Month: March 2019

Why you need to stop using Windows 7?

Posted on by Empower

Windows 7 and Windows Server 2008 are now outdated, and it is time to move on to the latest, fully supported operating systems to keep your business running safely.

It may be convenient to stick with what you have, but the risk to your data and your customer’s data isn’t worth delaying another day. Without critical security patches, your entire IT infrastructure is vulnerable.

Contact us: We can support a trouble-free server or PC migration so you can focus on your business.

Read More

3 Things to consider before you sign-up with a cloud services provider

Posted on by Empower

3 Things to consider before you sign-up with a cloud services provider

More and more SMBs are migrating to the cloud and that is not a surprise considering the numerous benefits the cloud can offer them. For a SMB, the cloud is a cost efficient and secure answer to their growing data needs and IT security requirements. The cloud grows with them and lets them scale their business without worrying about a corresponding rise in IT costs. Plus, with the cloud, the important aspects of security and backups are mostly taken care of by the cloud service provider. And then, there’s the convenience of any-time-anywhere data access. With all these benefits that the cloud brings, what’s there to think about before signing up with a cloud service provider? While are a lot of benefits of storing your data on the cloud, but your data is still yours, so there are a few things you need to know and be comfortable with before you jump onto the cloud.

Data storage location

Ask your cloud services provider where, (as in the location of the data center) your data will be stored. Ask them if they have multiple data centers and if yes, then, will they be backing up your data and storing them at different places. It is great if your cloud services provider does that, since that ensures higher safety of your data.

How secure will your data be?

Yes. When you hire a cloud services provider, a major chunk of your data’s security responsibility is passed onto them. You don’t have to really worry about your data security, but, you still need to know how they plan to keep your data safe. Ask your cloud services provider for details regarding their data security procedure. Have them share all policies, SOPs and data security frameworks that they claim to have in place.

Past performance/data loss history

Everyone talks about their best projects in a sales meeting. What you really need to know are the worst ones. Ask your cloud services provider to share with you their data loss/downtime trends for the past one year. Observe the trend. How often does their system give way and how long does it last? This is important for you to understand, because this metric translates into loss of business for you.

And finally, don’t forget to ask for a client list. Like we said before, everyone highlights the good things about themselves in a sales meeting. If you really want to know how good your cloud service provider is, ask them for a client list–both current and past. Check how many of them are from your industry vertical. Try reaching out to those who are willing to talk. Find out what they like the most about your cloud service provider and what aspects they find negative. Find out why their former customers left them. Usually customers are pretty good indicators of the quality of service a business provides. Hope these tips help you finding a cloud service provider who fits in well with your needs.

Ransomware emails: How to identify

Posted on by Empower

 

 
Ransomware emails: How to identify and steer clear of them
 
Ransomware attacks have suddenly become more prevalent. Each year sees more of them. Hospitals, NPOs, shipping giants, etc., have all been victims of ransomware attacks. Your business could be too! Did you know that emails are one of the most common gateways for ransomware to get into your systems? In this blog, we tell you how you can stay safe by following a few tips.
 
If you think something is amiss, it probably is
Does that email seem unfamiliar? As though you weren’t meant to get it, or it doesn’t quite sound like your colleague wrote it? Perhaps it’s not. Malicious email senders often try to mask actual email IDs with something similar. For example: An email you believe to have come from [email protected] might actually be from [email protected]. So take a good look at the email ID if you spot something ‘phishy’.
 
Attachments and form fills
Does the email contain an attachment that you are being asked to save to your computer? Or an executable file that you are asked to run? Perhaps you are asked to submit your personal details at an authentic looking website. Before you do any of these, check the authenticity of the email and the message. Were you supposed to receive it? Were you expecting an attachment? You might even want to call the sender and confirm if you are unsure.
 
The message seems to instill fear or a sense of urgency
Often, malicious email messages urge you to take immediate action. You may be asked to log onto your ‘banking website’ ASAP to prevent your bank account from being frozen, or enter your ITR details onto a webpage to avoid being fined by the IRS. Real messages from your bank or the IRS will never force or hurry you to do something.
 
