Month: March 2021

We have all heard of hacking, virus, ransomwares, etc. as they keep coming up in the news every now and then. But, have you heard of keyloggers? In this blog post, we discuss keyloggers and how they can be used to gain unauthorized access to your system, online accounts, network and data.

As the name suggests, a keylogger logs keys–it captures the keystrokes you make. In fact, use of keyloggers is not illegal. Keyloggers are perfectly legal and are often used by companies to keep tabs on their employees’ IT activities during work and closer home, parents use keyloggers to monitor their children’s computer activities for safety and security purposes. But, as with all tools, even keyloggers can be misused and cause a lot of damage if leveraged by a cybercriminal. By logging keystrokes, the keylogger captures passwords and other confidential information. Imagine someone having access to all your usernames and passwords. Your bank accounts, your shopping accounts, your online subscriptions and what not!

So, how do unauthorized keyloggers enter your system? Like other malwares, keyloggers are snuck into the system to bug it without the knowledge of the user. Clicking on phishing links, downloading, opening or running malicious attachments, using applications or browsers with security loopholes are all ways for cybercriminals to install keyloggers into your system.

The first line of defense against such keylogger attacks is powerful anti malware tools that detect and isolate such threats. Also, invest in a good password management tool that will help you create and manage secure passwords effectively.

As a best practice, you should also implement multi-factor authentication, which requires more than just a password to permit access. Train your staff to follow password best practices and general cyber hygiene such as not browsing unsecured websites, avoiding public WiFi, etc.

From the administration perspective, ensure all your software programs are updated and security patches are implemented on time.

You can consider enlisting the assistance of an MSP who will help you tackle not just the threat posed by keyloggers, but also the wide range of security threats that exist in the virtual world.

Social media is a great tool for SMBs to get the word out about their products and services, build their brand, and connect with prospective customers. It also offers paid marketing avenues as well, such as PPCs, marketplaces, etc., But are your social media accounts secure? Typically what happens in a business account on social media is that multiple people may have access to the account. Access could stretch across different departments such as marketing, sales, PR, HR or it could be multiple people from a single team with access rights–usually marketing. If you outsource your social media management to marketing agencies, their staff also end up having access to your social media accounts. All of these situations make your social media accounts very vulnerable. Here are a few tips to keep your social media accounts secure.

Always be aware of who has access to your social media accounts. This may seem obvious, but you may be surprised to know that many SMBs are not sure who all have access to their company social media accounts. They know the marketing department or sales team or PR have the access, but which members in the team actually do, is often a security detail that’s overlooked.

Think about who you want to give access to. Do you want everyone in marketing to have access to your company LinkedIn account? Perhaps it is not a great idea to let that new marketing intern you have known for only 3 days to get access to it. Even within a team, you need to decide who can be trusted with the keys to your social brand.

If you have outsourced your social media management, find out what are the vendor’s policies and SOPs regarding account access. If you are managing your social media in-house, make sure you have a social media policy in place. This policy should cover every detail, right from who will act as the administrator(s) for your social accounts, how often the posts are to be made, to what kind of content is acceptable and unacceptable.

Pay special attention to the administrator(s) of your social accounts. Educate them on social media best practices and password hygiene. Help them understand the importance of good password hygiene practices and ensure they are mindful of their role as your social media administrator because chances are, hackers can get access to your social media accounts via theirs.

Apart from training and educating your staff and implementing social media policies you should also invest in mechanisms such as password managers, multi-factor authentication tools, social media monitoring systems, etc., that make it easy for you to identify and prevent social media mishaps. You cannot afford to take your social media presence lightly. Social media is a powerful brand building platform that can make or break your brand and market mindshare. Your customers are out there on social media platforms judging you, your business values, and your brand personality depending on what you put up on your Facebook, Twitter and LinkedIn accounts. So, it’s important to take social media security seriously and make sure it is covered in your cybersecurity processes.

When running a business, you will often find yourself in need of new software tools to enhance the productivity, efficiency, effectiveness and even the security of your various business processes. These software programs range across a wide spectrum of tools including accounting, finance, IT, e-commerce, marketing, sales and many more. In this blog post, we discuss the key elements you should consider before investing in software tools for your business.

1. Whose software is it, anyway? Learn more about the company that owns the software. Find out how long they have been in the business. Are they dealing in similar software programs across different industries, or is this their only product? Get more information about their company size and business model. How do they sell? What kind of after-sales support do they offer in terms of training, troubleshooting and product updates? You need to have answers to all these questions. This is especially important if you are investing a considerable amount of money in the software tool. You don’t want to purchase something that may be outdated or produced by a small operation that goes out of business in a couple of months leaving you with no updates or support. Plus, the most important thing, you need to be able to trust the software vendor with your data.
2. What’s the market saying? Never make impulse purchases when it comes to business software. Check out online reviews, get to know from peers who have used the product/ similar products and even ask your software vendor for references and testimonials. Third party sites like G2Crowd, Capterra, Software Review, etc, are some good examples of neutral software review sites. Though, some of these do have incentivized review programs, for the most part, they appear to be pretty reliable.
3. Ask for a free trial: Ask your vendor if they can arrange a free-trial or sandbox version of the product for you team to play with for a while before making the decision. This will help you get familiar with the product and then decide if it is worth signing up for in the long run.
4. How much will you be actually paying? Understand how much you will end up paying finally for using the software to its fullest potential. There are various kinds of pricing models. You may have to pay per user, per device or you may be offered a tiered pricing where certain features of the product are made available to you only upon subscribing to a higher tier. So, while the starting price of such software programs may be in single or double digits, to actually be able to put it to good use may end up costing you thousands of dollars!
5. Flexibility: How well does the software fit into your current business process. Remember, you are buying the software to make your existing process more efficient. If your process is already set and working optimally, you shouldn’t have to make any drastic changes to fit the software into it. Instead, it should make your process even smoother without causing any disruption. Secondly, let’s say you find it not to be a good fit for you. How easy will it be for you to get out of it in such an instance? Do you end up paying a penalty for early termination of the contract? This may be especially the case where it is a SaaS agreement.

