Whenever there is a crisis, there are usually innocent people that end up paying the price. Well-meaning citizens and organizations will step up to help, but unfortunately, scammers take advantage of the situation.

Whether it is a natural disaster, a pandemic, or the latest crisis, such as the war in Ukraine, there are those unscrupulous people who will see an opportunity to trick people out of some money or sensitive information (like their SSN or banking details).

You can work hard to put IT security protections in place like a network firewall and password security, but many times a breach is initiated by an employee accidentally clicking on a phishing scam, like the ones that come in times of crisis. 

A study by Stanford University found that approximately 88% of all data breaches are due to human error. 
To help stave off human error, and not be the cause of it yourself, you should be aware of the types of scams that these bad actors perpetrate. 

Types of Scams to Watch Out For

These scams will generally come via phishing emails or text messages. Phishing by SMS (“smishing”) is growing fast, and unfortunately, many people don’t yet have this type of phishing on their radar.

Beware of any unsolicited messages coming in via text or email. Especially when tied to a crisis event. Here are some examples of scams that are making the rounds.

Ukraine Charity Scams

The war in Ukraine has caused many to want to help the people being forced out of their homes, and scammers are taking advantage of this.

One scam mentioned by Tom’s Guide has a headline that says “They Need Our Help” with images of war to pull at the giver’s heartstrings. But when the recipient of this message clicks to donate, there is often nothing about what percentage of the money will be donated or much information on the organization behind the push to collect funds.

These types of sites will take your money and could also steal your credit card details and sell them on the Dark Web.

Coronavirus Scams

COVID-19 and its variants are still around, and criminals have had a heydey for the last two+ years with all types of coronavirus-related scams. This includes scams that use:

• Fake contact tracing maps with hidden malware 

• Impersonation of a government agency to get personal details, purporting that it relates to some type of COVID tax relief

• Scams involving hard to get protection items or fake cures

During the pandemic, phishing has skyrocketed by 220% as criminals ramped up these scams.

Disaster Relief Scams

Much like the Ukrainian crisis scams, anytime there is a natural disaster like an earthquake, hurricane, typhoon, wildfire, etc. fake charity scams will start popping up on social media, your email inbox, and via SMS.

They’ll pretend to be collecting money for the victims and will prey upon the desire by good people to help others.

How to Avoid Falling for Crisis Scams

Go Directly to the Source to Donate

There are many wonderful legitimate charitable agencies out there that you can donate to that really are helping in the event of a crisis.

Instead of going through a link you see in an email or on social media, go directly to a charity’s website or a reliable watchdog site like the Better Business Bureau (BBB) Wise Giving Alliance at Give.org. 

Avoid Using Links in Text Messages or Email

Avoid clicking links you receive via email or text message, no matter how compelling and heart-tugging the message may be. These scams are written to get you to respond emotionally before you have a chance to question the legitimacy of the site.

Any type of link from a source you don’t know could easily lead you to a phishing site that does a drive-by download of malware onto your device as soon as the page loads.

Don’t Trust Social Media Posts Asking for Money

Social media phishing scams (known as social phishing) can be difficult to spot. Sometimes people we trust like a friend or family member may knowingly share a scam link because it has a compelling image. They don’t realize they could be setting their own friends up to get scammed.

Scammers will also buy social media advertising and target those that fit a certain algorithm. The information that Facebook and other social sites have on you allows them to sell very targeted advertising, and they haven’t done a great job of vetting who is doing the advertising.

This targeting allows scammers to customize ads that target your personality type. For example, if you’re tagged as a pet lover, then the ad you see might have an image of a war-torn region with an animal in the middle and a fake request that asks you to help pet shelters during the crisis.

Avoid the urge to click on these social posts to donate. Do it directly through a legitimate charity’s website instead.

Fortify Your Defenses Against Phishing

In addition to user training on phishing, there are also cybersecurity solutions that help prevent a click on a phishing link from resulting in a breach. BrainStomp can help your business with important safeguards to combat these types of attacks.
Schedule a free consultation today! Call 260-918-3548 or reach out online.

A recent cloud adoption survey from 2021 found that cloud adoption by companies is at an all-time high of 90%. It’s expected that that number will reach 100% this year if it hasn’t already due to the changes in workforce structure driven by the pandemic.

With much of what companies do moving to the cloud – data, software, processes – cloud environments are the new main target for cybercriminals.

Incidents of cloud credential compromise have been rising, with this now being the main cause of data breaches. Because many cloud providers (Amazon, Microsoft, etc.) have stringent data center security standards, hackers are finding other ways in, mainly through compromised user accounts.

98% of enterprises have experienced a cloud security breach in the last 18 months. 

