5 Steps to Avoid Ransomware

Coffee in hand, you’re preparing to read through your new emails as you start your day. You anticipate a productive day today. Yesterday you stayed 3 hours late to complete your big presentation, 2 days ahead of schedule, and you’re basking in the glow of the satisfaction of a difficult job well done and being ready early. How often does that happen?

You have Outlook open and are starting to review the newest emails when all of a sudden, a window pops up with bold text:

!!! IMPORTANT INFORMATION !!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers.

Huh?!?! What does this mean?

It means your day has taken a turn for the worse… You have just been notified that the Locky Ransomware has just completed its work on your system by encrypting all of your files (rendering them useless) and is now demanding payment from you to get your files back. Depending on the sophistication of the Locky variant, it will ask you for anything between 1-15 Bitcoins (Bitcoins are trading for $1,205.00 at this time). This may depend on what it perceives the value of the stolen files to be. Server infections typically demand larger sums. Instructions are included on how to make payment with the guarantee that if payment is made, you will receive a key to unlock your precious files.

What can you do? Your mind is racing. How can this happen?!?! Your heart rate is increasing rapidly! Put down that coffee… take a few deep breaths. This represents anything from an irritating interruption to a disaster of epic proportions. What you have done up to this point will determine the impact of this event.

If you have good backups, this represents a minor inconvenience. If you don’t have backups at all … you will have to decide if you’re going to count your losses and move forward or consider paying the Ransom. After all, there is honor among thieves … or is there???

How can you avoid being in this situation?

There are several things that can be done before you are in this situation to “reduce your surface of vulnerability” and to recover without great loss.

    1. Backup your data.
      Good backups cure many woes. You may not use your backups for months or even years, but when the need arises, you want to be sure you can recover to a point where you can feel whole again.
    2. Purchase Advanced AntiVirus and AntiMalware and keep it up to date.
      Many of todays Advanced AntiVirus/AntiMalware programs will monitor your system for behavior that looks like ransomware at work and shut it down before it gets too far. Some will not.
    3. Do not open attachments or click on links in the email from unknown sources.
      If you need to open attachments, scan them for malware first. Many people are fooled by Human Engineered emails that “look” legitimate but have attachments or links that are masked in some clever way.
    4. Limit user access to data they need.
      Although this doesn’t help with avoidance, it will certainly help to minimize the impact if it happens. If everyone has access to everything, that means if one person becomes infected, they have the capability to cause encryption of ALL data they can see.
    5. Train your staff on proper Business Security Best Practices and to be aware and vigilant. If your data is important to your business, it needs to be handled as such.

 

 

 

There are other “Best Practices” that can be employed to safeguard your data and business. Take a proactive approach and avoid the reactive. In the long run, the reactive approach will cost much more in time, money, and grief. Give Bryley Systems a call (844.449.8770) to discuss what you can do to improve your overall security, efficiency, and cost … and enjoy that coffee!

Data Theft – What Happens When an Employee Leaves your Company?

Let’s start with the premise that company data belongs to the company, not to the employee.

When an employee leaves a company, whether voluntarily or involuntarily, it is quite common for sensitive and confidential data to disappear.

While most employees will leave their jobs voluntarily, there are always involuntary terminations such as a reduction in workforce, or, a termination based upon poor performance reviews. The problem from a security standpoint is that it is very common for these folks to take sensitive and confidential data with them, perhaps accidentally, but perhaps intentionally.

Just stop for a moment to consider all of the data that your employees have access to: various types of intellectual property, price lists, customer and key account information, financial data, sensitive HR material, marketing plans, sales data, competitive intelligence, product and manufacturing plans, databases, software programs. All of which belong to the employer.

As a business owner, you may be asking yourself why people would take data with them.

Accidental. In a world filled with so many devices, cloud storage, mobile apps, and cloud applications, a departing employee may leave with a lot of corporate data and not even remember or realize that they still have it in their possession. Since so many employees work from home, corporate data will often end up on a personal laptop, desktop, USB stick, phone, or in a shared file.

Entitlement. An employee who has worked on key client relationships or perhaps is leaving an organization that is struggling financially, won’t always feel like the data belongs to the organization. In fact, these people may think that they’re justified in taking the data with them, and that it really belongs to them. This issue is most common and kept common by the mere fact that corporate data protection policies aren’t always strictly enforced, especially in smaller organizations.

Malicious Intent. Some employees may be angry because of a layoff or other involuntary termination. Others may not have gained a promotion they felt they deserved. Some may have a personal dispute with upper management or with their supervisor. Then there are those who feel they will have a lot to gain by bringing this information to their next employer. While this may be less common, it will likely prove to be the most destructive scenario.

What are the consequences of an employee leaving with proprietary information? Whether it’s by mistake, or maliciously, the worst case scenario is that it has the potential to put an organization out of business.

The best way to protect your organization is to be proactive by establishing and enforcing a set of best practices.

