Business Tools to Take Your Business Out of The Office

November 7, 2018November 7, 2018 / jlyday / Leave a comment

Being engaged in business used to mean staying wired in at the office eight to twelve hours a day.  In the modern day, this is completely untrue.  Often the most efficient workplace is spread far and wide and always on the go.

Today you can completely unplug from your desk with just your laptop computer and 4G modem.  The freedom to work out of the office and even on the move is a huge advantage gifted to modern business.  A simple mobile hotspot is enough to work from anywhere in the world.

The Right Tools for the Job

The most important part of working on the go is ensuring you don’t lose touch with your team.  Maintaining total collaboration between team members can be tricky.  Luckily, there are tools that will help you to stay on top.

Microsoft Office 365 provides the traditional tools and support of Microsoft office, but adds remote team collaboration and cloud support too.  Files can be saved into the cloud, worked on, and accessed anywhere for review. At one time, remote working meant taking a copy of a file somewhere else to work.  Changes to the original weren’t reflected in the remote copy and at least one version was destined to be lost forever.

Software packages such as OneDrive allow the entire team to work on a single centralized file saved to the cloud.  Whether you edit on a beach, plane, or train; your team in the office gets the same version you do, at the same time.

Collaborative Working

The key to remote working is the ability to collaborate in a digital space with everyone at once.  Modern software such as Office 365 allows all team members to be working on a single document at the same time.

Whether the project calls for killer spreadsheets, expertly crafted documentation, or a knockout presentation; everyone can pull together and hit it out of the park.

Even when you’re not working out of the office or busy on the road, collaborative software can help to power your team working locally too.

Admin Done Remotely

Modern software has impacted the way in which we do bookkeeping and accounts too.

Similar to being tied to your desk in years gone past; accounting software was once stuck solidly in the desktop too.  Previously,  batch runs of calculations were required to provide reports on a weekly, bi-weekly, or monthly basis.  Today, cloud computing has opened up ways to speed up business in ways we couldn’t have imagined.

Cloud-based accounting packages such as Quickbooks Online allow for your accounts to be done remotely.  Moving the resource and strain out of your firm takes it out of sight and out of mind.

Security and maintenance of your accounts databases, for example, falls to cloud professionals instead of your business.  Rather than waste company time on submitting documents and calculating taxes they are done in the cloud and submitted to you instead.

Make your Accounts Work for You

Maintaining your accounts is made as simple as logging into a single portal.  This tool allows you to take both your admin and your work out of the office and keep it on the go.

By the time your accounts are due, your accountant simply has to log in remotely and pick up where you left off.  By the time taxes are due the work is done and you can get on with the important things.

Getting work done out of the office and on the go is a huge boost to productivity.  Modern technology enables you to keep team members up to speed, continue collaborating, and even stay on top of your accounts from anywhere in the world.

Give me a call today at (828) 290-8237 to talk about how you can unwire from the office.

Storage Struggles? How to Keep Up with the Data Explosion

October 26, 2018 / jlyday / Leave a comment

Many businesses have already embraced the benefits of going fully digital. It has allowed them to do more than ever before; saving both time and money. It has saved them a ton of space too, eliminating the need for stacks of file cabinets in every office.

The digital boom presents brand new problems too. By moving all your files into a digital space, the amount of storage you need to maintain has grown larger and larger just to keep up.

As digital technology has improved, the resolution, clarity, and size of the digital files we create has exploded. Items such as X-rays, which used to be printed on film are now digital files transferred by computer. As a result of the increase in both the number of digital files we use and their ever-growing size, the size of the data we need to store has exploded exponentially.

There are a number of ways in which we can tackle your ever-growing storage problem.

Local server or Network Attached Storage (NAS)

A local server is a machine physically located within your own office or building. These are typically designed to serve many files to multiple clients at one time from locally held storage.
The primary advantage that a local network server has is that all your vital data is available to all users in one central location. This means that employees across the network can access all the resources made available.

These machines can serve files at the speed of the local network, transferring large projects, files, and documents from a central position within the network with ease.

A NAS has many of the same network properties, typically packaged as a smaller profile, low powered computer. A NAS is specifically designed to enable network file sharing in a more compact package. These can be available in units small enough to fit in a cupboard nook and yet still provide staggering storage capacity on only a small amount of power.

Both a local server and NAS device allow for large amounts of storage space to be added to the local network. These units are often expanded with more and more storage over time. As an organization grows over time, so do its data storage requirements.

