Loading...

Follow Sinu - IT Support Articles on Feedspot

Continue with Google
Continue with Facebook
or

Valid

Even if you’re on vacation, don’t expect hackers and other bad actors to take a break from attacking your tech devices. However, there are several steps you can take before and during your vacation to help keep your devices and data safe.

In this article, we summarize tips and best practices from several sources including the National Cyber Security Alliance, Sue Marquette Poremba in Tom’s Guide, and BusinessTravelLife.com.

Before you leave for vacation

  • Conduct financial transactions and download podcasts, books and movies on your own, secure Internet connection.

  • Don’t broadcast your vacation plans on social media. 

  • Clean your web browsers by deleting your browsing history and clearing the cache, especially any stored passwords.

  • Update your security software and applications to ensure the latest security patches are installed.

  • Create new temporary passwords for any accounts you'll use while traveling. We strongly recommend you use unique passwords or passphrases for each online account. Passwords should be at least 14 characters long and utilize special characters and numbers. (For more information about password safety, see Sinu’s blogs: How Secure is Your Password and The New Language of Data Security: From Passwords to Passphrases.)

While on vacation

  • Take only the devices you absolutely need on vacation.

  • Set up the ‘find my phone’ feature on your devices, so you can find, remotely wipe data and/or disable the device if it gets into the wrong hands. 

  • Make sure all devices are password protected. 

  • Use a passcode or security feature (like a finger swipe) to lock your phone or other mobile devices in case they are misplaced or stolen.

  • Limit what you do on public Wi-Fi and avoid logging into accounts that have sensitive information. Set your device settings to ask permission before connecting to a Wi-Fi network.

  • Either keep your devices with you or lock them in a safe if you are staying at a hotel. If a safe is not available, lock them in your luggage. 

  • If you use the business center at a hotel, avoid using public equipment (ex. phones, computers and fax machines) for sensitive communication.

  • Use a credit card rather than a debit card for any purchase (online or otherwise). 

At Sinu, our goal is to provide our clients with full-service managed IT support services that increase productivity while mitigating risk. Should you have questions about device, data, or other tech safety while on vacation, please contact your account manager for assistance. A little bit of preparation and being a little tech security savvy can prevent headaches during your summer vacation and the rest of the year.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Image credit: www.microsoft.com

Apple and Microsoft are embracing a message that we learned in kindergarten: It’s good to share.

A new iCloud for Windows app, which rolled out on June 11, allows customers of both tech giants to access files and share photos, videos, mail and other information.

In a blog, Microsoft reports, “Apple and Microsoft are making it easy for customers to access and enjoy the benefits of their iCloud account across their Windows 10 PC and Apple devices with the all-new iCloud for Windows app available today from the Microsoft Store.”

With the iCloud for Windows app and iCloud Drive, you can access iCloud Drive files from within Windows 10 File Explorer without using storage on your PC. Another convenient features are that you can now select files and folders you may want to keep on your PC and store files in iCloud Drive so you have access to them from an iOS device, a Mac and on the iCloud website.

ZDNet.com reports that the move is “a win for both tech giants.”

“The one-time rivals for desktop domination and former smartphone competitors are collaborating to improve the experience for iPhone owners who use Windows 10 PCs,” ZDNet.com reports.

According to Microsoft, the owners of 825 million active Windows 10 devices can now share across platforms. Those who also own an Apple iPhone and/or an iPad can use the new iCloud for Windows app.

“While the companies do compete on some technologies – Siri versus Cortana, for example – the cloud, Google, and mobile has diminished that rivalry and helped spawn numerous collaborative efforts,” explains ZDNet.com.


Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

By Larry Velez, co-founder and CTO, Sinu

A teaser image shows a portion of the front of Tesla's pickup as reported by Automotive News.

With increased tariffs – real and threatened – by the current administration, there’s more mention in the media of a five-decade-old tariff called the Chicken Tax. However, something I’m not hearing much about is that the Chicken Tax will likely provide a significant competitive advantage to Tesla in the very near future.

The Chicken Tax is a law from 1963 that imposes a 25 percent U.S. duty on imported potato starch, dextrin, brandy and light-duty pickup trucks and work vans produced outside North America. The Washington Post explains that the fee is “10 times the 2.5 percent duty on imported passenger vans. The tax is a relic of a mostly forgotten trade war from the early 1960s, when Europe tried to stop a flood of imported U.S. chicken and, in retaliation, President Lyndon B. Johnson imposed the big tariff aimed at European automakers such as Volkswagen.”