  • Organizations must maintain complete, ongoing visibility into sensitive data wherever such data is stored.
  • All sensitive and confidential data should be encrypted.
  • Email should be archived.
  • Require appropriate authentication for sensitive data. Creating policies that will alert or require approval will keep data safe.
  • Limit and manage employee access by department, role, and function. Limit access only to content that is needed to get the job done. For example, an IT person does not need unlimited access to HR files, nor does a financial person necessarily need complete access to the CRM system.
  • Ensure a proper backup and recovery policy. All data should be backed up to a central or accessible location. A recovery plan should be in place should an employee maliciously change or delete data.
  • Develop a policy for the proper use of email and company-owned devices. Employees should be trained on these policies and asked to sign an acknowledgement form.
  • Train management properly so that when an employee leaves, the exit process is handled professionally to prevent both inadvertent and malicious loss of data.
  • Do not allow employees to install their own applications, mobile apps, etc. as this will open up the organization to malware and ransomware. The IT department should always handle the installation of applications.
  • Develop a policy around BYOD (Bring Your Own Device) to ensure that personal devices are properly secured.

You can protect your organization to minimize, if not eliminate, the threat of sensitive and confidential information theft. Create corporate policies focused on appropriate employee management of data. Establish processes designed to control employee use of data. Deploy technology solutions that will keep corporate data safe.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

Have You Ever Used a Public Cell Phone Charging Station? If so, read on…

Beware!

Free charging stations are located in many public places such as bus stations, airports, cafes, hotels and conference centers. If you travel frequently, it is very convenient to give your cell phone battery power a quick boost. But connecting to an unknown port has its risks.

A technique used by hackers called “video jacking” is when a USB cord is rigged to capture the smartphone’s video display and record everything that appears on the screen.

Plugging your phone into a hacked power strip or charger can open your device to infection and compromise all of your data. Once a port is compromised, there is no limit to what a hacker can steal. Your email, photos, videos, contact information, text messages, bank passwords and PIN numbers will all be vulnerable.

Hackers can find all the tools they need online, and for just a couple of hundred dollars. They will use their custom electronics hidden in a faux USB charging station. The person who is using the charging station believes it’s authentic, and will connect their phone to the correct charging cord. Then, while the phone is connected, the “charging station” mirrors your screen and records everything that you can see on your screen. And then, in a matter of minutes, the damage is done. If you have an Android or any HDMI ready smartphone, you are vulnerable. If you have an iPhone, you’re not safe either.

So, the best advice for those of you who cannot live without your phone?

Security experts advise never to use public outlets — instead, invest in a portable USB battery pack. You can also buy USB cords that don’t have wires to transmit data, thereby preventing a hacker from accessing your phone’s information.

Be prepared. The risk just simply isn’t worth it.

IT Security Cheat-Sheet

All organizations are at risk of a breach in IT security, whether externally (by a party outside the organization’s computer network) or internally (by a person connected to the organization’s computer network); studies show that even small companies are targeted externally, primarily because they are more vulnerable than larger organizations who can dedicate resources to combat external threats.

Organizations take great efforts to secure their data; they have firewalls, spam blockers, anti-malware applications, intrusion detection, etc.  However, the greatest threat comes from within:  End-users often inadvertently introduce malware (via web browsing or email-attachment clicking), which can spread across the network or attack confidential data.

Effective IT security requires a layered approach; it is comprised of multiple solutions at different points-of-entry and areas of concern.  It must be setup properly, but must also be continually monitored and then updated as appropriate.  Security should be periodically reviewed by an IT expert and, if budget permits, tested to ensure what is expected is what is received.

Effective IT security also requires ongoing training for all users and monitoring and enforcement of usage policies.

For an overview on IT security, I recommend viewing Ivan Dimitrijevics’ 10 Ways to Secure Your Small Business and Prevent Data Breach in The Globe and Mail.

Here is our checklist, organized by security concern:

1.) Computer Network:

  1. Deploy, update, and monitor stand-alone firewall(s) between all external networks (IE: Internet) and the organization’s network.
  2. Deploy, update, and monitor an email/spam-protection capability.
  3. Deploy, update, and monitor an event-log management capability.
  4. Deploy, update, and monitor intrusion-prevention/detection capability.
  5. Lock-down wireless access points.

The first line-of-defense from external threats is a professional-grade, stand-alone firewall configured to refuse unwanted traffic from external sources while permitting only desirable connections.  It should be supplemented with email/spam protection; either as a Cloud-based service or via an internal appliance.  Event-log management and intrusion prevention/detection are also available either as a service or appliance; both are recommended, but budget versus benefits must be considered.

Enable Service Set Identifier (SSID) for internal-use wireless access points

2.) Servers, their operating systems, and their applications:

  1. Test and then install all recommended security patches/firmware updates.
  2. Manage operating system and application security-updates continually.
  3. Deploy, update, and monitor anti-malware application on all servers.
  4. Monitor continuously and review periodically for anomalies.

