Blog | Managed IT Solutions For Businesseshttps://acsapp.com/blog/2024-03-28T18:48:25-04:00ACS IT Services Blog
How to Ensure Your Cyber Insurance Pays Out2024-01-12T06:00:00-05:002024-03-27T18:34:01-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/how-effectively-managing-risk-bolsters-cyber-defenses/<p><strong>How to Ensure Your Cyber Insurance Pays Out</strong></p>
<p> </p>
<p>In the current digital environment, where cyberthreats are commonplace, it makes perfect sense to have cyber liability insurance. However, just having a policy in place doesn’t guarantee a smooth claims process.</p>
<p> </p>
<p>Cyber insurance policies come with varying terms and coverage, requiring meticulous examination of inclusions and exclusions and deciphering technical jargon. Having a thorough understanding of your policy sets realistic expectations and prepares you to handle potential cyber incidents with confidence.</p>
<p> </p>
<p>This blog aims to help you get the most out of your cyber liability insurance. Keep reading to learn more.</p>
<p> </p>
<p><strong>Mastering your cyber insurance claims</strong></p>
<p> </p>
<p>Here are some key steps to optimize your coverage:</p>
<p> </p>
<p><strong>Thorough policy understanding</strong></p>
<p>Delve into the nuances of your policy. Scrutinize terms, conditions and coverage limits. Identifying inclusions and exclusions aligns your expectations effectively, empowering you to grasp the extent of protection offered.</p>
<p> </p>
<p><strong>Precision in application</strong></p>
<p>Accuracy is paramount when applying for cyber insurance. Detailed and precise information regarding your organization’s cybersecurity measures, risk management practices and past incidents or breaches aids insurers in evaluating your risk profile accurately.</p>
<p> </p>
<p><strong>Documentation of security measures</strong></p>
<p>Maintaining comprehensive records of cybersecurity measures, policies, procedures and incident responses becomes crucial evidence during the claims process. These records showcase proactive steps taken to mitigate cyber-risks.</p>
<p> </p>
<p><strong>Timely incident reporting</strong></p>
<p>Immediate reporting of cyber incidents or potential claims to your insurer as per policy requirements is essential. Swift notification initiates the claims early, allowing for a prompt investigation — a critical aspect of a successful claims process.</p>
<p> </p>
<p><strong>Detailed loss documentation</strong></p>
<p>Comprehensive documentation and quantification of financial losses incurred due to cyber incidents are vital. Including costs related to business interruption, data restoration, legal fees and other expenses supports your claim’s accuracy.</p>
<p> </p>
<p><strong>Cooperation with the insurer’s investigation</strong></p>
<p>Full cooperation with the insurer’s investigation, providing requested information, interviews and access to systems and records, is imperative. Failure to cooperate might lead to claim delays or denials.</p>
<p> </p>
<p><strong>Regular policy review</strong></p>
<p>Consistent review of your cyber insurance policy is crucial. Align it with evolving business needs and changing cyber risk landscapes. This step allows necessary adjustments to coverage, endorsements or additional coverages matching your risk profile.</p>
<p> </p>
<p><strong>Enhancing cybersecurity practices</strong></p>
<p>Continuously improve cybersecurity measures based on industry standards. Regular assessments to identify and mitigate vulnerabilities showcase a proactive approach, potentially influencing positive claim outcomes.</p>
<p> </p>
<p><strong>Expert consultation</strong></p>
<p>Seeking guidance from insurance professionals, legal counsel and specialized IT service providers offers invaluable insights. Their advice aids in optimizing coverage and effectively navigating the claims process.</p>
<p> </p>
<p><strong>Ensuring a successful payout</strong></p>
<p> </p>
<p>While obtaining cyber insurance is vital, maneuvering the claims process for a successful payout is equally essential. Our seasoned experts specialize in cyber insurance claims and understand policy nuances and claim procedures. With extensive experience, we’ve successfully guided numerous businesses through complexities, offering tailored strategies to enhance claim success. <a href="https://www.acsapp.com/schedule-appointment" rel="noopener" target="_blank">Schedule a no-obligation consultation</a> to optimize your cyber insurance coverage and fortify your business against cyber incidents effectively.</p>Achieve Strategic Cyber Risk Management with NIST CSF2023-12-14T18:04:53-05:002024-03-27T18:34:02-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/achieve-strategic-cyber-risk-management-with-nist-csf/<p>Protecting data and critical technology that is sensitive to your Winter Haven business from cyberattacks is essential. The success of your organization relies on its ability to withstand cyberthreats. This is where cyber-risk management comes in.</p>
<p>By implementing a solid cyber risk management strategy, businesses can;</p>
<p>-build robust defenses</p>
<p>-minimize risks without hindering growth</p>
<p>-build security enhancements</p>
<p>- ensure business compliance.</p>
<p>Our blog will help you understand the cyber risk management core principles and demonstrate how integrating with an effective yet simple security framework can lead to strategic success.</p>
<p><strong>Key Characteristics of Risk-Based Cybersecurity:</strong></p>
<p>Risk reduction: Proactively identifying and neutralizing threats helps minimize the potential impact of a cyber incident.<br/>Prioritized investment: By identifying and assessing risks, you can focus your investments on the areas that require the most attention.<br/>Addressing critical risks: Strengthening your business security begins by addressing the most severe vulnerabilities.</p>
<p><strong>Cyber Risk Management Frameworks:</strong></p>
<p>Cybersecurity risk frameworks act as guides to help Winter Haven businesses fully leverage a risk-based approach. Here are several ways frameworks can enhance your current cybersecurity posture:</p>
<p>Take away guesswork: Frameworks provide a structured way to assess your current cybersecurity posture.<br/>Focused investments: Frameworks help organizations concentrate their investments on the most critical and relevant risks.<br/>Build customer trust: Frameworks offer guidance for building security, which is vital for establishing customer trust.<br/>Tried and tested controls: Frameworks incorporate effective security controls that have been proven successful.<br/>Achieve compliance: Frameworks assist Florida organizations in complying with government and industry regulations.</p>
<p><strong>NIST Cybersecurity Framework:</strong></p>
<p>The NIST CSF is a popular and user-friendly framework designed to empower Florida business leaders like you to enhance organizational cybersecurity. Think of it as a valuable tool created by top security experts to protect and secure your digital assets.</p>
<p><strong>Here's how the NIST CSF supports a risk-based approach:</strong></p>
<p>Understand your risk: Identify what is most valuable to your business.<br/>Comprehensive view: Consider people, processes, technology, information, and other critical aspects that require protection for successful operation.<br/>Prioritize risks: Assess the impact of risks on your business to prioritize mitigation efforts.<br/>Optimize resources: Allocate resources strategically for maximum impact.<br/>Continuous monitoring: Adapt to evolving threats through ongoing monitoring.</p>
<p><strong>Secure Your Future:</strong></p>
<p>Protecting your Winter Haven,FL business from cyberthreats is crucial for its survival and growth. Don't leave your security to chance - consider partnering with an experienced IT service provider like us. Contact us now!</p>
<p>Download our infographic, <a href="https://www.acsapp.com/media/uploads/risk_management_infographic-acs-dec-2023.pdf" rel="noopener" target="_blank" title="Assess Your Cyber-Risks in 7 Critical Steps">"Assess Your Cyber-Risks in 7 Critical Steps"</a>, and fortify your defenses against lurking cyber dangers.</p>Discover the Top AI Cyber-Risks You Need to Know2023-10-25T12:00:00-04:002024-03-28T16:16:32-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/discover-the-top-ai-cyber-risks-you-need-to-know/<p>The revolutionary power of AI has captivated Traverse City businesses of all sizes, from industry giants to smaller enterprises. With endless possibilities at our fingertips, it's important not to overlook the potential risks that come with AI.</p>
<p>In this blog, we will explore both the benefits and risks of AI, providing you with the knowledge to harness its strengths while protecting against potential pitfalls.</p>
<p><strong>Benefit 1: Smart Data Analysis</strong></p>
<p>AI has the ability to swiftly analyze massive amounts of data, uncovering valuable patterns. This allows you to make well-informed decisions and avoid guesswork, giving your business a competitive edge.</p>
<p><strong>Benefit 2: Boosted Productivity</strong></p>
<p>By automating mundane tasks, AI frees up your employees to focus on more critical work. This increases productivity and efficiency, ensuring that your team can accomplish more in less time.</p>
<p><strong>Benefit 3: Faster Business Maneuvering</strong></p>
<p>In a rapidly evolving technological landscape, it's crucial to stay up to date. AI enables you to process and respond to real-time information quickly, allowing you to react swiftly to changing scenarios, customer demands, and opportunities.</p>
<p>However, it's important to be aware of the potential cyber challenges that come with AI:</p>
<p><strong>Challenge 1: AI-Powered Phishing Scams</strong></p>
