Are you really secure? Download our Ebook

Blog

Social media at work what could go wrong

Social media at work...what could go wrong?

As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data.

Make someone accountable

The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything--from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests.

Train your employees

Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of them, but you also need to train other employees who are not on your social media team as they could be a weak link that a cybercriminal could exploit to reach your business. Seems far fetched? Not really. A lot of people trust their ‘friends’ on social media and also unwittingly share a lot of information, which can be used to hack their personal accounts and devices, which in turn, may act as a gateway to your business. Teach your employees about general social media best practices in terms of security and also educate them about the privacy settings they can use to ensure there data is shared with trusted individuals only.

Take the necessary security measures

Make sure the devices you use to access your social media accounts are protected with firewalls and anti-malware tools and all security updates and patches are up-to-date.

Password hygiene

Practice good password hygiene and encourage your teams to do the same. That means no password sharing, no sequential letters/numerals, no obvious words or numbers as your social media account password.

Frame a social media policy

You should also frame a social media policy that spells out the dos and don’ts of social media that everyone in your organization should follow. This is important from various perspectives as employee’s statements on social media may be perceived as a reflection of your business’s values, whether you like it or not. This can make your business a target of cybercriminals and lawsuits.

Putting your business out there on the social networking sites gives your brand a lot of exposure, presents paid advertising opportunities and even helps you build and manage customer relationships, but as discussed, it can be tricky to navigate in terms of security. Businesses may find it overwhelming to manage their social media security strategy all by themselves can reach out to a managed services provider. An MSP with experience in social media security can be a valuable asset in helping you build a strong social media security strategy.

Multi-Factor Authentication 101

Multi-Factor Authentication 101

You have probably already come across the term multi-factor authentication. The concept is not new, but has caught on really quick of late. In this post, we will discuss what multi-factor authentication is and why you should be adopting it.

What is multi-factor authentication?

Multi-factor authentication is basically the use of more than one credential to gain access to data. It is a combination of multiple access credential types. For example, instead of gaining access to an email account by just typing your username and password, you will be asked to further verify your identity by entering some other information, such as a pin or a one-time password (OTP) that was sent to the phone number linked with the email address you are trying to log into.

Why do you need multi-factor authentication?

Multi-factor authentication offers an additional layer of security. Simple access control measures such as logging in with user ID and password are increasingly being breached by cybercriminals because no matter how much we condition ourselves to follow good password hygiene, sometimes, we slip up. Have you ever been guilty of

  • Writing down your password so you don’t forget it

  • Sharing your password with someone just to get the work done faster

  • Used the same password for multiple accounts just because it is easier to remember

  • Creating a password that was obvious/easy to figure out. Examples include your date of birth, numbers or letters in sequence, your name, etc.,

Multi-factor authentication can help prevent cybercrimes that happen due to leaked/hacked passwords.

How does multi-factor authentication work?

The working of multi-factor authentication depends on a combination of the following 3 elements.

  • What you know

  • What you have

  • Who you are

The user has to prove their identity by answering the questions related to each of these 3 elements. User IDs, passwords, secret questions, date of birth, etc., fall in the first category (What you know), while OTPs sent to your smartphone, a physical token or an access card belong to the second category (What you have) and the third category (Who you are) includes biometric authentication such as retina scan, fingerprint or voice recognition.

Multi-factor authentication is no guarantee of data safety, but it certainly reinforces your data security. While there are tools available in the market that you can purchase and deploy, you could also connect with an MSP to help you implement multi-factor authentication across your network smoothly.

Why MSP relationships fail

Why MSP relationships fail

A lot of SMBs opt for managed service providers who can help handle their IT requirements, and for the most part, it works well. Almost everyone knows the benefits of having a MSP manage your IT. Increased cost savings, ability to focus on your business without worrying about IT, better IT support and expertise, and so on. But, there are times when the managed IT services model fails, leaving business owners to wonder what went wrong. This blog discusses some key reasons why MSP relationships fail.