Servers, whether in-house or Cloud-based, contain not only valuable data, but also end-user information (usernames, passwords, profiles, etc.) that can be manipulated and used to infiltrate.  They, their operating systems, and server-based applications, must be aggressively patched, protected through anti-malware, and monitored continuously.

Anomalies in performance and event logs can highlight potential security risks; both should be reviewed periodically.

3.) Data:

  1. Identify at-risk data and its location; keep only what you need.
  2. Outsource payment processing to a reliable, third-party partner.
  3. Verify security of vendors and partners with access to your data
  4. Where performance permits; encrypt data at-rest and in-motion.
  5. Deploy an encrypted backup solution with onsite and offsite storage.

Company data should be classified as to its value and stored accordingly.  It is best always encrypted, although many organizations might not have the processing power to permit such.

Rather than process payments onsite, many third-party vendors provide this service, but they should be verified before engaging.

Data backups should be encrypted and follow the 3-2-1 rule for reliability:

  • Three copies of important data
  • Two different media types
  • One copy offsite

4.) End-user devices, operating systems, and applications:

  1. Manage operating system and application security-updates continually.
  2. Deploy, monitor, and update anti-malware app(s) on all end-user devices.
  3. Test and install security-required firmware updates to end-user devices.

End-user devices are a primary target; they are difficult to secure and change continually.  However, end-user tools also share some blame:  Karen A. Frenkel of CIO Insight writes in “How Malware Bypasses Detection Tools” that 81% of IT professionals believe that web-browser-initiated malware can remain undetected by security tools and that the primary attack vector is an insecure web browser.

End-user devices, their operating systems and their applications must also be aggressively patched, protected through anti-malware, and monitored continuously.

Occasionally, a manufacturer will issue an alert for a security-required update to an end-user device, which should be applied as soon as possible.

5.) Usage:

  1. Lock-down user rights to restrict data access to as-needed basis.
  2. Require complex passwords with forced, periodic changes.
  3. Enforce periodic time-outs when computer is left unattended.
  4. Separate social-media browsing from financial-data handling.
  5. Require two-factor authentication for all online transactions.
  6. Create end-user policy detailing appropriate Internet use.
  7. Create end-user policy on how-to protect sensitive data.
  8. Enable web-monitoring capability to enforce policies.
  9. Protect email via encryption (as needed).

Data should be restricted, preferably by need-to-know.  (Crypto Locker can initially only attack data available to the end-user introducing this virus.)  Complex passwords with periodic changes can restrict untrusted access while forced time-outs keep private information from unwanted eyes.

Setup a separate login account or device for access to financial-data.  All online financial transactions must have two-factor authentication.

Policies should exist to inform end-users; they can be enforced through web-monitoring solutions.

Sensitive emails should be encrypted (via a service or appliance) while sensitive documents can be transferred via a secure FTP site.

6.) Training:

  1. Define an organization’s best practices for IT security.
  2. Demonstrate how to spot an unwanted ad while browsing.
  3. Train users how to verify a website link (before clicking it).
  4. Show how to verify an email attachment (before opening it).
  5. Train users to check the address of an email’s sender/source.

Data breaches occur due to the inadvertent introduction of malware, sometimes through the failure to comply with policies designed to limit inappropriate behavior, but often through a lack of IT-security knowledge and training.

The more training, the better.  Initial training should be acknowledged by the recipient and then tested for knowledge gained.  Security training should be repeated periodically; preferably at least annually.

7.) Maintain a Written Information Security Plan (WISP):

  1. Assign a responsible person.
  2. Define and announce the WISP.
  3. Review WISP periodically (at least annually).
  4. Document changes to WISP when they occur.
  5. Periodically test, assess, and rework policies and procedures.

The Commonwealth of Massachusetts, under statute 201 CMR 17.00, requires a WISP for all organizations that hold personal information on any Massachusetts resident.  The WISP must be assigned to an Information Security Manager, periodically reviewed, and changes must be documented.  All WISP policies and procedures must be periodically tested, assessed, and reworked as needed to ensure maximum, ongoing protection.

If you would like to improve your 2017 cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at 844.449.8770 or by email at ITExperts@Bryley.com. We’re here for you.

Making Working Remotely Work

By Lawrence Strauss, Strauss and Strauss

Working remotely is trending. Yet, according to the American Community Survey, while telecommuting dramatically rose 79 percent between 2005 and 2012, telecommuters made up only 2.6 percent of the American work force; a pretty small percentage, and the true number is difficult to really get a handle on, as organizations have been shown to count answering emails after hours as working remotely.

What is generally understood as working remotely is working at least three days of a work-week from a location other than at an organization’s offices. People invested a lot of the last 130 years building our city-filled offices and suburban office parks, but no one foresaw today’s 94 percent broadband access to the internet; the world is now suddenly different.