<p>Cybercriminals are now using AI-driven chatbots to create sophisticated phishing emails that are difficult to detect. These attacks exploit human vulnerabilities, making it easy for even the most vigilant individuals to unknowingly share sensitive information.</p>
<p>To protect yourself, exercise caution with emails from unknown sources. Scrutinize sender details, avoid suspicious links, and consider using anti-phishing tools for added protection.</p>
<p><strong>Challenge 2: Malicious AI-Generated Code</strong></p>
<p>Cybercriminals are leveraging AI tools to generate code that surpasses manual capabilities. This code finds its way into malware and other malicious software, posing a significant threat to your organization.</p>
<p>Educating your team about these schemes and implementing layered security measures, such as firewalls, antivirus software, and automated patch management, can help defend against these sophisticated attacks.</p>
<p><strong>Challenge 3: Deepfakes and Impersonations</strong></p>
<p>AI-generated deepfakes can spread misinformation, deceiving unsuspecting individuals and leading to fraud or character defamation. This poses a risk, especially in industries like banking where online identity verification is crucial.</p>
<p>To identify deepfakes, it's important to pay attention to details such as skin texture, blinking patterns, and facial shadows. These anomalies can help distinguish genuine content from manipulated content.</p>
<p>To navigate the world of AI safely and responsibly, we offer a comprehensive eBook, "<a href="https://www.acsapp.com/media/uploads/advanced_computer_solutions-_cybersecurity-awareness-ai-ebook_2023.pdf" rel="noopener" target="_blank">Shielding Your Enterprise: A Guide to Navigating AI Safety</a>." This resource will equip you with the knowledge and strategies to ensure the secure utilization of AI in your business.</p>
<p>If you find the idea of navigating AI daunting, reach out to us for a <a href="https://www.acsapp.com/schedule-appointment" rel="noopener" target="_blank">no-obligation consultation</a>. Together, we'll navigate the realm of AI, harness its power, and prioritize the safety of your organization.</p>Protect Your Winter Park, FL Business from Phishing Attacks: Your Guide to Email Security2023-10-17T10:30:00-04:002024-03-27T18:34:04-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/protect-your-winter-park-fl-business-from-phishing-attacks-your-guide-to-email-security/<p>Phishing scams are a major threat to businesses in Winter Park, FL, just like yours. Don't become the next victim! It's crucial to understand how cybercriminals use phishing emails to steal your money and data.</p>
<p>In this blog, you'll learn about the intent behind phishing emails, different types of phishing attacks, and most importantly, how you can protect your email and business.</p>
<p></p>
<h3><strong>The Goal of Phishing Emails: Stealing Your Money and Data</strong></h3>
<p><strong></strong></p>
<p>Phishing emails are designed to deceive and trick unsuspecting victims into taking actions that benefit the cybercriminals. They want to steal your money, data, or both. They may try to trick you into sharing passwords, sending money, downloading malware, or revealing sensitive information.</p>
<p>Financial theft is a common aim of phishing attacks. Cybercriminals use tactics like business email compromise (BEC) or ransomware attacks to steal money. They can also steal your data, such as usernames, passwords, social security numbers, and financial information, to commit financial thefts or sell your information on the dark web.</p>
<p></p>
<h3><strong>How to Spot and Avoid Phishing Attempts</strong></h3>
<p><strong></strong></p>
<p>Stay one step ahead of cybercriminals by being vigilant and looking out for common phishing attempts:</p>
<p style="padding-left: 30px;">Beware of emails that ask you to click on a link. They may contain malicious software that can steal your data.</p>
<p style="padding-left: 30px;">Be cautious of emails that direct you to a website. It could be a malicious site designed to steal your login credentials.</p>
<p style="padding-left: 30px;">Stay alert if an email contains an attachment. Malicious extensions disguised as documents or invoices can infect your computer.</p>
<p style="padding-left: 30px;">Be suspicious of emails that try to rush you into taking urgent actions, such as transferring funds. Verify the request's authenticity before taking any action.</p>
<h3><strong></strong></h3>
<h3><strong>Understanding the Different Types of Phishing Attacks</strong></h3>
<p></p>
<p>Phishing attacks come in various forms and target Florida businesses of all sizes. While phishing emails are common, cybercriminals also use texts, voice calls, and social media messaging. Here are the types of phishing traps you should watch out for:</p>
<p style="padding-left: 30px;"><strong>Spear phishing:</strong> Highly personalized emails that target individuals or businesses to steal sensitive information or spread malware.</p>
<p style="padding-left: 30px;"><strong>Whaling:</strong> Scams that specifically target high-level executives by impersonating trusted sources to steal money or information.</p>
<p style="padding-left: 30px;"><strong>Smishing:</strong> Text messages claiming to be from trusted sources to convince victims to share sensitive information or send money.</p>
<p style="padding-left: 30px;"><strong>Vishing:</strong> Voice phishing, where cybercriminals impersonate trusted organizations or individuals to trick victims into sharing personal information.</p>
<p style="padding-left: 30px;"><strong>Business email compromise (BEC):</strong> Spear phishing attacks using seemingly legitimate email addresses to trick recipients, often senior-level executives, into sending money.</p>
<p style="padding-left: 30px;"><strong>Angler phishing:</strong> Scams that target social media users by pretending to be customer service accounts and tricking them into revealing sensitive information.</p>
<p style="padding-left: 30px;"><strong>Brand impersonation:</strong> Phishing scams that impersonate popular businesses to trick customers into sharing sensitive information.</p>
<p><strong></strong></p>
<h3><strong>Boost Your Email Security with Professional IT Services</strong></h3>
<p><strong></strong></p>
<p>Protecting your Winter Haven business from cyberattacks can be challenging. That's where we come in. As an experienced IT service provider, we have the expertise, resources, and tools to keep your email secure. Don't let phishing attacks harm your business. <a href="https://www.acsapp.com/schedule-appointment" rel="noopener" target="_blank" title="Schedule your no obligation consult today!">Contact us now</a> to learn more about our email security services.</p>
<p></p>
<h6><em><strong>Secure Your Inbox: Download Our eBook - <a href="https://www.acsapp.com/media/uploads/cybersecurity_awareness_and_email_security_e-book_by_advanced_computer_solutions.pdf" rel="noopener" target="_blank" title="Your Guide to Email Security">Your Guide to Email Security</a></strong></em></h6>Why Your Business Needs to Beef Up Employee Security Awareness2023-08-16T06:00:00-04:002024-03-27T18:41:41-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/why-your-business-needs-to-beef-up-employee-security-awareness/<p>In today's world, organizations are becoming increasingly aware of the ever-changing cybersecurity landscape. Despite investing billions of dollars worldwide to protect against cyber threats, cybercriminals still manage to breach even the strongest security defenses.</p>
<p>These criminals relentlessly exploit vulnerabilities, with their primary target being employees. Cybercriminals see employees as the weakest link in an organization's cybersecurity. But you can address and strengthen this vulnerability through proper training.</p>
<p>It is crucial to prioritize enhancing employee security awareness to protect your Polk County small business. In this blog post, we will explain why cybercriminals target employees and the importance of improving their security awareness. By understanding these vulnerabilities, we can take proactive steps to mitigate risks and empower your employees to actively defend against cyberattacks.</p>
<p><strong>Lack of Employee Awareness</strong></p>
<p>A main reason employees tend to fall prey to cybercriminals is their lack of knowledge about common threats, techniques, & best practices. Cybercriminals can instigate malware infections, phishing attacks, and engineering ploys by exploiting this knowledge gap among your employees.<br/><br/><strong>Privileged access</strong><br/>Employees often hold privileged access to critical systems, sensitive data or admin privileges which cybercriminals crave. By compromising your employees’ accounts, cybercriminals can then obtain unrestricted access to valuable assets, wreaking havoc within your organization.<br/><br/><strong>Social engineering attack tactics</strong><br/>Cybercriminals are masters of manipulation, leveraging social engineering tactics to deceive employees into disclosing sensitive information, sharing login credentials or unwittingly compromising security measures. These tactics can exploit your human curiosity, trust, and emotions, making your employees unintentional accomplices in cybercrime.<br/><br/><strong>The BYOD trend<br/></strong>The rising trend of BYOD (Bring your own device) can expose your organization to increased risks. Employees accessing company systems and info from personal devices that often lack the robust security controls of company-issued devices create vulnerabilities that cybercriminals can exploit.<br/><br/><strong>Hybrid and remote work challenges</strong><br/>The more the world leans towards hybrid and remote work, the more security challenges for businesses like yours. If your employees are working from home on an unsecured network, share devices with others family members or friends, and fall prey to homelife distractions, their focus can be pulled from adhering to the best practices, increasing their susceptibility to attacks.</p>
