Remote Hosted Desktops and Security – How to Protect your Data

a man wearing headphones and using a laptop

With so many people working from home, remote-hosted desktops are particularly useful. They can allow an employee to access everything they can in the office smoothly. However, they are also open to potential abuse, and vulnerabilities in remote desktop protocols are significant and growing. Here are some tips on how to protect your data when you have employees using remote desktops:

Limit Devices

The best practice for remote desktops is to issue the employee a company-owned laptop and allow only that device access to the remote desktop. This means you control the security software on the laptop and can prevent employees from installing personal software that might cause problems. You can also use this as an extra layer of security by enforcing a password on the device.

In general, users can be easily discouraged from using phones and tablets for remote desktops specifically, as it seldom works well and they have alternative methods for things like quick email checks.

You can also restrict access to only locations where your employees are likely to be. Locking to specific IPs is possible, but can cause problems; for example, even if your employee only ever works from home, rebooting their network router will change their computer’s IP and lock them out. However, you can restrict by geography, disallowing connections from overseas.

Control User Permissions

Many companies are careless about granting permissions to users and giving employees carte blanche access. Compartmentalizing user permissions and allowing them access only to the files they need can go a long way toward ensuring that a hacker can’t get to all of your data from one compromised account.

Obviously, you need to make sure you don’t negatively impact productivity, but making HR files read-only, for example, can be useful in protecting from malicious actors.

Protect your Data by Enabling Two-Factor Authentication

Two-factor authentication is good practice for all accounts. One good way is to use token-generating software that texts a code to the employee’s cell phone. These codes can only be used once, so are unlikely to be compromised.

You should also limit login attempts so as to prevent brute force attacks and encourage the use of good password hygiene. Passphrases are better than passwords as they are easier to remember.

Monitor Suspicious Activity

One concern with remote work is that supervisors can no longer do random checks on employees in their offices or cubicles. However, it is possible to keep at least a basic check on odd behavior. Obviously, you should not micromanage people, which reduces engagement and productivity. Things you can monitor, though, include connection attempts from odd locations or at times when the employee concerned does not normally work. VPN systems can generally spot unusually high network activity, which can also be a red flag.

Use Encryption to Protect your Data

Requiring files to be encrypted during remote work can improve security on top of using a VPN. The files cannot be read in transit even if an employee forgets to connect to their VPN or turns it off because the system is so slow they are unable to work, both of which have been known to happen.

Use AES 128 and/or AES 256 as the gold standard to protect your data.

Choose a Good Provider

Finally, make sure that the provider handling your servers is using up-to-date security methods. Ask about firewalls and rolling or incremental backups. Also, make sure they have a good record in terms of uptime. It’s even harder for remote workers to continue to operate when the network is down. Additionally, if they are using a virtual desktop they may not be able to access any of their files and may not be able to store stuff locally.

If you have employees using remote-hosted desktops or similar protocols and need advice on how to keep things secure, protect your data, and sustain productivity, contact Bluwater Technologies today.

Are Distractions at Home Increasing Vulnerability to Cyber Attacks?

a woman sitting at a desk in front of a computer

A lot of people are still working from home right now. Furthermore, many are not working from home under ideal conditions. They may be sharing an “office” with somebody else working from home, trying to care for children, dealing with pets, etc. On top of that, everyone is rather stressed right now. Could this be causing problems with cyber attacks?

Distractions and Cybersecurity

A study done by Tessian in April showed that 43% of a sample of employees in both the UK and the US admitted to errors that could have cybersecurity repercussions.

These errors included sending emails to the wrong person, clicking on links in a phishing email, and employees blaming fatigue, stress, and distraction. Furthermore, the worst offenders were in the tech industry…closely followed by banking and finance. These kinds of errors endanger companies and customers.

To make things worse, cyberattack attempts are also up as criminals take advantage of the shift to remote working. Scammers are using fears over COVID-19 to sell fake masks, trying to use stimulus checks to get personal information, etc. So, not only are workers more inclined to fail to notice a phishing attempt, but they may be receiving more of them.

Some people struggle more than others with working from home, but everyone is likely to be distracted right now, whether it’s by their family, the news, or the climbing case numbers.

What Should Employers Do About Cyber Attacks?

Unfortunately, reopening the office is unlikely to be an option for most companies before at least the fall, if not the end of the year. Schools also remain virtual in many areas, leaving employees stuck with childcare or trying to monitor remote learning. Meanwhile, employees, feeling the situation to be temporary, are unable or unwilling to make major changes to their lifestyle to accommodate remote work.

Employee training is, thus, the best and perhaps only option to resolve this situation. It’s important to continue to refresh cybersecurity training while employees are working from home.

Giving advice and tools to reduce distractions could also be helpful for many employees, especially those for whom a separate office with a closed door is not an option.

Simple ways to help focus include:

  • Playing music, ideally without lyrics.
  • Using the Pomodoro or similar technique to force alternating periods of focus and break.
  • Putting on street clothes rather than trying to work in your pajamas. For many people, this helps the brain get into work mode.
  • Planning out a schedule for the week.
  • Work out what distracts you and deal with it before work.
  • Use timers to block social media and other distracting sites.
  • Turn off your personal phone unless you need it for work.
  • Stick to your normal work schedule and hours.

None of these require that employees invest heavily in a temporary situation, and they can make a huge difference in productivity and focus. However, it’s best to avoid trying to force the removal of distractions. One university got into a PR mess by saying that workers could not care for their children while working from home. Sadly, this is unavoidable for many right now.

Working from home is making all of us more distracted (in some cases even including people who were already working from home, but now have to deal with spouses, children, and the overall stress of the situation). Employers need to make sure that these distractions don’t result in security breaches with improved training and by helping employees learn how to better focus when their office is in their living room.

For help with your IT problems and more advice on cyber attacks and employee training, contact Bluwater Technologies today.

7 Basic Network Security Tips for Small Businesses

a man is looking at his laptop in the server room

Some small businesses might think it’s reasonable to assume that hackers and data thieves only go after large targets. Of course, these same criminals are well aware of this assumption, which is precisely why they know small businesses are often ripe for exploitation. According to CNBC, in 2019 small businesses were the targets of 43% of all cyberattacks, and more than half of them suffered some type of network security breach within the previous 12-month period.

Thankfully, there are some basic strategies that small businesses can employ to help them reduce their risk of ever having to experience a cyber attack.

Strong Passwords

Using a strong password is such a simple way to discourage hackers, yet many people still avoid using them.  Employers can enforce the use of strong passwords by requiring their systems to only accept passwords that consist of a combination of letters, special characters, and/or numbers, and are at least 8 characters long. For even better protection, enforcing the use of two-factor authentication provides another layer of security as it requires those attempting to log in to identify themselves by entering a code sent to their phone or email.

Network Security for your Corporate Wi-Fi

Businesses should always secure their Wi-Fi signal by requiring users to enter a password before gaining access. Leaving a Wi-Fi signal unsecured is simply another point of entry that leaves corporate software and data at risk for exploitation. 

Controlling Access

Employees should only have access to data and software on a need-to-know basis. Access to confidential information should be password protected and access to certain software applications should only be given to those required to use the software. Needless to say, a company should protect access to its network, requiring users to identify themselves before allowing access.

Encrypt Confidential Information

Some employees must use portable and removable media as part of their job responsibilities. Especially when working with confidential data, it’s important for companies to ensure that portable data is encrypted to prevent unauthorized access in the event the media becomes lost or stolen.

Disaster Recovery Planning

Companies should ask themselves if they are fully prepared if a long-term power outage should occur, or worse, an event such as a fire, flood, or some other type of natural disaster. If the answer is negative, they are overdue to get serious about developing a disaster recovery plan. Even small businesses are very dependent upon their hardware, software applications, and corporate data to conduct their daily business operations. Preparing a disaster recovery plan in advance means a company will be able to easily replace vital technology if a catastrophic event should occur.

Applying Network Security Updates/Performing Backups

Applying the latest software and hardware updates and patches allows companies to avoid malware and viruses that hackers often attach to outdated systems.  In addition, performing regular backups and making sure they can be easily restored is vital. Thus, ensuring that a company’s data is secure and readily available.

Educate Employees

Most business owners clearly understand that their ability to successfully conduct daily operations is very dependent upon having accurate and secure data to work with. However, sometimes employees may only consider how inconvenient certain security measures may make their daily tasks more challenging. Using a password of “1234” for every application they log into is convenient since it’s very easy to remember. However, weak passwords also leave business owners vulnerable to exploitation. This is where training employees on the “why” of security measures is so important. Employers can also train their employees to spot potential issues such as suspicious emails or unsecured web pages asking for confidential information.

Network Security Summary 

Companies should not feel discouraged if they find that safely and securely supporting their IT infrastructure is challenging. These types of challenges are precisely why Bluwater Technologies can help.

If you would like more information on how we can provide the technological support and security you need, please contact us.

The Home Chef Data Breach Affected 8 Million Customers

a box of home chef next to some vegetables

On May 20, 2020, customers of Home Chef got the unpleasant news that 8 million of their data records had been breached. The stolen information included names, email addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords. Other information, including mailing addresses and frequency of delivery, “may also have been compromised.”

The announcement came about two weeks after Home Chef learned of the breach. This is within a generally accepted time frame; the company’s first priority is to verify what happened and prevent further damage. What’s disturbing is that Home Chef learned of the breach only by discovering that its data was being offered for sale.

How Home Chef learned of the breach

An online criminal gang calling itself Shiny Hunters had announced that it was offering databases from eleven companies, Home Chef among them. In early May they offered 8 million records for $2,500. No details were publicly available on how the breach occurred, but Shiny Hunters apparently gained direct access to Home Chef’s customer database. The largest set of records the gang claimed to have was 91 million from Tokopedia, a major Indonesian online store. This number hasn’t been confirmed; the low-end estimate is 15 million.

The price might have been higher, except Home Chef did some things right. It didn’t store full credit card numbers, and it encrypted all the passwords in its database. Stolen information could make it easier to match credit card numbers with people or to crack passwords, but the breach didn’t outright expose that sensitive information. Even so, Home Chef is advising its customers to change their passwords.

What businesses and customers should do

The breach offers lessons to businesses and customers. Businesses need to remember the importance of network monitoring. If the security incident had been caught earlier, the thieves might have been stopped before they could steal the data. In the worst case, Home Chef would have known about the breach more quickly and started remedial action sooner. The process of acquiring the 8 million records could have taken weeks. Grabbing and exfiltrating that many records all at once could trigger alarms, so thieves prefer to acquire them slowly.

These events show why businesses should never store unencrypted sensitive information in their databases. Home Chef protected itself and its customers from a worse disaster by following this principle.

On the customer side, the breach shows the need for strong passwords. Depending on the details, thieves may be able to test long lists of passwords against the encrypted ones and discover the ones that match. A long and complex password is more resistant to this kind of cracking. When they learn of a breach, users should change their passwords immediately.

Home Chef warned customers to be wary of scams. Fraud operators can better target their phone calls and spam by knowing that a phone number or email address belongs to a customer. The company has reminded its customers that it will never ask for sensitive information by email. People getting phone calls claiming to be from Home Chef should likewise be wary of any odd requests.

Costs

Data security is a constant challenge. A typical data breach costs millions of dollars in downtime, reporting, mitigation, and liability. Businesses need to maintain a multilayered defense. It has to include not just technical protection but cybersecurity awareness training so that employees don’t give away authentication information or let malware get into their systems. System monitoring is important so that IT people can catch security incidents when they happen and not after massive data loss. Investing in data protection pays for itself by safeguarding a business’s operations and reputation.

Investing in data protection pays for itself by safeguarding a business’s operations and reputation. Bluwater’s network and system security services will reduce your company’s chances of suffering an expensive data breach.

Contact us to learn how we can help.

5 Outsourcing Questions for Choosing Small Business IT Support

a man and woman looking at a laptop screen

One true fact is that no company in the second decade of the 21st Century does business without leveraging some type of technology. Hence, no company in this digital age doesn’t need IT support. When you’re getting your small business up and running, hiring a full-time IT professional, let alone a whole team of IT experts, is something that you probably can’t afford. Nevertheless, you cannot afford not to have an IT team, because you very much need it. What to do? Luckily, many IT service providers offer small business IT support to those companies that cannot afford to hire full-time IT professionals. If you’re considering outsourcing the IT functions of your small business to an IT service provider, then there are several crucial questions to ask your potential partner in technology.

Do you specialize in any industry?

Finding out the specific industries that your potential IT company specializes in is a crucial first step. For instance, if they make 60 percent or more of their revenue from logistics companies and you are a law firm, there are likely going to be some issues.

It’s best to outsource to an IT company that is conversant with the ins and outs of your industry and offers technology solutions that are valuable for businesses in your specific industry. An IT services provider who has enough experience in your field will understand your unique software and hardware needs. Thus will spend less time familiarizing themselves with foreign applications and more time optimizing technology for success.

What services are included in your IT support contracts?

“We cover everything” is an answer that sure sounds good, but it is not the one you are looking for. You have to ask yourself, does “everything” mean that all their services are preventative, proactive, or both?

It is important to understand your business needs beforehand, and then ask the IT provider if they offer the services that your business needs. Also, should you experience technical issues with your server that necessitate a replacement, will the replacement be covered by the contract, or will it attract additional costs?

How flexible are your outsourcing IT support options?

IT support providers offer varying degrees of support, depending on their client’s IT needs and budgets. As a small business, you not only need an IT provider that fosters company growth, but is also capable of adapting their IT services to fluctuations in your business environment.

A reliable IT support provider is one that is able to provide a variety of customizable solutions. For instance, the IT company should not only serve as your fully outsourced IT department, but it should also provide expert consulting to help create a solid IT plan that supports our company’s long-term goals.

Will we have a dedicated account manager?

It is of the essence that you know who to contact in case of IT issues. Ask your IT provider whether you should reach out to the account manager, support desk, or the IT technicians themselves. A good IT support provider is one that appoints a dedicated account manager to handle responsibilities such as answering your questions, scheduling face-to-face meetings, etc.

How much does your service cost

When talking to a prospective IT support provider, you should be able to get a very close estimate of what it will cost to manage and support your IT network. Besides providing you with an estimate, they should also give clear and understandable reasons to justify their service cost. With these estimates, you can be able to compare the provider with other prospective IT support providers to find the one that offers the level of support your business needs at a cost that you can afford.

Conclusion

Deciding to outsource your small business IT support services is a big smart decision. The above five questions can help you to choose the IT company that is best suited for the job.

With the right IT support company, you will be able to establish a favorable client-provider relationship and set your business up for success.