20
May, 2016
innocent_mistakes_400.jpg

How an End User Might Accidentally Undermine Your Security: 10 Innocent Mistakes

innocent_mistakes_400.jpg

If you’re like every other small business out there, you know that the more employees you hire, the more technology that you have to procure. However, when you have more end-users, you provide more avenues for threats to slip into your network infrastructure unnoticed. When all it takes is one simple mistake from a single end-user, how can you minimize the chances of falling victim to an untimely hacking attack?

We’ve put together ten honest mistakes that any end-user can make, and how they can be prevented.

  • Clicking on malicious links: With so much information on the Internet, it’s easy for an employee to search through countless pages without any regard to the sites and links that they’re clicking on. You need to emphasize the importance of safe browsing, including double-checking the destination of a link before clicking on it. You can do so by hovering over the link and looking in the bottom-left corner of your browser.
  • Using weak passwords: Employees frequently use passwords that aren’t strong enough to keep hackers out. Often times, they’ll simply use something of personal significance, like the name of their pet or a specific date. This isn’t the right way to approach password security. Instead, users should attempt to put together passwords that are private, randomized strings of numbers, letters, and symbols.
  • Ignoring mobile security: Even if your company has the latest and greatest security solutions installed on its desktops, you should also be thinking of your mobile devices, like smartphones and tablets. It’s arguably more important that your mobile devices have solid security solutions implemented on them, as they are often on the road, connecting to potentially dangerous hotspots. You need to make sure that security is a top priority in your Bring Your Own Device (BYOD) policy.
  • Accessing sensitive data through unsecured connections: If your employees are using the local café’s free wireless Internet to get some work done on their lunch break, it could be a dangerous gambit. Public Wi-Fi hotspots are notorious for being cesspools of online threats. Implementing a virtual private network (VPN) can be a handy investment that can encrypt data while it’s in transit, mitigating this risk somewhat.
  • Losing unencrypted devices: It’s not unheard of for an employee to use company devices in public places. If they accidentally leave their smartphone on the bus, or their tablet on a park bench, there’s always the risk that it can be stolen. Unless you practice proper encryption protocol, any information available on the device can be accessed by the person who finds it, be it a good samaritan or a tech-savvy thief.
  • Implementing unapproved solutions: Some employees simply prefer to use solutions that aren’t provided by the company to get their work done. The problem here is that the employee is moving forward without consulting IT about it, and that your data is being used in a solution that you can’t control. Plus, if the employee is using free or open-source software, these often come bundled with unwanted malware that can put your data in even greater peril.
  • Targeted business email scams: Phishing and spear-phishing attacks are growing more common. One example of this is an HR employee checking their inbox to find what looks like a job application or employment inquiry. All of the right information is there and nothing appears out of the ordinary; that is, until a malicious link contained within it starts to download malware or other nasty threats to your infrastructure. Other types of phishing attacks will ask end-users to confirm personally identifiable information or sensitive account credentials. Educating your team on how best to identify phony email messages is imperative to keeping your network secure.
  • Personal email use: It’s one thing to check your personal email account while at work, but another entirely to use your personal email account to perform work purposes. As the recent debacle with Hillary Clinton shows, people don’t take kindly to sensitive information being leaked via an unsecured email server that their organization has no control over. Add in the fact that personal email accounts are often not as secure as those in a professional productivity suite, and you have a recipe for disaster. You need to reinforce that your team should keep their work and personal email separate.
  • Leaving workstations unattended: Besides the fact that some tech-savvy employees are practical jokers, it’s a security risk to leave a workstation unlocked and unattended for long periods of time. Imagine if someone from outside of your organization walked into your office and accessed confidential files without authorization; that’s on the employee who got up and left the device unattended. Encourage your employees to always log off of their workstations, or at least lock them, before stepping away from their computer.
  • Using external storage devices: Your organization should only be using IT-provided USB devices and external storage. Otherwise, anyone with a random flash drive can connect it to your network, unleashing a horde of who-knows-what into your infrastructure.

User error is a primary cause for concern among businesses, but it can be mostly avoided by providing your staff with the training required to do their jobs properly. For more information about IT best practices, give us a call at 810.230.9455.

18
Nov, 2015
b2ap3_thumbnail_more_PC_mistakes_400.jpg

Tip of the Week: Every PC User Should Know NOT to Do These 3 Things

b2ap3_thumbnail_more_PC_mistakes_400.jpgKnowing how to properly use your PC is key to its longevity. Therefore, you should never take for granted basic PC best practices. Here are three basic PC best practices that are easy to overlook.

Don’t Plug Your Computer Equipment Directly Into an Outlet
While it’s likely that you plug a variety of your electronics directly into your outlet, you shouldn’t do this with computer equipment. The problem here is that electricity coming directly from outlets can fluctuate. For example, this is why your building’s lights may randomly get dimmer and then brighter. While your light bulbs can handle these power fluctuations, your computer equipment cannot; and it may lead to irreversible damages.

Instead, be sure to plug your equipment directly into a surge protector. This is a simple power strip that can be found at most any store. Though even a cheap power strip is better than no power strip, a basic power strip will not protect your PC as well as a heavy-duty one. Therefore, it’s worth it to drop some extra cash on a power strip that’s rated to protect your equipment from surges, instead of one that’s designed only to provide you with extra outlets.

For the best solution to these power surges, consider an Uninterrupted Power Supply (UPS). This is a device that both restricts surges in electricity, as well as provides additional power during a surge’s low point.

Don’t Click Next or Ok Without First Reading
Granted, it’s unreasonable to expect someone to read every word of every software agreement, but at the very least, you should skim it over to have an idea of what you’re agreeing to. It may be the case that a shady third-party software company is trying to pull a fast one on you. ComputerHope.com explains:

It is not uncommon for new users to click Ok or Next without reading what they are agreeing to and not making sure there are no check boxes still checked. Make sure you read every prompt before agreeing, or you may be agreeing to install new browser toolbars, a program you didn’t intend to install, or other crapware.

Don’t Open Unknown Email Attachments
A quality spam filter will go a long way to prevent a PC from getting slammed with a virus or malware. However, even the most secure system can be compromised if the user makes the mistake of downloading something that they shouldn’t, like a corrupted email attachment. Viruses that spread through email attachments are among the most common ways that computers become infected. In order to trick you to download the dangerous attachment, hackers will disguise the message as originating from a trustworthy source, like your bank, your hospital, a parcel delivery service, a resume, and much more.

As a rule, never download an email attachment unless you’re absolutely sure of the source, and if something seems sketchy, it probably is. Remember, if the email appears to come from a legitimate source, then you can always call the sender using the phone number that you have on record in order to confirm the message. If your source admits to not sending you the message, then you know it’s a scam.

By following these three best practices, you’re sure to save yourself the headache (and expense) of dealing with PC performance issues. Knowing how to properly use a PC is the best way to prevent issues and breakdowns. To learn more PC tips and best practices, subscribe to NuTech Services’s blog and give us a call at 810.230.9455.