<p><strong></strong></p>
<p><strong>Tips for creating an engaging employee security training program for small businesses</strong></p>
<p><strong></strong></p>
<p><strong>Understand your cybersecurity needs</strong></p>
<p>Identify specific risks and vulnerabilities that your business may face, especially those related to technology and cyber attacks.</p>
<p><strong>Set clear goals</strong></p>
<p>Define what you want employees to learn and achieve through the training program. Focus on essential skills and outcomes that are relevant to their roles in keeping the business secure.</p>
<p><strong>Create accessible content</strong></p>
<p>Develop training materials that are easy to understand for non-technical individuals. Use relatable examples and practical scenarios to explain cyber threats and preventive measures.</p>
<p><strong>Customize the training</strong></p>
<p>Tailor the program to address the unique challenges and risks faced by your small business. Make the content relevant to employees' roles and responsibilities.</p>
<p><strong>Provide ongoing training</strong></p>
<p>Establish a consistent training schedule to keep employees up to date with the latest threats and best practices. Foster a culture of continuous learning and cybersecurity awareness.</p>
<p><strong>Evaluate effectiveness and seek feedback</strong></p>
<p>Regularly assess the effectiveness of the training program through quizzes or surveys. Use the feedback to make improvements and adjustments as needed.</p>
<p><strong>Promote a cybersecurity culture</strong></p>
<p>Encourage employees to actively participate in protecting the business by promoting communication, incident reporting, and shared responsibility for safeguarding company assets.</p>
<p><strong>Collaborate for success</strong></p>
<p>Looking to empower your employees in the fight against cybercrime? <a href="https://www.acsapp.com" rel="noopener" target="_blank">Reach out to us today</a>, and together we can develop a comprehensive security awareness training program that will engage your team and enhance your Polk County organization's defenses against ever-changing cyber threats.</p>
<p>By investing in employee security awareness, you can transform your workforce into a strong front line of defense, protecting your small business from cybercriminals and ensuring a more secure future. Click here to download a copy of our new Infographic <a href="https://acsapp.aweb.page/p/3bf70a11-3c7d-49ba-a49b-c7062ceeba0b" rel="noopener" target="_blank">"Beware of Business Email Compromise"</a>. </p>How to Secure Your Small Business from AI-Powered Cyberattacks2023-06-21T11:18:20-04:002024-03-25T21:53:18-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/how-to-secure-your-small-business-from-ai-powered-cyberattacks/<p>As technology continues to advance, cybersecurity risks are becoming more sophisticated. With the rise of artificial intelligence (AI), hackers now have access to powerful tools that can breach even the most secure networks. Small businesses are particularly vulnerable to cybersecurity attacks, as they often lack the resources to invest in advanced security measures.</p>
<p>However, there are steps that small businesses can take to protect themselves from AI-powered cybersecurity risks. By providing continuous training for their team, improving security policies, and partnering with an IT service provider, small businesses can stay ahead of the game.</p>
<h3><strong>Provide Employees with Ongoing, Real-Time Cybersecurity Training</strong></h3>
<p>One of the best ways to stay ahead of AI-powered cybersecurity risks is to provide continuous cybersecurity training for your team. Cybersecurity threats evolve quickly, so it’s important to ensure your team is well-versed in the latest threats and best practices.</p>
<p>In addition to traditional training methods like workshops and seminars, consider implementing real-time training tools like phishing simulations. These tools allow you to test your team’s ability to spot and avoid phishing emails and other common cyber threats in a safe, controlled environment.</p>
<h3><strong>Improve Current Security Policies and Enforce Them</strong></h3>
<p>Another key to staying ahead of AI-powered cybersecurity risks is to improve your security policies and enforce them consistently. This includes everything from password policies to access controls and data backup procedures.</p>
<p>Regularly audit your security policies to ensure they align with current best practices and technology. Make sure your team is aware of your policies and understands the consequences of failing to comply with them. Be consistent in enforcing your policies across the board to maintain a strong security posture.</p>
<h3><strong>Partner With A Reputable IT Service Provider</strong></h3>
<p>Partnering with an IT service provider is another effective way to stay ahead of AI-powered cybersecurity risks. IT service providers can provide the expertise and resources needed to implement advanced security measures that small businesses may not have access to otherwise.</p>
<p>For example, IT service providers can help you implement advanced threat detection and response solutions that leverage AI to identify and respond to threats in real-time. They can also help you keep your software and hardware up to date and perform regular infrastructure audits to identify vulnerabilities.</p>
<h4>Choose Advanced Computer Solutions for Expert IT Support</h4>
<p>At Advanced Computer Solutions, we specialize in providing expert IT support for small businesses in Michigan and across the country. Our team of experienced professionals can help you implement advanced security measures to protect your Traverse City, MI business from AI-powered cybersecurity risks. As technology continues to advance, small businesses face growing cybersecurity risks. However, by providing continuous training, improving security policies, and partnering with an IT service provider like Advanced Computer Solutions, small businesses can stay ahead of AI-powered cybersecurity threats. So why wait? Take steps to secure your business today! Reach out to us today to <a href="https://www.acsapp.com/schedule-appointment" rel="noopener" target="_blank" title="schedule your no-obligation consult">schedule your no-obligation consult</a> and download a copy of our new <a href="https://acsapp.aweb.page/p/ab32d6d8-67db-4fb9-9fe7-4ae645df3fac" rel="noopener" target="_blank">infographic</a>! </p>4 Zero Trust Security Myths You Should NOT Believe!2023-05-11T11:28:08-04:002024-03-28T16:22:56-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/4-zero-trust-security-myths-you-should-not-believe/<p>In today's connected world, businesses face the constant threat of cyberattacks. Adopting a zero-trust security model means that everything - humans, machines or applications - must prove trustworthy before accessing the company's network or data. This makes it hard for hackers to access your network, even if they've gotten hold of a device or account that has access. However, there's been a lot of confusion around zero-trust lately, with security vendors selling "miracle" solutions. In this blog, we break down the top zero-trust myths and show how an IT service provider can help make everything easier.</p>
<p> </p>
<h2>Let's debunk some common misconceptions about zero trust security.</h2>
<p> </p>
<h3>Myth 1: All I need is a magic product to have zero trust.</h3>
<p> </p>
<p><strong>Truth:</strong> Unfortunately, no product can deliver complete zero trust. It's a security strategy that requires a systematic approach. But there are support tools and solutions you can use. Consider working with an IT security provider to identify the best options for your Grand Traverse County, MI small business.</p>
<p> </p>
<h3>Myth 2: Zero trust security is too complicated to apply.</h3>
<p> </p>
<p><strong>Truth:</strong> It can be tricky if you aren't familiar with cybersecurity. But if you don't have the needed expertise, you can turn to a trusted IT service provider for assistance. They can assist with risk assessment and help create a realistic framework for implementing a zero trust security strategy.</p>
<p> </p>
<h3>Myth 3: Zero trust security will slow down my employees and hurt productivity and morale.</h3>
<p> </p>
<p><strong>Truth:</strong> In fact, zero trust security promotes collaboration and creates a better user experience. However, adding security layers can cause some inconvenience and slow things down. An IT service provider can suggest user-friendly policies and tools that balance security and ease of use, so your employees can work efficiently.</p>
<p> </p>
<h3>Myth 4: Zero trust security is too expensive.</h3>
<p> </p>
<p><strong>Truth:</strong> The cost of implementing a zero-trust security model can be high, but the price of a cybersecurity incident can be even higher. An IT service provider can help you control costs while maximizing the effectiveness of your security strategy.</p>
<p> </p>
<h3><strong>The time to act is now</strong></h3>
<p> </p>
<p>Zero Trust is a top-notch security framework that can shield your Grand Traverse County, MI business against cyberattacks, even if they have already happened. But setting up this system can be tricky. That's where we come in to help. Contact us to learn how we can implement Zero Trust security for your small business with minimal disruption.</p>
