Why is business planning important?

The end of the year is upon us: it’s Thanksgiving in the US, and soon to be the end of year holidays. In between scrambling to get ready for Thanksgiving and thinking about all the Black Friday deals you need to get, have you thought about planning out the next year for your business? Now is a good time to start the planning process, even if it’s just jotting down some goals and targets for next year.

Now you might ask “why is a technology company writing about business planning?”. Business planning is an important part of the CBTech Support process. CBTech Support evaluates its clients’ environments on a regular basis and uses that information to help inform the business planning process. As part of the planning process, you’re looking at what you want to accomplish in your business next year, and technology will play a part in that. It’s important to know what areas of technology impact your business, such as where there is a large security gap or a disconnect in your workflow, or even something as simple as when you want to replace some old computers. It’s also important to know what you want to achieve so that you can make sure your current technology can help you get there; and if not, what might be needed to make it happen. The good news is you can start with small steps just to get the ball rolling.

Feel free to reach out to us with any questions or if you would like an introduction to someone who can help with the business planning.

Happy Turkey Day!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

Why is National Cybersecurity Awareness Month Important to You?

As we wrap up National Cybersecurity Awareness month, let’s look at why cybersecurity is important for everyone, what to look out for, and some good resources you can use to keep up with what’s happening in cybersecurity.

Cybersecurity matters because your personal information is valuable to cybercriminals. Your online accounts, financial data, and even your identity can be stolen and misused if you don’t take steps to protect yourself. Hackers can gain access to your sensitive information through weak passwords, phishing attacks, and other vulnerabilities. Once they have your information, they can use it for identity theft, financial fraud, or blackmail.

Cybersecurity also protects your privacy. In today’s digital age, a lot of your personal information is stored online. This includes your browsing history, your location data, and your online purchases. Cybercriminals can use this information to track your movements, target you with personalized scams, or even sell your information on the dark web.

What can you do to get started? Follow some basic cybersecurity hygiene:

  • Analyze links before you click on them
  • Be wary of unsolicited offers or urgent, time-sensitive requests
  • Use strong passwords and enable multi-factor/two-factor authentication (MFA/2FA)

Keep yourself informed of the latest scams and trends using some of these resources:

By understanding basic cybersecurity principles and taking proactive measures, you can significantly reduce your risk of falling victim to cyberattacks. This includes using strong, unique passwords, being cautious of suspicious emails and links, keeping your software and devices up-to-date, and being mindful of the information you share online. By prioritizing cybersecurity, you not only protect yourself but also contribute to a more secure digital environment for everyone.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

What We Can Learn from the Fortinet SharePoint Incident

Fortinet confirmed earlier this week that a threat actor had gained access to an online file repository Fortinet had set up in Microsoft’s cloud, and that the threat actor stole 440GB of data from that repository. It’s still early in the investigation, so there are a lot of details that are still unknown, such as how the data was accessed and whether an employee account was compromised. However, there are still some lessons in this story.

Fortinet is a large cybersecurity organization with a large cybersecurity budget, so how does this apply to small businesses? It’s all about Microsoft’s cloud. Fortinet uses the same Microsoft system that small businesses use. Users might know it as Microsoft 365 or SharePoint or OneDrive or “the cloud” or “the share”, but the bottom line is small businesses pay Microsoft to host files pretty much the same way Fortinet does. Microsoft spends hundreds of millions of dollars each year to secure their cloud so that it is available for those small businesses to use. But that security does not extend to the data that businesses store there (it’s called out in their terms of use!). It’s up to those businesses to make sure that the data is only accessible to their employees and/or the people they want to share it with.

So how does a small business make sure that data in Microsoft’s cloud is secure? These are just a few of the many ways that companies can configure their Microsoft cloud to make it more secure:

  • secure employee credentials (which are used to access the data) with multi-factor authentication
  • only allow the data to be accessed from company devices
  • do not allow the data to be accessed outside the US
  • limit how data can be shared with people outside the company
  • limit how long data is retained

Putting these configurations into place certainly makes the Microsoft environment more secure, but it can all be undone if an employee unwittingly provides a threat actor with their login credentials. Regular and engaging cybersecurity awareness training should also be part of a company’s strategy to protect its data, whether that data lives in the Microsoft cloud or in the company’s office.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Why Should You Implement Security Awareness Training in Your Business?

Cybersecurity is a critical component of business operations and is the responsibility of both the business and its employees. It requires a concerted effort from every individual within the organization: each employee has a hand in maintaining security and must be aware of their actions and the potential impact.

Security awareness training, when provided on a weekly or monthly recurring basis, helps individuals understand different threats they might be exposed to in their personal and work lives. The training typically focuses on the digital realm but might also include scams that operate via face-to-face or postal service methods. The goal of the training is to elevate an individual’s awareness of these threats so they can recognize them before falling victim, or at least help them mitigate any damage if they do fall victim.