This shift to the cloud means that businesses need to make cloud security a priority, and there are four essential areas that you need to be addressing.

1. Identity Security

The first area of cloud security you need to look at is identity security, also known as access management. User credentials were responsible for 61% of global data breaches in 2020, according to Verizon’s Data Breach Investigations Report.

Addressing identity security involves putting some of the following cybersecurity protections into place:

• Strong Passwords: Don’t just tell users they need to use strong passwords, enforce their use through security policies in apps that don’t allow weak passwords to be saved.

• Multi-factor Authentication: With a 99.9% effectiveness rate at stopping fraudulent sign-in attempts, this is a “must-have” safeguard for all your user accounts.

• Use of Single Sign-on (SSO): You can streamline the user experience and make access security easier to manage by putting an SSO application in place.

2. Network Protections

Hackers that gain access to your network or the network of a remote employee can make their way into a device and through that device, access cloud data, and accounts, such as email.

It’s important that networks are protected with proactive monitoring for any threats, a next-gen firewall application, and zero-trust security measures. One of these would be application safe-listing that only allows designated code to run, blocking all others (including malware or ransomware).

With many employees working remotely, companies haven’t always kept up with network security when it comes to those home networks. It’s a difficult needle to thread in some cases because the network and router are owned by the employee and used for more than just work.

But some simple safeguards like ensuring a strong router password, and setting up a guest network to segregate work devices from home devices are non-intrusive protections that can be put in place.

3. Device-based Security

The computers, mobile devices, and IoT devices that connect to your business cloud apps and data need to also have proper security to ensure they’re not compromised.

Once a device is compromised, a hacker can often gain access to a cloud account without even needing the password.

Device security best practices include:

• Patch and update management for software and operation system

• Advanced antivirus/anti-malware

• Code or biometric locks for screens

• Regular virus scans 

• Monitoring of device access to business assets

Using an endpoint device management application, such as Microsoft Intune, can help you better ensure device security of all those mobile endpoints. This is especially important now that employees are accessing data from multiple devices (desktop, tablet, and mobile) and can often do this while outside your immediate company network.

An endpoint device management application also helps you keep the business side of an employee device separate from the personal side. This can allow you to enforce document security policies and better secure access to any cloud accounts. 

4. Visibility & Compliance

You need to maintain visibility into how your cloud data is being used and who is accessing that data. One data leak where an employee accidentally exposes personally identifiable information (PII) of a customer can lead to a data privacy compliance breach and penalty.

Another danger of not having full visibility into how your data is used in cloud applications has to do with shadow IT. This is the term used for cloud applications that employees may be using for work without your knowledge.

Without a cloud app use policy in place, well-meaning employees may start using an application they like on their own. This means that company data could be stored in an app that hasn’t been reviewed to see if it meets your compliance requirements.

It’s important to have visibility into all cloud data storage and activities happening in your organization and to educate employees on the apps that can be used for business data and those that cannot.

Get Help Ensuring Your Company’s Cloud Data is Protected

BrainStomp can help your business address each of the four important areas of cloud security to reduce your risk of a costly breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Windows 11 has been out for a few months now and has been largely well-received. The new operating system had just a few initial bugs with compatibility which were quickly addressed by Microsoft and has been without major problems for a majority of users.

Windows 11 replaces Windows 10, just as the older OS reaches less than four years before it’s retired in October of 2025. If you haven’t upgraded yet, you may want to think about doing so sooner rather than later.

There are a lot of advantages to upgrading to Windows 11, and the fact that the entire OS is not a large departure from the Windows 10 experience is a plus. It means that users aren’t feeling like they just stepped into alien territory when they boot up after upgrading.

The main interface and how you get around is similar to Windows 10, but 11 is worth considering because its development was focused on productivity and making it easier for users to do everyday tasks.

When looking at technology solutions for your business, the operating system that runs your PCs is a foundational piece of the architecture. It’s important that it is kept updated so you aren’t held back by compatibility problems with new applications or run into security vulnerabilities.

We’ll go through some of the great new features of Windows 11 below that can upgrade your user productivity.

Snap Layouts

One of the most useful features in Windows 11 is the snap layouts option. When you hover above the maximize icon on any window, you have the option to snap the window into a layout with 1 to 3 other open windows.

Images from Microsoft - Snap Layout with three windows

App switching is one of the most time-consuming tasks for people because it tends to happen all day long. 68% of surveyed users say they spend at least 30 minutes per day switching between apps.

Snap layouts allows you to reduce app switching by optimizing your view of several apps at the same time. This is better than trying to resize windows yourself because the view allows you to access all window scrollbars and menu items.

