Windows 11 has been out for a few months now and has been largely well-received. The new operating system had just a few initial bugs with compatibility which were quickly addressed by Microsoft and has been without major problems for a majority of users.

Windows 11 replaces Windows 10, just as the older OS reaches less than four years before it’s retired in October of 2025. If you haven’t upgraded yet, you may want to think about doing so sooner rather than later.

There are a lot of advantages to upgrading to Windows 11, and the fact that the entire OS is not a large departure from the Windows 10 experience is a plus. It means that users aren’t feeling like they just stepped into alien territory when they boot up after upgrading.

The main interface and how you get around is similar to Windows 10, but 11 is worth considering because its development was focused on productivity and making it easier for users to do everyday tasks.

When looking at technology solutions for your business, the operating system that runs your PCs is a foundational piece of the architecture. It’s important that it is kept updated so you aren’t held back by compatibility problems with new applications or run into security vulnerabilities.

We’ll go through some of the great new features of Windows 11 below that can upgrade your user productivity.

Snap Layouts

One of the most useful features in Windows 11 is the snap layouts option. When you hover above the maximize icon on any window, you have the option to snap the window into a layout with 1 to 3 other open windows.

Images from Microsoft - Snap Layout with three windows

App switching is one of the most time-consuming tasks for people because it tends to happen all day long. 68% of surveyed users say they spend at least 30 minutes per day switching between apps.

Snap layouts allows you to reduce app switching by optimizing your view of several apps at the same time. This is better than trying to resize windows yourself because the view allows you to access all window scrollbars and menu items.

You can also easily snap windows in and out of the layout view.

Teams Calling & Messaging from Your Desktop

Video meetings have become the new norm, with many people still working from home for the foreseeable future. Lots of companies plan to keep remote teams in place even after the pandemic has passed due to the realization that if enabled with the right tools, employees can be just as or more productive. Additionally, companies can save money on physical building resources.

One of the hybrid work features that were introduced in Windows 11 is the ability to use MS Teams right from the desktop, without needing to open the full app. It comes installed with Windows 11 natively and has an app on the taskbar.

Users can click to place an audio or video call, and even share the screen right from their desktop.

One of the more helpful features if you hate having to type text messages on a tiny smartphone screen is the ability to send and receive text messages through the app. This allows you to text right from your computer to any mobile device. 

Streamlined Start & Search Menu

One of the more noticeable UI changes with Windows 11 is that the Windows Start icon has moved from the left side of the taskbar to the middle, grouped with the other icons. 

Users will also notice that all those complicated boxes and groups are now gone, and the Start menu has a more streamlined and uncluttered look.

You can pin most-used apps to the top and easily use the master search bar (which has been moved from the taskbar to the top of the Start menu) to search for anything.

Finding documents, webpages, applications, photos, and more is much faster when using this master search and will reduce the time it takes you searching for files in File Explorer.

New Widgets Panel

One feature that has a little more work needed, but is still helpful right now is the new Widgets panel. You can access this via your taskbar and it pulls information in for things like weather, news, stocks, and more.

You can customize the panel by adding the apps you want. One of the most helpful right now is the To Do widget, which allows you to create a quick list of tasks from your desktop and then check off items as you finish them.

Doing this from the desktop in the widgets panel is a bit faster than having to open another application to access a task list.

Need Help With Your Windows 11 Upgrade?

Upgrading all your business PCs to Windows 11 doesn’t have to be time-consuming. BrainStomp can help your business with a smooth upgrade and train your team on the most productive new features.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

A recent study found that as many as 80% of data breaches can be tied back to the compromise of privileged user credentials. These insider attacks happen when cybercriminals get their hands on a legitimate user login, either through the use of phishing scams or from the purchase of passwords after the breach of a large database.

The average employee has to keep up with over 100 different passwords, which makes it very challenging to use strong password practices, such as using long passwords that include special characters and making each password unique.

This, coupled with the fact that credential theft has become one of the leading types of cyberattacks, has made account access security a major risk factor for many organizations. Just one breach can lead to business email compromise, ransomware infection, data loss, and breach of confidential employee or customer information.