“The seat of the pants to the seat of the chair,” was how Sinclair Lewis characterized the art of writing 100 years ago, but it may as well describe how to accomplish much of what we do today, whether it’s writing a manual or code, bookkeeping or administration, designing in Photoshop or AutoCAD. Global Workplace Analytics finds that 50 percent of the work-force holds jobs that are at least in-part compatible with remote work. So who cares the location of the chair?1

Workers care

Working from home eliminates the often tense and costly daily commute of almost an hour a day on average. Working at home means when you have a break, you can do things that would not seem to fit or be possible at the office, like weeding your garden or playing piano. Teleworking with flexible hours may make it easier for workers to balance their work and family responsibilities. Workers appreciate the ability to schedule their lives around their work rather than the other way around. (Studies have shown some place a greater value on flexibility than career advancement.)2 Also working alone helps people avoid office gossip and politics, and enables them to focus on their tasks and be more productive.3 In a 2013 study of a Chinese travel company, Ctrip, employees who were allowed to work remotely were more satisfied with their jobs and less likely to leave.4

On the other hand, “the absent one is always wrong”, goes a French proverb. And there is common sense wisdom to this: out of sight, out of mind. How much takes place in the little interactions between co-workers day-to-day? How does telecommuting affect collaboration? How does a remote worker feel engaged and motivated? Do projects get assigned to people who speak up because they are there? And do doubts nag at the telecommuter that what he’s contributed is being really understood and valued?

Organizations care

In 2007 Jack Welch, former CEO of GE, critiqued telecommuting as diminishing face-time, which he argued made it difficult for managers to see “how calm you stay in a PR crisis, how decent you are to new employees … how much you sweat during a tough deal, and how hard you work on a deadline without bitching and moaning.” In 2013, Yahoo! ended the possibility for employees to work remotely. Best Buy quickly joined the group of companies banning telecommuting.5 And there was a flurry of others, too, including Aetna last year. Unlike GE, though, these moves seemed a desperate reigning in of perks from companies in trouble, making it akin to the business adage, “nobody ever made a profit by cutting costs;” the way an organization treats customers, vendors and employees is revealing of the state of its health.

But in an echo of Jack Welch, when Yahoo! ended its work-at-home perk, then-Google CFO, Patrick Prichette, had this to say about the subject, “how many people telecommute at Google? as few as possible … there is something magical about sharing meals … about spending the time together, about noodling on ideas, about asking … ‘what do you think of this?’ these are [the] magical moments that we think at Google are immensely important in the development of your company, of your own personal development and [of] building much stronger communities.”

Conversely nearly 25 percent of employees work remotely at least part-time at UnitedHealth Group. UnitedHealth internally studies flexible work options to determine ROI. Heather Lemke, Vice President of Talent Acquisition, says their data shows “telecommuters have high quality performance, a low turnover rate and increased employee satisfaction.” As of 2015, 80 percent of companies offer some kind of flexible work options; notable leaders of work-at-home options include IBM, Dell and Deloitte.6

So businesses take different tacks on the telework issue. And maybe like the individual workers themselves – some of whom take to working remotely and others of whom want the routine and environment of the office – organizations are also not all the same, and what works for some, does not work for others.

Best Practices for the Organization

So let’s say you’re a business manager considering offering work-at-home options to your employees, how do you make it work?

Technology makes it seem so possible … what was inconceivable a generation ago, today we take altogether for granted. And we get annoyed if our instant connectivity does not work without a hiccup; and of course it’s all private and secure. And anyway, who would be interested in what I send? This thoughtlessness or naive vulnerability, makes for easy pickings for criminals, like walking a city alley alone at night. So the first thing that needs to be addressed is, how do you make sure working remotely will be secure? An IT professional, such as Bryley Systems, can get you set up fully and correctly; following are some commonly found compromises and defense strategies.

To secure your business and employees, the first protection is education. The vulnerabilities most associated with remote work are malicious Wi-Fi connectivity, malware and lost or stolen devices.

In early 2016, a survey of 882 IT professionals reported that 24 percent of mobile devices used in their organizations had connected to a malicious Wi-Fi hotspot in the past, while 39 percent said those devices downloaded malware.7

Open, unsecured (or shared password) Wi-Fi networks, such as are common at hotels, libraries and coffee shops, can pose threats, especially if the employee passes confidential data like log-in or credit card information over that network. In such cases, the employee is opening himself up to man-in-the-middle (MITM) attacks, in which a hacker can place himself between the two connected devices and steal information.

It’s ideal for the employee to avoid such networks and instead use his home Ethernet connection or his own mobile Wi-Fi hotspot for access. But, for open Wi-Fi network circumstances, an organization should have a Virtual Private Network (VPN) in place, to which a mobile device connects directly, and through which the employee connects to the internet or organization’s server.