Arguably, these long-standing tariffs helped prop up domestic light-duty manufacturers, such as Ford and Dodge, which have been selling trucks and SUVs to Americans that are technically inferior to their European counterparts without much competition or incentive to innovate.

Just one example is the Toyota Hilux. This truck (not sold in the U.S.) is so good that it is the choice of many terrorist groups for its ability to be almost indestructible with its reliability. Beyond terrorists, the Hilux is a favorite of car lovers reports Jared Ronsenholtz in Carbuzz: The Hilux “launched into the hearts of enthusiasts thanks to three appearance on BBC's Top Gear. The Hilux was used by Jeremy Clarkson and James May as the first car to ever reach the magnetic North Pole. James May then took one of the camera cars from that polar voyage right up to an erupting volcano. If those stunts didn't prove the reliability of the Hilux, then dropping it from the top of a building and having it still start up definitely did. The Hilux may not be that different from the US market Tacoma, but there are some subtle differences that make Americans pine for this forbidden fruit.”

So while many lament that we cannot buy superior European-made trucks and vans here in the U.S., there is hope that we too can have great trucks, because soon there will be a new pickup truck from an American company which has no choice but to innovate to survive – Tesla.

At Tesla's latest shareholder's meeting, which took place on June 11 in Palo Alto, California, the company’s CEO Elon Musk said he aims to price the pickup, which he calls the “Cyberpunk Truck,” under $50,000. He also said that he hopes to unveil it in late Summer 2019.

“‘It's going to look pretty sci-fi,’ Musk said. ‘That means it's not going to be for everyone. It's going to be a truck that's more capable than other trucks. The goal is to be a better truck than an F-150 in terms of trucklike functionality and be a better sports car than a standard 911,’" reports Automotive News.

As an American company, Tesla will not be subject to the Chicken Tax. The other American truck companies will be caught so flat-footed when they have to go head-to-head against Tesla in the light-duty truck market that it will be like the pythons in Florida. This invasive species of constrictor snake, originally from Southeast Asia, has overpowered the indigenous animals which had never evolved to face this strong a predator and has impacted the entire ecosystem of Florida. The population of pythons in Florida are reported as high as 300,000, and the cost of the destruction caused by the pythons is estimated at $83,892 per snake per year.

Similarly, I think the introduction of a pickup truck by Tesla will be a bloodbath for Ford and other American car companies and they won’t know how to defend against this. They will be trapped in ‘The Innovator’s Dilemma’ because of an unintended consequence of the Chicken Tax. As our current administration imposes tariffs across the world, it will be interesting to see how these ripples play out decades from now and what other unintended consequences will result.

Note: Special thanks to the car enthusiast podcast Overcrest and their episode Nobody calls me chicken!!!! which helped inspire this article.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Image Credit: www.apple.com

Apple will replace its groundbreaking iTunes service with separate applications, the tech giant announced this month.

“After 18 years, Apple is killing iTunes — well, sort of,” NPR.com reported.

“The media management software for most Mac users (and many Windows users) is being broken into separate pieces for separate uses: Music, podcasts and television will soon have their own apps on the new Catalina Mac operating system.”

The announcement came at the company’s developers conference in San Jose, Calif., on June 3, and addresses a long-running complaint that the iTunes desktop app is trying to be too many things at once.

Apple also addressed concerns that the iTunes Store (where users purchase songs and albums for download) would be going away in favor of Apple Music (the company's streaming service). However, the company assured customers that the iTunes Store will remain, as will the music that people bought from it. People will also still be able to buy movies and TV shows in the Apple TV app, and iTunes gift cards will remain active.

CNN.com also reported on the phaseout of iTunes: “The music industry has changed dramatically since Apple disrupted the way people buy songs and albums nearly two decades ago. So Apple is phasing out iTunes in favor of three more modern apps.”

Techcrunch.com reported on the changes, citing a move toward consumer-focused customization, particularly for the growing podcast market.

“Meanwhile, the Podcasts app for Mac offers a way to search, discover, subscribe and listen to your favorite audio programs, much as it does on iOS. Your listening data will be synced across devices, and you can listen directly in the new app, as well,” the techcrunch.com article noted. “But it’s also got a new trick: it will now use machine learning technology to index the spoken words in podcasts. That will allow you to find more podcasts — or even individual episodes — that reflect your interests.”