You can also easily snap windows in and out of the layout view.

Teams Calling & Messaging from Your Desktop

Video meetings have become the new norm, with many people still working from home for the foreseeable future. Lots of companies plan to keep remote teams in place even after the pandemic has passed due to the realization that if enabled with the right tools, employees can be just as or more productive. Additionally, companies can save money on physical building resources.

One of the hybrid work features that were introduced in Windows 11 is the ability to use MS Teams right from the desktop, without needing to open the full app. It comes installed with Windows 11 natively and has an app on the taskbar.

Users can click to place an audio or video call, and even share the screen right from their desktop.

One of the more helpful features if you hate having to type text messages on a tiny smartphone screen is the ability to send and receive text messages through the app. This allows you to text right from your computer to any mobile device. 

Streamlined Start & Search Menu

One of the more noticeable UI changes with Windows 11 is that the Windows Start icon has moved from the left side of the taskbar to the middle, grouped with the other icons. 

Users will also notice that all those complicated boxes and groups are now gone, and the Start menu has a more streamlined and uncluttered look.

You can pin most-used apps to the top and easily use the master search bar (which has been moved from the taskbar to the top of the Start menu) to search for anything.

Finding documents, webpages, applications, photos, and more is much faster when using this master search and will reduce the time it takes you searching for files in File Explorer.

New Widgets Panel

One feature that has a little more work needed, but is still helpful right now is the new Widgets panel. You can access this via your taskbar and it pulls information in for things like weather, news, stocks, and more.

You can customize the panel by adding the apps you want. One of the most helpful right now is the To Do widget, which allows you to create a quick list of tasks from your desktop and then check off items as you finish them.

Doing this from the desktop in the widgets panel is a bit faster than having to open another application to access a task list.

Need Help With Your Windows 11 Upgrade?

Upgrading all your business PCs to Windows 11 doesn’t have to be time-consuming. BrainStomp can help your business with a smooth upgrade and train your team on the most productive new features.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

A recent study found that as many as 80% of data breaches can be tied back to the compromise of privileged user credentials. These insider attacks happen when cybercriminals get their hands on a legitimate user login, either through the use of phishing scams or from the purchase of passwords after the breach of a large database.

The average employee has to keep up with over 100 different passwords, which makes it very challenging to use strong password practices, such as using long passwords that include special characters and making each password unique.

This, coupled with the fact that credential theft has become one of the leading types of cyberattacks, has made account access security a major risk factor for many organizations. Just one breach can lead to business email compromise, ransomware infection, data loss, and breach of confidential employee or customer information.

The accounts that interest hackers the most are those with higher-level access privileges. If they obtain the credentials of a lower-level user that can’t access any security settings or user management, the damage they can do is limited. 

But, if a criminal is able to breach an administrative account, they can often add and remove users, lock companies out of their own accounts, access payment details, and much more.

The best way to reduce your risk of a privileged account compromise is to audit these accounts regularly. Your goals during this audit include:

• Reduce the number of unnecessary privileged accounts

• Eliminate any unused privileged accounts

• Lower access levels for employees where possible

• Put monitoring in place for insider attacks using admin accounts

Steps for Conducting a Privileged Account Audit

Create a List of Cloud Accounts With Each Account and Privilege Level

First, you’ll need to compile a list of each user account in each business cloud tool that your company uses.

This may take a few days, as companies often find out they have more cloud apps than they realize. The average company and its employees use approximately 137 cloud tools, both free and paid.

The fastest way to do this is to see if the cloud platform can export your user list and their details. Your goal is to have a list of each cloud tool, all users accounts enabled in that tool, and the privilege level of each account.

Identify & Eliminate Any Unused Accounts

Your next step will be to identify and eliminate unused accounts. Leaving unused user accounts sitting in a cloud tool provides a prime target for hackers to infiltrate your cloud platform because the account is unmonitored.

Eliminating all unused accounts, both privileged and non-privileged, will decrease your risk of a breach as well as save you money on any paid cloud account subscriptions.

Review All Privileged User Workflows to See If The Access Level Can Be Reduced

Next, zero in on those users with privileged accounts that allow them higher access and more permissions in the platform than basic user accounts.

Interview users to ask how often they use the additional permissions. If you find someone isn’t using a higher-level function very often, then they don’t need to have that access level on their account. 

Adjust User Privileges Using the Rule of Least Privilege

For all privileged user accounts that you’ve identified as not actively using those admin permissions regularly, reduce their user access level. 

You want to apply the Rule of Least Privilege across all your user accounts in each platform and use it going forward when creating new user accounts.

