect you against these circumstances and many, many more. Give us a call at 810.230.9455 to learn more about what we can do for you.

Happy Halloween!

Aug, 2022

Avoid MFA Fatigue Attacks by Minimizing Notifications

While we strongly recommend that you put the security safeguard known as multi-factor authentication in place wherever it is available, it is important that we acknowledge that cybercriminals are frustratingly inventive. So much so, in fact, that a new form of attack has been developed to take advantage of MFA, referred to as MFA fatigue.

Let’s go over what an MFA fatigue attack is, and what you can do to fight back.

MFA Fatigue is a Very Specific Form of Social Engineering

Let me ask you a question: if one of the applications on your mobile device prompted you to log in once again, would you hesitate to do so? What if a notification appeared, asking you to confirm a two-factor authentication prompt? What if that notification kept appearing until you did, assuming that the system was just glitching?

This is precisely how MFA fatigue works.

The purpose behind MFA is to help keep your account secure even if your password has been compromised. By adding an additional proof to the required authentication process, MFA is supposed to make it harder for the person who compromised your password to actually access the account. However, when a cybercriminal puts in your credentials, you’ll still receive the prompt to confirm the login. Some of these threats even come in the form of SMS messages and voice calls to confuse the user further.

This brings us back to our initial question: would you question an authentication prompt, particularly if you were trying to do something else, especially if it kept popping back up again and again?

The cybercriminals responsible are betting that you won’t.

How to Spot MFA Fatigue

There are a few clear and unmistakable warning signs that an MFA fatigue attack is afoot:

If you receive approval requests without attempting to log into an application.
If you receive multiple requests from a single application.
If you receive authentication request notifications at odd hours.

How to Take the Teeth Out of MFA Fatigue

Fortunately, there are a few things you can do to help limit the efficacy of MFA attacks. A strong password is a great starting point, so long as you keep it secure. You and your team also need to be more cognizant of when you are receiving an MFA prompt and whether or not you requested it, denying all of those that are unidentified.

Limiting the number of attempts you can make through your MFA solution of choice within a predetermined time is also a helpful precaution.

Turn to Us for Assistance with Your Business’ Security

We’ll help you implement the protections and precautions that will help you keep your business secure. Give us a call at 810.230.9455 today!

Aug, 2022

We Think You Should Know What Social Engineering Is

Social engineering is a dangerous threat that could derail even the most prepared business. Even if you implement the best security solutions on the market, they mean nothing if a cybercriminal tricks you into acting impulsively. Let’s go over specific methods of social engineering that hackers might use to trick you.

Let’s start with a look at what social engineering is and why it works so well on users.

Social Engineering Targets the Human Part of Your Brain

Social engineering is designed to get you to act impulsively. In other words, it’s the manipulation of your emotions and thought processes. If we hear that something needs to be done, and it comes from someone whom we believe and respect, then we will naturally want to perform the task, even if it might not necessarily make sense in the moment.

In regards to business and social engineering, the stakes are considerably higher than if someone were to play a prank or a trick on you. In these cases, social engineering tactics prey on the fears and anxieties associated with the workplace. All of this takes some preparation on the hacker’s part. Here are some of the steps involved in this process, from the hacker’s perspective.

The Steps Involved in a Social Engineering Attack

Depending on the target and the victim, the social engineering attack might go through various stages. More often than not, the attacker will plan out their attack through the use of research. Let’s get in the mindset of an attacker to see it from their perspective.

If you wanted to attack a company, for example, you might first collect as much data as you could. The Internet can be a treasure trove of information on its employees thanks to its open nature, and you might be able to find information publicly on social media and networking sites like LinkedIn, Facebook, and others. You might discover some of the likes and dislikes of these employees. Afterward, it is just a matter of using this information in a way that gets the user to act a certain way.

There are other ways of going about an attack, too, like fear tactics. Employees don’t want to get in trouble in the workplace, and if they get a message from someone claiming to be their boss, they will likely act to keep their integrity and job in check.

A resourceful attacker might use a combination of both to get their way. If someone posts a picture on social media with their webcam in the background, the attacker could use this to instill fear in the user’s heart that they have been caught doing incriminating things. The attacker might then threaten to release the footage to personal or professional contacts, and then they might demand a ransom in exchange for not doing so.

How Can Your Team Avoid Social Engineering Attacks?

If you want to help your team avoid social engineering attacks, it starts with helping them spot some of the dead giveaway signs:

Messaging and tone that incites fear or makes a threat
Links that were not requested and don’t match their apparent destination when you hover over them
Close-but-not-quite email addresses and domain names
Malicious email attachments

It also never hurts to confirm the identity of the message’s sender through secondary means. You might go check on your boss to make sure that the message came from them, or you might contact the third party that the message claims to be through a number you might have on record. As long as your employees are aware that social engineering exists and that they can become the target of attacks, then you can’t go wrong here.

Let Us Help You Get Ready for These Threats

We want to help you ensure that your team is ready to tackle important security problems in a way that doesn’t put your organization at risk. To learn more, reach out to us at 810.230.9455.

Jul, 2022

Securing Every Endpoint is Important to Maintaining Security

Sometimes it can be easy to take cybersecurity for granted, especially when you consider that built-in security features are more powerful than they have ever been. Unfortunately, if you think that cybersecurity is something that ends with the built-in security of your desktops and laptops, then you’re in for a rude awakening.

Most Devices Are Connected These Days

Besides older industrial machinery and equipment, just about all devices connected to your network communicate with each other in some way, thereby making them a cybersecurity risk. Individual workstations and desktops might be protected, but you also need to keep them updated, along with all of the other endpoints that might be connected to your network.

In fact, you might be surprised by some of the other devices that could potentially be threats to your network.