<p> <br/>Don't wait, take action now towards a more secure future. Our checklist, "<a href="https://www.acsapp.com/media/uploads/acs-checklist-how-to-achieve-zero-trust-security-may-2023.pdf.pdf" rel="noopener" target="_blank" title="How to Achieve Zero Trust Security">How to Achieve Zero Trust Security</a>", can help you understand Zero Trust and easily implement it for your business. It's a valuable resource for those unfamiliar with technology and cybersecurity.</p>Busting the Myths: 3 Ways to Protect Your Traverse City, MI Business from Ransomware Attacks | Advanced Computer Solutions2023-04-04T06:00:00-04:002024-03-27T15:32:13-04:00bridgetm@acsapp.comhttps://acsapp.com/blog/author/bridgetm@acsapp.com/https://acsapp.com/blog/busting-the-myths-3-ways-to-protect-your-traverse-city-mi-business-from-ransomware-attacks-advanced-computer-solutions/<p>Welcome to the world of cybercrime, where ransomware attacks are rampant and costly! As businesses like yours try to keep up with constantly evolving digital threats, it's crucial to spot and debunk common myths that leave you vulnerable to cyberattacks. In this blog, we're going to bust three of the biggest ransomware myths and give you the right tools and information to protect your data and systems. Believe us when we say, understanding the reality of ransomware and taking proactive measures can save you from potential disaster. So buckle up and get ready to take on cybercriminals head-on!</p>
<p></p>
<h2><strong>Top Myths to Bust</strong></h2>
<p></p>
<p>Let's get started debunking some ransomware myths that you should absolutely avoid!</p>
<p></p>
<p><strong>Myth #1:</strong> Pay the ransom and everything will be okay. Wrong - this is a risky assumption to make with cyber attackers, as there’s no guarantee they'll keep their word in providing the decryption key after you pay up. Plus, it only emboldens criminals to continue these types of attacks down the road. What's your best bet? Having good backups and an effective security plan in place will give your business much better protection than relying on paying off attackers for data recovery results!</p>
<p></p>
<p><strong>Myth #2: </strong>You may have heard that having backups is the ultimate safeguard against <a href="https://www.acsapp.com/it-services/cyber-security/" rel="noopener" target="_blank">ransomware attacks</a>. While backups are certainly important, cybercriminals have become more sophisticated in their tactics. They may now try to compromise your backup files as part of their attack strategy, leaving you high and dry. With the growing popularity of double extortion attacks, hackers not only hold your data hostage but also threaten to disclose it unless a ransom is paid. So, even if you have a solid backup strategy, your sensitive data may still be at risk. Stay vigilant, and let's keep our data safe and sound.</p>
<p></p>
<p><strong>Myth #3:</strong> Don't fall victim to the myth that antivirus software alone is enough to protect you from ransomware attacks. While it's definitely a crucial component, relying solely on one security solution won't cut it. The truth is, there is no magic solution when it comes to ransomware. But fear not! By implementing a defense-in-depth approach, you can construct a strong and robust defense for your Traverse City, MI business. Our team of experts will work to safeguard your data and avoid any potential ransomware headaches.</p>
<p></p>
<p><strong>Bonus Myth:</strong> Don't be fooled by the myth that your business is too small or not valuable enough to be a target for ransomware attacks. Whether you're a startup, a small business, or a large corporation, cybercriminals are constantly on the hunt for valuable data to exploit. The truth is, every organization has something that hackers could potentially use against them.</p>
<p></p>
<p>In today's digital age, cybercrime is becoming more and more sophisticated, and the tactics used by criminals are always evolving. That's why it's essential to take proactive measures to protect your business from ransomware attacks. Don't wait until it's too late - assume that your business is a target and take action to safeguard your data and systems against potential threats.</p>
<p></p>
<h2 class="Heading2Subtitle">Partner to succeed<o:p></o:p></h2>
<p></p>
<p>Protecting your business from ransomware attacks is no small feat, but it's definitely doable. While nothing is 100% foolproof, taking proactive steps can drastically reduce your risk. In fact, taking proactive measures to secure your data and systems can make a world of difference in keeping your organization safe. We're here to help you prepare and defend against this growing cyber threat. Don't hesitate to reach out for a consultation - we'll assess your organization's unique needs and provide you with the best solutions. For further insight, we've created an informative infographic called <a href="https://acsapp.aweb.page/p/e1ba1df5-c06f-4445-950d-262b1f22c832" rel="noopener" target="_blank">"The Anatomy of a Ransomware Attack"</a> that will help you better understand this malicious crime and how to protect yourself. Get your hands on it today!</p>The Good, The Bad, and the Ugly of Mobility and BYOD2019-02-20T00:00:00-05:002024-03-25T08:07:36-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/the-good-the-bad-and-the-ugly-of-mobility-and-byod/<p><br/>The Good, The Bad, and the Ugly of Mobility and BYOD<br/> <br/>There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has also brought its share of headaches as well.<br/> <br/>We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market.<br/> <br/>People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications.<br/> <br/>While this brings certain competitive advantages to employers, it naturally carries many risks, too.<br/> <br/>Let’s begin with the pros of BYOD...<br/> <br/><strong>The Advantages of BYOD</strong><br/> <br/>Greater Flexibility and Productivity - Personal devices allow workers more flexibility, which in turn can increase productivity. Today’s employee isn’t restricted to their office workstation or cubicle. They can carry out job responsibilities from home, a coffee shop, their child’s dance recital, or while traveling.<br/> <br/>Reduced Costs – Purchasing even the most basic Blackberry for an employee can cost a company $900+ per worker. Costs like that can be completely eliminated by adopting a BYOD policy where employees are required to use their own device.<br/> <br/>Happier Employees/Attractiveness to Job Seekers - Recent studies have found that 44% of job seekers are attracted more to employers who are open to BYOD and occasional remote work. Beyond this hiring advantage over competition, it has been found that employees as a whole are generally happier using the devices they own and prefer for work purposes.<br/> <br/>Better Customer Service – This goes hand and hand with more flexibility and productivity. Mobility allows employees to occasionally resolve or escalate urgent client issues outside of normal working hours, and clients remember that kind of response time.<br/> <br/>And now the cons of BYOD...<br/> <br/><strong>Disadvantages of BYOD</strong><br/> <br/>Compromised Data Security – Unfortunately, letting employees use their own smartphones, tablets, and laptops increases the likelihood of sensitive company or customer/client data being compromised. It is important for companies to establish a comprehensive mobile device security policy and never make any exceptions to it whatsoever. Really. No exceptions. Ever.<br/> <br/>Employee Privacy – Many employees may oppose using their own devices for work, especially if it’s a company requirement that they aren’t reimbursed for. You have to remember that these are the same devices employees use to log into their Facebook and Twitter accounts or do their online banking. In this age of constant paranoia over big brother watching our every move, employees may be concerned that their employer will spy on them or access their personal passwords and information.<br/> <br/>Handling Employee Turnover – Companies must consider how they will address the retrieval of company data and information from an employee’s device if the employee either quits or is fired. Some companies may require that employees only save or edit company files on their servers or use cloud-based sharing software like Dropbox to share and edit docs.<br/> <br/><strong>The Importance of a Mobile Device Management Tool</strong><br/> <br/>Obviously, businesses must keep track of all of the devices that access their server, applications, and data. Mobile Device Management helps enterprises centralize what is an otherwise chaotic hodgepodge of devices and operating systems. This ensures that all devices are configured, deployed, and properly monitored and managed. This is a smart way for businesses to embrace BYOD while securing data and applications across multiple devices.<br/> <br/><strong>Contact us at Advanced Computer Solutions</strong><br/> </p>Stay Secure My Friend... More Hackers Targeting SMBs2019-01-17T00:00:00-05:002024-03-27T17:48:19-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/stay-secure-my-friend-more-hackers-targeting-smbs/<p><br/><strong>Stay Secure My Friend... More Hackers Targeting SMBs</strong><br/> <br/>Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor. SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.<br/> <br/>Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.<br/><strong> <br/>Cybercriminals Target Companies with 250 or Fewer Employees</strong><br/> <br/>Research is continuing to show that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.<br/><strong> <br/>View Security Measures as Investments</strong><br/> <br/>CEOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.<br/> <br/>Would-be business partners have likely already asked for specifics about protecting the integrity of their data. Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer "yes" to any question about security, find out what it takes to address that particular security concern.<br/> <br/><strong>Where a Managed Service Provider Comes In</strong><br/> <br/>Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.