So why should your company implement this training, and why more often than just once a year or quarter? In short, human nature. Without delving in to the psychological, here are a few key points:

  1. humans are creatures of habit
  2. we all have a natural tendency to want to help
  3. as humans we have a natural fear of the unknown or unexpected
  4. we all have short memories and shorter attention spans

Here is a quick example of why regular training is necessary: a business owner was selling something on Facebook Marketplace and started a texting conversation with a potential buyer. The potential buyer asked the seller to provide a Google authentication code to verify the seller was a “trusted account”. The seller received a text message from Google with a 6-digit code and provided this code to the potential buyer. The buyer came back and said the code didn’t work and asked the seller to provide the code again. At that point the seller became suspicious and ended the conversation. Unfortunately, the seller had already unwittingly bypassed the multi-factor authentication on their own Google account by providing that code to the potential buyer.

Implementing a training program that regularly educates users about threats, tests their knowledge, offers additional training when necessary, and is engaging, will help your company avoid many common threats that technology alone cannot mitigate while not impacting employees’ productivity. This article points out why security awareness training is more important than ever as phishing attacks are the top avenue for ransomware delivery: http://bit.ly/3IUAdWX.

If you have questions about implementing security awareness training in your company, contact us here: https://bit.ly/CBTech-contact

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Tips for Getting a Good Computer for School

We know, we know, it’s full-on summer, why are we talking about school?!?! The next school year is less than 2 months away, and computer manufacturers have deals running all summer, so now is a good time to start thinking about what your student might need.

The question you should ask when deciding to buy a new computer for school, or for any purpose really, is “what am I going to use it for?”. Some common answers are:

  1. browsing the internet
  2. email
  3. specific applications (like engineering programs or graphic design programs)
  4. attending class remotely
  5. video conferencing

For items 1 and 2, the specifications are not demanding. You can get by with a basic computer from almost any store. However, we would still recommend that the processor be an Intel Core i5 or i7. The RAM (or memory) used for browsing the internet will depend on how many browser tabs or windows you have open at one time. The more tabs or windows you anticipate opening the more RAM you should have in your computer. We would recommend at least 8GB.

Portability can be an important factor depending on your lifestyle and study habits. If you need to carry your computer to different locations or take it to classes, a lightweight laptop or a tablet with a detachable keyboard might be more suitable. On the other hand, if most of your work is done in one location, such as your dorm room or a home office, a desktop computer or a larger laptop with a bigger screen may be more comfortable to use.

A computer used for specific applications will need to meet the requirements of the vendor who made the application. All vendors will list minimum and recommended system requirements. You should review those requirements for each and any application you plan on using before buying the new computer. Just as with browser tabs and windows, the more applications you run at one time the more RAM you should have in the computer. Additionally, most schools will have recommended specifications for buying a computer to use at the school.

You should also consider the hard drive type and size. You still have two choices for type: traditional spinning drives (often referred to as SATA) or Solid-State Drives (often referred to as SSD). We recommend SSD drives because the performance is much better versus traditional spinning drives, and you will find most laptops will come with these type drives. The size of the hard drive really depends on how much data you plan to save on your computer. If you are using the computer to browse the internet and/or use email, then the size of your hard drive does not need to be large. However, if you are saving images or video (which are the largest file size types) then you should get a larger hard drive, or even consider getting an external drive.

Happy shopping, and enjoy the rest of the summer!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Unplug From Your Technology This Summer

As summer gears up, take some time to assess the screen time habits that you’ve had for the past 6 months. If you’re anything like us, you’ve been glued to your devices, keeping up with news, streaming TV and movies, watching sports, working, working, working… We thought it would be a good time for some tips on how to unplug, whether you’re taking a trip or just want a day away from technology.

Constant exposure to technology and the digital world can lead to information overload, constant distraction, and heightened stress levels. Taking a break from technology allows your mind to rest and recharge, reducing feelings of anxiety and overwhelm. This break can also foster better focus, concentration, and improved cognitive function, leading to enhanced creativity and problem-solving abilities.

There is a plethora of articles on unplugging, so take the time to search around if you want more ideas. Embrace the art of unplugging and enjoy the summer!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

How to Work From the Beach This Summer

It’s summer. You’re at the beach. You need to finish up some details to close a last-minute deal. You need to access that critical file because you’re the only one that can handle it. You’re out of luck, right? Not so fast! There are many ways to securely access business resources outside the office.

The first rule of thumb is to ask your technology services provider what methods are available to you. They should be able to help you implement something that fits your needs, budget, and security concerns, if they haven’t already. And security is big!

The next rule of thumb is that the ways to get to what you need are as varied as the types of resources you want to get to. It all depends on what you need to get to: files like documents or spreadsheets, or applications like QuickBooks. Each business is going to have different requirements, regulations, and budgets, et cetera, that will determine what method or methods can be used. This brings the first rule of thumb back into play: your technology services provider will know what methods fit your situation best.