The rule is simple and dictates that users should be given the lowest possible permission level in a system as needed to complete their daily tasks.

So, if a user only needs admin permission once or twice a year, they don’t need to have an administrative account. They can use a temporary access change to complete those or a dedicated admin account, which we’ll discuss next.

Consider the Viability of a Single Dedicated Admin Account in Each Cloud Platform

Where it is viable, use a single dedicated administrative account. This greatly reduces your risk of a privileged account compromise because you’re reducing your high-level accounts to just one per platform.

Microsoft 365, for example, allows you to set up a dedicated administrator account without paying an additional user license. This account doesn’t use email and is only used for administrative purposes.

Users that need to conduct admin duties, simply log out of their own lower-level user account and into the shared dedicated admin account. When finished, they log out, and back into their own account.

Monitor & Review Privileged Accounts Regularly

Because privileged accounts are such a big target for cybercriminals, it’s important to monitor them and conduct audits regularly. Access monitoring helps you spot any strange anomalies, such as a privileged account login at odd hours of the day and night.

Let’s Improve Your Cloud Security This Year!

BrainStomp can help your business audit and review your access security and improve your cloud protections for a more secure cloud environment.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Many business owners are in a hopeful mood right after the first of the year and are looking for ways to improve sales and grow their businesses. But no matter how much you grow, one ransomware infection or cloud account breach can mean devastating downtime.

A cyberattack costs a business an average of $200,000, which is more than many smaller companies can bear. Small businesses are also often targeted in these attacks, with over half experiencing a data breach within the last 12 months.

Mobile phishing threats soared by 161% in 2021.

New and more sophisticated cyberthreats are being developed and launched each day that endanger your company’s network security and business wellbeing. This makes cybersecurity one of the most important investments you can make to secure business continuity and growth. 

When making growth plans for your company for 2022, here are several New Year’s technology resolutions that you should include to ensure your IT infrastructure is protected.

Begin Transitioning to a Zero-Trust Security Approach

Cybercriminals are using AI and machine learning to improve the success of their phishing attacks. They continually come up with more sophisticated ways to steal user credentials and conduct insider attacks.

Just normal antivirus software isn’t enough to keep your on-premises and cloud assets secured. Zero-trust is a strong cybersecurity framework that is being adopted around the world. 

It takes a stance of not trusting a user or program by default until they can authenticate access privileges. Some of the tenants include using a safe list for programs that can run on your system rather than trying to identify and block those that can’t. This ensures that any non-approved program is blocked by default, no matter what it is.

Zero-trust is a strategy that is adopted across your entire cybersecurity environment. You can begin with a few zero-trust measures and then add more as time and budget allow to improve your security.

Adopt the Rule of Least Privilege

Credential compromise has risen to the #1 cause of data breaches globally, with stolen login credentials responsible for 20% of data breaches.

With most data now residing in the cloud along with things like business email accounts, hackers are going after usernames and passwords because having a legitimate user login is the easiest way to breach a company account.

Adopt the Rule of Least Privilege this year. This rule states that you should only give employees the minimum permission level in a system as needed for them to perform their daily tasks.

The fewer privileged accounts you have with admin access in a cloud account, the less risk you have of serious damage being done if a hacker steals one of your employee logins.

Implement Multi-Factor Authentication (MFA) Across All User Accounts

One of the tenants of Zero-Trust is multi-factor authentication. This is one of the strongest protections you can put in place to prevent account takeovers and insider attacks.

According to Microsoft, MFA is 99.9% effective at blocking fraudulent sign-in attempts on an account.

If you’re worried about employee pushback about MFA being inconvenient, then couple it with the implementation of single sign-on (SSO). SSO consolidates the employee experience into one login to access all work applications, which saves users time even if they use MFA.

Have Cloud Account Security Professionally Configured

Misconfiguration of security settings is one of the major causes of cloud account breaches. Today’s platforms like Microsoft 365, Salesforce, Google Workspace, etc. come with a lot of security flexibility, but the most secure settings aren’t usually defaulted.

For example, MFA is typically available, but not generally pre-enabled. Users need to enable it themselves, along with several other security features.

Resolve this year to have an IT security professional, like BrainStomp, configure your cloud platform security settings to ensure your accounts and data are properly protected.

Test Restoration of Your Data Backups

Do you have a recoverable backup of all your data in the case of a ransomware attack? If so, when is the last time you tested the data restoration process?

Many companies never do this, and it leaves them at high risk should they suffer a ransomware attack or other data loss incident. There are several cases of companies (like Colonial Pipeline) being hit with ransomware, and having a backup, but paying the ransom anyway because they never tested data recovery and aren’t sure how long it will take. So, they opt to pay the attackers because they think it will be faster.