You didn’t do a reference check

Did you just pick the first MSP you found on the Google search? Did you just go by the presentations they gave you, or the information on their website? Always remember to ask your MSP for references. Talk to someone they work with and get feedback.

They don’t have enough staff

If your MSP is short of staff, they won’t be able to give you the attention you need. One of the biggest advantages of bringing an MSP onboard is having someone who proactively manages and monitors your IT requirements-- something you cannot do without a full fledged IT department. So, it is important that your MSP is well-staffed.

They are not experienced enough

Before you bring an MSP on board, make sure you pay attention to how long they have been in business. This is important because the whole idea behind hiring an MSP is to leverage their knowledge and expertise. Secondly, someone who has been in the business for quite some time is more likely to be able to scale with you as you grow.

They said they will be there, but...

You want your MSP to be available 24/7, because with IT, you never know when the problem will arise. Not only should your MSP be proactively monitoring your IT infrastructure to ensure everything runs smoothly, they should also be able to resolve IT problems when they happen--time and day notwithstanding, so that your business is back up and running as soon as possible.

They are not able to provide you with all that you need

Sometimes, as you grow, your IT needs change. You may need much more support and new technologies that you didn’t think you’d need earlier. In such cases, if your MSP is not able to grow and scale with you, then the relationship won’t work.

When choosing an MSP, think of the whole process as a partnership, and not a one-time deal. When you look at the relationship as a long-term one, you are more likely to consider all the factors that go into making your relationship with the MSP work in the long run.

3 things to do when looking for an MSP

Do your homework: 3 things to do when looking for an MSP

Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one.

Figure out what you have already

The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea.

Figure out what you need

This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you want to add on or remove from your existing IT infrastructure? Are your servers too slow? Do you want to switch to the Cloud instead of traditional services? Do you want a Unified Communications set up instead of your current PBX phone line? Do you want to shift to a work-from-home model and need the infrastructure to support that?

Do your research

Now that you are clear about what you have and what you need, start doing your research. If you have an in-house IT team, you can ask them to evaluate the various options that can help you reach your goal. If not, then there are plenty of resources available online for SMBs that help with tech questions. https://www.sba.gov/learning-center is one great resource and a Google search will get you more.

As a part of this research, you should also make a list of credible MSPs in your area and learn more about them. A Google search can help you with that, but it would be even better if you reach out to a couple of your peers requesting them to refer you to their MSPs, if they have one.

Hiring an MSP means trusting them with your IT infrastructure, so it is very important that you have a clear understanding of what you really want and need, so you can share your expectations with your new MSP. This transparency and clarity goes a long way in determining the success or failure of your relationship with the MSP.

5 Lesser known benefits of choosing the co-managed IT model

5 Lesser known benefits of choosing the co-managed IT model

Even companies with IT staff on their payroll can’t deny having an MSP onboard offers benefits that exceed what they get from having just an in-house team. This blog explore 5 lesser known reasons why the co-managed IT model is popular.

An extra hand during emergencies

In the event of any unforeseen emergency such as a natural disaster or a terror attack, you may need additional IT support to get things up and running again. Your IT team may not be able to do it all instantly and of course adding to your IT staff wouldn’t be an option during such times. In a co-managed IT services model you will have your MSP to support your IT team which will help you recover faster.

Especially useful when you have a small in-house IT team

For a lot of SMBs, an in-house IT team comprises one or two IT technicians who take care of all their IT needs. But what happens when they are both out of office at the same time, due to unforeseen circumstances? You can only cross your fingers and hope no major IT problem comes up. But, in the co-managed IT services option, your virtual IT team is just a call away!

24/7 Support

24/7 IT support is a luxury for most SMBs. Their in-house IT staff usually works the same hours at the business. Most managed service providers, however, offer 24/7 services at affordable costs.