Other things you can do
 
Regular data backups
Conduct regular data backups so that in the eventuality of a ransomware attack, you don’t lose your data. Cybercriminals having access to your data is bad enough–it damages your brand and business reputation and can even attract lawsuits from parties whose personal information has been compromised, but, not being able to retrieve all that data in the aftermath of an attack is even worse. Regular backups help you in that regard, plus when you have a pretty recent data backup you are not reduced to the state of helplessness where you HAVE to pay the ransom to retrieve your data.
 
Install an anti-malware tool
Last, but not least, invest in anti-malware tools that can detect malware attacks and alert you before you fall prey to them. Such tools scan emails, links and attachments and alert you if they are found suspicious.
 
No matter how big or small a business you are, ransomware attack is a reality and applies to you. It is better to be prepared than having to cough up huge sums of money to free up your data later and even then there’s no guarantee your data will be restored by the cybercriminal. 

How good is your password

Posted on by Empower

 

 
How good is your password?
 
Did you know that having a weak password is one of the biggest security risks you face? This blog focuses on the best practices related to passwords that you can follow to ensure passwords are not your weakest link.
 
  1. Avoid sequences and repetitions: How many times have you used passwords like dollar12345 or $$$BobMckinley. Passwords containing sequences and repetitions are just easier to hack.
  2. Avoid using your personal data: Do not make your birth date, bank account number or address a part of your password. It puts your data at stake if your personal information is stolen.
  3. Don’t repeat passwords: Make sure you pick unique passwords every time. Unique, not only verbatim, but also in combination. For example, if password one is a combination of number, symbols and letters in that sequence, password two should be letters, numbers and symbols.
  4. Manual password management is not a good idea: Invest in a good password management tool. You can even find some free ones online. But, manually managing passwords, by writing them down on a spreadsheet is a big NO.
  5. Password sharing: Discourage password sharing across the organization. Every employee should have unique access to data depending on their role and authority. Password sharing gets things done faster, but can do irreversible damage.
  6. Password policy: Have a password policy in place and enforce it. Conduct timely audits to ensure the passwords match the specified safety standards. Also, take corrective actions against employees who don’t follow your password policies related to password sharing, setting, etc.
  7. Don’t use dictionary words: Hacking software programs can guess dictionary words faster. The key is to mix things up a little bit–some numbers, some symbols, some punctuation and some alphabets.
Don’t choose passwords that are way too simple just because they are easier to remember, because, more often than not, it can get you into a lot of trouble.

Keeping your data safe: Access Control

Posted on by Empower
 
 
Keeping your data safe: Access Control
 
Cyberattacks are a commonplace today. Malwares such as viruses, worms and more recently ransomwares not only corrupt your data or hold it hostage, but also inflict irreversible damage on your brand and business. As a norm, most businesses these days do invest in anti-virus/cybersecurity systems. But, is that really enough? The answer is–NO. Because, they often overlook one important aspect–access. Ask yourself, how easy is your data to access? How can you strengthen the walls that keep your data safe? Read this blog to find out.
 
Role-based access
Always follow a role-based access permission model–meaning people in your organization have access to ONLY the data they REALLY need. Generally, the higher the designation, the deeper the data access permission and stronger the rights. For example, someone at the executive level may not be able to edit your MIS spreadsheet, but a manager should be able to.
 
Formal password controls
No matter how good your cybersecurity, you need to ensure the protocols are followed at the ground level. Enforce policies regarding passwords strictly and hold violators accountable. Examples include-
  • Password combinations – Ensure your staff follows the recommended best practices when selecting passwords so there are no ‘easy-to-crack’ passwords
  • Password sharing – Thoroughly discourage password sharing across your organization. No matter who asks for it, passwords shouldn’t be disclosed unless authorized as per the protocols.
Don’t ignore physical security
Virtual security is a must, but so is physical security. Though there is only so much physical access controls can do in keeping your data safe in the BYOD era of today, don’t overlook this aspect. Installation of CCTV cameras on-floor, biometrics/card based access to your workspace/server rooms, etc. also have a role to play in data safety from the access perspective.
 
Training & reinforcement
Finally, train…train…train. You need to train your employees on the protocols for data security and access so they don’t mess up accidentally. Conduct mock drills, refresher trainings, follow up with quarterly audits, and use positive and negative reinforcements to ensure everyone takes it seriously. Because, at the end of the day, no cybersecurity software is good enough, if the best practices related to data access are ignored.