Password Basics


You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are sloppy with passwords.

There are many ways data can be breached, and opening some link they shouldn't is one of the most serious security sins employees can commit, but today we’ll just talk about passwords.

Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips.

  1. Change Passwords - Most security experts recommend that companies change out all passwords every 30 to 90 days.
  2. Password Requirements - Should include a of mix upper and lowercase, number, and a symbol.
  3. Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc.
  4. Emphasize that employees should not access anything using another employee's login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn't take the time to logout and the next has to log back in. Make a policy regarding this and enforce it.

These are just a few basic password tips, but they can make a big difference in keeping your business's sensitive data safe.

Keep Your IT Guy and Outsource IT Services, Too


Everyone in the office loves Eric. Sporting a different ironic t-shirt everyday, Eric is the one we call when technology spits in our face. Whether it's a slow system, a bug that needs to be squashed, a website issue, or a crash that results in unexpected downtime and data loss, Eric is right there. Not only does he get to the bottom of any issue but he also rights the ship like he's some sort of miracle-working captain who just happens to have a pretty wickedly funny Peter Griffin from Family Guy impersonation.

But business is growing and Eric is overworked. Eric has certain skills that you'd love to use to develop innovative applications and revenue-generating projects-- but he's too busy running around fixing things that break. Or he's performing the most mundane and routine tasks day-in-and-day-out just to keep things secure and running smoothly.

You get a sense that Eric's overburdened and he's saddled with too many responsibilities. His demeanor has changed from pleasant to moody. He's listening to angrier metal and punk music and you're noticing cracks in his work. You fear Eric is being pulled in too many directions and the reliability of your server, network, and applications, as well as the integrity of your data, are all at risk.

Someone who has watched a bit too much of Donald Trump on The Apprentice might think Eric should be fired. We're not going to fire Eric. But we're also not going to hire a full-time salaried Robin to his Batman or Cheech to his Chong. We're going to help Eric by exploiting IT automation and managed services to handle many of the monotonous tasks making Eric hate his job right now.

Let's help Eric.....

  • Focus Primarily on Cost-Cutting and Revenue Increasing Projects: First things first, Eric has to realize that he can't do everything himself. Where are his skills best used? Whether it's processes that help drive down costs or ones with the potential to raise revenue, evaluate the projects in the queue and rank them by what impacts the bottom line the most.

    Once that's done, look at the day-to-day processes designed to keep things running securely and efficiently. What can be off-loaded from Eric? Determine which of those tasks can be automated either through the cloud or managed services.
  • Take to the Cloud: Some IT people fear the cloud spells the end to their job security. Meanwhile, the cloud can actually help them take on a more prominent contributing role in the company's success.
    The cloud should be seen as another tool that further eliminates the mundane yet necessary daily drudgery from their workday. Those who work WITH the cloud will find that they have more available time to take on more meaningful cost cutting or revenue generating projects. 
  • Use a Managed Service Provider: Using outsourced managed services not only alleviates much of Eric's pressure and stress, but also boosts productivity and gives the company a much improved ROI (Return-on-Investment) on their technology investment.

    While technology has gotten easier for the end user, it has become more complex on the backend with the advent of virtualization, cloud computing, and advanced infrastructure.

    Using an MSP gives Eric access to a trusted adviser, a 24/7 help desk, remote monitoring and management tools, and much better disaster recovery and business continuity solutions. All without the overhead that comes with hiring more help for Eric. MSPs offer a consistency to not just your end-user but also your main IT guy who will certainly appreciate the help.

2018 SonicWall Cyber Threat Report


Make no mistake, we are in a global cyber arms race. But it can’t be won alone: we are in this together.

That is why our trusted partner,SonicWall, is passing along findings, intelligence, analysis and research from their SonicWall Capture Labs to you today in their 2018 SonicWall Cyber Threat Report. By sharing actionable intelligence, we can help level the playing field against today’s most malicious cyber criminals.

Together, we face many battlefronts: some subsiding, some ongoing, others still on the horizon. Our latest Cyber Threat Report shows us where we — and our common cyber enemies — have advanced. Plus, it offers strategic insight on how, together, we can keep the upper hand.