You still retain control over your IT

In a co-managed services model, you are not completely entrusting your IT to an MSP, as your in-house IT team will be collaborating with your managed services provider to meet your IT needs better. Thus, you retain quite a bit of control over your IT.

You get useful IT insights

When you bring an MSP onboard, you benefit from their expertise and on-ground experience. They can advise you on the latest IT trends in your industry and help streamline your processes and IT infrastructure based on what’s effective. This kind of insight cannot be gained with an in-house IT team as they would only be working with you.

Co-managed IT model is not replacing your IT team with an MSP. It is augmenting your existing IT support setup with an MSP and leveraging their expertise to bring thought leadership IT strategies into your organization.

four reasons to opt for the co managed it services model

Four reasons to opt for the co-managed IT services model

Co-managed IT services model is one in which the business has its own IT team, but still contracts with an external managed services provider for certain services. In this blog we discuss four benefits of a co-managed IT services model.

Expertise

Your in-house IT team may not have all the expertise needed to manage all your IT requirements. There are new developments happening in the tech space everyday and an MSP is better positioned to stay up-to-date with them as IT is their business.

Flexibility

Opting for a co-managed IT services model allows you the flexibility to scale your IT up or down based on your business requirements. This is especially useful for companies that experience seasonal spikes in their business, such as CPA firms, around taxation times, or retail businesses around the Holidays. You don’t have to hire new IT staff to handle the sudden extra load on your IT.

Lower costs

Choosing a co-managed IT services model saves you costs that you would otherwise incur when hiring new IT staff. Bringing someone on your payroll involves HR expenses including health insurance, 401 (k) etc., which can be avoided when bringing an MSP onboard.

Help your IT team focus better

Research indicates that in companies that have an in-house IT team, their IT specialists are so caught up with the day-to-day IT tasks that they don’t have the time to focus on new technology. Tasks like security patches, software updates, backups etc., keep them busy, so they don’t get time to research or learn about the latest on the tech front. This defeats the purpose of having an in-house IT team, doesn’t it? If you could have your MSP take care of the mundane IT routine, you will be enabling your in-house IT technicians to focus on new technology, which will help you become more efficient as a business.

If you already have an in-house IT team, it is not unusual to think you don’t need the services of a managed services provider. But, as you can see, co-managed IT has its advantages and you shouldn’t strike an MSP off your list completely just because you have your in-house IT technicians.

Best practices for data safety in a remote work environment

Best practices for data safety in a remote work environment

Do you have staff working from home? Of late, due to the Coronavirus crisis a lot of businesses shifted to the remote working environment. While it raises some data security concerns, they can be overcome by following a few best practices.

Formulate rules

You can start by formulating rules that define the extent and manner in which personal devices may be used for work purposes.

  • Who are allowed to use personal devices for work?

  • Spell out the regulations that they must follow. For example, regular checks for malware and updates to anti-malware software, etc.,

  • If there are restrictions to the device type, software or operating systems that may be used, out of security concerns, then that should be addressed.

Focus on the 2 Ts of cybersecurity
  • Train your staff: The first T is training your staff on how to identify IT threats and cybercrime activities that they can be a victim of. Examples include phishing emails, dubious attachments, clone sites, etc., Another area to train your staff is free/public wifi. They need to know that public wifi can be a gateway for hackers and cybercriminals into your system. Accessing emails from the airport’s waiting lounge or the mall’s food court, can expose your business to IT threats.

  • Teach good password hygiene: This is the second T. Help your employees understand how important password strength is. They should be able to identify weak passwords and steer clear of them. Also, they need to know that no matter how urgent the situation seems, password sharing is not acceptable. Similarly, mistakes such as repeating the password for multiple accounts, not changing the passwords frequently, etc., can make a cyber criminal’s job easier.