<br/> <br/>A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.<br/> <br/><strong>Contact us at Advanced Computer Solutions</strong><br/><br/> </p>Just Because You're Not a Big Target, Doesn't Mean You're Safe2019-01-09T00:00:00-05:002024-03-27T23:55:19-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/just-because-youre-not-a-big-target-doesnt-mean-youre-safe/<p><br/>Just Because You're Not a Big Target, Doesn't Mean You're Safe<br/>Not too long ago, the New York Time's website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company's website? What's to stop someone from sending visitors of your site to an adult site or something equally offensive?<br/><br/>The short answer to that question is nothing. In the New york time's attack, the attackers changed the newspaper's Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let's get into the specifics of the attack and explain what DNS is.<br/><br/>The perpetrators of the New York Time's attack targeted the site's Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.<br/><br/>Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Time's site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.<br/><br/>For now...<br/><br/>There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.<br/><br/>Here are a few ways to stay safe<br/><br/>Select a Registrar with a Solid Reputation for Security<br/><br/>Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site's files. Nonetheless, recent DNS attacks are concerning because they're far more than the average password hack.<br/><br/>It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar's directory. What's particularly frightening is the registrars attacked had solid reputations. The New York Time's, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.<br/><br/>So what else can be done?<br/><br/><strong>Set Up a Registry Lock & Inquire About Other Optional Security</strong><br/><br/>A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.<br/><br/>Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.<br/><br/>While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.<br/><strong>Contact us at Advanced Computer Solutions</strong><br/> </p>Four Key Components of a Robust Security Plan Every SMB Must Know2019-01-04T00:00:00-05:002024-03-26T00:12:58-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/four-key-components-of-a-robust-security-plan-every-smb-must-know/<p><br/><br/>Four Key Components of a Robust Security Plan Every SMB Must Know<br/> <br/>Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances.<br/> <br/>This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information.<br/> <br/>Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free.<br/> <br/>Today’s SMB Needs a Robust Security Plan<br/>Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses everything from physical access and theft to the threat of compromised technology security. This involves defining and outlining acceptable uses of your network and business resources to deter inappropriate use. Here are four key components to consider.<br/> <br/>Network Security Policy: Limitations must be defined when it comes to acceptable use of the network. Passwords should be strong, frequently updated, and never shared. Policies regarding the installation and use of external software must be communicated.<br/> <br/>Lastly, if personal devices such as laptops, tablets, or smartphones are accessing the network, they should be configured to do it safely, which can be done easily with a reliable Mobile Device Management (MDM) solution.<br/> <br/>Communications Policy: Use of company email and Internet resources must be outlined for legal and security reasons. Restricting data transfers and setting requirements for the sharing or transfer of digital files within and outside of the network is recommended. Specific guidelines regarding personal Internet use, social media, and instant messaging should also be clearly outlined. If the company reserves the right to monitor all communication sent through the network, or any information stored on company-owed systems, it must be stated here<br/> <br/>Privacy Policy: Restrictions should be set on the distribution of proprietary company information or the copying of data.<br/> <br/>Inappropriate Use: Obviously, any use of the network or company-owned system or device to distribute viruses, hack systems, or engage in criminal activity must be prohibited with the consequences clearly noted. Any website that employees cannot visit should be identified if not altogether blocked and restricted. For instance, downloading an entire season of True Blood from a Bit Torrent site isn’t an acceptable use of company Internet resources.<br/> <br/>Every employee must know these policies and understand the business and legal implications behind them. Companies must also make sure these policies are clear and understood by all, and most importantly, strictly enforced.<br/> <br/>Contact us at Advanced Computer Solutions<br/><br/><br/><br/> </p>5 Ways SMBs Can Save Money on Security2018-12-27T00:00:00-05:002024-03-28T18:22:56-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/5-ways-smbs-can-save-money-on-security/<p><br/>5 Ways SMBs Can Save Money on Security<br/> <br/>Small-to-medium sized businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, in recent years, cyber-criminals have increasingly targeted SMBs. This is because it’s widely known that SMBs have a smaller budget, and less in-house expertise, to devote to protection. Thankfully, there are several things SMBs can do today to get more from even the most limited security budget. And, no, we aren’t talking about cutting corners. Far too often, SMBs cut the wrong corners and it ends up costing them more money in the long run. It’s a matter of taking a smarter approach to security. Here are five smart approaches to take</p>
<p>Prioritize - Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that "could happen." Asking such questions gives you a clearer and more complete perspective as to where to focus available security resources.<br/><br/>Develop and Enforce Policies - Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn't enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn't necessarily apply today.<br/><br/>Education - Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don't take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.<br/><br/>Take to the Cloud - Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).<br/><br/>Don’t Aim for Perfection – There is no such thing as perfect security. Striving for perfection is expensive and can prove to be more costly in the end. Improving protection and response would be a more ideal allocation of funds. It can take a hacker several months to figure out your systems and do real damage. Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system.</p>
<p> </p>Traverse City businesses need enhanced security to protect their customers2018-11-06T00:00:00-05:002024-03-28T13:30:08-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/traverse-city-businesses-need-enhanced-security-to-protect-their-customers/<p>We at ACS recently had our credit card stolen. Everyone knows that this is a hassle, but for us it’s a costly hassle. This card is primarily used to pay recurring payments to close to a dozen vendors. This means that when the card is stolen it takes hours of staff time to setup our payments with our vendors. What is interesting about this situation is that we had the card stolen shortly after doing something we rarely do, using the card at a local vendor.</p>
<p>We had the need to purchase some services from two Traverse City businesses. Both are small ‘mom and pop’ type businesses. We are fairly confident that our credit card was either stolen at one of these businesses, or potentially sold by an employee at one of the businesses. We are, of course, trying to reach out to these businesses so that we can discuss this, and hopefully help them. This situation, however, strongly demonstrates that hackers, thieves and cyber criminals don’t only focus on big business, or businesses in big cities.</p>
<p>I recently read a fantastic <a href="http://fortune.com/2018/11/05/credit-card-chips-fail-to-halt-fraud-survey-says/">article from Fortune magazine</a> that talks about the new ‘chip’ card readers, and how the promise of less fraud from the new cards hasn’t come true. Fraud is as prevalent as before the upgrades. This quote from the fortune article basically sums up the entire problem-</p>
<div style="margin-left: .6in;">
<blockquote>
<p>But while the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems, according to a Gemini Advisory executive who spoke with Fortune. (Fortune has also reached out to the payment processors for comment and will update this article accordingly.) The upshot is that criminals have been able to insert themselves into the transaction data steam, either by hacking into merchant networks or installing skimmer devices in order to capture card information.</p>
</blockquote>
</div>
<p>“…many merchants are failing to properly configure their systems…” This is us Traverse City. We are the merchants who are not doing the right things to protect our customers.</p>
<p>Later that week in my personal world I had the need to use BOTH companies again. I most definitely steered clear of these businesses. It was frustrating, as they are both good companies who do fine work, but they do not have my best interest at heart when it comes to protecting me.</p>