Add at least two data recovery drills to your calendar this year as part of a business continuity strategy. This helps you ensure you have a backup and recovery system that can restore data quickly, gives you important timeframe details, and helps your team become familiar with the process.

Get Help Improving Your Cybersecurity This Year

Cybersecurity isn’t something to put off until “later.” BrainStomp can help your business target your most vulnerable areas and implement solutions that protect you from costly breaches.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing attacks nearly doubled in 2020 as compared to the prior year and we’re seeing a similar trend in 2021 with phishing on the rise. This method of attack is by far the most prevalent and it continues to evolve and get more sophisticated all the time.

Without protection against various phishing tactics, companies can face multiple threats to their network security, including ransomware, data breaches, credential theft, and account takeovers. 

Phishing has become more dangerous over the last few years because many attack campaigns are run by large criminal groups or state-sponsored hacking organizations. These groups invest money into making phishing more effective and continue to optimize how much money they can make and how fast they can deliver attacks.

This in turn increases the volume of attacks and the risk level. 

One of the ways to stay one step ahead of phishing attacks is to know what new tactics are being used so you can properly prepare your team. Following are some of the alarming new phishing trends being seen by industry cybersecurity experts around the world.

1. Increased Use of Breach Specialists (Initial Access Brokers)

Initial Access Brokers are hackers that specialize in getting inside a network. They facilitate that first breach, so others can then conduct their attacks. Because this is the main focus of this group of outside contractors, they’re very good at it.

In efforts to optimize the success of phishing campaigns criminal groups are increasingly hiring these experts to launch that initial part of the attack that gets them inside a network. This can be through an elaborate credential theft campaign or a tactic using malware to breach a network device.

2. SMS Phishing is Increasing

SMS phishing (smishing) is on the rise and many employees aren’t aware. They’re used to being careful of unexpected emails and may even be well-trained in tactics like hovering over links to reveal the URL beneath them. However, many aren’t expecting to receive fake text messages that look like the shipping notices they normally get from Amazon and other retailers.

Mobile phone numbers are becoming easier to get, which is why scam robocalls have become such a problem for mobile device users. Cybercriminals are also using these numbers to launch phishing campaigns via text message deploying hidden links that users often can’t roll over in the same way they can on a computer.

3. More Use of Brand Impersonation

Impersonating another company is a common phishing tactic to fool users into thinking a phishing email is legitimate. They’ll use their logo, signature, and make a carbon copy of emails from brands like Microsoft 365, Amazon, and Netflix.

But scammers don’t only impersonate larger companies. Your business needs to watch out for the use of brand impersonation when it comes to vendors you do business with, such as your internet service provider or website host. 

4. Monetization of Business Email Compromise (BEC)

Up until now, ransomware has been one of the most lucrative types of phishing attacks that hackers could launch, which is why ransomware has been exploding in volume in recent years. But now hackers are finding out that compromising a company email address can also rake in the cash.

Once they breach a user email address (preferably someone in a managerial position), scammers can send out emails from that person’s email account to other employees. Those employees will typically not suspect a phishing attack because they recognize the person and see their real email address is used.

BEC is often used with gift cards scams, where the scammer will direct employees to purchase gift cards and reply with the codes.

5. Increased Targeting of Smaller Companies Using Spear Phishing

Smaller companies need to worry about the increased use of spear phishing. This targeted form of attack that uses more personal details used to be saved just for the larger organizations because of the research needed.

But now with the efficiency improvements of phishing attacks, small businesses are also being singled out and targeted in the same way.

6. Disgruntled Employees Are Being Targeted for Their Passwords

You may want to ensure you don’t have any particularly unhappy or disgruntled employees because they could potentially be the source of a breach. In efforts to conduct attacks on company cloud accounts, hackers are phishing for user login credentials.

One of the new tactics they’re using is to outright offer employees cash for their login details. They play the numbers, thinking that most companies have at least one disgruntled employee that might take them up on that offer. If they do a little searching on social media, it may also not be hard to find someone unhappy with their employer based upon the things they are posting.

Are You Due for a Review of Your Cybersecurity Strategy?

Companies must evolve their cybersecurity strategy to keep up with the evolution of phishing and other cyberattacks. BrainStomp can help your business with a full review of your current protections and make suggestions for any areas of risk.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

As of June 2021, Windows has over 72% of the desktop operating system market share, so a majority of companies are having to make the decision of when to upgrade from Windows 10 to the just-released Windows 11.

Upgrading your business technology solutions, especially one as important as the OS that runs employee PCs, is an important timing decision. Companies don’t want to upgrade too soon and face downtime and other issues due to bugs that have yet to be worked out.