Cloud services can help an organization keep a high level of security. A Managed Cloud Service Provider (like Bryley Systems) can encrypt the data transmitted from remote locations to the organization’s intranet. Also encrypting company data on the remote device is an encouraged best practice.

Malware (which can steal sensitive data, among wreaking other havoc) is not all that different for remote workers or workers on site. It is mostly delivered via email or web links that look to come from a trusted source, but are anything but harmless. Training is critical to cut down on malware incidences. Best practices also include the separation, by partitioning, of company data from personal data, a feature associated with PCs, but also available now on many phones.

Also mobile devices can get stolen or lost; which means data can easily fall into an outsider’s hands if the devices are not secured properly. Employers must know the technical details about each of their employee’s mobile devices. Organizations need to establish policies about how employees can tell the company or its IT provider if the device is lost or stolen. The organization or its IT partner must know how to disable the device and turn off all applications and/or force password resets – and be able to respond immediately when a breach is detected. The organization must also inquire of the employee about so-called Shadow IT, unauthorized applications that may have seemed helpful, but circumvent the managed network, such as unauthorized Google Drive or Dropbox accounts.8

Relatedly, sensitive data should be wiped from employee devices when the employee leaves the company. Unwiped data can be stolen by unauthorized parties, risking the organization’s and its customers’ data.

The organization must also establish exact protocols for working. How will information be shared between the telecommuter and the organization? Who has authorized access from a remote location? Detail exactly the network protocols to be used. Is the remote worker using a company-supplied device? Or does the company allow/expect the employee to Bring Your Own Device (BYOD)? Is he/she using more than one device to access or communicate with the organization? By what means? Emailing? And with attachments? Chat? Through Project Management software? If so, is it intranet- or internet-based? Texting? FTP? All these must be secured.

Best Practices for the Employee

If you’re an employee being given a work-at-home option, how do you make it work?

To combat “out of sight, out of mind”, and the lack of collaboration opportunities, as a remote worker, you have to establish your presence in other ways. Communication becomes especially critical for you: How will you do it (subject to the protocols allowed by your employer)?

First, it may be a requirement of your company that you work set hours, but part of the appeal of working at home is the flexibility to address family needs. If you are granted this flexibility, it is a good idea, so that you feel part of the team, to get in on the real-time conversations, by working some of the same hours as your co-workers.

Project Management Software may be part of your business’ routine communication. If so, you’ll definitely rely heavily on it not only to communicate your progress, but also to stay in the loop about the burdens team members are dealing with, so you can be supportive, and part of the team.

Email is probably the easiest form of communication between co-workers; emails are also easily misunderstood – people do not read emails carefully. And though emails can do it, they are not a great way to disseminate long items (attach longer documents as PDFs so that they can be printed with formatting that’s comfortable for reading).

Try instant messaging or chat for real-time communication and leaving communal messages. Get face-time with team members by video chatting or conferencing.

Because you’re on your own, it’s easy to feel overworked and underappreciated. So take it on yourself to measure your productivity. Set goals, track your hours, and review yourself critically to know how much you are getting done.

Get to know your co-workers. Read their social media pages, ask personal questions. It’s easy to throw people you don’t know under the bus. Be physically involved, too. Attend any non-work events. Visit the office as frequently as you can.9

Work It

Like the seeming knee-jerk reaction of companies in trouble that suddenly withdraw the work-at-home benefit, one of the problems is sometimes businesses offer work-at-home, while fostering a culture that maltreats those who make use of the program. Is telecommuting a new vacation days benefit in a business culture that counts it as a badge of honor the number of your days you leave on the table? Why else did Americans leave an average of 9.2 vacation days unused in 2012?10

But there is frequent evidence that says not many really believe in allowing people to do their work off-site. And with some reason, in the Ctrip study it was found that the longer people were teleworking, the less grateful they were for the privilege. And so, the employees initially worked extra hard out of that gratitude, but that diminished as the out-of-the-office routine became more routine. Some workers have been shown to be cavalier with protocols made to keep an organization secure. Being on your own is a privilege.

So here is an even older principle than the Industrial Revolution model of clocking in at an office: both partners to the remote work arrangement ask themselves continually if they’re acting as they would want to be treated.