<p>ACS works with small businesses in the Grand Traverse region to secure their networks. Please feel free to contact us at 231-933-6333 to learn how you can protect your business and your clients.</p>Run your Business, not an IT Company2018-10-31T00:00:00-04:002024-03-27T07:44:43-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/run-your-business-not-an-it-company/<p><br/>Run your Business, not an IT Company<br/> <br/>You went into business because you have an interest and expertise in some particular product or service. You began the firm to offer that product or service, but a dirty little problem came along with that new company. IT requirements. You need equipment, and you need networks, and printers, and data storage to keep the company up and running. As a consequence, you've become responsible for managing something you probably don't care very much about or even understand especially well.<br/> <br/>Managed Service Providers can be a solution. A small business can off load a variety of IT tasks that are becoming a distraction to everyday business operations and strategy.Here are just two examples. </p>
<p>Software updates and security audits: Your present in-house staff may be spending most of its time fixing everyday problems. As a result, they may have to delay vital security measures, such as applying tested security patches or updating virus software programs. Working with a MSP will eliminate much of the work overload that leads to system or security vulnerabilities.</p>
<p>An end user help desk: If you have any in-house staff, they are probably well-trained and very qualified. Are their skills being wasted on all the little daily issues of cranky printers and broken keyboards? MSPs can offer an end user help desk that can handle all those calls that pull your own staff away from larger efforts that can enhance productivity and move the business forward.</p>Preventing Online Fraud—Always Verify Information Requests2018-10-12T00:00:00-04:002024-03-28T18:48:25-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/preventing-online-fraud-always-verify-information-requests/<p>In the digital world, it’s easy to impersonate someone — and with all the information available about us from social media and our online history, the impersonators can be very believable and very persuasive.</p>
<div style="clear: both;">
<p paraeid="{1c4d241d-f57f-4f0a-b1d5-9443cbc32715}{26}" paraid="2032077915" xml:lang="EN-US"><img alt="" src="https://www.acsapp.com/media/uploads/image/scammers-verify-info-cropped.jpg" style="width: 800px; height: 340px;"/></p>
<p paraeid="{1c4d241d-f57f-4f0a-b1d5-9443cbc32715}{26}" paraid="2032077915" xml:lang="EN-US"><span xml:lang="EN-US">I</span><span xml:lang="EN-US">n Traverse City, and Northern Michigan</span><span xml:lang="EN-US">, w</span><span xml:lang="EN-US">e live in a very trusting culture</span><span xml:lang="EN-US">.</span><span xml:lang="EN-US"> For most of us</span><span xml:lang="EN-US">,</span><span xml:lang="EN-US"> the idea of impersonating someone for fraud or financial gain isn’t something that would enter our wildest dreams. However, </span><span xml:lang="EN-US">in </span><span xml:lang="EN-US">the rest of the world, impersonation is a strong tool t</span><span xml:lang="EN-US">hat can </span><span xml:lang="EN-US">be used to defraud you. </span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{169}" paraid="1710412457"><span xml:lang="EN-US">When you receive requests</span><span xml:lang="EN-US"> for information</span><span xml:lang="EN-US">, whether online through social media, chat (google hangouts, Microsoft Teams, Skype), message boards, online forms, voice (office phone, cell phone), you must verify </span><span xml:lang="EN-US">with </span><span xml:lang="EN-US">whom you are communicating. This means establishing a protocol that can establish identity in at least one way</span><span xml:lang="EN-US">.</span><span xml:lang="EN-US"> (</span><span xml:lang="EN-US">S</span><span xml:lang="EN-US">ee my </span><span xml:lang="EN-US">previous </span><span xml:lang="EN-US">blog post on </span><a href="https://www.acsapp.com/acs-blog/the-fastest-way-to-secure-your-business-online" rel="noopener noreferrer" target="_blank"><span xml:lang="EN-US">dual factor authentication</span></a><span xml:lang="EN-US"> to learn about multiple ways of authenticating someone.)</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{179}" paraid="2054399278"><span xml:lang="EN-US">It is </span><span xml:lang="EN-US">always </span><span xml:lang="EN-US">important to verify identity on information requests</span><span xml:lang="EN-US">,</span><span xml:lang="EN-US"> even if the information being </span><span xml:lang="EN-US">requested </span><span xml:lang="EN-US">doesn’t seem important.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{185}" paraid="1737977506"><span xml:lang="EN-US">When online fraudsters attempt to defraud </span><span xml:lang="EN-US">someone,</span><span xml:lang="EN-US"> they will often take several pieces of information and combine them to create a compelling reason for someone to act. Let’s look at an example of how this works.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{193}" paraid="1215256513"><span xml:lang="EN-US">One of the most popular online scams is to trick administrative assistants to transfer funds in some way (either through a bank, but also through things like Apple </span><span xml:lang="EN-US">Itunes</span><span xml:lang="EN-US"> cards) to the criminal. One of the ways they trick them is by combining a few bits of information to create a compelling story for the transfer. In our story, the small business owner (or executive) is on vacation. </span> </p>
</div>
<div style="clear: both;">
<h1 paraeid="{143213c8-b7ee-48e7-81d4-ec403966a3f3}{173}" paraid="1627662601" xml:lang="EN-US"><span xml:lang="EN-US">How a Common Scam Works</span> </h1>
</div>
<div style="clear: both;">
<p paraeid="{cfb72cff-cae9-4cb1-96cf-c7bc9d167759}{53}" paraid="169128630" xml:lang="EN-US"><span xml:lang="EN-US">The criminal has been monitoring the small businesses owner</span><span xml:lang="EN-US">’s</span><span xml:lang="EN-US"> social media, and notices posts with pictures of palm trees and LinkedIn posts about recharging their batteries to tackle the year ahead. The criminal now suspects the small business owner is on </span><span xml:lang="EN-US">v</span><span xml:lang="EN-US">acation. The bad guy will then use email, web forms, or other communications to verify that the owner is away. An unsuspecting admin may respond “Mr. Smith is out on Vacation till the 31</span><span xml:lang="EN-US"><span data-fontsize="11">st</span></span><span xml:lang="EN-US">. Is there anything I can help you with?” </span> </p>
</div>
<div style="clear: both;">
<p paraeid="{cfb72cff-cae9-4cb1-96cf-c7bc9d167759}{82}" paraid="834603640" xml:lang="EN-US"><span xml:lang="EN-US">Now the criminal has verified their suspicions and can use this to further trick the admin. The criminal may then compose an email from a similar domain</span><span xml:lang="EN-US"> to the owner’s company</span><span xml:lang="EN-US">, </span><span xml:lang="EN-US">one </span><span xml:lang="EN-US">that is designed to look like the owner</span><span xml:lang="EN-US">’</span><span xml:lang="EN-US">s email. For example, the email may be from owner@abcccompany.com rather than the real email address owner@abccompany.com. The email may say something like this</span><span xml:lang="EN-US">:</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{219}" paraid="1626564723" style="margin-left: 48px;"><span xml:lang="EN-US">Admin Joe,</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{223}" paraid="1119465016" style="margin-left: 48px;"><span xml:lang="EN-US">I’m having trouble sending a payment to </span><span xml:lang="EN-US">Badguy</span> <span xml:lang="EN-US">inc.</span><span xml:lang="EN-US"> The </span><span xml:lang="EN-US">wifi</span><span xml:lang="EN-US"> here is terrible. Could you please send $20,000 to this bank account – routing 12345678 account# 123454321.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{239}" paraid="107844988" style="margin-left: 48px;"><span xml:lang="EN-US">This is urgent, the project I’m working on upon my return requires this.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{243}" paraid="115184042" style="margin-left: 48px;"><span xml:lang="EN-US">Thanks,</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{9325b5e7-c098-4b12-87ad-f8f0bc77a149}{247}" paraid="252992669" style="margin-left: 48px;"><span xml:lang="EN-US">Owner</span> </p>
</div>
<div>
<p><span xml:lang="EN-US">Of course, this scenario has several </span><span xml:lang="EN-US">instances </span><span xml:lang="EN-US">where verifying </span><span xml:lang="EN-US">the </span><span xml:lang="EN-US">identity </span><span xml:lang="EN-US">of the requester </span><span xml:lang="EN-US">is </span><span xml:lang="EN-US">highly </span><span xml:lang="EN-US">important. The admin should’ve worked much harder to learn who was asking to communicate with the owner before they let the stranger know that the owner was away. </span><span xml:lang="EN-US">The a</span><span xml:lang="EN-US">dmin should be very diligent in verifying the authenticity of the request from the owner before any bank transfer should ever happen. </span> </p>
<div style="clear: both;">
<h3 paraeid="{143213c8-b7ee-48e7-81d4-ec403966a3f3}{24}" paraid="2106867611" xml:lang="EN-US"><span xml:lang="EN-US">In this scenario the process should be</span><span xml:lang="EN-US">:</span> </h3>
</div>
<ul>
<li aria-setsize="-1" data-aria-level="1" data-aria-posinset="1" data-font="Symbol" data-leveltext="" data-listid="2" role="listitem" style="clear: both;">
<p paraeid="{d230995c-ee39-49e2-8f72-8ecb95495e4e}{118}" paraid="1154486312" xml:lang="EN-US"> <span xml:lang="EN-US">A</span><span xml:lang="EN-US">ny purchase over a conservative dollar amount </span><span xml:lang="EN-US">agreed </span><span xml:lang="EN-US">upon at</span><span xml:lang="EN-US"> a previous date must </span><span xml:lang="EN-US">require</span><span xml:lang="EN-US"> a verbal communication with the owner. </span> </p>
</li>
<li aria-setsize="-1" data-aria-level="1" data-aria-posinset="2" data-font="Symbol" data-leveltext="" data-listid="2" role="listitem" style="clear: both;">