Like many tech companies, Apple seems to have its sights on growing its share in the entertainment-streaming market.

“Apple has seen a decline in iPhone sales due to a confluence of factors, including fewer buyers in China and an extended upgrade cycle. The company has been rebranding itself as a streaming-entertainment provider, NPR.com reported. “And it has made no secret of looking to grow its services businesses, including the Apple Music streaming service, a forthcoming TV-streaming service and a magazine subscription service.”

So, once again, we see tech giants shift more of their resources toward customer-focused software and applications, rather than the devices that run the solutions. As we say here at Sinu: “People matter, objects don’t.”

LEARN HOW SINU FOCUSES ON PEOPLE FIRST. SIGN UP TODAY FOR A FREE IT ASSESSMENT AND WE WILL SHOW YOU HOW WE DO IT.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

DonorsChoose.org allows teachers to create projects that fulfill resources their students need. Through Ad Grants ads, the organization drove 7,000 teacher registrations and raised an additional $497,000 from about 5,000 donations in a year. Read more. (Photo credit: Google.com)

Google Ad Grants is an in-kind program that gives qualified nonprofits free access to Google business tools, as well as $10,000 per month in free advertising on the Google Ads platform.

“Google Ads search ads appear next to Google search results when people search for nonprofits like yours,” explains Google’s “overview” page. Ads must be text-based, with no videos or images, and keyword-targeted.

How to apply for Google Ad Grants

To qualify for Google Ad Grants, an organization needs to apply to Google for Nonprofits. An organization must hold valid charity status. Governmental entities and organizations, hospitals and medical groups, schools, academic institutions and universities are not eligible for Google for Nonprofits; however, philanthropic arms of educational institutions are eligible.

The application process is relatively straightforward compared to most grants. Applicants must acknowledge and agree to Google’s required certifications regarding nondiscrimination and donation receipt and use; maintain a high-quality website that meets the Ad Grants website policy; and go through the Ad Grants pre-qualification process following enrollment in Google for Nonprofits.

Google Ad Grants: ‘Accessible’ and ‘Effective’

“I don’t think there’s any other grant in the tech sector that is as generous, as easy to acquire, and as useful for getting your cause’s message out,” writes Jean O’Brien, founder of the nonprofit-focused Digital Charity Lab.

“Google Ads have consistently driven the most engaged and valuable traffic of all acquisition channels,” O’Brien writes at Nonprofit Tech for Good, a resource for nonprofit professionals.

O’Brien further touts the program’s low-key approach to qualifying for the grant: a nonprofit registers with a local TechSoup partner, fills out a quick form, and uploads proof of charity certification. She also states that there are few reporting requirements.

Tips for Using Google Ad Grants

O’Brien offers several tips to help nonprofits get the best results from their Google Ads campaigns.

  • Focused marketing

“There’s a keyword format called ‘broad match modified’ that’s really effective,” O’Brien writes. “Google doesn’t mention this as an option when you set up your Google Ad Grants account, but it works and it’s powerful. The syntax is a plus sign in front of each word (+animal +charity) and it means that variations of each word will also trigger your ad. For example, a search for ‘charities that work with animals’ will match the keyword +animal +charity.”

  • Targeted keywords

“Setting up ads for everything that your charity is doing is a very common misstep, but it leads to a lot of problems,” O’Brien cautions. Instead, she suggests conducting keyword research to find out which issues, services, and campaigns people are actively searching for online and focusing on those to drive the campaigns.

  • Account maintenance

O’Brien advises making Google Ads a habit for the best results. Nonprofits should set a reminder to log in once every two to three weeks and spend 30-45 minutes checking and tweaking their Ad accounts.

At NTEN, a membership organization of nonprofit technology professionals, marketing consultant Michael Rasko offers additional tips. He suggests using Google Ad Grants to promote auction items and increase potential bidders. He also recommends that Google Ads be used to build prospect lists and bring new potential supporters to an organization’s website rather than asking first-time visitors to make a donation.

“A common misconception is that Google Ads are great for getting donations,” Rasko writes. “Those who access your site through Google Ad Grants are likely visiting for the first time. Expecting them to donate as a first-time visitor is the digital version of bumping into a stranger on the street, making small talk, and then asking them to support your nonprofit.”