But waiting to upgrade also has a downside. Employees can miss out on productivity-enhancing features that could improve their workflows. Additionally, a company could get caught having to rush to upgrade before the older OS loses vital security support or risk increased exposure to a cyberattack.

When it comes to Windows 11, out for a little over 2 months now, many companies are weighing the pros and cons and trying to decide exactly when to upgrade their office devices. 

We’ll go through the pros and cons of upgrading now to help you make a more informed decision on when to roll out your Windows 11 companywide upgrade.

Reasons You May Want to Wait to Upgrade

If Your Company Uses Oracle VirtualBox

The Windows 11 release has been largely well-received with few issues. Nearly all bugs that have been found have already been resolved, according to the Windows health and status page.

However, there is still a confirmed issue with Oracle VirtualBox and its compatibility with Windows 11. Users might be unable to start Virtual machines and may receive an error message. 

The Widgets Panel Needs More Work

While many of the features have rolled out without a hitch, one in particular still needs more work and is minimally helpful right now.

The Widgets panel that is activated from the taskbar is designed to allow you to get quick access to different types of information like your Microsoft To Do list, news, weather, stocks, and email. But it has some problems, that include:

• Email widget is difficult for some users to connect to their Outlook email

• There aren’t that many widgets to choose from

• There are not many productivity-focused widgets

• The panel can be slow to load

Reasons You May Want to Upgrade Now

Easier Multi-Window Workflow

68% of surveyed office workers say that they spend at least 30 minutes a day switching between apps. This is often done because it can be time-consuming to size two or more windows on the screen at the same time and still reach the menu items and scrollbars.

The new snap layouts feature in Windows 11 solves this dilemma. It allows users to quickly snap a group of windows into an optimized view that allows them full access to scroll bars, menus, etc. 

This single feature can save your employees a lot of time and make their multi-window work easier and more fluid.

Snap layouts in Windows 11

Easy-to-Learn Upgrade Without Major Differences from Windows 10

This won’t be an upgrade that has your employees feeling like they’re in alien territory when they get to their upgraded desktop. Windows 11 doesn’t make major changes to the interface or navigation of Windows; it just enhances it to make it less cluttered and reduce the time it takes users to do tasks.

The biggest interface change that users will need to get used to is that the Windows Start Menu button has been moved from the far left of the taskbar to the middle.

Native Teams Integration Promotes Easier Connections

We’ve all known that one person that seems to have a hard time navigating video call applications. For those users and others, Windows 11 is going to make the chat, audio call, and video call experience easier. 

Microsoft Teams is natively integrated with an icon on the taskbar. Users can click to easy message or call anyone from their desktop without needing to open another app. This includes the ability to screen share during a call and to send and receive text messages. The person you are connecting with doesn’t have to be a Teams user to connect with them.

The Upgrade is Free for Compatible Windows 10 PCs

Another reason you may not need to wait to upgrade is that upgrading to Windows 11 won’t mean having to purchase a new operating system for all your computers in most cases.

The Windows 11 upgrade is free for Windows 10 PCs (home and business versions) that meet the minimum system requirements for the upgrade. 

Schedule Your Windows 11 Office Upgrade Today

BrainStomp can help your business upgrade all user PCs (in-office and remote worker) to Windows 11 smoothly without disrupting your normal business operations.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing attacks have been going through the roof so far this year. In May of 2021, they rose by 281%, and in June, increased another 284%. The quality of phishing emails, in general, is also going up, which makes them harder to spot, even for those that consider themselves tech-savvy.

These phishing scams now automate and personalize emails and the malicious websites that may be used with, tailoring them to the victim. Some attacks using a spoofed Microsoft 365 login page will even display an employee company’s corporate logo and background image.

Once you’ve clicked on a phishing email link or accidentally opened an attachment that could contain malware, it’s easy to panic and make things worse. For example, the thing you do NOT want to do is use your possibly infected device to go searching on the internet for free malware removal tools.

The longer you’re connected online, the more risk there is of other devices and connected cloud storage being infected. Additionally, you don’t want to trust a free antivirus that you found when searching in a rush, because it could also be a scam.

The things you do in the minutes following an accidental opening or click of a phishing email will make all the difference in how bad the damage may be to your business network and security.

If you think you’ve clicked on a phishing link or opened a dangerous file attachment, here are the immediate steps to take to try to mitigate the damage.

Contact IT Support ASAP

The first thing you want to do is contact your IT support provider immediately. We can keep you from making mistakes that will make things worse. 

You don’t know what you may be dealing with when you expose your device to the contents of a phishing scam, so it’s best to have a professional thoroughly review your system to identify and remove any viruses or other types of malware.