1 http://globalworkplaceanalytics.com/telecommuting-statistics

2 researchgate.net/profile/Ravi_Gajendran/publication/262387597_Are_Telecommuters_Remotely_Good_Citizens_Unpacking_Telecommuting%27s_Effects_on_Performance_Via_I-Deals_and_Job_Resources/links/544a82990cf2bcc9b1d2f529.pdf

3 https://hbr.org/2013/07/working-from-home-a-work-in-pr&ab

4 https://www.nytimes.com/2014/03/08/your-money/when-working-in-your-pajamas-is-more-productive.html?_r=0

5 http://www.networkworld.com/article/2164133/infrastructure-management/best-buy-cancels-telework-program.html

6 https://www.entrepreneur.com/article/270585

7 http://www.networkworld.com/article/3049185/mobile-wireless/one-fifth-of-it-pros-say-their-companies-had-mobile-data-breach.html

8 www.networkworld.com/article/3085433/mobile-wireless/dude-wheres-my-phone-byod-means-enterprise-security-exposure.html

9 http://www.success.com/article/working-remotely-heres-how-to-do-it-right

10 Harris Interactive, per http://www.nytimes.com/2013/02/10/opinion/sunday/relax-youll-be-more-productive.html

5 Reasons Content Marketing on Social Media is Essential to Your Business’ Success

This week’s blog has been prepared by Russell Mangsen, Principal Consultant at Namra Consultion Group, LLC (NCG).  Founded in 2016, NCG understands the importance of maintaining a strong online presence through social media channels.  The organization seeks to create an online community for their clients and in turn develop long-term, trusting partnerships.

Social media marketing and SEO are two tightly interwoven strategies. Both are organic, inbound strategies that focus on building an appealing identity that naturally attracts visitors. Since social media relies on high-quality content and a visible, strong brand presence, the efforts you spend on SEO can doubly improve your social media reach, and as most search marketers will tell you, your social media presence can greatly increase your search rankings.” (DeMers).

Most business owners understand the concept of content marketing, since, at its core, it makes sense; posting interesting content online, which generates consumer interest allows you to develop a following of potential customers for your business. In theory, it makes sense. But, how often do you have to post to see results? How do you develop this “interesting content” and how do you keep it interesting? What social media platforms are most important for your business? And finally, the biggest question we hear on a regular basis: “This takes a lot of time… Is it really worth the effort?”

When we hear this question (and we hear it a lot), we completely understand. How could a social network, originally built for teenagers and college students to make party plans, become a marketing tool, so powerful that every business in existence needs it just to survive? Well, here’s how: Let’s take a look at the amount of monthly users some of the most popular social media platforms had in 2016 – a number which has only grown since, and will continue to grow in the future.

“Social platforms have become the new leaders in the digital media industry, evolving well past their beginnings as digital communication networks and becoming full-fledged media distribution channels and entertainment centers.” (Adler).

Not bad, right? Now, let’s dive deeper into the ways social media can truly be used as a marketing tool, and a powerful one at that. There are many benefits to developing a strong digital presence for your business on social media. We’ve narrowed it down to what we believe are the 5 most important impacts a strong social media presence can have on your business. Our hope is that some of you may be able to justify dedicating the time or other resources necessary to bring your business into the digital age. It’s true, content marketing on social media requires a large amount of time and effort. When done correctly, though, it can allow your business to:

  1. Increase qualified leads by creating content, which drives your audience through social media to your website. At its core, the simplest goal of social media is to generate consumer interest, which organically drives traffic to your website – or wherever the sale happens in your business – when your audience desires more information. By creating content your target audience is interested in, you are increasing the chances a potential customer will come across your business’ online presence. Once they do, they will express their interest in your product or service by “Liking” or “Following” your business’ social media pages. One of the most common mistakes a business owner can make in today’s digital age is underestimating the value of their social media pages. What you may see as a simple “Like” on Facebook is actually a real person essentially endorsing your business, showing their support, and looking forward to your future posts because they are interested in the services you offer – the very definition of a qualified lead. What more could you ask for as a business owner?
  2. Increase your search engine performance by forming a cohesive link between your social media presence and your website. Posting industry-relevant and valuable content on multiple social media platforms, while maintaining your website, can have astronomically positive effects on your search engine performance and overall inbound marketing efforts. Your search engine performance will organically perform better as you create more industry-relevant content. The more high-quality content you produce, the stronger your company’s digital presence will become. Posting related content across multiple platforms will create synergy between each of your digital platforms, which serves to enhance the performance of your entire digital presence when people search for your business in Google. Simply put, the more content you create and spread across a broad array of platforms, the stronger your business will perform online. The final result being, when a consumer searches for your something industry, not only will your website appear on Google, but your Facebook page will appear as well.
  3. Build a more personalized brand by creating original content. So you’ve got people searching for your services on Google. They see your website, and then check out your Facebook page. That’s great, but what do they see? Anything interesting? Thought provoking? Or, just another business posting about the exact services they have listed on their website? On social media, it’s important to find the perfect balance between showcasing your services and showing the world “who” your business is. This is a great opportunity for you to build trust with people who have never even met you. Social media, at its core, is about connecting people with other people. Generally speaking, most people like to do business with people they know and trust. Your consumers want to get to know your business’ personality, and social media allows you to fully customize the message you wish to communicate to them. It also gives you the ability to display the people who make up your business, which is what social media is all about.
  4. Increase the effectiveness of your marketing by focusing on engagement, not just your lump-sum total impressions. “The entire marketing world is obsessed with impressions. You might hear someone say “40,000 people saw this video.” But the truth is, they didn’t. They didn’t because as soon as the ad came up in video form, they clicked away to a new tab to look at something they actually wanted to see. But they count as an impression. They count as ‘seeing it.’ On TV, it’s the same problem. Nielsen sees how many people watch a TV show and they count those impressions against the ads that ran during the show. But as soon as commercials came up, people picked up their phones. They opened Facebook or Instagram. They aren’t engaged with the TV.” (Vaynerchuk).
    In today’s world, content is king. Social media gives any business the opportunity to shine bright and break away from the overcrowded marketplace in their industry by creating engaging content that actually appeals to your consumers. Rather than spamming them with your logo and tagline over and over again, you will generate a following of potential buyers who simply like what your business has to say. The idea here is that you are telling the story of your business and engaging with the community around you, rather than hitting people with a new advertisement every day. This increases the effectiveness of your efforts in the same way that meeting with a potential buyer in person works better than sending emails back and forth or talking on the phone. It’s about the personal connection.
  5. Maximize your budget by saving money and spending efficiently. No business has an unlimited marketing budget, and with so many options for traditional advertising – newspaper, radio, television, online advertising, etc. – it can be difficult to determine which marketing channels will show you the highest returns. In some cases, the most appealing aspect of content marketing on social media is that it requires little to no capital to get started. After all, creating a Facebook or Instagram account is free. However, there is some give and take involved here, because in order to see results, a large time commitment must be made to generate appealing content on a regular basis for your audience to interact with. Many businesses see this as time well-spent, because if one thing is for sure, it’s that people are spending more time on digital devices now than ever before, and the world is only going to become more digitally oriented as time goes on. For this reason, it is essential for your business to begin focusing on building a strong digital presence.