Cloud Storage

Sometimes the best option for storage is to move your ever-expanding data outside of the business completely. Often, offloading the costs of hardware and IT management can work out to be an intelligent business decision. One that provides freedom and flexibility in your data storage needs.

The major advantage of cloud storage comes from the ability to expand and contract your services as needed without the unnecessary overhead of adding and maintaining new hardware.

By moving storage to the cloud, data can be accessed from anywhere in the world. The flexibility provided by cloud storage allows limitless expansion to any number of devices, locations, and offices. Being able to access data from many locations at a single time can often provide a valuables boost to productivity that can help to speed projects along.

Some of the drawbacks of cloud storage come from factors that may be outside of the control of the business. Not all internet connections are found to be up to the task of handling large amounts of data to and from the cloud. In some cases, the infrastructure is quite simply not in place yet to support it.
IT security regulations can prove to be a barrier to enabling storage in the cloud too. Some regulations either prohibit the feature entirely or enable only certain specific types for use.

The Right Choice for your data

Both cloud and local storage can provide further benefits to enhance your business. Audit logs, central backups, and version control can all be used to secure the way your firm handles data.

Whatever your situation, whether a small NAS can boost your office productivity, a local server can provide the connectivity missing from your firm, or cloud storage can switch on new resources, I can advise on the best choices for your business.

Give me a call at (828) 290-8237 to help you make the right choice for your data.

The Top 5 IT Security Problems for Businesses

October 10, 2018 / jlyday / Leave a comment

Companies that suffer security breaches nearly always have one of these IT security problems. Is your company guilty of any of them?

No Backups

A shocking number of businesses are not backing up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.
Not only should every business be fully backing up their data, but their backups should be regularly tested to work too. It’s a step that businesses miss surprisingly often. Many businesses don’t find out that their backup can’t be used until it’s already too late.

Reactive and not proactive

The world is constantly changing. The IT world doubly so. Attackers are always figuring out new ways to break into businesses, hardware evolves faster than most can keep up, and old systems fail due to wear and tear far quicker than we would like. A huge number of businesses wait until these issues impact them directly before they respond. The result is higher costs, longer downtime, and harder hitting impacts.

By responding to hardware warnings before it fails, fixing security holes before they’re exploited, and upgrading systems before they are out of date: IT can be done the right way. Being proactive about your IT needs means systems don’t have to break or compromised before they are fixed. The result for your business is less downtime, fewer losses, and lower IT costs.

Weak Passwords

A surprising number of people will use the password “password” to secure some of their most important accounts. Even more still will write their own password on a post-it note next to their computer. In some cases, many will even use no password at all. Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too. When system changes are made it’s often essential that the account that made changes is secured to the right person.

With an insecure password or worse; none at all, tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.

Insufficient Staff Training

Humans in the system are commonly the weakest point in IT security. Great IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate. If staff aren’t trained to use the lock, it’s worth nothing at all.

Often times businesses can justify spending big on security for the latest and greatest IT defenses. The very same firms may exceed their budget and spend almost zero on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat where it takes place, avoiding and mitigating damage, often completely.

Weak Data Controls

Some companies can take an ad-hoc, fast and loose approach to storing professional data. Often crucial parts can be spread across many devices, copied needlessly, and sometimes even left unsecured. Client data can be found regularly on employee laptops, mobile phones, and tablet devices. These are famously prone to being misplaced or stolen out in the field along with vital client and security data.
It can be easy for both employees and firms to focus on the costs of devices and hardware purchased for the business.

The reality is that the data held on devices is almost always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since the firm was first founded. Critical data is often held on single machines that haven’t been updated precisely because they hold critical data. Such machines are clearly vulnerable, outdated, and prone to failure.

Common problems with simple solutions
Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.

If you need help securing your IT to protect your business, give me a call at (828) 290-8237.

Is Your Business Ready for Business-Grade Wi-Fi?

September 19, 2018 / jlyday / Leave a comment

In today’s business world, having great Wi-Fi isn’t a luxury -it’s a necessity. Businesses, with their varying needs, have personal requirements for what constitutes great Wi-Fi. For some small businesses, consumer-grade Wi-Fi may be sufficient, but many find that business-grade Wi-Fi is more appropriate. As companies grow, there becomes a tipping point where business-grade is necessary. So how do you know if your business is ready for business-grade Wi-Fi? Ask yourself the following questions to find out.

How many devices use your Wi-Fi?