Disconnect Your Device 

Most malware is designed to spread rapidly through any connection it can find. This means that it can quickly infect other devices on the same network and syncing cloud storage services.

You should immediately disconnect your device from the internet and any other internal networks. Turn off the Wi-Fi from your desktop and unplug any ethernet cables that may be used for an internal or external network connection.

This isolates the device to hopefully keep any infection confined to just that one computer.

Back Up Files to a Local Drive

There is a chance that you may lose files due to malware infection of your device. Some worms can be destructive and eliminate files one by one. In other cases, to remove a particularly persistent malware, you may end up losing some or all of the data stored on your hard drive.

Use a local (not cloud) external backup to create a copy of your hard drive. You don’t want to use a cloud backup in this case because it would mean reconnecting your device to the internet.x

Also, don’t reconnect to a central server to back up, as this puts that device in danger of being infected. Use a single external hard drive backup that is only connected to your device to copy all the data.c

Scan Your System for Malware

Use any antivirus/anti-malware program that is installed on your device or can be installed without reconnecting to the internet to scan your device for signs of malware. Not all of these applications are equally as thorough, so it’s best to get the help of an IT pro for this.

We know the industry-standard and best antivirus/anti-malware apps to use to ensure that any malicious code hiding in your system is detected, quarantined, and removed.

Change any Login Credentials You Have

It’s best when you’ve had a phishing incident to change all your login credentials. If you had saved those in the browser or elsewhere on your infected computer, then there is a chance they could’ve been compromised.

Using a password manager is a good idea because it will suggest strong, unique passwords for all your logins and you only have to remember a single password to access all the others.

Clear Browser Data

Spyware can take a look at areas of your system where important information is stored, and this includes your browser. A hacker that knows you frequent certain online shopping sites has a roadmap of where to try any compromised passwords.

Clear all your browser data, including cookies and history, so there is less information that an attacker could use to steal your information or compromise your accounts.

Don’t Freeze Up If You Encounter Phishing…Call BrainStomp!

If you interact with a phishing email or social phishing post, call us right away! BrainStomp can help you isolate the infected device and quickly deal with any malware infection with a goal to mitigate your costs and downtime.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

The number of passwords that people have to keep up with continues to increase each year. There are accounts for work applications and personal accounts like online banking. Using retail sites also introduces a whole new slew of account passwords you need to make.

We juggle an average of 100 different passwords for various account logins now. That volume of passwords leads to users reusing passwords, using easy-to-guess passwords, and storing passwords in an unsecured manner.

With most companies moving much of their data and processes to the cloud since the pandemic, password breach has become a major threat to data security.

One way that people try to cut down on the number of new passwords they need is to use their Google, Facebook, Apple, or another major account to create a new account with a 3rd party site.

Sites like Zoom, eBay, and many others allow you to use a “sign-in with…” option instead of creating a unique login credential for their site.

This often takes less time to get started, especially if you’re already signed into the service. Once you’ve connected the 3rd party account to your Google or Facebook ID, you then will be served up that FB or Google login page anytime you want to access that specific site.

This sounds like a great way to reduce the number of passwords you use, but is it a good idea?

It turns out that there are a lot of risks involved when you connect 3rd party accounts to your FB or Google login. So, while, it may be convenient it can also be a worse option than just creating a unique account with a site. Here’s why.

The Data Shared Can Be More Than You Think

When you connect 3rd party accounts to your Google or Facebook account, you’re sharing data between them. This means that accounts like Uber can tap into your Google Wallet, and task sites like Doodle can read your calendar. 

Setting up your Trip Advisor account with Facebook will expose your Friends List, with the 3rd party site using it to tap into your friends’ travel details and reviews.

One trick these services use to lull you into a false sense of security is to initially only ask for permission to share a little data, like your email address and profile information. But then, over time, you’ll get additional prompts to share more data until you end up exposing more than you realize.

One Breach Exposes Multiple Accounts

One of the cardinal rules of good password security is to make unique passwords for all your accounts. When you sign in to other sites with your FB or Google login, you’re breaking that rule.

You’re sharing that one password across all the sites you connect, leaving them all at a higher risk of being breached.

If a hacker gains access to your Facebook or Google account, then they have the keys to unlock other connected accounts as well. And it’s not hard for them to know what they are because they’re listed in the settings of the main account under an area that shows app access.

Downtime Can Impact Your Access

You create a single point of failure when you use your Google or FB account as the authentication process for 3rd party sites. Should one of those major sites go down, you can no longer authenticate to get into other connected accounts.