Security Industry Advances

Ransomware attacks are down
The Cyber Threat Report looks at why expectations of increased numbers of ransomware attacks never materialized in 2017, even with WannaCry, NotPetya and Bad Rabbit stealing the headlines. At the same time, however, data from our cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox noted a spike in unique ransomware variants. While the volume was lower, the attacks were more targeted, unique and difficult to stop.

SSL, TLS encryption are up
The report documents a rapid increase of HTTPS in comparison to unencrypted HTTP sessions, which is critical for the security of cloud environments/applications and websites. However, this shift has given more opportunity for cyber criminals to hide malicious payloads in encrypted sessions. Unfortunately, while effective protection exists using deep packet inspection (DPI), there is still a widespread fear of complexity and lack of awareness around the need to inspect SSL and TLS sessions to stop hidden cyber attacks.

Exploit kits are shifting targets
Since browser vendors have largely phased out Adobe Flash, new Flash Player exploits have dropped off. But the Cyber Threat Report reveals some unexpected applications that are taking its place. Organizations should continually redefine and broaden the scope of applications and related files that could present a risk. In analyzing application volume, machine-learning technology can help protect against newer attack vectors.

Law enforcement disrupting cyber crime
Arrests of key malware and exploit kit authors are making a significant dent in the scale, volume and success of cyber attacks. In response, cyber criminals are being more careful with how they conduct business. Our latest report considers shifting trends in payment methods — particularly bitcoin — as well as other forces driving shifting trends in ransomware.

Cyber Criminal Advances

Ransomware variants increase
Despite a plunge in ransomware payouts, and a significant drop in total volume of ransomware attacks year over year, SonicWall Capture Labs identified a new malware variant for every 250 unknown hits. These new variants proved to be fairly effective when utilized. The Cyber Threat Report examines whether 2017 was an outlier, or if 2018 will signify a true shift in the threat landscape.

Encryption hiding cyber attacks
While encrypting traffic is a necessary practice, it can also cloak illegal or malicious traffic. For the first time ever, the 2018 SonicWall Cyber Threat Report offers real-world data from SonicWall Capture Labs that unmasks the volume of malware and other exploits hidden in encrypted sessions. These Capture Labs findings are our first empirical data available on SSL- and TLS-based attacks.

Malware cocktails shaking things up
Cyber criminals are creating “malware cocktails” that mainly rely on preexisting code with a few minor variants. These can spread quickly and more dangerously, while avoiding detection. While no single exploit rose to the level of Angler or Neutrino in 2016, there were plenty of malware writers leveraging one another’s code and mixing them to form new malware, thus putting a strain on signature-only security controls. The Cyber Threat Report looks at trending exploit kits and how they have repurposed old code for new gains.

IoT, chips processors are emerging battlegrounds
Cyber criminals are pushing new attack techniques into advanced technology spaces, notably the Internet of Things (IoT) and chip processors. These potential vectors for cyber attack are grossly overlooked and unsecured.

The Cyber Threat Report explains how modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory. These techniques often hide the most sophisticated weaponry, which is only exposed when run dynamically. In most cases, they’re impossible to analyze in real time using static detection techniques.

Inside the SonicWall Cyber Threat Report

You’ll find more detail on these advances by the security industry and cyber criminals in the latest 2018 SonicWall Cyber Threat Report. The report empowers you and your team with:

  • Proprietary empirical data that you will get nowhere else to help you confidently understand key cyber threat trends
  • Detailed predictions on trending threats and security solutions to help you plan and budget resources
  • Expert best practices and valuable resources to help successfully guide you forward

Series: Ransomware Part 1


The daily reports of cyber-crime are important reminders about the need to protect your business from malicious behavior that could threaten the success of your business. There are so many different things that can attack your computer, steal your data, and wreck your day. One of the most troublesome has been the development of ransomware. (FYI. Ransomware isn’t actually all that new-- some version has been around for decades)  Ransomware is a type of computer virus that takes your data hostage and like any kidnapping scheme, demands money for the release of your data.

Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren't going to be able to call in IT support to solve the problem. Basically, you have three options.