Getting Professional Google Ads Advice

The Google Ad Grants program is 15 years old, but nonprofits can tap into a recently established mentorship service to help them acquire and manage their Google Ad Grants.

“The Google Ad Grants Certified Professionals Community was designed to enhance the Ad Grants experience for professionals and Grantees alike,” explains Google. “This community recognizes the network of agencies, consultants and trainers who look after nonprofits globally, and connects Grantees to recommended professionals through our Community Directory.”

Google, like many other big tech companies, is providing resources and tools to support nonprofits that has a fairly simple grant application. It may be worth it to take a few minutes to see if your nonprofit qualifies. Whether it is fundraising or friendraising, $10,000 in Google Ad Grants can go a long way in elevating awareness of your cause and supporting your nonprofit’s mission.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Unlike milk, passwords don’t need an expiration date. That’s the conclusion of Microsoft, which recently announced that it will no longer attach expiration dates as part of its security requirements.

An article at Forbes.com reports on the change, which was overdue, according to security professionals: “The United States National Institute for Standards and Technology (NIST) has been recommending password expiration is dropped from security policy since 2016. Now it seems that Microsoft has finally caught up and will be dropping the requirement starting from Windows 10 (1903) and Windows Server (1903) onward.”

Microsoft explains the change in a blog post: “There’s no question that the state of password security is problematic and has been for a long time. When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.”

In the past, Sinu has recommended changing passwords every 3-6 months and Microsoft concedes that changing passwords periodically has been part of most security protocols. However, new scientific research suggests that other practices should take precendent, such as enforcing banned password lists and using multi-factor authentication.

While there is no one data security plan that will fit all organizations’ needs, password security protocols should contain these critical elements:  

  • Do not reuse the same password for different online accounts.

  • Do not use passwords that have personal information or are easy to guess (see our article on the The World’s Most Hacked Passwords).

  • Create passwords or passphrases that do not use repeating words and number patterns,  cannot be easily guessed, and do not use personal information.

  • Use multi-factor authorization whenever possible.

If you have questions about password security policies, please contact us or download our free IT Policy & Security Starter Kit.


Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

While cybersecurity remains a burning issue for organizations in 2019, many businesses and nonprofits don’t plan on or budget for a cybersecurity risk assessment. However, once organizations understand the value of their data and reputation, assessments often become a regular component of their tech management strategies.

The basic steps of any cybersecurity risk assessment are to identify the risks and vulnerabilities in your network, rate how severe they are, and determine the effectiveness of your current security resources.

You should then triage the vulnerabilities and define your risk threshold, or what amount of risk you are willing to take, in order to create an efficient cybersecurity solution.

Your IT team will best understand your network, and can help assess the risk factors and provide recommendations about which solutions will protect against the top threats.

“Do not waste money protecting all of your information and systems equally from every threat,” the Extension School at Harvard recommends in its report on tips for assessing cybersecurity risks. “By taking the time to understand the realistic risks to your business, you can more effectively work with your IT team to design security into the systems that handle your most valuable data, defend you against probable events, and hopefully keep your business from being the next cybersecurity headline.”

Experts suggest that cybersecurity assessments become a continuous process, conducted at least every two years.

Points of vulnerability in most assessments for small businesses and nonprofits are employees, web pages and physical devices that connect to the Internet, an article at business.com notes.

And because people are the first and last line of defense with any cybersecurity protocols, buy-in by all employees is critical for the success of both the assessment and implementation of new security solutions.

While most organizations engage the IT team and employees for the assessment and implementation of cybersecurity, often overlooked is the role lawyers should play in this process.

In an article at lexicology.com, an online legal resource, the Association of Corporate Counsel encourages the use of legal personnel when conducting cyber risk assessments for several reasons: “For many companies, legal obligations will determine whether a particular framework should be used, and counsel will need to understand the underlying legal obligations and implications. In other companies, counsel will need to work with internal IT and (if applicable) third-party assessors to find the right match.”

In some cases, the results of an assessment could expose a company to legal repercussions, so the Association of Corporate Counsel suggests organizations protect their assessments from disclosure. Involving legal counsel in the assessment process could also help protect an organization from allegations of inadequate security should a breach occur.

Cybersecurity assessments should be an important part of your overall tech strategy, whether handled in-house or through a service. They will help you discover some of the most obvious and immediate risks to your network, and help inform an effective plan to secure your data.