Network Printers Can Be Dangerous

Does the name Stackoverflowin ring a bell? Back in 2017, this hacker hijacked 150,000 printers all over the world from big brands like Canon, Brother, Epson, HP, and Samsung. They were then able to send documents to these printers to print out the messages. The attack might be harmless, but it showcases just how serious issues of cybersecurity with printers can be, as they can be controlled and manipulated in ways you might not expect.

In essence, the above attack could be categorized as a botnet, or a large group of infected devices from all over the Internet using their collective power to launch an attack against a network. This segues nicely into our next topic of discussion, the DDoS attack.

Internet of Things and Distributed Denial of Service Attacks (DDoS)

Just last year, the world saw the most massive DDoS attack yet. A DDoS attack is when countless devices—we’re talking hundreds, thousands, or even millions of infected devices—band together to launch all of their power against a website or service. It’s like when the grocery store has too much traffic and people get stuck waiting around in the aisles, or when a highway experiences traffic congestion.

Anyway, back to the attack. It went after its target with 17.2 million requests per second, three times larger than the largest DDoS attack which preceded it. With a varied list of compromised devices, including smart appliances and various Internet of Things devices such as smart light bulbs, thermostats, washing machines, and others that can connect to a smartphone, anyone with connected devices has reason to fear these attacks. And, of course, if a hacker can take over your washing machine, you bet they’re not going to be doing your chores for you. They’ll likely use it to gain deeper access to your network and create all kinds of problems for you.

Networking Equipment Like Routers, Switches, and Other Hardware

Any device which sends or receives network traffic throughout your office is going to be vulnerable, as it’s likely connected to your workstations, which your employees use on a day-to-day basis. Even in the home environment, you can expect there to be threats aplenty, as just last month a new type of malware was discovered making its home on consumer and small-business grade network routers. This particular threat allowed hackers to influence connected devices using the Windows, Linux, and macOS operating systems.

The malware, an incredibly complicated and sophisticated threat called ZuoRAT, is believed to have been created by a major organization or perhaps even a nation-state. The threat is quite difficult to identify and detect, all while granting a considerable amount of control to any potential attacker, making it a dangerous combination of stealthy and powerful. It can also be used to roll out additional malware, bypassing security measures along the way.

Yes, Even the Bluetooth Earbuds

Bluetooth headphones might seem small and of little consequence, but even these devices can be vulnerable to threats. Take, for example, the vulnerability which was discovered within the microcontrollers of a handful of earbuds, allowing hackers to gain control over the device for the purposes of a botnet. The threat has only been used by researchers, but security experts were able to break into their own Bluetooth earbuds and disable the Bluetooth and wireless communications on the connected device. Imagine the repercussions this could have in the realm of a physical security system, where security cameras could be broken into and turned off.

Pretty scary stuff, although we would like to mention that we don’t bring this up to scare you—merely to open your eyes to the possibilities out there for hackers, which are seemingly infinite in scope.

It’s Never a Bad Time to Consider Your Cybersecurity Strategy

We know it can be a little unnerving to think about the many threats out there, but you don’t have to do it alone. NuTech Services is here to help you navigate the cybersecurity landscape. To learn more, reach out to us at 810.230.9455.

Jul, 2022

Get Your Cybersecurity Answers with Penetration Testing

Hacking attacks can be stressful to manage, but when you add in that they can strike when you least expect them to, it gets a lot worse. You’ll never know how you respond to such an event unless you simulate it and replicate it somehow. This is what the penetration test is used for; it provides your business with a way to prepare for cyberattacks.

Understanding the Penetration Test

When you perform a penetration test, you check your infrastructure to see where it cracks against a cybersecurity attack. These tests are performed by trained IT professionals who simulate the methods used by real-life attackers. The goal is to find where your business might be most vulnerable to infiltration.

A penetration test will often be performed with a goal in mind. You might need to know which systems are most vulnerable to hackers, and in the process, you might discover that one particular system is more vulnerable than you previously thought. Penetration tests are vital to stopping data breaches and for laying out how you plan to respond to them. It’s much better to keep issues from developing into larger problems.

The Various Types of Testing

First, we should outline the difference between a penetration test and a vulnerability assessment. With the latter, you are just getting a list of what needs to be addressed, while a penetration test is more of a simulated attack against your infrastructure to see how it responds to the attack. Here are three ways that a penetration test is generally performed:

Black box testing – The tester goes in blind; in other words, they know nothing about the network or what to target. This type of testing might be used if there are no specific problems that need to be addressed.
White box testing – The tester goes in with full understanding of the network, often looking for specific problems that need to be addressed.
Gray box testing – The tester has partial knowledge of the network. In other words, they don’t have the whole picture, but they have some of it.

The results will show just how far the data breach got, what was stolen, and other important metrics that you’ll need to keep in mind for resolving problems like these in the future. Not all security plans are fool-proof, which is why there is a necessity for such a test in the first place. It’s up to you and your security team to ensure that such an attack cannot occur for real.

Get Started Today

Small businesses can often struggle with technology management, especially with so few resources at their disposal compared to larger enterprises. This is why we offer comprehensive IT solutions that can fit into just about any budget. If your business can overcome the challenges presented by cybersecurity, then you can go about your day-to-day operations with greater confidence.

To learn more about how we can assist with penetration testing and other proactive, preventative security measures, reach out to NuTech Services at 810.230.9455.

Jun, 2022

Securing Your Endpoints Can Help Thwart Cybersecurity Troubles

How many devices or points of access do you have for your business’ data infrastructure? Chances are it’s more than you think, at least at first glance. If you count up all the mobile devices, server units, workstations, laptops, and so on that have access to your network, you might suddenly realize how important it is to secure all of these endpoints, as any unsecured device could be a path forward for hackers.

What is an Endpoint?

In short, an endpoint is any device that interacts with your data infrastructure. Examples include smartphones, tablets, laptops, desktops, networking devices, servers, routers, and so on. Essentially, any device that has access to your infrastructure in any way can be considered an endpoint, so you must do what you can to make sure they are secured. Otherwise, you could be inadvertently putting your data at risk.