  1. Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware viruses even provide help lines if you're having trouble. Of course there are no guarantees your will get access to your data–these are thieves you’re dealing with.
  2. Don’t pay and lose your data - This has its obvious downsides, unless…
  3. You have a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also. In the next blog, we will address your need to add an additional layer of protection to handle ransomware attacks.

Four Key Components of a Robust Security Plan Every SMB Must Know


Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances.

This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information.

Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free.

Today’s SMB Needs a Robust Security Plan
Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses everything from physical access and theft to the threat of compromised technology security.  This involves defining and outlining acceptable uses of your network and business resources to deter inappropriate use.  Here are four key components to consider.

Network Security Policy: Limitations must be defined when it comes to acceptable use of the network.  Passwords should be strong, frequently updated, and never shared.  Policies regarding the installation and use of external software must be communicated.

Lastly, if personal devices such as laptops, tablets, or smartphones are accessing the network, they should be configured to do it safely, which can be done easily with a reliable Mobile Device Management (MDM) solution.

Communications Policy:  Use of company email and Internet resources must be outlined for legal and security reasons.  Restricting data transfers and setting requirements for the sharing or transfer of digital files within and outside of the network is recommended. Specific guidelines regarding personal Internet use, social media, and instant messaging should also be clearly outlined. If the company reserves the right to monitor all communication sent through the network, or any information stored on company-owed systems, it must be stated here

Privacy Policy: Restrictions should be set on the distribution of proprietary company information or the copying of data.

Inappropriate Use: Obviously, any use of the network or company-owned system or device to distribute viruses, hack systems, or engage in criminal activity must be prohibited with the consequences clearly noted. Any website that employees cannot visit should be identified if not altogether blocked and restricted. For instance, downloading an entire season of True Blood from a Bit Torrent site isn’t an acceptable use of company Internet resources.

Every employee must know these policies and understand the business and legal implications behind them.  Companies must also make sure these policies are clear and understood by all, and most importantly, strictly enforced.

Cloud or dedicated server? Where is the smart money going?

Should you be entrusting your data to the cloud or keeping it down to earth on your own servers? This is a decision facing every CIO. And it’s one they’ll be forced to justify and revisit regularly for the foreseeable future. That’s because there’s been no knock-out blow in the argument between the cloud and the in-house server. There’s plenty to be said for both, which makes the question one of what’s right for you.

Looking cloudward

Surely the chance to ditch your servers and outsource to someone who is steeped in server management seems like a gift from the universe.

The arguments in favor of cloud computing are easy to make, especially to someone frustrated by the intellectual overhead and raw cost of maintaining their own servers.

The promises of the cloud include the following.

  • You pay only for what you use, so it’s incredibly flexible; you can scale up or down at will.
  • Security, upgrading, and server configuration are in the hands of experts.

In these days of everything being “as-a-service,” the idea of owning anything like a server seems downright old-fashioned. If Uber can run the world’s largest taxi service without owning any taxis, why on earth would you need to own servers?

Where to look closely

There are a few things you need to factor in to make sure you’re comfortable with any potential compromises.

Power: Cloud providers can’t match the power of a dedicated server that’s properly configured.

Speed: The scalability of the cloud has to do with getting more or less storage, not faster storage, which might be a concern when another customer is flogging the server you’re on.

Latency: If your cloud host uses dispersed locations or it’s not nearby, you might have latency issues

Taking a dedicated approach

The promise of cloud computing is most clearly seen in companies meeting one or more of the following criteria.

  • Tight budgets
  • Growth they can’t predict
  • Business-to-consumer models
  • Jobs that don’t need lots of computer power or storage or much time to run

A company that has a business-to-business model or has well-established usage needs and predictable growth will likely find running its own servers cheaper and more efficient. This is something you can quickly run the numbers on, and the results might surprise you, considering that “cheaper” is a clarion call of the cloud industry.

The issue of security

It’s also worth running the decision through the filter of security. Hackers fish where the fish are, which makes cloud hosts attractive targets. You’re not just outsourcing server configuration and the like. You’re trusting another company with your security. If security is a concern, you’re probably better off keeping your servers in-house, where you can tailor security to your needs.