Want tips on how to create a culture of security in your organization?

Learn more about data security best practices and policies with our free download, “Oh, the humanity! The role people play in data security.”


Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Watch the ZDNet report on most hacked passwords.

The phrase, “simpler is better,” doesn’t apply when it comes to passwords.

A new report from the UK’s National Cyber Security Centre, the cyber arm of the GCHQ intelligence service, reveals the 100,000 most hacked passwords. Not surprisingly, the simplest are easiest to hack.

“In order to nudge tech-savvy people in the right direction when it comes to staying secure online, the NCSC teamed up with Troy Hunt, an Australian cybersecurity expert who created Pwned Passwords API, to analyze millions of breached accounts worldwide to determine the most common hacked passwords,” Fox Business online reports.

And the top 10 winners for the most hacked passwords:

1. 123456

2. 123456789

3. qwerty

4. password

5. 111111

6. 12345678

7. abc123

8. 1234567

9. password1

10. 1234

According to the report, ‘123456,’ was identified 23 million times in breaches. The second worst password pick – ‘123456789’ – was breached 7.7 million times, and the third most hacked password, ‘qwerty,’ 3.8 million times.

While several simple series of numbers and/or letters made the top 10, the study found people often used names in passwords – whether it’s their own name, the name of their child or their favorite musician.

The five most common names used as passwords in breaches included: 1) Ashley; 2) Michael; 3) Daniel; 4) Jessica; and 5) Charlie.

The five most common musician-inspired passwords in breaches included: 1) Blink182; 2) 50 Cent; 3) Eminem; 4) Metallica; and 5) Slipknot.

Consumer Reports offers tips for password-based cyber security:

“Ideally, a password should be composed of a long string (think at least a dozen characters) of seemingly random uppercase and lowercase letters, numbers, and symbols,” the publication reports. “One of the best and easiest things to do is to create a long password out of an easy-to-remember phrase, then throw in some special characters.”

Other password tips:

  • Create passwords or passphrases that do not use repeating words and number patterns, cannot be easily guessed, and do not use personal information.

  • Use a different password for each online account.

  • Change passwords annually and/or when prompted by your online accounts.

  • Always use two-factor authentication when available.

Consumer Reports also advises to avoid your name, birthday, or references to other personal details including your child’s personal details because hackers routinely troll Facebook and Twitter for clues to passwords like these.

It is important to remember to apply these same password standards to connected devices such as routers, webcams, and TVs. Many come with default passwords that should be changed the moment you take the product out of the box.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Image Credit: Google Blog, 4/3/19.

On April 1, 2004, Google introduced an email system that would revolutionize online communication.

Tom Holman, senior product manager for Gmail, writes about the 15th anniversary of Gmail’s launch, noting, “Back in 2004, email looked a lot different than it does today. Inboxes were overtaken by spam, and there was no easy way to search your inbox or file messages away. Plus, you had to constantly delete emails to stay under the storage limit. We built Gmail to address these problems, and it’s grown into a product that 1.5 billion users rely on to get things done every day.”

But as the email world has changed, Google has sought to address challenges (even if they have not completely fixed the spam issue).

Google announced several updates to coincide with its anniversary designed to make managing email a bit easier.

Patrick Lucas Austin at Time online writes writes, “Just because companies like Microsoft and Slack are competing to eat Gmail’s lunch doesn’t mean the old dog is done learning new tricks.”

One of the most popular new Gmail features: scheduling emails within Gmail via web or through the Gmail app on your smartphone. Previously, people who needed to schedule email would use an extension or an entirely different service.

“Just write your email as you normally would, then schedule it to arrive in your recipient’s inbox at a later date and time,” wrote Jacob Bank, Director of Product Management, for Google’s G Suite.

Google also improved its smart compose feature, which uses machine learning to fill in the rest of your sentence. It can now be used to fill in your subject line after writing your email body. However, we advise you check your email and subject lines carefully if it works anything like auto-correct in spellcheck!

While many of Gmail tools, new and old, can save time and help productivity, there are several best practices everyone should consider when dealing with emails. The following tips come from Laura Mae Martin, Google’s in-house productivity expert.

1. Organize your time spent with emails

Instead of bouncing between tasks, take the time to sort your email based on what you need to do with the messages, then read everything you need to read and schedule time to do the research that may be needed before replying to certain emails.