Keeping things under control

You can conduct monthly audits of the devices your employees will be using for work purposes. Arrange for regular security patch implementation, firewall installation and software updates. Install quality anti-malware software, firewalls, and make sure email security systems are in place. Even in the remote environment, you can ensure appropriate data access through role and permission-based access control measures.

All of this may seem new, and tedious, especially for businesses that are looking to recover from the effects of the on-going pandemic, which is why it is a good idea to team up a managed services provider to help set up a strong, secure, work-from-home environment for your business.

How safe is your data when your staff works from home

How safe is your data when your staff works from home?

The Coronavirus crisis has changed the world as we know it. With social distancing, lockdowns and work from home becoming the new normal, cyber criminals are exploiting the situation to their gains. This whitepaper discusses how the cyber crime landscape is likely to shape up in the post-pandemic world and how businesses can safeguard themselves against it.

One of the reasons for a sudden spike is cyber crimes is the work-from-home model that is increasingly becoming the norm. When you allow remote access to your data, you are virtually opening your IT infrastructure to criminals--unless you have the right security measures. It is easy for malware and hackers to get into your system and corrupt it unless you have the right measures in place.

With employees operating from home, there are a lot of loopholes that cyber criminals target. Some of them include

Lack of knowledge

Most employees don’t realize how their simple actions or non-actions can contribute to a cyberattack that can bring your whole business down. For example, they may unwittingly end up compromising on your business’s data security by sharing passwords, not using a good antivirus software or using the public WiFi to access their emails, etc.,

It is more difficult to oversee IT operations

With teams working remotely, it is difficult for businesses to manage their IT efficiently. Installation of security patches, anti-malware tools, data backups, etc., are all more difficult now.

Working from home offers businesses a lot of benefits in terms of cost savings, employee satisfaction and flexibility. But, it also raises a lot of questions from the IT security perspective. When opting for the work-from home model, it is important to clearly define the IT policies and put them into practice. You could partner with an MSP who specializes in cybersecurity and remote workspace management to help you formulate a safe, remote working environment.

4 things to do to ensure your business continuity planning is a success

4 things to do to ensure your business continuity planning is a success

Working on creating a contingency plan for your business? That’s great! Here are 4 things you need to consider when preparing your new business continuity plan.

Audit of your business continuity plan

Having a business continuity plan alone is not enough. You need to audit it at regular intervals to ensure it is up-to-date and relevant. Often, business continuity plans aren’t used for years, and may be obsolete or irrelevant by the time an actual emergency occurs.

Creating a team for business continuity

Constitute a team for your business continuity project. Decide who will take ownership of implementing the business continuity in the event of an emergency. Break down the business continuity plan into smaller elements and decide who is responsible for each of them. Also, remember to designate a back up for each person in the team.

Mock Drills and Dry Runs

After your business continuity plan is ready you need to check if it really works. A dry run will tell you if it is really effective and also point out to loose ends, if any, that you can fix before the actual emergency.

Don’t forget a debrief

In case you do end up using your business continuity plan, make sure you do a debrief. It will help you determine the effectiveness of your business continuity plan. The brief should focus on identifying the losses you incurred from the disaster, the time taken for implementation of the business continuity plan, the key positives of implementation of your business continuity plan and also offer suggestions, if any for improvement. Irrespective of the size of your business, business continuity planning is indispensable. Bigger companies often have their own staff (IT as well as non-IT) for business continuity planning, but for SMBs to have their own business continuity planning team can be a bit of a strain on their resources. Consider teaming up with a MSP who is experienced in disaster recovery planning, so you don’t cut corners now to regret later.

essentials of a business continuity plan

What are the essentials of a business continuity plan?

An unexpected emergency can wipe out your business! A business continuity plan can help it survive. But, what should a good business continuity plan cover? Read this blog to find out.