<p paraeid="{d230995c-ee39-49e2-8f72-8ecb95495e4e}{131}" paraid="862392197" xml:lang="EN-US"><span xml:lang="EN-US">Any communication regarding the </span><span xml:lang="EN-US">owner</span><span xml:lang="EN-US">'</span><span xml:lang="EN-US">s</span><span xml:lang="EN-US"> schedule should be only communicated to verified clients or leads.</span> </p>
</li>
</ul>
<div style="clear: both;">
<h1 paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{6}" paraid="1618281552"><span xml:lang="EN-US">Beware caller ID as your authenticator</span> </h1>
</div>
<div style="clear: both;">
<p paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{13}" paraid="36963508"><span xml:lang="EN-US">Caller ID should not be used for verifying if someone is who they say they are. Caller ID is very easily manipulated.</span> </p>
</div>
<div style="clear: both;">
<h2 paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{17}" paraid="2021602324"><span xml:lang="EN-US">What can I use for authentication?</span> </h2>
</div>
<ul>
<li aria-setsize="-1" data-aria-level="1" data-aria-posinset="3" data-font="Symbol" data-leveltext="" data-listid="1" role="listitem" style="clear: both;">
<p paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{23}" paraid="1260485146"><span xml:lang="EN-US">Secret passcode</span> </p>
</li>
</ul>
</div>
<div>
<ul>
<li aria-setsize="-1" data-aria-level="1" data-aria-posinset="1" data-font="Symbol" data-leveltext="" data-listid="1" role="listitem" style="clear: both;">
<p paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{28}" paraid="757085665"><span xml:lang="EN-US">Do you recognize their voice?</span> </p>
</li>
<li aria-setsize="-1" data-aria-level="1" data-aria-posinset="2" data-font="Symbol" data-leveltext="" data-listid="1" role="listitem" style="clear: both;">
<p paraeid="{d230995c-ee39-49e2-8f72-8ecb95495e4e}{158}" paraid="115969075" xml:lang="EN-US"><span xml:lang="EN-US">Emailing or calling others on the staff to verify the legitimacy</span> </p>
</li>
<li aria-setsize="-1" data-aria-level="1" data-aria-posinset="3" data-font="Symbol" data-leveltext="" data-listid="1" role="listitem" style="clear: both;">
<p paraeid="{d230995c-ee39-49e2-8f72-8ecb95495e4e}{175}" paraid="788042681" xml:lang="EN-US"><span xml:lang="EN-US">I</span><span xml:lang="EN-US">nvoice or payment verification (you may recognize this from your bank, asking the amount of the last deposit.)</span> </p>
</li>
</ul>
<div style="clear: both;">
<h2 paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{43}" paraid="1614424597"><span xml:lang="EN-US">One last note of caution</span> </h2>
</div>
<div style="clear: both;">
<p paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{49}" paraid="301485320"><span xml:lang="EN-US">It is important to verify that the person making the request may not actually work for the company they are representing. They may have your authentication but are working rogue. For very important or costly things, you need to make sure that the person making the request still has the authority to do what is being asked.</span> </p>
</div>
</div>
<div style="clear: both;">
<p paraeid="{3c47778e-144a-4bc7-878d-ab032e85a820}{65}" paraid="1179234622"> </p>
</div>Heads in the Sand—Owning a Mac, a PC, an iPhone, or an Android does NOT Make You SAFE from Online Attackers.2018-10-03T00:00:00-04:002024-03-24T16:52:54-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/heads-in-the-sand-owning-a-mac-a-pc-an-iphone-or-an-android-does-not-make-you-safe-from-online-attackers/<div style="clear: both;">
<p paraeid="{f7bfd3da-a024-4a10-9792-ab2a99fc824d}{10}" paraid="52777746" xml:lang="EN-US"><img alt="" src="https://www.acsapp.com/media/uploads/image/84181002_xl-cropped.jpg" style="width: 800px; height: 340px;"/></p>
<p paraeid="{f7bfd3da-a024-4a10-9792-ab2a99fc824d}{10}" paraid="52777746" xml:lang="EN-US"><span xml:lang="EN-US">I’ve lived through the wars. I’ve received battle scars from all sides of the war zone. I’ve been bruised from the Windows Guilds. I’ve been lacerated by the Mac Clans. The Linux Tribes have hurled their stones at me, vying for my head. </span><span xml:lang="EN-US">T</span><span xml:lang="EN-US">hese noble warriors have battled valiantly over the decades. All of them have their unique and special skills. None of them are perfect.</span> </p>
</div>
<div style="clear: both;">
<h1 paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{159}" paraid="453330533"><span xml:lang="EN-US">Mac</span> </h1>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{163}" paraid="29117240"><span xml:lang="EN-US">My friends from the Mac Clans have made the rallying cry ‘it just works’</span><span xml:lang="EN-US">—</span><span xml:lang="EN-US">their mantra now for most of my life. In many ways</span><span xml:lang="EN-US">,</span><span xml:lang="EN-US"> the Mac ecosystem is reliable and easy to use. Those of us who dive into the warm waters of the Mac ocean are free two swim about it, comfy and secure. </span><span xml:lang="EN-US">H</span><span xml:lang="EN-US">owever</span><span xml:lang="EN-US">, </span><span xml:lang="EN-US">I believe</span><span xml:lang="EN-US">,</span><span xml:lang="EN-US"> that this mantra points to the fault of the Mac ecosystem. Because things are so simple and reliable, we just assume it is secure as well. We </span><span xml:lang="EN-US">are </span><span xml:lang="EN-US">lulled into a false sense of security. </span> </p>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{167}" paraid="1972798087"><span xml:lang="EN-US">The Mac OS has enjoyed a ‘security by obscurity’ for </span><span xml:lang="EN-US">all of</span><span xml:lang="EN-US"> its existence. The 100 million Mac users are dwarfed by the over 1 billion Windows users. This has meant that </span><span xml:lang="EN-US">A</span><span xml:lang="EN-US">pple has been under the radar, and safe from the volume of attacks that are aimed at the Windows ecosystem. However, this low level of attacks means that Macs are not as battle-tested as they </span><span xml:lang="EN-US">would </span><span xml:lang="EN-US">be otherwise. Vulnerabilities may never be discovered or are slower to be discovered. The vulnerabilities do exist, no computing system is perfect, and Mac is no exception.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{175}" paraid="1060733051"><span xml:lang="EN-US">Let me close the Apple discussion with this. Many (most?) users of Apple Mac products practice no security whatsoever on their devices. Very few even take the beginning step of running antivirus on their device. This means that if there were a vulnerability, the user would never know. The false sense of security gained by Apple's reputation could indeed be putting you at greater risk than the known security issues found in other environments, simply for the fact that you assume you are safe and take no action to truly be safe.</span> </p>
</div>
<div style="clear: both;">
<h1 paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{179}" paraid="1043604914"><span xml:lang="EN-US">Microsoft Windows</span> </h1>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{183}" paraid="1059136865"><span xml:lang="EN-US">Microsoft Windows enjoys the largest install base of any traditional computer operating system. Windows also enjoys some of the oldest and most mature code base of any traditional operating system. Windows also sports an amazing level of backward compatibil</span><span xml:lang="EN-US">ity; s</span><span xml:lang="EN-US">oftware written decades ago can often run on the newest Windows computer. While all of this is amazing feats and amazing features, it all combines to make Windows very difficult to secure.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{191}" paraid="982272827"><span xml:lang="EN-US">Enjoying the largest install base means that the ecosystem is huge. This means that a virus written for the Windows world has a tremendously large world to play in. Why write a virus for Mac, when you can only work with 100 million devices, when you can write it for Windows and have 10 times the return? This means that a majority of the malicious software written, is written for Windows.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{195}" paraid="1210207969"><span xml:lang="EN-US">Windows sports a mature code base. This may sound secure, </span><span xml:lang="EN-US">but in reality, it</span><span xml:lang="EN-US"> is often the oldest code that has the most vulnerabilities. Sometimes the code was written so long ago that the very threats that are attacking it today were never imagined at the time it was produced. It also means that there is bundled into the Windows operating system lots of old software that hasn’t been looked at and secured in years, sometimes decades.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{203}" paraid="347313630"><span xml:lang="EN-US">Lastly, backwards compatibility means more loose ends that need to be handled from a security perspective. We run old software, on old code, none of which was ever designed to be secure. The very </span><span xml:lang="EN-US">fact that Windows does support old software opens itself up to another large world of insecure programs, never designed to be secure.</span> </p>
</div>
<div style="clear: both;">
<h1 paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{209}" paraid="5329202"><span xml:lang="EN-US">Android/IOS</span> </h1>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{213}" paraid="1779566956"><span xml:lang="EN-US">The ultra-portable world of smartphones and tablets is the next frontier of cybersecurity. There are more Android devices running today than traditional Windows/Mac systems combined. This is a massive ecosystem, and it is enjoying explosive growth. The </span><span xml:lang="EN-US">o</span><span xml:lang="EN-US">perating systems are relatively </span><span xml:lang="EN-US">young and</span><span xml:lang="EN-US"> enjoy a more aggressive stance on security</span><span xml:lang="EN-US">—</span><span xml:lang="EN-US">however, nothing is perfect. Data can be stolen from your Android </span><span xml:lang="EN-US">or </span><span xml:lang="EN-US">IOS device. No code base is perfect. Apples aggressive encryption systems have been cracked open, Android phones are notorious for being easy to access. </span> </p>
