Technical insights for business owners
Thursday, April 2, 2020
Tuesday, March 24, 2020
Friday, February 28, 2020
Monday, December 23, 2019
Friday, April 14, 2017
Shadow IT: How Your Company’s Data
Is Silently Being Leaked Online
Is Silently Being Leaked Online
Here’s a growing trend creeping into
organizations of all industries and sizes: Shadow IT. Shadow IT are
unauthorized cloud applications employees are using and downloading to perform
work-related activities with company data. This can be file-sharing services
like Dropbox or surveys such as Zoomerang. The list goes on and on.
So what’s the
problem? For starters, if you’re in a highly regulated industry like medical or
financial services, you’re almost guaranteed to be flagrantly violating data
privacy laws or at least flirting with them; and if you’re audited, you could
end up facing BIG fines, not to mention legal fees and bad PR. Second, the
barrier to entry is LOW. Anyone with a browser and a credit card can purchase
or enroll themselves into applications that integrate with your organization’s
critical applications and/or store company data such as client lists, e-mails,
files, etc.
Of course, not
all cloud apps are bad, and most employees subscribe to these apps with the most honest of intentions, but you as the owner and your IT person or company need
to at least be AWARE of these applications to determine if they’re a threat to
security or a violation of data privacy laws, and simply to keep your
confidential information, well, confidential!
Your IT Company or person should be constantly monitoring your network for new
and unknown software or devices. This can (and should!) be incorporated into
routine vulnerability testing. If you’re not sure this is being done now, find out. As Intel founder Andy Grove
once said, “Only the paranoid survive.” Once you know what applications are
being used, you can set your company firewall to block applications you DON’T
want employees to access with company data and devices, and allow those that
are company-approved.
Also, make
sure you catalogue these sites somewhere by user with the login information for
that person. If an employee leaves your organization or is fired, they may
remember what the username and password are to these cloud applications and
could use them to harm your organization or steal data to sell or give to a
competitor. Don’t put yourself at risk!
If you find out your current Technical Service Firm does
not catalog and monitor your network for the presence of new applications, or
just need to learn how to evaluate your current firm please visit our site and request a free
report “What every business owner must know about hiring an honest, competent,responsive and fairly prices technical service firm”
Tuesday, July 5, 2016
Monday, April 4, 2016
How to spot a dangerous e-mail
Dissecting a dangerous e-mail. AKA How to spot a phishing attempt
I received this e-mail this
morning. Rather than simply smirk and
delete the obvious phishing attempt, I decided it would make a good reminder for
anyone who, like me, who has a bunch of e-mail to weed through each morning.
I’ve generated a screen shot and
notated in red, the indicators of danger.
Please feel free to print and share
with your staff. I'm more than happy to send you the snapshot file should you want a copy to distribute or place in your employee handbook. Just ask.
Bill Billand
973-808-2882
***
Note the actual sending address
looks like “Chase.com” but it’s a clever address designed to satisfy the casual
glance.
Non- specific name. Any notification from a business doing
business with you should address you by name or account name.
A hover-over the link reveals “Http://staging.canex.ca/JP-Chase.htm.
First – Any link to anything secure
should start with Https (note the “s”)
Second – The domain name is
staging.canex.ca – not JP-Chase, that is simply a cleverly named web page
designed to deceive.
Note the urgency with one, and only
one, means of resolution. A BIG RED
FLAG.
Again no alternate means of contact
or resolving this “Important” issue. The
victim of this scam believes he or she has one option. Click the link or suffer the consequences.
NEVER NEVER click the link.
Subscribe to:
Posts (Atom)