It used to be that only desktop computers connected to your Wi-Fi, but that is no longer the case. With the rise of portable devices such as smartphones, tablets, and laptops, each person may be using your Wi-Fi from several devices. Consumer-grade hardware is designed for just a few people (like the amount that live in a single household) but can’t manage larger amounts of users and all of their devices. This is especially true for sustained usage. Remember that your employees aren’t the only people who expect to be able to connect to your Wi-Fi. One of the first things visitors typically do is look for a Wi-Fi network to connect their smartphones to.

What is the size and shape of your workspace?

The number of access points you will need for your Wi-Fi is dependent on the amount of physical space that needs to be covered, the shape of the area, wall material, and the number of users/devices. In smaller spaces, consumer-grade Wi-Fi is good enough. Larger, oddly shaped spaces benefit from business-grade. If your building’s walls are made of brick, cinder blocks, or cement, you likely need more access points than buildings made of other materials. Make sure you have a strong connection from all locations. It’s annoying to only be connected to Wi-Fi in certain areas of a building and find yourself in a deadzone a few steps later.

Access points for business-grade Wi-Fi tend to be more powerful and flexible. For example, some business Wi-Fi systems can transfer Wi-Fi devices from a crowded access point to one that is less busy. By doing this, everybody’s fast speed remains. If you foresee your range needing to increase, such as renting out more space, it’s easier to add more access points to business-grade Wi-Fi than consumer-grade. Businesses that anticipate scaling up soon are better off with business-grade Wi-Fi.

Do you want guests to have the same quality Wi-Fi as workers?

In households, where consumer-grade Wi-Fi is prevalent, all users share the Wi-Fi equally. In a home environment, if children are slowing down the internet with Netflix or video games, it’s not a big problem. However, a choked business Wi-Fi can cause a lot of problems. Business-grade Wi-Fi allows you network management. You can assign a designated amount of bandwidth to different users so they’re unable to clog the entire connection. You can allow visitors internet access without giving them unlimited access to the network.

How much does the internet affect your employees’ productivity?

For some companies, workers only use Wi-Fi for a few quick tasks. With these types of businesses, if the internet is slow, it won’t have a big impact on how much work your employees get done. Consumer-grade Wi-Fi might be a good choice. For other companies, there isn’t much people can accomplish if the Wi-Fi isn’t working well. The slower your employees work, the less money you make. Wi-Fi troubles can also lead to frustrated, unhappy workers. If fast internet is essential for people to complete their daily tasks, business-grade Wi-Fi is important.

Strong Wi-Fi is a necessity for all businesses. This is especially true for larger businesses that connect a lot of devices (from both employees and visitors) and have a big work area. Also for those where employee productivity depends on a strong connection. The goal is to keep your business-critical technology running smoothly. Consider carefully whether consumer-grade Wi-Fi or business-grade Wi-Fi is the best choice for your business.

Is your business’s Wi-Fi struggling? Give me a call at (828) 290-8237 to discuss a solution.

It’s Official: Your Business NEEDS to Use HTTPS

August 22, 2018 / jlyday / 1 Comment

You may have noticed many business websites now have a green padlock in the address bar next to the letters ‘https’. Until recently, you’d only see that on shopping or banking sites, but it’s now become the expected norm for all business websites – even if you don’t ask people to log in or enter credit cards. Simply put, the ‘s’ in https stands for secure and means any data sent/received by the visitor is encrypted.

Clearly, it’s an essential feature for e-commerce sites, but why have all the info-only websites started using https too?

The New Google Rule

As of July 2018, Google will mark your page as insecure unless you’re using https. It’s a movement they started a few years ago to make the internet a more secure place by default. Since Google pretty much rules the internet search and increasing security is always a good idea, businesses have been gradually switching over. Without https protection, someone with access to your internet connection, whether from digital eavesdropping or hacking, could intercept the information. They could also place malware onto otherwise legitimate sites and infect innocent visitors. That’s why eighty-one of the top 100 sites online have already switched to https and a strong majority of the web is following suit.

The Browser Bar Says It All

In the same way a green padlock in the browser bar indicates a trustworthy site, you can expect non-https sites to be marked with a “not secure” warning. Previously, users had to click an information symbol to actively investigate non-secure sites. The shift to plain sight markers will be most noticeable on Chrome, however it’s expected that other browser developers will follow suit. Visitors may then be alarmed by landing on your site and seeing that the connection isn’t secure.