A list of your key contacts

One of the most important elements in your business continuity plan is a list of all your important contacts who should be informed of the disaster. This can include all your C-level execs, HR managers, IT Manager, client facing managers, etc.,

A comprehensive list of your IT inventory

Your business continuity plan should contain a list of all the softwares, apps and hardware that you use in the daily operations of your business. This list should identify each of those as critical or non-critical and mention details pertaining to each of them such as

  • The name of the app/software

  • Version/model number (for software/hardware)

  • Vendor name and contact information for each of them

  • Warranty/support availability details

  • Contact information for customer support for these hardware/apps

  • Frequency of usage

Backup information

Data backups are critical to your disaster recovery and so your business continuity plan should include information about data backups. It should mention how often data is backed up, in what formats and where. It should also mention what data backups are available--ideally, you should be backing up ALL data already!

What’s your Plan B?

Make sure your business continuity plan lists a backup operations plan that will come into play in the event of a disaster. Examples include alternative workflows such as options to work remotely or to allow employees to bring their own devices to work (BYOD) until the time regular business premises or systems are ready.

Floor plans and location

Your business continuity plan should also include floor plans of your offices with the exit and entry points clearly marked up, so they can be used in the event of any emergency. It should also mention the location of data centers, phones, key IT systems and related hardware.

Process definition

Make sure your business continuity plan defines the SOPs to be followed in the event of an emergency.

Think business continuity planning is too complicated? Don’t give up! A lot of SMBs, don’t create a business continuity plan thinking it is too much of a hassle. But this can prove fatal to your business later. A qualified MSP can help you understand business continuity planning and even help you create a business continuity plan that’s best suited for you..

business-continuity-planning

3 Reasons to prepare a business continuity plan if you haven’t done so already

A business continuity plan is the blueprint you need during an emergency to keep your business running smoothly. If you don’t already have one, here are 3 key reasons why you should focus on creating one ASAP.

It helps retain clients

As a business, if you have problems functioning, it will definitely affect your clients. For example, if your servers are down or your supply-chain mechanism is affected or your delivery process breaks, you won’t be able to fulfill your promise to your clients. Even worse, in some situations you may not even be in a position to communicate about the crisis to your clients adding to their frustration. A business continuity plan addresses these issues beforehand and can help reduce client dissatisfaction.

Salvaging brand image and reputation

There are certain events that end up affecting only your business. For example, ransomware attacks, virus attacks, data leaks, etc., Having a business continuity plan that caters for such events can be a blessing in times of such crisis.

Minimizing revenue loss

A business continuity plan can minimize the revenue losses that occur as a result of a crisis that interrupts your business operations.

In short, a business continuity plan helps minimize the impact of the crisis on your client relations, your brand image and your revenue by equipping you with a plan to handle the situation better.

business-continuity-planning

Business continuity planning: A must-have, not a luxury

Business continuity planning is not an alien concept anymore. In recent times we have witnessed a lot of events that only serve to further intensify the need for business continuity planning. Examples include natural calamities like hurricanes, floods, wildfires, events like terror attacks or even pandemics like the recent Covid-19 outbreak.

While a business continuity plan cannot completely safeguard your business from all these events, it can certainly minimize the damage inflicted on your business. Top business consultants urge their clients to develop a business continuity plan as they consider it a part of the best practices for running a business. A business continuity plan can make the difference between survival and shutdown of a business during a crisis situation.

What is business continuity planning?

Business continuity planning is the process of creating a blueprint that helps your business respond and recover effectively from an unforeseen mishap. As discussed before, the unforeseen event could range from natural disasters to pandemics, or even accidents that affect just your place of business like a fire or even a cybercrime attack directed at your business in particular--basically, any event that can paralyze your business. A business continuity plan serves as a step-by-step guide that you can follow during an emergency to keep your business running smoothly.

True, a business continuity plan is not a sure shot method to survive a crisis, it won’t instantly eliminate the impact of the disaster, but it gives you the best chances of survival. If you are not sure of what a good business continuity plan entails , you can reach out to a reputable MSP to help you with the preparation and implementation of one.