Considering the fact that many employees are still working remotely, and likely will for the foreseeable future, you must consider where and how your employees are accessing the data on your network. It doesn’t matter if the device is employee-owned or company-owned; it still needs to be secured, perhaps even at the infrastructure level.

What Can You Do to Protect Them?

We’ve put together a list of practices you can use to improve endpoint security for your organization’s infrastructure:

Implement enterprise-level security solutions including a firewall, antivirus, spam blocker, and content filter
Consider a zero-trust policy to ensure all users authenticate their identities before being granted access to data
Use a virtual private network to encrypt traffic into and out of your network
Consider permissions of all users on your network
Train your staff on how to identify potential attacks against your network
Back up your data just in case you need to restore it in the future
Secure devices that you don’t think need to be secured, like Internet of Things devices—perhaps even on their own network separate from your business’ operational connection

Get Us On Your Side!

If you need cybersecurity professionals to back up your endpoint security, we’ve got you covered. NuTech Services can help you implement any and all solutions you need to keep your business safe. With us on your side, you’ll know that your data is well-protected, no matter which device is accessing it.

To learn more about what we can do for your business, reach out to us at 810.230.9455.

May, 2022

4 Surprising Statistics about Network Security

If you aren’t making cybersecurity a priority for your business, then we urge you to review the following statistics to ensure that you understand the gravity of the consequences. Let’s take a look at some of the ways scammers and hackers are making their way around the carefully-laid defenses placed by businesses and how you can protect your own organization.

First, a quick look at the statistics is in order:

The global cost of cybercrime is a staggering $6 trillion.
On average, it takes over half a year to detect a data breach.
91 percent of attacks start with a phishing email.
Businesses faced an average of 22 security breaches in 2020.

$6 trillion makes cybercrime the world’s third-largest economy, which is a little jarring to say the least. Evidence suggests that four percent of the U.S. GDP is swiped by those involved in cybercrime. This is a total of billions of dollars, all stolen by hackers and scammers every year. These numbers are for the United States alone; imagine what is being done on a global scale.

As far as the news is concerned, you would think that data breaches are so high-profile that they are identified easily, but this is simply not the case. The average time to detection, according to IBM, is around 287 days. In data-intensive industries like healthcare and financial services, this number is even larger. IBM provides a timeline for containment as well, a number that sits at around 80 days.

Social engineering attacks were far from the norm in computer-based attacks, but hackers have continued to utilize these attacks to best even the smartest of network security professionals and solutions. Phishing attacks are the primary example of this; it might not be easy to crack a password, but it might be easier to do so if the user whose password you’re trying to steal willingly gives it away because they don’t know any better. This is why phishing has become front-and-center in the cybercrime field.

No business is too small to become the target of a cyberattack, and you should always be prepared to deal with the worst-case scenario, no matter how unlikely it might be. The average business deals with 22 security breaches each year, and you can rest assured that if you fail to protect your business, it will suffer as a result.

Network security can be daunting, but it doesn’t have to be. We aim to make understanding its intricacies easier and to take the burden off of small businesses. To learn more about what we can do for your business, reach out to us at 810.230.9455.

Mar, 2022

Social Media Conditions People to Let Their Guard Down

How often do you check social media only to find your news feed clogged with your friends and family sharing the results of quizzes like, “Which Star Wars character are you,” or “What’s your superhero name based on your birthday.” While these quizzes might seem harmless on the surface, they often hide a far more sinister agenda, one which uses the personally identifiable information provided to them for nefarious purposes.

If your friends and family aren’t careful, these quizzes could be giving their hosts access to all the information they need to hijack someone’s social media profile.

“Your New Last Name is the Thing You Ate Last!”

The major concern we have about these quizzes is that they might appear to be lighthearted on the surface, but that the questions line up suspiciously close to the security questions that one might use to protect an account. For example, your bank and credit card accounts use security questions to keep them secure, so what happens if you give up this information to an online quiz?

That’s right—the hacker might use the information you willingly provided to hijack your account. All the hacker has to do is click that Forgot Your Password prompt and boom, they’re in.

This is because these security systems can’t always tell who is typing in the answers; all they do is check to make sure that the answer matches the one provided in the past. From the bank’s perspective, you’re just another customer who forgot their password and is using their recovery question to gain access to your account.

When you look at online quizzes and questions they might ask, they line up quite closely with the recovery questions that are often associated with resetting passwords, like your first pet’s name, your mother’s maiden name, the model of your first car, and so on. When you share the answers to these questions, you effectively give someone on the Internet everything they need for easy access to your accounts.

This Is How Social Engineering Attacks Work

Even the most unlikely suspects could be considered social engineering attacks, especially on social media. It’s important that you give your team the tools and knowledge they need to identify these threats so as to avoid them. The same hallmarks of phishing attacks are present here, too: misspelled addresses, alarming subject lines, unprompted attachments, etc.

Cyberthreats are everywhere, so you can never be too careful. Remain ever-vigilant and be sure to train your employees on how to identify and respond to threats. To talk to an IT expert on training your staff and securing your business, reach out to us at 810.230.9455.

Mar, 2022

Coinbase’s Super Bowl QR Snafu is Sending Shockwaves Through IT Security Circles

During the first half of the Super Bowl last month, cryptocurrency exchange company Coinbase bought a minute of ad space to broadcast an ad that was just a QR code on the screen, meandering diagonally around the screen like the famous Windows screensaver. Millions of people took out their smartphones and scanned the code and now cybersecurity professionals are publicly decrying the tactic.

How Do QR Codes Work?