“Read it once to scan and put in a pile based on your future action, then one more time when you answer it,” Martin urges. “‘Future you’ will benefit from your first touch and sort!”

2. Send pre-emptive replies and status updates

If you need to have more information or time before sending a message back, let the email sender know when you plan to get back to them instead of waiting for the dreaded “just following up” messages which can clutter your inbox.

3. Avoid emails when you need to get work done

While it is tempting to continue checking an email inbox, set a timer and turn off your email (if your job allows).

Martin notes, “At first your brain is uncomfortable and you’ll find yourself trying to flash over to that tab and see if anything is there, but ultimately you’ll drop into a state of flow where your best work is possible.”

4. Use filters to sort emails

Filtering emails in Gmail allows you to redirect emails as they arrive, so you don’t have to sort and manage some messages manually. For instance, you might want to direct all emails from a certain vendor to a specific project folder.

Dealing with emails can be time-consuming and frustrating, but with a little planning and discipline – and a few new tools from Gmail – you can cut down on email anxiety by decreasing the overall email volume, while having a time-saving system to organize and respond to your messages.  

Sinu delivers CTO-level consultation as part of its all-inclusive service. Want to speak with a tech expert about best practices for your organization? Contact Sinu today.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Employees accessing company data with a multitude of devices present the largest security threat for organizations today, according to a new report from BetterCloud, an independent software vendor based in New York, NY.

In a recent article, Techrepublic.com reports, “The biggest security threat to your business likely isn't a cybercriminal or hacktivist, but someone already in your organization, according to a Wednesday report from BetterCloud. The vast majority (91%) of the 500 IT and security professionals surveyed said they feel vulnerable to insider threats, whether their acts are malicious or accidental.”

This latest BetterCloud.com report points to the increase in software-as-a-service (SaaS) applications as contributing to this vulnerability because it creates “a massive information sprawl.” The risks are increased by the multiple endpoints employees use to access data which creates many potential points of “ingress for attackers” to the network.

For the 500 professionals surveyed in the report, negligence, not malice, is the biggest concern regarding security risks:

  • 62% of professionals said they believe the largest insider security threat comes from well-meaning but negligent employees;

  • 21% said they believed the threat came from those who intentionally cause harm; and

  • 17% from employees who are exploited by outsiders through compromised credentials.

So how can your organization mitigate the risk from well-meaning employees? Below are a few of the most crucial steps you can take today to protect your data.

  • Limit local administrator rights
    IT best practices dictate that employees not be given local administrator rights (LAR). LAR is the highest level of permission that is granted to a computer user; this level of permission normally allows the user to install software and change configuration settings. It gives someone the ability to shut off the security controls used to protect an organization’s systems, including password controls and anti-malware software. Unapproved software could also be installed, breaking critical applications and causing disruption and downtime. A company can also be exposed to malware, including a number of different phishing scams that can deliberately run code on systems with full permissions if someone inadvertently clicks on a malicious link or opens infected email content. Auditors also frown upon the practice because of its inherent risk.

  • Install Microsoft Advanced Threat Protection (ATP)
    Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses, as well as spoofing and phishing attempts. It also includes features to safeguard your organization from harmful links and attachments in real time, and can trace URLs to provide insight into the kind of attacks happening in your organization.

  • Strong Passwords
    Require that employees create passwords or passphrases that are at least 8 characters long and contain upper and lowercase letters, punctuation, and a number. A different password should be generated for each online account and passwords should be changed every 3 months. Always use two-factor authentication when available.

  • Frequent Employee Training
    In the past, companies could train employees once a year on best practices for security but that is not enough, said Wesley Simpson, COO of (ISC)2 in the report, IT leader’s guide to reducing insider security threats.

Reviewing data security policies and best practices as part of on-boarding new employees should be standard. It is recommended that organizations allot dedicated time during staff meetings to review and reinforce security protocols, garner feedback, and answer employee questions.

Whether a small business or nonprofit, creating a culture of data security will come from the top down. Messages and actions should reinforce that everyone in the company is responsible for protecting valuable data and there should be a protocol for reporting unsafe activity and/or emails without repercussion.

"Your people are your assets, and you need to invest in them continually," Simpson said. "If you don't get your people patched continually, you're always going to have vulnerabilities."

Want tips on how to create a culture of security in your organization?

Learn more about data security best practices and policies with our free download, “Oh, the humanity! The role people play in data security.”

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview