Posts

Does Your Workplace Have a Bring Your Own Device (BYOD) Policy?

We are in the business of making sure you are prepared for whatever today’s ever-changing technology environment will throw your way. One of the biggest current trends is Bring Your Own Device, or BYOD. BYOD is exactly what it sounds like — your employees using their own devices in the workplace. With the holidays coming up, and employees receiving new devices, much of your workforce will be equipped to handle a BYOD policy. As this practice becomes more common, it is time to craft an official policy to help protect your business from the risks.

A Bring Your Own Device Policy outlines the rules around employees using their own laptops, tablets, and smartphones for work, whether that means in-office work, or work from home. Today, much of the workforce accesses work files remotely on personal devices. If you do not yet have a BYOD policy, it is time to build one.

Why do you need to set a policy?

There are particular risks and benefits that arise when employees use their own devices. To be sure you enjoy the benefits and decrease the risks, you need a policy that helps employees understand how best to utilize their personal devices in the workplace. You need a formalized document that sets rules and protections in place so that employees have the tools to use their own devices without putting your network at risk.

Given that human error is the biggest flaw that hackers exploit, developing a policy and educating your employees as to BYOD best practices is critical to the health of the modern business. But first, do you even want to permit this practice? When making this decision, it’s important to know the benefits you can expect.

What are the benefits of BYOD?

1. Employee morale
Team members get to work on the devices with which they are most confident and familiar. For example, instead of being a Mac user at home who has to adjust to a PC at the office, or vice versa empower them to work when they feel most efficient and creative, rather than having to wait to get to their office desktop device. Additionally, they may enjoy access to business software in their downtime that they would not have bought themselves, like Adobe Creative Cloud, and come to view it as another perk of the job.

2. Newer technology
Your employees may opt to upgrade their devices more frequently than the company does.

3. Reduced costs
When your employees use their existing smartphone rather than a work-provided device, you can enjoy a cost-savings. Similarly, instead of buying a laptop when you onboard a new employee, you may only need to purchase supplemental software like Photoshop and antivirus solutions.

4. Convenience
Save your team the annoyance of switching between personal and work phones, or accidentally leaving an important document on their workplace desktop and being unable to retrieve it when they want to continue the project over the weekend.

While you can see there are many benefits of allowing your team to work on their own devices, there are many risks and complications that can arise if this practice is not implemented with a policy in place.

Your employees are not all going to be IT professionals, and that means that BYOD policies leave more room for user error and security risks than if every worker is using devices selected and maintained by your IT department. You will need to set specific security policies, and look at providing a secure network for your employees to access from home, rather than accessing unsecured WiFi networks. When you implement a BYOD policy, you necessarily give up a level of control; and when an employee leaves, that device goes with them. If you do not have a set policy, there is a risk they could be taking potentially sensitive information with them, like company passwords. That doesn’t mean you shouldn’t implement BYOD at your company, only that you need IT experts in your corner to help you do it. That’s what FUSE3 Communications is here for. Contact us with any of your BYOD questions and we can help you determine your next steps. We help you anticipate the pitfalls of empowering employees to bring their own devices into the workplace so that you can avoid them, and enjoy the benefits instead.

We have outlined some of the general productivity, cost and convenience considerations. We can also help you assess the costs and benefits of a BYOD policy for your unique business, and create a strategy for you. Ultimately, BYOD is becoming a more and more common business practice, but is it right for your company? We can answer that together. Contact FUSE3 Communications today!

Spear Phishing Gets More Sophisticated for The Holidays

Most of us have a virtual personal assistant that lives in our pockets, internet connected devices in our homes to make our lives easier, and we’re having lengthy customer service conversations with chat bots. Technology has gotten more sophisticated in every way (aside from that printer that never seems to work). In this climate of innovation, hackers have learned a few lessons too. Spear phishing attacks have become so complex that they have the power to trick even the most savvy user. With all the emails you will be getting this Black Friday and Cyber Monday, is your business ready?

What is Spear Phishing?