Whether you are buying from a value added reseller (VAR) or a software manufacturer directly, these are some of the elements you need to look into before investing in any business software. However, if you are like most business owners, then you’d probably be too busy to look into all these details. That’s where a trusted MSP can help you. They can recommend the right software based on your needs and also do the necessary due diligence for you before you make the purchase.

When we speak of cybercrime and data theft, we typically think of seasoned cybercriminals. But you’d be surprised to know that the cause of businesses becoming victims of cybercrime is most often their own employees–sometimes on purpose, sometimes inadvertently. Remember Bob from accounting who was let go? Or the new intern who worked for 3 days and never showed up? Yep! They could engage in cybercrime activities to ‘get back at you’. Many businesses have been victims of cyberattacks brought on by disgruntled employees, both current and ex.

No matter who attacks you virtually, whether it is a seasoned cybercriminal or an employee who is simply upset with the kind of coffee your office coffee machine makes, becoming a victim of cybercrime causes you a lot of damage. For starters it erodes the trust your customers have in your brand, it affects your brand negatively. If your data is held ransom, you have no choice, but to pay up the demanded amount of money, there may be legal/regulatory penalties to pay as well and then there are chances of lawsuits that you will have to settle. And, remember, your business won’t be running as usual during this time, resulting in a direct revenue loss as well. So, how do you prevent such internal threats? Here are a few tips.

1. The first step is to recognize that your own staff can be a threat. Adopt a trust, but verify, approach and take the necessary steps in line with that attitude.
2. Educate your staff about the dangers lurking online. This will prevent cases where your staff are inadvertently party to the crime. Sharing OTPs, passwords, use of unsecured Wifi networks, leaving devices unsecured, visiting suspicious sites, clicking on phishing links, opening dubious attachments, etc., are all examples of your employees accidentally opening the doors for a cybercriminal.
3. Conduct sessions on corporate ethics, reinforcing what’s acceptable and what’s not. Also brief your staff on the consequences of unethical virtual behavior such as data theft, hacking or wilful compromise of your network and data security.
4. Perform surprise audits to check if your IT policies are being adhered to. Take actions against staff found flouting the rules.
5. Invest in cybersecurity systems such as firewalls, network monitoring tools that identify and alert you on abnormal IT activities, powerful anti-malware programs, role/permission based access management mechanisms.

An MSP specializing in cyber security will be able to help you build a secure IT environment that takes into account all of these and more, so you don’t have to worry about threats to your data.

The COVID-19 pandemic has been tough on everyone. The lockdowns, the need to follow social distancing–though indispensable–have been tough on individuals and also resulted in a lot of revenue loss to businesses. For SMBs though, this time has been particularly difficult, with a general downturn in the economy and the job losses, which has been affecting people’s ability to make purchases. In the middle of all these challenges, SMBs are grappling with yet another issue–the need to keep their business running, even remotely in some cases. A lot of businesses had a tough time adapting to the work-from-home setup. Since this sudden transition to the work-from-home model was largely unplanned, a lot of them became victims of cybercrime and many more are being targeted even as you read this.

If you’re one of those businesses that implemented the WFH model overnight, then it’s time you paid attention to the cybersecurity angle of it. Here are some ways to do that-

1. First things first. Establish a work-from-home/BYOD policy that defines the roles and responsibilities of your employees as they operate from home. Clearly define the extent to which they will be held accountable in the event of a data breach at their end.
2. Are you providing your employees with the systems/devices they need to work from home? Or, are they using their own devices. If they are using their own devices, then there’s only so much control you can exercise in terms of access and functionality. What you can do, as a positive reinforcement though, is provide them with powerful anti-malware software access that they can install on their devices, which can keep your data safe even as they work on it.
3. Train your staff on common cybercrime modus operandi and help them identify instances where they are facing a cyberthreat. This will help them steer clear of the usual suspects such as phishing links, clone websites, suspicious attachments, dubious emails, etc.,
4. Educate your staff on cyber security best practices such as password hygiene, avoiding public WiFi connections, etc.
5. Consider using technologies such as the Cloud and remote desktop access. Such technologies do not store your data on the employee’s device, giving you greater control over how, when and from where the data is accessed.

The Coronavirus pandemic made the work-from-model a necessity and while businesses hurriedly switched to that to keep the wheels turning, many are increasingly beginning to consider it as a permanent solution to keep operating costs low, and employees happy–many appreciate the lack of commute, freedom and better work/life balance WFH has to offer. This means, WFH is here to stay even post-pandemic. Now is the time to invest in creating a secure work from home environment and an experienced MSP can help you get there faster.