Microsoft Gold Partner, I.T. Responsive Joins Best in Class Managed Service Provider, New Charter Technologies

Bringing Enhanced Value and Capabilities for Employees and Clients

(Palo Alto, CA) June 7, 2021 – New Charter Technologies, a portfolio company of Palo Alto-based private equity firm Oval Partners, announced the partnership of I.T. Responsive. Located in Santa Ana, California, I.T. Responsive leads the market as a Microsoft Gold Partner, providing best-in-class solutions and project services to clients. With over 20 years of experience, the team is focused on helping small and mid-sized businesses get a quantifiable return on their technology investments.

New Charter Technologies CEO, Mitch Morgan is excited to have the company join the growing roster of North American MSPs. “We are so excited to welcome Chance Weaver and the team at I.T. Responsive. Chance brings vision, passion, and expertise to our Microsoft Practice, as we drive Digital Transformation for our clients. The expertise and experience of the team is a great addition to New Charter.” Mitch explained.

Chance Weaver, the CEO of I.T. Responsive, was intrigued by the New Charter partnership opportunity because it offered the company the ability to maintain their brand and operations model while also leveraging a peer network for resource sharing and collaboration. “The ability to work inside of a larger organization increases our growth and efficiency. There’s an incredible opportunity for shared services and best practices that we can do much better collectively than we could do alone.” In particular, I.T. Responsive is a Gold Managed Microsoft Partner and brings extensive experience, certifications, and specialization to the entire New Charter platform. As a result, companies can now offer clients a broader array of services and expertise across various industries.

The Oval Partners and New Charter Technologies business model is focused on building a caliber of business that the IT industry hasn’t yet seen. The strategy is revolutionary and changing the standard in which the industry operates.

Here are the five pillars that make up the foundation of New Charter:

  • The platform partners with business owners who are not sellers but rather looking for an opportunity to continue what they’re doing and having a financial partner for further investment.

  • A team of business owners to partner with for the sharing of new ideas and industry best practices to accelerate their business forward.

  • The foundation of the model is centered around the idea that the Managed IT industry is a “people-business” requiring a local touch and should not be consolidated in order to build upon success and reach new growth and service delivery levels.

  • The partners who make up the New Charter banner are high growth and high margin businesses who share a common set of cultural and business objectives.

  • The owners are the Leadership team and are collaborating and strategizing in a way that has never been seen in the industry.

According to John Knoll, Co-Founder and Managing Director at Oval, “I.T. Responsive brings a new, complementary geography to our platform and as a Gold Managed Microsoft Partner, an ability for New Charter to drive further innovation for our customers. Chance and the team will be a great addition to our organization.”

I.T. Responsive is excited to begin tapping into all the benefits this new partnership has to offer for the company, its people, and its clients. “I’m incredibly excited to be part of this partnership and have the ability to offer more growth opportunities to my team.” explains Chance.

About I.T.Responsive

Founded in 1998, I.T. Responsive began with a mission to help small and mid-sized businesses get a quantifiable return on their technology investments. Since then, we have grown to provide both small, mid-sized and enterprise level services with best of breed service solutions and project services. With practices in Managed Services, Cloud Services, Virtualization and Infrastructure, I.T. Responsive has the team and resources to create and implement powerful and unique technology solutions for your organization. Learn more here:https://www.itresponsive.com/

About New Charter Technologies

New Charter Technologies is building a Dream Team of Managed Service Providers. Serving small-to-medium sized businesses in 10+ industries across North America, we deliver best-in-class technology solutions to propel our clients into the digital world. Learn more here: https://newchartertech.com/