In early October, Facebook was down for nearly 6 hours due to a network connection issue. This meant that millions of users could not get into their Facebook account nearly all day. But those that had used “Sign-in with Facebook” to set up other accounts were also locked out of those accounts.

All cloud providers can go down and have outages that last hours. Having 3rd party sites rely on your FB or Google ID is setting yourself up for a major account lockout not if, but when, one of them goes down.

It Can Be Harder to Personalize Profile Details

When you use your Google or FB ID to set up an account on another site, your details like email address, phone number, and profile photo are usually shared with the 3rd party site. That site may not even have a way for you to change your profile photo and is just syncing the one in your Google or Facebook account.

That connection can make it difficult to change profile details in the 3rd party site if you want them to be different than the ones in your FB or Google account.

Need Help With Password Management & Security?

BrainStomp can help your business with affordable password management and security solutions to reduce your risk of a major cloud account breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

With the end of the year only a couple of months away, the window is closing for making any business moves to reduce your tax bill come next April. One area where you can gain multiple deductions is technology upgrades. 

Whether you’re a small business owner or freelancer working online, you can use the deductions laid out in Section 179 of the IRS tax guidelines to find deductions for many office equipment and technology purchases. 

The guideline also includes a temporary bonus depreciation deduction that allows you to deduct 100% of the depreciation for new equipment all at once, rather than waiting for several years. This could effectively double the tax benefit of purchasing new technology before the end of the year.

Types of purchases that qualify under this deduction include:

• Hardware (computers, servers, routers, etc.)

• Software (“Off-the-shelf”)

• Security and alarm systems 

• Office equipment (printers, copiers, etc.)

• Communications equipment (VoIP desk phones, headsets, etc.)

If you time your technology purchases before December 31, 2021, then they’ll qualify for those tax credits, and you can get a partial payback in just a few short months come tax time.

What types of upgrades are popular right now? Here are several to consider that will improve your business operations, enhance security, and help you boost productivity.

New Mesh Network Wi-Fi

Optimizing your internet connection is one upgrade that positively impacts multiple processes. It enables your employees with faster connections for doing their work, improves video conferencing reliability, and more.

Mesh networks use multiple router units, called “nodes,” that improve signal strength, speed, and reliability. It can also help you reduce problems with Wi-Fi weak spots or dead zones in your building.

Security Cameras & Alarms

Cloud security systems have made physical security more affordable for small businesses. IP security cameras are portable, easily installed, and can be controlled from a smartphone app.

This is an upgrade that you can not only deduct on your taxes but one that can also decrease property insurance premiums.

Digital Door Access System

Another physical security upgrade that’s popular is moving away from key-controlled doors to a digital access system. This is more efficient and removes the need to have doors re-keyed due to employees that leave unexpectedly or a lost key. 

This type of system also gives you the ability to track who is accessing which office at what times, which can be vital should you have a robbery or an incident of missing equipment.

New Windows 11 PCs

With the release of Windows 11, it’s a perfect time to review your business computers to see which ones may be due for replacement.

If you’re operating a PC older than 4 years, it could be costing you an average of $2,736 annually in maintenance and lost productivity costs.

Identify any PCs that are getting old and those that don’t meet the minimum requirements to upgrade to Windows 11. Place your purchases for new replacement PCs with the updated operating system already installed before the end of the year.

AV Equipment Upgrades for Video Conferencing

Video conferencing has taken on an entirely new level of importance due to the pandemic. It has become the default method of meeting with clients and internal teams working remotely.

If you have a low-quality AV system at your office, it can put a hamper on your video calls and be distracting.

Upgrading your AV equipment can improve meetings, make them more time-efficient, and put your company in a positive light when meeting with clients (e.g., if you have your “act together” when it comes to video calls, it improves your reputation.) 

Remote Team Software & Office Equipment

It’s expected that the number of permanent remote workers will double this year. Many companies are adopting hybrid working environments where employees are working either part or full time from home. 

Remote employees need to be enabled with the right equipment, just as employees working in an office. This means providing things such as:

• PCs or laptops

• Headsets

• Filing cabinets

• Printers

• VoIP desk phones,

• Etc.

Office equipment is one of the items you can deduct on your business taxes, which will both help you enable your remote team to do their best and give you a financial benefit come next year.

It’s a good idea to take a survey of employees to find out what they most need to work productively from home before you make purchases. This ensures you’re not supplying unnecessary equipment and that you are providing the things that your team needs the most to optimize their work.

Get Help Planning Your Year-end Technology Upgrades

BrainStomp can help your business make wise technology upgrade decisions that provide the best impact for your investment dollars.

Schedule a free consultation today! Call 260-918-3548 or reach out online.