After taking a look at these 5 main impacts social media can have on your business, we have seen many skeptics start to understand the importance of content marketing on social media. The majority of these skeptics even begin rationalizing the time or monetary investment needed to produce high results using the content marketing technique.

In conclusion, if you get one thing out of this article, we hope it’s this: There’s a reason we put billboards on the side of the highway instead of in the middle of vacant fields. Your consumers are on social media. If you want to get in front of your consumers, you need to be there too.

Sources

Vaynerchuk, Gary. “When Will Marketers Talk About Attention, Not Impressions?”. Gary Vaynerchuk. N.p., 2015. Web. 9 Jan. 2017.

DeMers, Jason. “6 Social Media Practices That Boost SEO”. Forbes.com. N.p., 2017. Web. 9 Jan. 2017.

Adler, Emily. “Social Media Engagement: The Surprising Facts About How Much Time People Spend On The Major Social Networks”. Business Insider – Tech Insider. N.p., 2016. Web. 9 Jan. 2017.

How and Why Is Cloud Computing Beneficial for Small and Medium Organizations?

Cloud computing is not just for large organizations. That’s a fact.

Many small businesses are migrating to the cloud and experiencing benefits that were never possible before.  Cloud computing allows people access to a wide range of applications via the Internet.  Prior to the advent of cloud computing, software had to be downloaded and installed on physical computers or servers in brick and mortar offices. Those days are gone.

The cloud is becoming more popular because:

  • Cloud-based applications and services can be accessed anytime from anywhere. All you need is a device with an Internet connection.
  • The time, effort and cost of managing your systems goes away
  • The cloud is effectively infinite in size; you need not worry about running out of capacity

Here are some top reasons why organizations are choosing the cloud…

Work from Anywhere. If you have an Internet connection, you can work. Most cloud services are accessible from any device. Organizations can now offer more flexible work schedules to their employees, thereby increasing productivity.

Disaster Recovery. Organizations of all sizes should be investing in robust disaster recovery. For smaller, budget-conscious organizations, cloud-based disaster recovery is ideal. It saves time and money by eliminating high, up-front costs, and internal IT teams are no longer tasked with the complexity of maintaining a best-in-class disaster recovery system.

No Hardware Costs. Cloud computing eliminates the high cost of hardware. You “pay as you go” using a subscription-based model that’s easier to budget.

Security. When your data is stored in the cloud, you can access it anytime from anywhere. You can even remotely wipe data from lost or stolen laptops so it doesn’t get into the wrong hands.

Automatic Software Updates. Servers are off-premise so you don’t have to worry about maintaining them. Software updates are performed as they’re released.

Flexibility. Cloud-based services are ideal for organizations with growing or fluctuating bandwidth demands. If your needs increase, it’s easy to scale up your cloud capacity. If you need to scale down, you can easily do that, too.

Collaboration. Employees can access, edit and share documents anytime from anywhere. Cloud-based file sharing apps are updated in real-time, giving everyone full visibility into current content. Prior to the cloud, workers had to send files back and forth as email attachments to be worked on by one user at a time. That method often led to conflicting document versions.

Greater visibility means improved collaboration, which ultimately translates into a better practices and a healthier bottom line. If you’re still relying on old methodologies, it’s time to move into the 21st century and explore new, reliable cloud-based options that will streamline the way you conduct your business.

For more information about cloud computing, or to inquire about Bryley’s full array of Managed IT Servicesand Managed Cloud Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Beware! Fake Update Request from Firefox Is a Virus!

By Michelle Denio, Technical Support Supervisor, Bryley Systems

Thanks to a vigilant Bryley Systems client, we can now alert you to a new malware threat.
A Bryley client submitted a service ticket about a Firefox update on his home computer. I was immediately suspicious because the supposed update had come through as a java script file type (.JS), instead of an executable (.exe). Luckily Outlook had blocked the attachment and our client, who was cautious, did exactly what he was supposed to do. He brought it to our attention!

While it appeared to come from Firefox, our research easily determined that this update request is fake and is in fact a virus.

Here are the two links I found on Mozilla:
https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update
https://support.mozilla.org/en-US/questions/1137056

Below is what the fake request looks like. I’ve underlined and circled the source of the update request so you can see that it did not actually come from Firefox. Looking at the source is one of the first steps you should always take when you’re unsure about the validity of an email or a pop-up message. Had our client clicked on the Download, this hacker would have been able to install malware on our client’s computer.

Be Aware! How to Spot Phishing Emails

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate. So beware!

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords.

If you recognize these emails, delete them immediately. Even technically savvy individuals can fall prey to such malicious activity. Being able to recognize these emails will lessen your chances of being compromised. Here are a few tips:

  1. Email Address. This is the first thing you should look at. Criminals use two tricks when crafting email addresses. First, they’ll put a real company’s name before the “@“sign to make it look credible. Second, they’ll use a web address similar to the genuine one. Scammers will craft phishing email addresses almost (but not exactly) identical to the real addresses. Check these emails carefully to make sure they are exactly the same as the real web address.
  2. Generic Greetings. Being cautious of emails with generic greetings such as “Dear Valued Customer” or “Dear Valued Employee”. Look for poor spelling, punctuation or grammar. Scammers will go to great lengths to make their phishing emails look authentic. They’ll use an actual company logo and even the names of people who are employed at the company.
  3. Links. If a link appears within the email, hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.
  4. Sense of Urgency. Phishing emails may use phrases such as “act quickly” to create a sense of urgency in order to lure their targets in. These scammers may make you feel as if you’re missing out on something. They want to pique your curiosity or exploit your fear to push you into an instant response.
  5. Name. Look to see whose name is at the end of the email. If it’s from a person, is their name in the email address and does the email address appear valid?

These types of emails are just generic emails which are sent out to large groups of people, knowing that it only takes a few people to click to make the effort worthwhile to the scammers.

Spear Phishing. Criminals who target specific individuals use what is called “spear phishing.” Spear Phishing emails are even more sophisticated than your run-of-the-mill phishing emails, often using personal information obtained from social media pages to make the emails appear credible. These cyber criminals might use your name or tailor the email to reflect your hobbies, interests, where you live or events that are happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Read this case study about a particularly vicious attack that Bryley remediated.

Cybersecurity – How to Avoid Being the Next Headline

Understanding cybersecurity is not simple. When we read about a security breach it’s typically caused by an action, or failed security practice of an employee within an organization. No matter the size of the breach, it’s bad press. Data breaches surface daily and these incidents are growing in frequency, size and cost.

It is often more difficult for smaller organizations to maintain security themselves due to lack of resources or even lack of awareness. Small businesses have increasingly become easy targets. In fact, most cyber-attacks occur at companies with fewer than 100 employees. The best way to prevent such breaches is to become better educated and to follow best practices.

  1. Understand the risks. Having a basic understanding of the most common threats is key; everything from phishing, malware, spoofing, systems hacking, social engineering. It’s all bad, and it’s all a threat.
  2. Have a security policy in place that employees understand. Employees are the gatekeepers of your organizations information, so they should be the first layer of defense. Educate all employees about safe practices. Be sure everyone uses complex passwords and make sure personal and confidential information is not easily exposed. Keeping such documentation under virtual lock and key can go a long way to protect confidential information from getting in the hands of the wrong person.
  3. Keep your anti-virus/anti-spam software or other security applications up-to-date. This will help guard against the latest threats and secure your infrastructure.
  4. Verify! Verifying financial requests and confirming details via phone is more secure than email. This practice should be applied to your vendors, clients, and employees.
  5. Practice an incident response plan. Having employees who know what to do in the event of a security breach is the best protection and preparedness you can have. Hackers are often one step ahead of you, but collective accountability is critical.

Having a baseline understanding of your current environment and vulnerabilities is the first step toward building a wall of defense to reduce risk.

Please see the June 2015 edition of Bryley Information and Tips (BITs) for our IT security cheat-sheet.

For more information about ways to defend your company against a cyber-attack, or to inquire about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.