About Oval Partners

Oval Partners is a multi-family office investment firm designed to provide liquidity, growth, capital and acquisition funding to founders of growing businesses across North America. Oval’s capital base is permanent—it is committed, unencumbered and unconstrained in terms of holding period. Oval offers the capabilities and capital of a private equity fund, but the mentality, partner orientation and investment time frame of a private holding company. Oval’s principals have completed more than 100 transactions involving platform investments, acquisitions, exits, and re-financings. Oval focuses on making investments in the tech-enabled services, information services, internet, software/SAAS, and industrial technology markets. New Charter embodies the essence of Oval’s targeted “buy and build” strategy in attractive, service-oriented, niche end markets. For additional information, please visit https://www.ovalpartners.com/ or contact Dan Escovitz at descovitz@ovalpartners.com.

thumb-everyone-loves-cookies-even-cybercriminals

Everyone loves cookies--even cybercriminals

(Palo Alto, CA) June 7, 2021 – New Charter Technologies, a portfolio company of Palo Alto-based private equity firm Oval Partners, announced the partnership of I.T. Responsive. Located in Santa Ana, California, I.T. Responsive leads the market as a Microsoft Gold Partner, providing best-in-class solutions and project services to clients. With over 20 years of experience, the team is focused on helping small and mid-sized businesses get a quantifiable return on their technology investments.

Cookies are tiny information packets that store data related to your interaction and behavior on websites. It is like walking into your favorite local diner and having them serve up the “usual” instantly. Cookies, track your digital footprint on a website and allow the site to offer you a more personalized browsing experience. For example, let’s say you visited Amazon.com and looked at some cameras, perhaps you put one into your cart as well, but never checked out, or added one to your wishlist on the site. The next time the camera is on a sale, Amazon app sends you a notification about the price reduction. That happens with the help of cookies. And, that’s just one example. Cookies are not necessarily limited to shopping sites.You know how sometimes you can save your password for some sites, so you don’t have to type it or log in every time you visit the website? You are able to do that because of cookies. Any site can have cookies, though shopping and banking sites can’t function without them. These are known as session cookies and are absolutely indispensable, while some like persistent cookies make your web browsing experience more pleasant and the third party cookies, while not very pleasant, are used basically to facilitate online advertising. How do cookies become a security threat, then?

Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.

If you liked what you read, then check out our whitepaper, The cookie monster is coming for you, for a more detailed account of the threats posed by cookies and how you can manage them better.

thumb-understand-your-cookie-to-manage-it-better

Understand your Cookie to manage it better!

There are 3 kinds of cookies, each having different functions. One of them is session cookies. If it weren’t for session cookies, you wouldn’t be able to do any online shopping, banking, social media posting or any other activity that requires you to be logged in/identified. These session cookies are temporary cookies and they disappear once you log out of the website, thereby ending your session. It is the session cookies that enable the website to identify you and your actions and react accordingly. Without them, every click you make on the site, will be treated as a new one, unrelated to the previous action. For example, you logged into your bank account to transfer money to a friend. If you click on “Money Transfer”, without a session cookie, the bank’s website won’t recognize you from your log-in and you just won’t be able to proceed further. You will be stuck in an endless loop of log-ins.

The second kind of cookies are called persistent cookies.These cookies are stored in the hard drive of your computer. Unlike the session cookies, they are not temporary and don’t disappear until you clear them proactively. Persistent cookies are used by websites to offer you a customized browsing experience. For example, when you visit the website of a company that has a global presence, you may be given the option to choose your preferred language and country, so the site displays relevant information. Unless you clear the cookies from your computer manually, the next time you visit the site, you will automatically be taken to the version of it that you chose last time--probably English, US.

The third kind of cookies are called third-party cookies and are typically used to retarget customers as a part of online advertising campaigns. You might have noticed that sometimes after you visit online shopping sites, ads related to the items you viewed on the shopping site shows up as you browse other websites too. That is a situation where third party cookies have been deployed.