The fact that you may not be asking them to log in, enter personal details or payment is irrelevant. You may not be asking them to enter anything at all, but perceptions matter. Eventually that warning will be changed to an alarming red as Google declares war on unsecure sites. As the common understanding is that a warning = bad, you may get more visitors bouncing away within seconds or even contacting you to report that your site has a problem.

Boosts for Secure Sites

Google is taking its commitment to safe web browsing further by favoring https. That means the search algorithm is taking your site security into account, preferring to display results that it knows will protect users from hackers. Since https status gets the nod, you may find yourself climbing in the ranking while other businesses scramble to catch up. It really is a win-win situation.

What to Do Next

In an ideal world, your site would have a secret switch on the back-end you could flick over and suddenly be https, but it’s a little more complicated than that. In fact, you may have already noticed some sites experiencing trouble with the migration. When the setup goes wrong, users don’t see your website with a little warning in the corner, they’re blocked by a full page error and offered a return to ‘safety’ (away from your site).

The easiest way to make the move to https is to contact your web developer, as they’ll be able to make sure you’re keeping Google happy and rolling in the green.

How to Securely Dispose of Old Computers

August 10, 2018 / jlyday / Leave a comment

Getting new computers for your business is exciting, but what happens to the old ones? Depending on the age, some people sell them, others throw them out. That’s the easy part. The problem is the sensitive data on them. There are passwords, account numbers, license keys, customer details, medical information, tax returns, browser history…. the works! Each computer, whether laptop, tablet or desktop, contains a treasure trove of sensitive information that cyber criminals would love to get their hands on.

Unfortunately, hitting delete on your files doesn’t actually make them disappear. These mistakes have cost businesses millions of dollars over the years.

Most businesses are unaware that specialized data cleanup is necessary, others think calling someone to collect the computers will cover all the bases. A 2016 experiment proved just how dangerous the situation can be when they bought 200 used hard drives and found 67% held unwiped, unencrypted sensitive data, including sales projection spreadsheets, CRM records, and product inventories. Frighteningly, they didn’t need any special hacking skills to get this data, it was all right there and helpfully labelled. It’s also not surprising that with simple data recovery tools, people have also been able to access British NHS medical records and missile data, all waiting patiently on a discarded hard drive.

Why hitting delete doesn’t help

Data on a hard drive works like a book with an index page. Every time data is written, it pops a quick entry into the index so when you need it again, it knows where to look. The index is used for files you create as well as system files you can’t even see. Sensible, right? Except if you delete a file it’s more like changing the index to say nothing is on page 10 and you can write something else there when you’re ready. But if you manually flip to page 10, you’ll find the information is still there – the file still exists until it’s been written over – it’s the index reference that got deleted.

Wiping data before disposal

There are software tools you can get to do it yourself, as well as dedicated security firms, but your best option is to choose an IT business you know and trust. With that in mind, a methodical approach is required to ensure not a single drive is left untreated. You don’t want to leave data behind, or even clues that a motivated person could extrapolate any private information from. The approach might include using checklists to maintain security, or dedicated processes to guide each step in decommissioning. Careful records should also be kept, including who signs off on completion of the retirement, and where the computers are sent afterwards. A proper inventory and auditing process may slow the rollout of the new computers slightly, but it’s always better than having your old data come back to haunt you.

I can migrate any needed data, backup the information to your server or external drive, then wipe or destroy the hard drives for you.

Upgrading your business computers should be a happy time for you and your employees, so with a little forward planning, you’ll be able to keep everyone smiling and all your data secure.

Need help with your old hardware? Call me today at (828) 290-8237!

Is it Time to Retire That Program? Here’s How to Tell for Sure

July 26, 2018 / jlyday / Leave a comment

Your business has likely been using the same set of applications for some time. Perhaps since the day you started, a long time ago. While you’ve been replacing computers and devices regularly to maintain your competitive advantage, the standard installation has remained largely the same. The programs do the job and everyone knows how to use them, so why upgrade? In some cases, it’s completely fine to keep that legacy program.

However, there are some aspects you should consider:

Support Available
Occasionally, and more frequently with software from smaller developers, the author has moved on from supporting the program. Perhaps they’ve closed the business, sold it, or pivoted directions completely. Either way, they’re no longer interested in helping you get the best from the program. Every time your employees come up against a problem they have nowhere to turn and productivity takes a hit as they try and come up with a workaround. Meanwhile, you run the risk that it could suddenly stop working after a Windows update, begin clashing with other essential software, or even create gaping holes in your security. As you are aware, even the bigger companies like Microsoft stop supporting software after a while, as they have with earlier versions of Windows. Having support available to both assist and protect is a huge asset to your business.