A study released by the Better Business Bureau in October 2017 revealed that 90 percent of cyberattacks on businesses come through phishing emails. All phishing attacks rely on trust. Hackers design fraudulent emails that create a sense of urgency, inciting panic and causing people to give up sensitive information before thinking of possible risks. These messages are disguised to look like critical security alerts or important work-related information. Or as the holiday shopping season kicks into full swing, emails from stores you like to frequent. There are many giveaways that help employees recognize these attacks, from too many typos to generic greetings like, “Dear Customer.” In a spear phishing attack, hackers target specific users, tailoring their messages with personal information to make their requests seem legitimate. Recently, they’ve taken these tactics to the next level.

Three Spear Phishing Trends

  1. Playing the long game
    Hackers can be very patient. They may obtain one employee’s login information, then monitor their emails to learn about your organization. They will determine who the decision makers are at your business and learn what types of attachments employees tend to send and receive so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.
  2. Hijacking email threads
    Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.
  3. Bypassing your spam filters
    Don’t depend on your email filters to catch spear phishing attempts. Hackers have figured out how to bypass those filters and end up in your main inbox. They have done this by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems like Gmail and Office365 into thinking the links are coming from their own products. In this environment, how can you know the difference between a trusted communication and a spear phishing attack? Partner with an MSP like FUSE3 Communications. We can help you identify suspicious communications. If you’re ever unsure, it’s always a good idea to check in with your trusted IT experts.

Spear Phishing in the News

In February 2018, hackers targeted Netflix subscribers, sending emails saying the user’s accounts had been deactivated because the billing information could not be validated. The emails greeted the recipient by name, and the message instructed them to click on a link to reactivate the account. The link took them to a fake Netflix login page. After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. Because people often recycle passwords, or use very similar passwords with slight variations, the hackers could use those login credentials to gain access to the user’s other accounts. Imagine if this happened to one of your employees using their work email for their Netflix account.

We Can Help You Protect Your Business

Spear phishing attacks are frequent and they are getting harder to recognize. You don’t have to face these attacks alone. We are here to help you protect your business. Contact FUSE3 Communications today.

Celebrate National Cyber Security Awareness Month

Do you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT provider. October is National Cyber Security Awareness Month, the perfect time to address the hidden risk of Shadow IT. If you aren’t dealing with your Shadow IT problem, your business is not as secure as you think it is!

There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed. In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are more tech savvy, and that makes it is less likely that every piece of IT in use has gone through a thorough vetting process or a risk assessment.

Shadow IT also includes personal devices. There is a growing tendency for team members to get work done at home using their own laptops, iPads, or desktop devices. Personal devices are notorious for lax cybersecurity practices. When employees sign onto the business network using their own devices, there is a major risk that they will bring a virus into that business network.

At this point, it is difficult to imagine an organization that is not implementing Shadow IT, whether deliberately or not. There are countless tools that employees and departments may start implementing innocently without thinking they need to involve your IT provider. Many managers and employees are now selecting their own IT services independently, without checking with an IT expert. From file sharing solutions like Dropbox, to free project management platforms, employees are constantly finding new ways to efficiently collaborate and share information from wherever they happen to be. They no longer need to be in the office to check on the status of a project, or access a sensitive document. Employees are looking for ways to hit and exceed their goals, and they are not necessarily thinking about cybersecurity or the risks they are taking.

As a decision-maker, you must always balance risk and reward. The cost of increased employee productivity may be security, and that may not be a cost you want to cover. They are likely to choose programs for ease of use and convenience, without noticing a lack of important security features like two-factor authorization or encryption. Shadow IT may also lead to mounting costs as different teams pay individually for software that would have a lower group or business rate.

What can you do to protect your business in this climate? You certainly don’t want to discourage employees from building better processes and working when they feel inspired. Yet there are many ways in which Shadow IT puts your business at risk and creates cost inefficiencies. Don’t feel overwhelmed. Contact FUSE3 Communications today. We can work with you to assess Shadow IT usage, then build and implement a new Shadow IT strategy. If we find your team members using unsecured tools, our experts can recommend alternatives. Don’t wait to get started! We will bring your Shadow IT into the light.

Is It Time For A Network Assessment?

When was the last time your business underwent a Network Assessment? As a business decision-maker, there are many moving parts to keep track of, and IT monitoring can easily fall through the cracks until something breaks. This approach can lead to unexpected expenses and business downtime. With a Network Assessment, you can anticipate and plan for potential IT snags, and resolve issues before they become major problems.