While cookies by themselves are harmless, cybercriminals can use them as a medium to attack you virtually. But you just cannot make do without cookies. So, how do you manage cookies effectively to stay safe? Download our whitepaper, The Cookie, monster is coming for you to learn more!

how-to-manage-cookies

How to manage cookies effectively so they are not a threat to your data

Avoid third-party cookies: Third-party cookies are primarily used for online advertising and retargeting, so you won’t miss anything significant by avoiding these cookies. So, whenever you see a cookie alert on any site, first, check if it is for third-party cookies and if yes, it’s best to ‘Not accept cookies’. As a business, don’t allow third-party cookies on your site.

Secure sites: Make sure the sites you visit are secure (HTTPS) and have a valid SSL(Secure Socket Layer) certificate. The SSL certificate ensures that any data that’s exchanged is encrypted, meaning even if the hackers get access to the cookies, the information will be garbled eliminating any data leakage. As a business, make sure your site is secure and has a valid SSL certificate.

Anti-malware software and security patches: Install antimalware software programs on your computers and make sure they are up-to-date. Install security plug-ins and patches as soon as they are available, without delay. Do not use outdated software or operating systems for which support and security upgrades have been discontinued. Cybercrime modus operandi evolves at a rapid pace, an outdated cybersecurity setup will do you no good.

Invest in a good password manager tool: One of the reasons people tend to store passwords and other sensitive information online--which involves use of cookies, is because they have a tough time remembering passwords. A good password management system provides you with a safe and secure alternative.

Educate your staff: Train your staff to identify and steer clear of basic cybersecurity risks such as

  • Phishing links
  • Clone websites
  • Using public Wi-Fi
  • Poor password hygiene
  • Unverified app downloads, etc. ,

IT Policy: Establish a solid IT policy that spells out the dos and don’ts for your staff to follow in the office and also when accessing work data remotely.

If all of this feels overwhelming on top of running a business, it makes good sense to bring an MSP onboard who can take care of not just the Cookie monster but also of your entire IT security setup.

eight-common-password-mistakes-to-avoid

Eight common password mistakes to avoid

Research points out that more 80% of data breaches happen due to password hacking, meaning that poor password hygiene is responsible for a majority of cybercrimes that follow data breaches. To make sense of this statistic better, let’s first look at what constitutes poor password hygiene.

Using simple passwords

Often passwords that are easy-to-remember are easy-to-hack. Do you use passwords such as password, password1234, delta123, etc.,? If yes, then you should be changing them at the earliest to something less obvious.

Repeating passwords across platforms

As another solution for remembering passwords, people tend to use one, single password universally. This dilutes the password even if it is a strong one. Plus, there’s always the risk of the password being hacked at one place and putting the data stored at all other places also at risk.

Unauthorized password sharing

Unauthorized password sharing for the sake of getting things done faster is a very real problem. For example, someone is on leave and someone else needs access to a particular file from their computer. The employee who is on leave shares the password and that can result in a security compromise.

Writing down passwords

This the most obvious, yet oft-made password mistake. Just so they don’t forget the passwords, people tend to write them down on a piece of paper, a diary or sometimes, store it on their phone. You know what can follow if the piece of paper or diary or the phone is stolen. Same goes for storing passwords on email and if the email server is compromised.

Not revoking access on time

Cases where ex-employees log-in credentials were used to hijack company data are not unusual. When companies forget to revoke the access of employees as they move out of the department or organization, they are leaving a gaping cybersecurity hole open which is easy to take advantage of.

Not updating passwords

Using the same password for years or even months can be risky. Passwords should be changed every 3 months and perhaps even sooner for critical applications.

Single factor authentication

For the more critical areas, multi-factor authentication must be deployed. Relying on password alone is a huge cybersecurity risk. Multi-factor authentication includes tokens, biometric authentication, OTPs, etc., which make it very difficult to hack into the application.

These are some of the basic password mistakes that almost everyone is guilty of at some point. You can prevent these from happening in your organization by educating your staff about them and training them well to cultivate good password hygiene.