The QR code isn’t new. It has been used by companies and other platforms for over a decade. It is effectively a barcode that can be scanned by a mobile application to bring users to content linked to the code. It looks secure enough, but in earnest, there is very little information that separates one QR code from another, and since they are relatively easy to generate they are used all over to engage users with product promotions, website links, etc. Your QR code reader will read a code in 8-bit blocks and take you to the information linked to the QR code.

How Are They Insecure?

While QR codes offer intriguing ways to store and access information, the risk they have is palpable. They can easily be swapped out for counterfeit codes, they can be hijacked by hackers, and can also be used by hackers to send malicious code to user devices. This means that while they may seem secure on the surface, they are actually not a good platform for end-user security. In fact, when they were developed, the creator did not envision all the possible security issues, stating publicly that they “…need security revamp.”

How to Protect Yourself From QR Code Attacks

Since they are an intriguing way to get people to interact with a company’s marketing material, they have been used liberally for quite a while. For the business that wants to utilize this technology it is prudent not to use them for user logins or financial transactions as they can be exploited to intercept information; meaning they can be used to steal credentials and provide threat actors means to access accounts and networks they have no business having access to.

One way to marginalize the risk to your organization from end-user QR code usage is to add it as a line item on your cybersecurity training platform. Your company probably already trains users about phishing (and if you don’t, you should start immediately), so adding in a bit about not using QR codes for work-specific tasks can be included without much fuss. Users have to know that sensitive, financial, or proprietary information should not be shared using QR code technology. Some talking points you should consider include:

Check URL carefully if using a QR code
Don’t use QR codes to navigate directly to a website
Don’t use QR codes to download any information
Don’t download a third-party QR code reader as most smartphone cameras have this functionality by default.

The QR code can be beneficial in some circumstances but keeping them away from your business’ critical information is imperative. We should mention that there are encryption enabled QR codes called dynamic QR codes that offer a little more security, but as a best practice, eliminating QR codes from internal data sharing within your business is prudent.

If you would like more information about setting up security training that actually makes a difference for your business, give NuTech Services a call today at 810.230.9455.

Nov, 2021

Network Security Cannot Be Ignored

You see the headlines every single day while browsing the Internet: “So-and-So Suffers Massive Data Breach” or “Huge Data Breach Leaves Thousands of Credentials Exposed to Hackers.” Maybe you don’t see these specific headlines, but you get the idea; cybersecurity is a big deal these days, and you need to take it seriously before your business encounters problems that it cannot recover from.

Specifically, you need to implement a variety of security measures that mitigate risk for your business should it ever become the target of hackers. We’ve put together some of the most important measures here for your reference.

Unified Threat Management

A UTM is a device that includes many of the best industry-standard security solutions and packages them into one appliance. A UTM generally includes solutions like a firewall, antivirus, spam blocker, and content filter. It’s a pretty great all-in-one solution that includes a lot of helpful features that your organization will surely get value out of.

Multi-Factor Authentication

For securing accounts and network access, you can turn to multi-factor authentication, a concept which is proving more and more valuable with every passing year. Essentially, you need a combination of measures to access an account, such as a password, biometrics, or access to a secondary device or account. A best practice is to implement two of the three above features so that they include something you know, something you have, and something you are.

Password Management

Multi-factor authentication is vital to your business, but password management is also of critical importance. Password management involves generating multiple complex passwords and storing them in a secured vault where they can be called upon when needed. In essence, a password management tool makes it easier than ever to utilize complex passwords, but you should also know that complex passwords are no substitute for multi-factor authentication.

NuTech Services can help your business implement and maintain just about any security solution you need to keep your company safe. To learn more about what we can do for your business, reach out to us at 810.230.9455.

Oct, 2021

It May Be Time to Upgrade Your Remote Network Security

Today’s cybersecurity landscape is dangerous, to say the least, prompting many organizations to adopt what is called a zero-trust policy for their security standards. Is a zero-trust policy the best solution for your company’s cybersecurity woes, and how effective is it toward preventing security issues? Let’s take a look.

What Does Zero-Trust Actually Mean?

According to the United Kingdom’s National Cyber Security Centre, the official definition of zero-trust is “the idea of removing inherent trust from the network. Just because a device is within the internal “trusted” side of a firewall or VPN, it should not be trusted by default.”

Basically, this applies to just about all devices on your network, including the ones that are supposed to be there. No devices should be trusted by default.

How Effective is It, Really?

As you might have guessed, not all businesses can subject their networks to this great of scrutiny, so you will want to make sure that your company’s policy reflects its needs. The NCSC makes special note that this is more of a guidance rather than a hard rule, and it should be used in terms of network design rather than as a solution you implement to solve your problems. In fact, some businesses might not even be able to pull off a zero-trust policy.

Think of companies with large computing infrastructures. The sheer number of devices on the network and the costs of implementing such a policy could be staggering, and the policy itself could take years to fully flesh out and develop before it starts to show any true return on investment. Businesses might also have to acquire new hardware and train technicians, as well as frequently update this technology to maintain security standards. In particular, organizations with a BYOD policy will have a difficult time with zero-trust.

Even with these issues, however, there remain many reasons to consider zero-trust as a model for your business. Here are a few:

Greater control over data means delegation to the appropriate users.
Stronger authentication and authorization
Better user experience (consider single sign-on as an example)
Every action or device is subject to some form of policy, meaning every attempt at accessing data is verified.
Detailed access logs

Start Securing Your Systems Today

You don’t necessarily have to implement a zero-trust policy to enhance your network security, but what you should do is call NuTech Services! Our technicians can give you the strongest fighting chance at stopping any and all threats out there. To learn more, reach out to us at 810.230.9455.

Aug, 2021

Don’t Be Caught Off Guard by Ransomware

Ransomware is bad stuff, and it’s only gotten worse with its recent resurgence that aligned with the COVID-19 pandemic. Phishing attacks and other means by which ransomware is commonly spread have used the current atmosphere as a springboard. This makes it even more critical that these kinds of behaviors and attempts can be spotted and stopped.

