Struggling with Email Overload?

email-overload

Email has allowed us to send and receive messages more easily than ever before. While this is a good thing, it can lead to problems. You may receive dozens or even hundreds of emails in a day. At this point, it feels like you’re wasting your entire day dealing with those incoming messages. Even worse, it makes it difficult to find important messages in your inbox. You can quickly become overloaded with emails.

So how can we deal with this overload? The first step is to reduce the number of emails you receive overall and there are a few ways to do this.

Restrict who you give you email address to.

It’s important to think carefully about who you give your email to. For example, if you enter a lot of contests, this often automatically subscribes you to several email campaigns. If you type your email into every popup box asking for it, these add up. Reduce who you give your email to.

Unsubscribe

Go through your inbox and unsubscribe to newsletters that you never read. If you haven’t opened one of their emails in months, chances that you’ll start to later are low. Turn off notifications from social networks such as Facebook, Twitter, and Pinterest. If you like emails from these networks, then at least adjust the settings so they email you highlights once a week or month rather than allowing them to spam your inbox several times per day.

Do you need that notification?

If you receive emails that contain information you can find elsewhere, switch those notifications off. For instance, you might run an e-commerce site that sends an email for every sale. If your website already has a record of this, you don’t need it in two places. Make sure not to use your email as a to-do list. When you need to remember to do something, put that on a list elsewhere to clear up your inbox. If this is a hard habit to break, at least make a folder for things you need to do and move emails there and out of your general inbox.

Change your email habits

Change your own email sending habits. If a topic is complex and will require a lot of back and forth conversation, consider discussing it in person or over the phone. Sending fewer emails will reduce how many you receive in return. Remember that you don’t need to respond to every email you receive. A response indicates a willingness to continue to conversation.

Resist the urge to send messages with a single word like “Thanks!” or “Ok” and you’ll notice others will stop sending you similar, unnecessary messages. When sending group emails, you can also remind others not to use “reply all” unless it’s information relevant to the entire group.

Start clearing out

Now you can start emptying out your inbox and getting rid of any old emails you don’t need to keep. Delete old calendar invites, advertisements, or any emails where the problem has already been resolved. Respond to any messages that can be answered within only a few minutes. File everything that is left until you have a completely empty inbox. Archive messages where you don’t need to take an action, but you think might be useful. You can search and find these later if necessary. Put other emails into folders based off of the type of email and the priority level.

From now on, all of this can be automated. You can have receipts automatically go into a receipt folder, calendar invites go into another, etc. A cluttered inbox leads to your mind feeling just as cluttered. Free up your inbox to free up your mind and create more time in your day-to-day life. Let email overload become something of the past.

If you need help with your emails, give me a call on (828) 290-8237!

Should You Pay for a Ransomware Attack?

ransomware-social

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with plenty of businesses saying ‘yes.’ Here’s what you should consider if you’re ever in this situation.

Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?
Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.

How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?
Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place
Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. Using business-class spam filters can catch many of these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, I can help! Call me at (828) 290-8237.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

fakeinvoice-social

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

I can help increase your security. Call me at (828) 290-8237.

Why Spam is a Small Business Nightmare

Why-Spam-Small-Business-Nightmare-social

15 years after the world united to crack down on spam emails, we’re still struggling with overloaded inboxes. All that unwanted email continues to flood the internet, much of it targeted to small businesses, and the impact goes wider than you might think. Here’s the full breakdown of how modern spam works and how it’s hurting your business.

What is spam? Generally speaking, spam is any unwanted message that lands in your email, comes via text, social media messaging, or other communication platform. It might be sent to your main business account, for example your ‘contact us’ email, or direct to your employees. Most of the time, spam is annoying but relatively innocent messages from another business inviting you to buy/do/see something. They’re newsletters, reminders, invitations, sales pitches, etc. You may know the sender and have a previous relationship with them, or they might be a complete stranger.

Why you’re getting spammed. Maybe you or your employee signed up for a newsletter or bought a $1 raffle ticket to win a car. Perhaps you got onto the mailing list accidentally after enquiring about a product, not knowing that simply getting a brochure sent through would trigger a spam-avalanche. Often there’s fine print that says they’ll not only use your details to send you their marketing, but they’ll share your details with 3rd parties so they can send you messages too. That single email address can be passed around the internet like wildfire, and before you know it, you’re buried under spam. Sometimes, and more than we’d like to think, your details are found illicitly, perhaps through a hacked website for example, like the recent LinkedIn leak. More often though, your email is simply collected by a computer ‘scraping’ the internet – scouring forums and websites for plain text or linked emails and selling them as prime spam targets. It’s easy to see how individual office employees receive an average of 120 emails daily, over half of which are spam!

More than annoying. We all know spam is annoying, but did you know it’s also resource hungry? Your employees are spending hours each week sorting their email, assessing each one for relevance and deleting the spam. Too often, legitimate emails from clients and customers get caught up and are accidentally deleted. Add in the temptation to read the more interesting spam emails and productivity drops dramatically. On the other side of the business, your email server might be dedicating storage and processing power to spam emails, occasionally to the point where inboxes get full and real mail is bouncing out. While most spam is simply an unwanted newsletter or sale notice, there’s also the risk that any links may be a cyber-attack in disguise. After all, one click is all it takes to open the door to viruses, ransomware, phishing or other security emergencies.

How to stop the spam. The 2003 Can Spam Act (a global set of anti-spam laws) requires all marketers to follow certain rules, like not adding people to mailing lists without permission, and always including an ‘unsubscribe’ link.  So firstly, make sure you’re not accidentally giving people permission to email you – check the fine print or privacy policy. Next, look for the unsubscribe link at the bottom of the email. If the spam is from a legitimate know company use this link. Unfortunately, not all of them include the link, or they hide it somewhere impossible to see. Do not click unsubscribe on an email from a company you do not know. The worst spammers take that ‘unsubscribe’ click to confirm that your email address is valid/active and then sell it on. There are various types of spam filters on the market, often bundled with your email, that can help curb the amount of spam you receive.

Talk to me about your anti-spam protections. Call me at (828) 290-8237.