When accessing your work data remotely, it’s crucial to be cautious of public Wi-Fi networks. These networks can be insecure and prone to cyber-attacks. It’s best to avoid using them altogether when accessing sensitive work data. Instead, consider using your phone as a personal hotspot or find a secure and private network such as a hotel’s business center or dedicated coworking space.

Cloud-based file-sharing services are a great way to securely access your work data remotely while on vacation. These services, such as Google Drive, Dropbox, or OneDrive, offer advanced security features, such as encryption, access controls, and two-factor authentication, to ensure the protection of your data. You can store and access your work files and documents from anywhere with an internet connection. And the good news is that most companies already use these services, so use rule of thumb 1 and see what your company’s technology services provider has set up.

Enjoy your summer (and don’t work too much)!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Small Business Lessons from the Change Healthcare Hack

Change Healthcare, a payment exchange platform operated by Optum Solutions (a subsidiary of UnitedHealth), suffered a ransomware attack in February of this year. The current estimate of damages is approximately $872,000,000. Details on the attack can be found on Bleeping Computer’s site: https://bit.ly/4bB2ihd. Let’s break down some lessons learned from this incident.

Preliminary information from the ongoing investigation suggests that the attackers used stolen credentials to access the company’s Citrix portal (Citrix is a system for remotely accessing company resources). It’s important to note that the compromised account did not have multi-factor authentication enabled on it, meaning that once the attackers had the username and password, they were able to log in without any additional checks. They then worked their way further into the network and started exfiltrating data, ultimately locking up systems in a ransomware attack. The investigation found that the initial system access happened at least 10 days prior to the ransomware being deployed and affecting the availability of resources. Additionally, it appears that malware on a device stole an employee’s Citrix credentials the day before the initial access; however, it is as yet unknown whether those same credentials were used in the attack.

What can we learn from this?

  1. Cybersecurity is a team effort: Cybersecurity is not just the responsibility of the IT person/department/company. It is important for all employees to be aware of the risks and take steps to protect their devices and data. Businesses need to create a culture of cybersecurity awareness and provide training to their employees on how to spot cyber threats.
  2. Educate employees about cybersecurity: Employees are often the first point of contact in the cybersecurity chain. Businesses need to educate employees about cybersecurity best practices, such as how to identify and avoid phishing attacks and how to create strong passwords.
  3. Implement a layered security approach: This involves using a variety of security controls, such as multi-factor authentication, firewalls, intrusion detection systems, and data encryption, to protect their systems and data. No one solution is 100% effective at stopping attacks.
  4. Have a plan in place to respond to cyberattacks: This plan should include steps to identify and contain the attack, mitigate the damage, and communicate with customers and employees.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

3 Ways to Avoid Being the Fool (Getting Phished) On April Fools’ Day

April Fool’s is fast approaching (it’s almost April?!?!?!), so it seems like a good time to review some phishing email tips so the joke isn’t on you.

Email is still the number one communication method, which makes it the perfect avenue for scammers and other malicious actors looking to get the highest return on their activities. Here are three ways to stay safe online this April Fools’ Day:

  • Verify the Sender: One of the most common tactics used by phishers is to impersonate trusted entities such as banks, social media platforms, or even friends and family. They often send emails or messages that appear legitimate, prompting you to click on malicious links or provide personal information. To avoid falling into this trap, always verify the sender’s identity before taking any action. Check the email address or contact number against known ones associated with the organization or individual. Be cautious of any unexpected requests for sensitive information and never hesitate to contact the sender through official channels to confirm the authenticity of the message.

  • Think Before You Click: Phishing attempts often rely on enticing users to click on malicious links or download infected attachments. These links may lead to fake websites designed to steal your information or install malware on your device. Therefore, it’s essential to exercise caution and think before clicking on any links, especially those received via email or social media messages. Hover your cursor over the link to preview the URL and ensure it matches the expected destination. If you’re unsure about the legitimacy of a link, it’s best to avoid clicking on it altogether. Instead, navigate directly to the website in question through your browser or contact the sender directly for verification.

  • Stay Updated and Educated: Cybercriminals are continually evolving their tactics to bypass security measures and exploit unsuspecting individuals. Therefore, staying informed about the latest phishing trends and techniques is crucial in safeguarding yourself against online threats. Keep your software, operating system, and antivirus programs up to date to protect against known vulnerabilities. Additionally, educate yourself and your family members about the signs of phishing scams, such as misspelled URLs, grammatical errors, and requests for sensitive information. By staying vigilant and informed, you can reduce the risk of falling victim to phishing attacks not only on April Fools’ Day but every day of the year.

Keep in mind that world events and holidays are often good disguises for malicious actors to send out emails. That link to a funny April Fool’s prank may not be from your friend or coworker and the joke might be on you, so keep an eye out!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n