Why Do Cybercriminals Use Ransomware?

It’s simple: if a cybercriminal specifically chooses ransomware as their malware of choice, they most likely intend to profit from their crime. The entire point of ransomware is to collect money from its victims by encrypting their data and demanding a ransom in exchange for the decryption key (which, for the record, isn’t guaranteed even if the ransom is paid).

Looking at it this way, it’s little wonder that cybercriminals have aimed their sights higher and higher.

Don’t get us wrong, small and medium-sized businesses are in no way out of the woods, but there have been more and more attacks on critical pieces of infrastructure taking place recently. Consider the attack that was waged on Colonial Pipeline and the massive supply chain disruptions that came about as a result of its impacts. Another massive issue in the supply chain happened in the food industry, with the REvil group attacking those infrastructures. REvil was also responsible for an attack on Kaseya, a major software vendor, hurting businesses and proving that service providers are a good target for such efforts.

Yes, You Need to Be Prepared to Deal With Ransomware

However, this can’t stop once you have some preventative measures in place. You won’t be fully prepared until your team is ready to deal with a successful attack, just in case one does slip through.

To do this, you need to have a resource in your corner that you can turn to for help with either an incoming attack or one that’s already gotten in. That’s what NuTech Services is here for (amongst many other services). We can help you do more to keep ransomware out, while also putting you in a better position should one get by. Did you know that businesses can now actually insure themselves to help prepare for the high costs that come from a ransomware infection?

You’ll also need to crunch some numbers to evaluate your ransomware risk. How much of a financial impact could a ransomware attack have overall? Are there any risks that could come from any third parties? Could you be considered a valuable target for an attacker, in terms of the financial gain they could anticipate or the amount of disruption they could cause? Do you have anything potentially making you vulnerable to these attacks?

Once you’ve covered these steps (and committed to revisiting them regularly as your situation changes), you need to prepare for the two scenarios we’ve referenced:

Keeping Ransomware Out of Your Business

Naturally, we want to keep ransomware out, which means there are some things you need to do. Keeping your protections—your antivirus, your parameters for your content filters, your firewalls, and everything else of the sort—up to date can reduce the number of threats you need to actively deal with by a considerable amount. It is also important that you keep your team equally up-to-date with the best practices and accepted responses on the chance that they spot a potential threat.

Minimizing the Damage Ransomware Can Do

Should a ransomware attack make it past all that, you need to be prepared to minimize its potential impact on you. Frankly, you’ll likely have to completely wipe your infrastructure, so you need to have an isolated and maintained backup. You know, just in case.

Ransomware is no joke, but neither are the services that you receive by working with NuTech Services. Our purpose is to do everything we can to prevent your business being hindered by a technology issue. Find out what we can do for your business specifically by calling 810.230.9455 today.

Jul, 2021

Unpatched Vulnerability Leads to Remote Factory Resets in Western Digital My Book NAS Devices

Imagine going to log into one of your devices only to find that it has been completely wiped of any files located on it. Furthermore, imagine trying to log into your online account to manage the settings of said device, only to find that the password you know is correct is being identified as incorrect. This is the experience that many users of Western Digital’s My Book NAS device are currently going through, and it’s suspected that it is all because of an unpatched vulnerability.

The device in question, the Western Digital My Book, is a network-attached storage device that gives users the ability to remotely access files and manage devices. This is notable, as they can do so even if the NAS device is secured with a firewall or router. Bleeping Computer reports that some users are unable to log into their NAS devices, the reason being an “Invalid Password.” Since the devices appeared to be factory reset, some users tried the default login credentials but had no luck accessing their devices or recovering their files.

After some investigation, users discovered that the devices received a remote command to perform factory resets. Bleeping Computer reports that this attack is an odd one in terms of remote command attacks, mostly because the device in question is secured behind a firewall and communicates exclusively through the My Book Live cloud servers to issue remote access. Therefore, it makes sense for some users to assume that Western Digital’s servers were hacked, although they do mention that it is strange that the attack deleted files rather than issuing ransoms, such as with other threats like ransomware which are designed to steal data or encrypt files.

Although Western Digital is investigating the attack, Bleeping Computer does detail a statement issued by the company, stating the following:

“If you own a WD My Book Live NAS device, Western Digital strongly recommends that you disconnect the device from the Internet. ‘At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device,’ Western Digital said in an advisory.”

These WD My Book Live devices have not received updates since 2015, so it’s unsurprising that a vulnerability surfaced. Still, this situation should be a reminder that it is beneficial to consider upgrading from unsupported devices to those that are actively receiving patches and security updates. That said, failing to administer patches and security updates as they are released is just as bad as using unsupported devices, so the responsibility falls on your shoulders to make sure that you are using technology that isn’t putting your organization at risk.

Need a Hand with Upgrading?

NuTech Services can help your organization take care of any updates to its technology infrastructure. Especially in today’s age of massive security breaches and considerable cyberthreats, it has never been more important to make sure that your network is protected in every conceivable way. To learn more about what we can do for your business, reach out to us at 810.230.9455.

May, 2021

When It Comes to Cybersecurity, Consider a Top-Down Approach

Cybersecurity is one aspect of running a business that absolutely cannot be underestimated in its importance. It doesn’t matter if you’re a huge enterprise or a small business; if you don’t take cybersecurity seriously, there is a very real possibility that your organization could be threatened in the near future. The easiest way to ensure your business’ continuity is to develop an internal culture of cybersecurity, and it starts from the top-down with you, the boss.

In the grand scheme of things, it does not matter how advanced or high-tech your security solutions are or how secure your passwords are. If your team members aren’t behaving with security at the top of their minds, your cybersecurity solutions will not yield the results you are hoping for. To this end, it is important to establish cybersecurity as a priority within your company’s culture.

How to Build a Culture of Cybersecurity for Your Business

Social proof, a concept that is mostly applied to marketing, can be a key component of implementing any type of lasting change in your organization’s cybersecurity culture. In essence, social proof refers to the idea that people can be convinced to think or act in a certain way based on testimonials of peers and colleagues. It’s easy to see how this can influence the workplace, but as is the case with most things in life, it’s not nearly this simple.

The key takeaway here is that the culture around your organization’s cybersecurity will mold around itself over time (if you give it time to do so).

Consider this scenario: a new employee just starts working for your company and is getting set up with network access, permissions, and everything else necessary for the position. If your organization’s cybersecurity culture is poor, the new employee’s coworkers might suggest they use the same username and password, a practice that is usually frowned upon. However, if this attitude is prevalent throughout the department, then it becomes the norm. This new employee then continues to spread the practice throughout the company as new hires are brought on, creating a systemic cybersecurity issue for your entire business.

Now let’s say that the opposite is true, and your employees instead reinforce good cybersecurity practices to all new hires. If company policies require that all passwords maintain a certain level of complexity and all staff are on board with this message of security, then it’s much more likely that new hires will move forward with security at the top of their mind.

It All Starts With You

There are several ways that you can organically infuse cybersecurity awareness into your business operations. Here are just a few of them:

Rather than simply having password policies in place, enforce them by only allowing passwords that meet these minimum requirements.
Access controls are important, but monitoring these protections on a regular basis is critical to identifying and addressing weaknesses or shortcomings.
Security onboarding is important but should also be reinforced periodically through a refresher course.

As the leader, your business’ employees will be looking to you to take the lead on security. By setting a good example, you can change your organization’s cybersecurity culture for the better. NuTech Services can help you with not only implementing security solutions, but reinforcing best practices that will foster the kind of culture you are looking for in your business. To learn more, reach out to us at 810.230.9455.

Apr, 2021

How Many Types of Cybercriminals Can You Name?

We’re all familiar with the idea that pop culture has cultivated in our minds about computer hackers, but as it happens, this impression is just one of the many shapes that the modern hacker can take. This kind of closed-off view is dangerously shortsighted, so let’s take a few moments to dig into the kinds of hackers there are, in ascending order of the threat they pose to your business.

The Heroic Ethical Hacker

It is important to acknowledge that hackers aren’t all bad—some are actually committed to using their skills to protect businesses from threats. By examining a business’ defenses from the perspective of a cybercriminal, the ethical hacker can help you identify vulnerabilities in your network infrastructure so that they can be resolved appropriately. These are the hackers that you hire for your own benefit.

The Accidental Hacker

It isn’t unheard of for someone to go poking around on a website—particularly if they stumble upon a preexisting issue on it. Unfortunately, this kind of poking can often result in them finding more than they bargained for. This kind of hacking has raised the question of whether such activity should be prosecuted if the person responsible reports what they have found back to the company.

Either way, what does it say about a business’ security if its website can be hacked accidentally? Such events need to be looked on as a warning to improve the protections you have in place.

The Pokey Curious Hacker

Just one step up from the accidental hacker, some hackers are fully aware of what they are doing and are just doing it to find out if they can. Meaning no real harm, these hackers are seeking little more than validation—or, in layman’s terms, bragging rights. Having said this, it is important to acknowledge that this variety of hackers is becoming rarer with the increased criminal accountability that such activities bring with them. Nowadays, hardware modification by means of single-board computers now occupy the time of those that would be interested in these kinds of activities.

The Scammy Networking Hacker

Adware—or a piece of software that hijacks your browser to redirect you to a website hoping to sell you something—is a real annoyance, as it wastes the user’s valuable time and energy. It also isn’t unheard of for otherwise well-known and legitimate companies to use it in their own marketing, despite the risk they run of having to pay regulatory fines due to these behaviors.

While the real damage that adware spamming can do may seem minimal, it is also important to put the nature of these efforts into perspective. An adware spammer will use the same tactics that other serious threats—things like ransomware and the like—are often spread through. If you’re finding your workstations suddenly inundated with adware, you are likely vulnerable to a much wider variety of threats than you might first assume.

The Strength-in-Numbers Hacker

Sometimes, instead of attacking you, a hacker will use your resources to attack another business. While this isn’t an attack against you, per se, it should still be seen as a threat, as it interferes with your business’ potential for success.

The attackers that do this use the resources they take over to generate something called a botnet—a network that can then be used to the hacker’s ends. For example, one only must look at the attack on the DNS provider Dyn, where a botnet was able to take down various major websites (including Facebook and Twitter) for several hours. These botnets often make their way in through unpatched vulnerabilities and breached login credentials.

The Political Hacker

Political activists are often seen in a positive light—and rightly so—but some activists use tactics that are decidedly negative in their nature. By deploying cyberattacks to sabotage and blackmail a company that they see as doing something wrong, a hacktivist often goes about doing good in a bad way. This kind of activity can be dangerous to your operations and to the cybercriminal alike, as law enforcement won’t take the motives behind a hacker’s deeds into account.

The Cryptocurrency-Seeking Hacker

The ongoing obsession many have with cryptocurrency right now has contributed to no shortage of attacks seeking to bring the attacker responsible an unfair leg up. While the concept of borrowing resources is not a new one—The SETI (Search for Extraterrestrial Intelligence) Institute, which is associated with NASA, once legitimately used a screen saver to borrow the CPU usage of the computers it was installed upon—cybercriminals now do a similar thing to help hash cryptocurrency for their own benefit.

With hardware costs rising and the intense utility demands that mining brings about, it is little surprise that such hackers will find a way to sidestep these demands for their own benefits.

The Gaming Hacker

While many may scoff at video games in general, it is important to keep in mind that the industry behind them is valued in the billions, with huge investments of both time and money put into the games it creates. Naturally, with such high stakes, it is only natural that some hackers set their sights upon it for their own gain. Such hackers will attack their fellow players to obtain in-game currency through theft or will even restrict their competition through denial-of-service attacks.