It's time to send your employees home.


When it comes to the debate about whether you can get more work done at home than in the office, the interesting divide is between those who have tried it and those who have not. An even 50 percent of those who have tried it say they are more productive at home. So far, so much on the fence. Except...

Why you should tell your employees to stay home today

Another 36 percent of people say they are equally productive in either place. That is 86 percent of your workforce who are more (or at least equally) productive at home.

So what?

Those are workers for whom you are renting office space. You are buying them desks and chairs. You are paying for lighting, heating, cooling and other utilities.

And it turns out you do not need any of that expense to get the most out of them. In fact, you might be getting less.

Let people work at home sometimes and you can cut back on office space and other bills while upping productivity.

Once you leap the trust hurdle, the argument for equipping employees with laptops and letting them work wherever they want becomes more and more appealing. (If they are going to be working from home all the time, you could even consider helping them equip a home office with a desktop.)

The downside

You might want to consider a company health program to go with your flexible work program.

A fifth of people say they exercise less when they work from home. And they might also be part of the 38 percent who say they snack more. On the other hand, you get workers who sleep more (30 percent) and feel less stress (46 percent).

More time, more work

Unsurprisingly, 40 percent of home workers drive less. They do not have an office to go to anymore. Former commuting time is likely time they will put into doing more work.

Even if they do not turn it all into work time, they might start work earlier, when people are generally more productive, and finish earlier, when people are typically winding down.

That’s better for employers and better for employees.

So who should stay in the office?

With most employees coming into the office only some of the time, the potential to save costs by equipping workers as road warriors could be substantial. Only 14 percent of workers say they are less productive working from home.

With today’s built-in webcams and developers baking video conferencing into software like Microsoft Office, you might not even notice the other 86 percent are missing.

Top browser plug-ins for small businesses

Firefox, Chrome, Internet Explorer... choosing a browser is an important step for your business, but it's just a first step. Nowadays, you can use browser plug-ins to further customize your online experience.

But with so many plug-ins available to small business owners, how can you choose which are the most suitable? Well, we’ve done the hard work already, so read on to learn more about the top browser plug-ins for small businesses.

1. AdBlock Plus

AdBlock Plus is a free plug-in that’s available for Chrome and Firefox. It automatically screens out unwanted online advertisements, from blinking banners to unexpected video commercials. You can even choose to allow unobtrusive ads or create lists of specific websites that you’d prefer to visit ad-free. All in all, it makes for a more streamlined and less distracting online experience.

2. Last Pass

LastPass takes the hassle out of using multiple passwords to protect your data from prying eyes. It uses AES 256-bit encryption with routinely increased PBKDF2 iterations – that’s tech-speak for "serious encryption" – to store random non-dictionary passwords. You only have to remember your "LastPass" – a secure password that you can use to start safely browsing the Internet.

3. StayFocusd/LeechBlock

When there’s work to be done it’s important to avoid distractions, and that’s where StayFocusd and LeechBlock come in. Designed for Chrome and Firefox respectively, they allow you to limit your time on distracting websites, temporarily blocking them when time is up.

You can even block websites at specific times (so Facebook, for example, might be available during your lunch break). It’s a great way to ensure that you, and your employees, stay on task. 

4. MightyText

MightyText is one of the most useful extensions out there, syncing with your mobile device so that you can send and receive messages from within Firefox or Chrome. It also backs up messages so you needn’t worry about losing them. It’s designed for use with Android phones, but iPhone owners can use iMessage in the same way.

5. Rapportive

LinkedIn has become an indispensable resource for businesses, allowing owners and operators to connect with colleagues, find new talent, and learn about the competition. Rapportive brings this information to your Gmail inbox, automatically matching your contacts with their LinkedIn profiles. For small business owners, it’s a convenient way to learn more about suppliers, customers, and colleagues on the fly.

Plugging into the online world

In this article, we’ve touched on just a few of the things you can do with plug-ins and extensions for major browsers.

After you’ve tried out the plug-ins above, perhaps the best thing to do is visit the Chrome Web Store or Firefox Add-ons page and start looking for solutions that support your business.