First, it is important to understand what a Network Assessment is and what it can mean for your business. This service assesses your IT infrastructure, including processes, security, and performance to identify problems and solutions. It is your first step toward improving IT efficiency and data security.

Now that you understand what a Network Assessment is and why it would benefit your company, it is time to find the right IT provider to manage the process. Partner with FUSE3 Communications and get your Network Assessment scheduled. We’ll help you to:

  • Understand network vulnerabilities
  • Identify bandwidth bottlenecks
  • Increase IT performance and efficiency
  • Shore up your cybersecurity defenses

When do you want to have a Network Assessment performed? A Network Assessment is especially critical if you are planning any major IT roll-outs, like a transition to cloud storage solutions, changing to VoIP phones, or if any of your infrastructure is nearing end-of-support or end-of-life. This service can also help shed light on any ongoing issues you have been experiencing, like slow performance speeds.

In the event that issues are identified during the Network Assessment, it is time to determine which actions you should take with the data you have obtained. This is where many business owners and decision-makers may begin to feel overwhelmed. How do you make the best decisions without comprehensive IT expertise? Many small-to-medium sized companies have limited or even no IT staff, or team members who are spread too thin. That’s why FUSE3 Communications is here for you as you navigate these concerns. You do not have to deal with these issues alone. We understand that discovering IT problems can feel overwhelming. At FUSE3 Communications, we believe your IT should be an asset to your business, not a headache. Not only will we perform a full Network Assessment, but we will also work with you to build a plan of action that has you feeling confident. Even if it sounds overwhelming, being proactive can make a big difference, and identifying IT issues is actually the first step to creating an IT infrastructure that works better for your business.

Ready to learn more about our Network Assessment services? Contact FUSE3 Communications today. With our trusted, vetted IT experts on your side, your Network Assessment will provide you with both an understanding of your current IT infrastructure issues and a solution-oriented approach to identifying your next steps.

Protect Your Business from Ransomware Attacks

Ransomware attacks are a serious threat to any size business. For a small business, a ransomware attack can even result in the company going out of business. Last year, ransomware was found to be the most prevalent form of malware connected to company data breaches; cybersecurity provider Malwarebytes cited a staggering 90 percent increase in detected ransomware attacks. Being vigilant and armed with a ransomware plan is not just another best practice, it’s necessary to company survival.

There are two types of ransomware to look out for: encryptors and lockers. Encryption ransomware programs take your files hostage, converting them into a code that will require decrypting. Locker ransomware takes entire networks and devices hostage, sometimes even preventing a computer from booting up. Both types of ransomware tend to have a time limit associated with them. If the ransom is not paid within the time frame, the hackers threaten further sabotage. You do not want to find yourself pitted against criminals like these without a trusted IT partner by your side.

Systems can be infected in several ways. One common method is through phishing attacks, which are communications that pose as content from trusted sources like banks, governments, or popular businesses. These attacks ask users to click on an attachment or a link that then invades the network. Other tactics include pop-up ads and exploiting browser vulnerabilities. There is even a new trend of demanding a ransom without actually infecting the network or device! This method is executed by hackers sending multiple emails threatening users that there is a destructive malware infection on their computer waiting to be activated unless the ransom is paid. At FUSE3 Communications, it is our job to make sure we stay on top of the common tactics so that your network is always protected.

Don’t face the threat of ransomware attacks alone. These attacks can quickly escalate into extremely high-cost disasters. The price of a ransomware attack goes beyond the ransom you pay. For example, the Erie County Medical Center reported it recently spent an estimated $10 million on a $30,000 ransom. How did this happen? Responding to the attack can lead to additional high-cost consequences like staff overtime, lost revenue, emergency IT services, and staff training to prevent another mishap. These costs may be even higher if you are caught without a plan in place and a trusted IT partner like FUSE3 Communications in your corner.

Prevention is your best strategy. Our goal is to work with you to recognize common tactics and train your employees so that we can decrease the likelihood that a ransomware attack will find its way into your network or device. We will monitor your network for suspicious activity, and help you back up your files so that you, and not the hackers, are in control – even if they infect your system. We can also help you manage and predict costs by building a ransomware plan as part of a comprehensive disaster recovery strategy.

Contact FUSE3 Communications today. We will make sure you are ready for whatever hackers could throw your way.