The Professional Hacker

A lot of gig work has been facilitated by the Internet and its capability to facilitate networking. In terms of cybercrime, this has allowed many people to act as a for-hire hacker, combining malware of their own creation with programs that they’ve found or stolen to offer their services to others. For a fee, these mercenaries will act on behalf of whomever pays, whether that’s a government seeking some separation from the deed or a business looking to sabotage their competition.

The Larcenous Hacker

Considering how much of life has been converted to digital, it should come as little surprise that crime has followed suit—after all, hacking someone is a lot less physically dangerous and potentially much more profitable than mugging them likely would be. As transactions have digitized, thefts and cons using ransomware and romance scams did as well to allow those less scrupulous to continue to profit from their actions.

The Business-Minded Hacker

Much like the professionals we discussed above, some hackers decide to turn their efforts specifically to the corporate world. By spying on documents and stealing data from one business, these hackers seek to sell this information to that business’ competitors for a healthy price. Fortunately, many businesses will report when a cybercriminal has approached them with such an offer, alerting the hacked business to the breach.

The Sovereign Hacker

At long last, we come to what many see as the biggest threat: the veritable militias composed of hackers that governments will assemble to actively interfere with and undermine the efforts put forth by other nations. These groups have been known to attack the political structure of opposing nations as well as the industries that these countries rely on, with the goal of having a leg up if hostilities were to arise between them.

The hack on Sony Pictures in retaliation for the satirical 2014 film The Interview was an example of an attack by a nation-state.

What Does This All Go to Show?

Putting it bluntly, this list should demonstrate that any individual impression of what a hacker is will not be enough to ensure that a business is prepared to deal with a cyberattack. Fortunately, NuTech Services can help. With our team of professionals following a lengthy list of best practices and policies, we can ensure that you are ready to resist a cyberattack when it comes.

To learn more about what we can do to protect your business, reach out to us at 810.230.9455.

Apr, 2021

What Makes a Ransomware Attack So Expensive?

Ransomware is no laughing matter, especially in terms of the costs it can impose on its victims—this is, after all, what ransomware is famous for. However, some of these costs can be derived from unexpected expenses and exacerbate the already significant issues that ransomware poses. Let’s go over some of the costs that you should anticipate, should you be targeted by a successful ransomware attempt.

Cost 1: Downtime

Perhaps unsurprisingly, downtime expenses make up most of the financial toll that a business suffers when successfully targeted with ransomware. Depending on the severity of the attack, a business could easily find itself taken completely out of action for days or even weeks. A survey taken in 2020 provided an estimated downtime span of about five days for an organization to completely recover, with another estimating an average of 21 days to resume operations.

This should be of serious concern to businesses, especially with the cost of such downtime rising precipitously. Data from Datto showed that downtime resulting from a ransomware attack can cost north of $274,200 (far more than the average ransomware demand totals).

Cost 2: Reputational Damage

Few things look worse for a company than having their customers’ data locked up—and presumably stolen, as we’ll get into later—so it only makes sense that ransomware can be immensely problematic for the impacted business’ public image. Surveyed consumers from numerous countries have said that they would take their business elsewhere if their data was rendered inaccessible or service was disrupted even once—with 90 percent strongly considering a business’ trustworthiness before becoming a patron and just over half avoiding companies that had experienced a cyberattack within a year prior.

This is a serious issue… particularly with groups popping up that are now collecting and sharing the data that companies have lost in a breach as part of a purported effort to improve transparency.

This means that a company seeking to protect itself will need to approach these issues on two fronts—not only avoiding successful attacks over time, but also putting themselves in a better position to react and get a handle on any that come later. As time goes on, this will be even more important for a company to enable.

Cost 3: Upgrade Costs

While there are truly few benefits to experiencing a ransomware attack, it can at least motivate a business into making the necessary upgrades to protect themselves from that point on. However, these kinds of upgrades don’t come cheap.

After all, these upgrades should equate to far more than just a fresh coat of paint. We’re talking about something akin to a comprehensive overhaul from the bottom up just to ensure that whatever vulnerability—software or otherwise—allowed the attack access has been identified and resolved. As one might imagine, these circumstances aren’t cheap for the business, adding to the burden that a cybersecurity event imposes.

Cost 4: Layered Extortion

We aren’t going to lecture you once again by defining ransomware and all that. What we are going to do is pose a simple question:

Let’s say that you are infected, and to keep your data from being deleted, your business elects to pay up. However, what guarantee do you have that the cybercriminals will keep up their end of the bargain and release the data they have encrypted, rather than keep it or share it on the Dark Web?

Frankly, you don’t—and knowing this, many cybercriminals have begun to steal data before encrypting it, adding the idea of data exposure to their target’s list of concerns. Class-action lawsuits are a real possibility if a business’ entire client list were to have their personally identifiable and sensitive information disclosed online.

Cost 5: Price of the Ransom

Finally, we come to the cost of the ransom itself. While one might expect just biting the bullet and paying for the return of a business’ data would be a less costly option than it would to completely restore a business’ infrastructure from scratch, this isn’t the reality.

Who said the cybercriminal had to return it in its original condition, after all?

Taking this factor into consideration (as well as the costs that come with recovering and restoring this data after the fact), it actually turns out that paying the ransom is far less cost-effective than just restoring data from a backup.

Protecting Your Business Against Ransomware in the First Place is the More Cost-Efficient Option

So, it is safe to conclude that the only reliable means of protecting your business and its data against ransomware’s ill effects is to proactively prepare for its eventuality. NuTech Services is here to help see you through it with our comprehensive data backup and continuity services, as well as the security we can assist you in implementing. Find out more by reaching out at 810.230.9455.