Hardware Compatibility
Imagine picking up a brand new computer and trying to insert a 5 ¼ floppy disk – that’s the 1980s retro square ones bigger than your hand – it doesn’t matter how effective that program will be, modern technology simply has no idea what to do with it. Thanks to the rapid advancement of computer hardware, you may find a simple component refresh leaves your legacy program completely incompatible. The latest CPU that’s supposed to speed things up suddenly brings your entire business to a standstill, purely because it’s too advanced. Many owners work around this by keeping some older systems running exclusively for that program, but as the classic hardware fails, you may find yourself struggling to find replacement parts or technicians able to install them.

Security Vulnerabilities
Broadly speaking, the longer a program has been around, the longer hackers have had to discover its weaknesses. It could be a flaw in the program itself, or in the operating system that runs it. For example, the application may only run on Windows XP, but Windows XP is one of the earlier versions that Microsoft has stopped supporting. As the older operating systems and programs aren’t being patched, cyber criminals pour more energy into finding flaws they can exploit. It’s open season in their minds, and a free ticket to all your connected systems. It’s how hospitals across the UK found themselves infected with ransomware last year, simply because they were running programs with known weaknesses.

As it’s not always feasible to replace a program immediately, I can help you run it on a virtual machine. That is, running the older operating system or program from within another program. You’ll have increased security, an element of support and a strong backup system while you work to find a replacement program. These types of solutions are very specialized and resource hungry though, so let me know if you need help. The other option is to migrate to a new program that does what you want, and is supported, hardware compatible and secure. If you’ve been running the old program for some time, this may feel quite daunting at first. Before you rule it out, keep in mind you’ll also be gaining the benefits of faster software, more integrated processes and a highly flexible system.

Need to talk through your options? Give me a call at (828)290-8237.

Why Periodic Security Assessments Should Be Your New Normal

June 27, 2018 / jlyday / Leave a comment

By now you know that building up your cyber security is just as important as building up your cash flow. Both are essential to your success, but while most businesses keep an eye on the financials, they tend to think cyber security is something they can set and forget. Unfortunately, cyber criminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.

Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these problems, you’re able to proactively setup adequate protection before cybercriminals strike. It’s best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that would otherwise be missed.

Regulations change – Are you affected?
Many businesses are kept to strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and time frame. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. I can ensure your business is meeting the relevant regulations, diving deep to be certain you’re safe.

Security patches and updates are vital
It’s so easy to fall behind on your security patches, after all, it seems like there’s a new update every week and each one takes precious time to apply. Cyber criminals are targeting businesses running late, and it’s basically easy pickings for them. If you’re unpatched where it counts, it’s like inviting them in. When we conduct your security assessment, we can take a look at your history and see if your business has a robust patch plan in place and make sure you’re up to date. If there’s an issue that’s placing you at risk now, impacted you in the past, or will in the future, we’ll find it.

Viruses are always evolving
Just like the human variety, computer viruses are nothing to welcome into your workplace. They’re constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cyber criminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where you’ve had the most breach attempts and where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed
As your business has grown over the years (or shorter if you’ve experienced a recent surge), your entire setup has changed. More employees, expanded remote access, additional vendors, supplementary locations…the list really is endless. With each change has come a new risk, particularly if your security has been growing around you. It might be that your password policies haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cyber criminal would.

What to do with your assessment results
Once we’ve finished the assessment you have a benchmark for progress. You’ll know exactly what you need to do, how I can help, and perhaps most importantly, which actions take priority. Moving ahead, future security investments will be smarter as you focus on the high-payoff areas. You’ll also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

Book your security assessment today. Call me at (828)290-8237.

Should You Pay for a Ransomware Attack?

June 13, 2018 / jlyday / Leave a comment

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with plenty of businesses saying ‘yes.’ Here’s what you should consider if you’re ever in this situation.

Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?
Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.

How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?
Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place
Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. Using business-class spam filters can catch many of these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, I can help! Call me at (828) 290-8237.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

May 9, 2018 / jlyday / Leave a comment

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

I can help increase your security. Call me at (828) 290-8237.

Tech Tips for Everyone

By Joe Lyday, Computer Consultant

Business