</div>
<div style="clear: both;">
<h1 paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{217}" paraid="903196245"><span xml:lang="EN-US">In </span><span xml:lang="EN-US">Summary</span> </h1>
</div>
<div style="clear: both;">
<p paraeid="{20bd9570-20b9-4f42-a2c6-7e2eba42e605}{221}" paraid="850506728"><span xml:lang="EN-US">No device is perfect. No company gets it 100% right. If you deal in important data, you had better take steps to protect it. Antivirus, patching, security training, solid cloud backup, are all important tools for protecting your business. Cyber attacks happen all the time and on many fronts. </span> </p>
</div>
<div style="clear: both;">
<p paraeid="{1f893e54-1d8a-49d8-afbd-54b288c52816}{242}" paraid="1130191210" xml:lang="EN-US"><span xml:lang="EN-US">It is up to you to </span><span xml:lang="EN-US">take action</span><span xml:lang="EN-US"> to protect your business and your data. Join ACS on October 10</span><span xml:lang="EN-US"><span data-fontsize="11">th</span></span><span xml:lang="EN-US"> for </span><span xml:lang="EN-US">“</span><a href="https://www.eventbrite.com/e/20-tech-tactics-to-secure-your-business-tickets-49176787094" rel="noopener noreferrer" target="_blank"><span xml:lang="EN-US">20 TECH TACTICS TO SECURE YOUR BUSINESS.</span></a><span xml:lang="EN-US">” </span><span xml:lang="EN-US">This free training for business owners and managers </span><span xml:lang="EN-US">will</span><span xml:lang="EN-US"> increase</span><span xml:lang="EN-US"> your knowledge of technology security and give you powerful tools that empower you to implement security enhancements in your business starting the minute you get back to your desk.</span> </p>
</div>
<div style="clear: both;">
<p paraeid="{30c07b33-d612-4672-a304-9b7808d1310c}{39}" paraid="445620920" xml:lang="EN-US"><span xml:lang="EN-US">Get your </span><a href="https://www.eventbrite.com/e/20-tech-tactics-to-secure-your-business-tickets-49176787094" rel="noopener noreferrer" target="_blank"><span xml:lang="EN-US">free tickets now</span></a><span xml:lang="EN-US">.</span> </p>
</div>Everyday Human Error Can Affect Data Protection2018-10-02T00:00:00-04:002024-03-26T02:40:25-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/everyday-human-error-can-affect-data-protection/<p><br/>Everyday Human Error Can Affect Data Protection<br/> <br/>Are you under the impression that data loss is all about putting up firewalls to protect against evil cyber attacks? Some of the biggest sources of data loss include sloppiness, human error, and just plain forgetfulness.<br/> <br/>What are some of the unglamorous things that we do every day that leave us vulnerable?<br/> <br/>Passwords<br/>Old or easy passwords are a good first example. Employees set up simple passwords that are easy to crack. More importantly, employees may share passwords, and many often fail to create new ones on a frequent basis. Both of these represent critical breakdowns of good data protection practices.<br/> <br/>Emails<br/>Another significant problem caused by bad judgement is the tendency of people to open phishing scams. Most everyone now knows about the Nigerian who wants to send money to your bank account, but many new scams come along everyday and people fall for them. This is such a serious source of virus infection that some companies now deliberately send out their own phishing email to teach workers not to open anything from an unknown source. (The employee who opens one of these gets a pop up screen that tells them they've been tricked and then offers guidelines for identifying bad emails.)<br/> <br/>Browsing the Web<br/>Bad websites. Yes, everyone has policies about internet use at work, but that doesn't mean people pay attention and don't visit places they shouldn't. Most significantly, a lot of those "sites they shouldn't visit" are far more likely to be infected than CNN, Ebay or Amazon!<br/> <br/>Losing Your Belongings<br/>And finally there is just old-fashioned forgetfulness. Phones left on a barstool.Or the bus. Sigh. There isn't much more to be said about this one.<br/> <br/>To learn more about the risks that your employees pose to your business's data integrity, see our e-guide "Now you see it, There IT...Stays".<br/> </p>Data Protection and Bring Your Own Device to Work2018-09-28T00:00:00-04:002024-03-27T14:04:35-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/data-protection-and-bring-your-own-device-to-work/<p><br/>Data Protection and Bring Your Own Device to Work<br/> <br/>BYOD refers to a firm's policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks?<br/> <br/>Here are some of the issues raised by BYOD</p>
<p>A lost device - If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee's personal devices, do you still have that ability. If not, your data is at risk.</p>
<p>Software updates - Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?</p>
<p>Back ups - with data being entered on many different devices, something must be done to ensure back up procedures are routinely followed.</p>
<p>In short, BYOD is probably an unavoidable approach to device management. It is unrealistic to expect people to carry around 2 different phones or tablets 24/7. But BYOD means extra work for the in-house staff of a small business. To learn more about these risks and a more affordable, comprehensive approach to BYOD Management, see our e-guide "Now you see it, There IT...Stays"</p>Do Not Disable Your Computer’s Built-In Firewall2018-09-16T00:00:00-04:002024-03-25T13:23:49-04:00adminhttps://acsapp.com/blog/author/admin/https://acsapp.com/blog/do-not-disable-your-computer-s-built-in-firewall/<p><img alt="" src="https://www.acsapp.com/media/uploads/image/womanlaptop-acs.jpg" style="width: 640px; height: 272px;"/></p>
<p>During my years working with businesses here in Traverse City and throughout Northern Michigan, I’ve needed to turn off the built-in firewall in Windows, dozens, if not hundreds of times. In the past, this practice was often commonplace, today it's a severe security risk. </p>
<h1>What is the Windows Firewall? </h1>
<p>Windows Firewall is a security feature in the Microsoft Windows operating system that places a virtual barrier between your computer and the network it is attached to. So, if your computer is on a new or strange network, the network computers and devices will not be able to communicate with your computer in ways that the firewall doesn’t allow. </p>
<h1>Why would I turn my firewall off? </h1>
<p>It is not uncommon for programs to require your computer to communicate in ways that the Windows Firewall will block. The blocking of this communication will stop the program from working. Often the companies who write software will go straight to turning off the firewall to fix these problems. </p>
<p>Turning off the firewall is a lazy, or less technical, way of fixing software issues. The Windows Firewall can create special firewall rules for software that requires special communications. But, creating these rules can be complicated and confusing. </p>
<h1>Why do I need the Windows Firewall? </h1>
<p>Your computer has several applications running on it that are potential security threats. These programs will ‘listen’ to the network, and if communicated with, will respond. This means that other network computers and devices can directly talk with your computer. The firewall is designed to ‘silence’ the communication between the network devices and your computer. Depending upon the situation, your computer may be completely silent to any communications that come from the network. </p>
<p>The programs that are running are often not ‘secure’. This means that they may have old or outdated software with vulnerabilities. Or they may function in such a way that if compromised can affect your entire computer, thus threatening everything on your computer. </p>
<p>The firewall is the last line of defense against threats to your computer. Even antivirus will not stop a threat if a firewall port is open and the threat agent is able to communicate with it. </p>
<p>What and where are the threats to my computer if I turn the firewall off? </p>
<h2>Threats include – </h2>
<ul>
<li>Loss of data </li>
<li>Data hijacking, or ransoming </li>
<li>Virus installation and distribution </li>
<li>Data theft </li>
</ul>
<p>The most dangerous place for your computer is public wireless (WIFI) networks. Coffee shops, stores, bars, libraries, are all places where you are at severe risk. This is due to the shared nature of the connection. You are sharing the connection with everyone who is using the wireless. </p>
<p>You should also be concerned if you are using WIFI at other businesses. Including clients and vendors. You are opening your computer to any other device that is on the network you are attached. </p>
<h1>In conclusion </h1>
<p>If you believe you may have disabled or were forced to disable your firewall you should enable it as soon as possible. If you find that enabling your firewall breaks things on your computer you need to work with your software vendor, and IT expert to create special firewall rules that will allow your software to work correctly. </p>
<hr/>
<p>Hey, guess what! ACS is hosting a free seminar and you are invited. Join us on October 10 at the TC Chamber for “<a href="https://www.eventbrite.com/e/20-tech-tactics-to-secure-your-business-tickets-49176787094">20 TECH TACTICS TO SECURE YOUR BUSINESS.</a>”</p>