Jan, 2021

What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

The U.S. Department of State
The U.S. Department of the Treasury
The U.S. Department of Homeland Security
The U.S. Department of Energy
The U.S. National Telecommunications and Information Administration
The National Institutes of Health, of the U.S. Department of Health
The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at NuTech Services to get an assessment and a consultation. Call us today at 810.230.9455 to get started protecting your network, infrastructure, and data.

Oct, 2020

Clearing the Ethical Hurdles of Employee Monitoring

Employee monitoring—the practice of keeping an eye on your employees and their computer activity during work hours—isn’t exactly a new practice. However, with remote work suddenly seeing a huge boost in popularity, many businesses have sought to confirm that their workers are spending their work time as productively as possible. If you do choose to go this route, however, it is important to be aware of the lines that you cannot cross.

Monitoring Employees Without Their Knowledge

We figured it would be most appropriate to discuss the no-go option first, which would be to start monitoring your employees without their knowledge or consent. As you would imagine, this is the shadier side of the monitoring spectrum, and is actually illegal in most cases. Unless you have reason to believe an employee is actively acting out and are investigating them, you are not allowed to use monitoring software to keep an eye on your team without telling them.

So, as much as I hate to have to say it, don’t do that. Instead, inform your team of your intention to monitor their systems, what you will be monitoring, and—most crucially—why. This is the real key. Transparency is the most important thing to have with your employees. Studies have even shown that this kind of transparency makes your team more comfortable with these kinds of arrangements.

Monitoring Employees While They Aren’t Working

Again, with so many employees working remotely, it may be tempting for many employers to just continue monitoring these devices even after work hours have ended. It’s one less thing to worry about that way, right?

Wrong.

What if the employee ends their day or takes a break, and decides to log into their bank account to check in on their finances? You could easily capture sensitive information without meaning to, putting you on the hook in the legal sense. To avoid this, you have a few options you can exercise. Your first option is to simply ban employees from using work technology for personal matters. Your second option is to enable your team members to turn off the monitoring software when they are not actively working.

Not Making Use of Your Monitoring Data

A big part of ethically monitoring your employees comes down to your intent, your motivation for doing so. Are you looking to improve productivity by identifying inefficiencies and bottlenecks? Great. Are you ensuring that there are no data leaks that need to be mitigated? Fantastic. Are you simply using it to make sure that your employees are at their desks working? There are better ways to account for that.

Employee monitoring should always be a means, not the end. Whenever you implement it, it needs to be in service of a specific goal. When used in this way, and not just because you want to keep a closer eye on your team, it can bring some significant benefits.

NuTech Services can help bring these benefits and more to your operations. To find out how our team can help you implement and manage the technology your business needs supporting it, give us a call at 810.230.9455 today.

Jul, 2020

Are Macs Inherently More Secure than PCs?

It has long been assumed that computer viruses are a Windows operating system exclusive, that Macs are immune from these issues. Let’s examine the validity of these assumptions, and how much you need to be invested in your technology’s protections.

Spoiler Alert: Macs Do, in Fact, Get Malware

Not to be juvenile about it, but duh. A computer produced by Apple can just as easily be infected by malware and ransomware, just as they can also experience any of the other problems that a PC user would. Hardware failure, slowing with age, crashes, data loss—these and so many other issues can be seen in a Mac.

So, where do we get the widespread opinion that Macs are somehow immune to the issues that Windows devices suffer from?

In short, advertising. Over the years, Apple has had some brilliant advertising campaigns behind it, from the classic “1984” ad that ran during Super Bowl XVIII to the brief clip of John Malkovich talking to Siri. One particular campaign, however, helped to really push the idea that Macs aren’t susceptible to computer viruses.

The “Hello, I’m a Mac” campaign starred John Hodgman as the beleaguered PC, constantly coming up short when compared to Justin Long’s Mac in a total of 66 spots. One of the most famous of these bits outlined how Macs didn’t have to worry about viruses—amongst many, many others over the four years that these ads ran.

In all fairness, these ads were truthful enough. Massive amounts of new viruses are created to attack the Windows system each year, many of them leaving Macs unimpacted. While in fairness, Macs do get viruses, there are far more variants out there that target PCs.

The question is, why?

There are Far More PCs Than Macs, for One

Back in 2018, there was only one Mac for every ten active PCs online. Therefore, if about 90 percent of computers run on Windows, it only makes sense that there would be more viruses focused on Windows.

PCs are the predominant choice for businesses and industries, schools and universities, and home users alike.

To be fair, there isn’t really anything inherently wrong with Macs. Apple’s laptops and desktops are very capable devices. The difference comes from third-party developers. Many business-oriented core applications just don’t have Mac versions, and Apple doesn’t have the low-tier hardware options that are available with the Windows platform. So, when your billing department and your video department have very different needs, there isn’t a reason for you to spend the amount that a high-end Mac costs when a mid-range PC would do the job.

At the end of the day, a Mac and a PC at the same price tier are going to be effectively the same. The big difference is your preference and what your business works best with. Of course, we also have to say that Macs can have some difficulty integrating with a network designed for the PC and the software that most businesses prefer to use.

Mac Users Aren’t Off the Hook

While the fewer number of viruses targeting them has made it seem as though a Mac is the more secure choice of computer, the environment is changing. Malwarebytes recently reported that Mac malware is outpacing PC malware for the first time. The report also states that, between 2018 and 2019, threats to Macs increased by 400 percent.

Of course, it should also go without saying that the type of computer one uses shouldn’t impact that person’s security awareness and hygiene. Macs and PCs alike need to have antivirus and other protections installed, secured by strong passwords by users who understand that risk has no brand loyalty.

At NuTech Services, we are very aware of the importance of your business’ security and can assist you in protecting your endpoints and educating your users. To learn more about what we can do, reach out to us by calling 810.230.9455.