The accounts that interest hackers the most are those with higher-level access privileges. If they obtain the credentials of a lower-level user that can’t access any security settings or user management, the damage they can do is limited. 

But, if a criminal is able to breach an administrative account, they can often add and remove users, lock companies out of their own accounts, access payment details, and much more.

The best way to reduce your risk of a privileged account compromise is to audit these accounts regularly. Your goals during this audit include:

• Reduce the number of unnecessary privileged accounts

• Eliminate any unused privileged accounts

• Lower access levels for employees where possible

• Put monitoring in place for insider attacks using admin accounts

Steps for Conducting a Privileged Account Audit

Create a List of Cloud Accounts With Each Account and Privilege Level

First, you’ll need to compile a list of each user account in each business cloud tool that your company uses.

This may take a few days, as companies often find out they have more cloud apps than they realize. The average company and its employees use approximately 137 cloud tools, both free and paid.

The fastest way to do this is to see if the cloud platform can export your user list and their details. Your goal is to have a list of each cloud tool, all users accounts enabled in that tool, and the privilege level of each account.

Identify & Eliminate Any Unused Accounts

Your next step will be to identify and eliminate unused accounts. Leaving unused user accounts sitting in a cloud tool provides a prime target for hackers to infiltrate your cloud platform because the account is unmonitored.

Eliminating all unused accounts, both privileged and non-privileged, will decrease your risk of a breach as well as save you money on any paid cloud account subscriptions.

Review All Privileged User Workflows to See If The Access Level Can Be Reduced

Next, zero in on those users with privileged accounts that allow them higher access and more permissions in the platform than basic user accounts.

Interview users to ask how often they use the additional permissions. If you find someone isn’t using a higher-level function very often, then they don’t need to have that access level on their account. 

Adjust User Privileges Using the Rule of Least Privilege

For all privileged user accounts that you’ve identified as not actively using those admin permissions regularly, reduce their user access level. 

You want to apply the Rule of Least Privilege across all your user accounts in each platform and use it going forward when creating new user accounts.

The rule is simple and dictates that users should be given the lowest possible permission level in a system as needed to complete their daily tasks.

So, if a user only needs admin permission once or twice a year, they don’t need to have an administrative account. They can use a temporary access change to complete those or a dedicated admin account, which we’ll discuss next.

Consider the Viability of a Single Dedicated Admin Account in Each Cloud Platform

Where it is viable, use a single dedicated administrative account. This greatly reduces your risk of a privileged account compromise because you’re reducing your high-level accounts to just one per platform.

Microsoft 365, for example, allows you to set up a dedicated administrator account without paying an additional user license. This account doesn’t use email and is only used for administrative purposes.

Users that need to conduct admin duties, simply log out of their own lower-level user account and into the shared dedicated admin account. When finished, they log out, and back into their own account.

Monitor & Review Privileged Accounts Regularly

Because privileged accounts are such a big target for cybercriminals, it’s important to monitor them and conduct audits regularly. Access monitoring helps you spot any strange anomalies, such as a privileged account login at odd hours of the day and night.

Let’s Improve Your Cloud Security This Year!

BrainStomp can help your business audit and review your access security and improve your cloud protections for a more secure cloud environment.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Many business owners are in a hopeful mood right after the first of the year and are looking for ways to improve sales and grow their businesses. But no matter how much you grow, one ransomware infection or cloud account breach can mean devastating downtime.

A cyberattack costs a business an average of $200,000, which is more than many smaller companies can bear. Small businesses are also often targeted in these attacks, with over half experiencing a data breach within the last 12 months.

Mobile phishing threats soared by 161% in 2021.

New and more sophisticated cyberthreats are being developed and launched each day that endanger your company’s network security and business wellbeing. This makes cybersecurity one of the most important investments you can make to secure business continuity and growth. 

When making growth plans for your company for 2022, here are several New Year’s technology resolutions that you should include to ensure your IT infrastructure is protected.

Begin Transitioning to a Zero-Trust Security Approach

Cybercriminals are using AI and machine learning to improve the success of their phishing attacks. They continually come up with more sophisticated ways to steal user credentials and conduct insider attacks.

Just normal antivirus software isn’t enough to keep your on-premises and cloud assets secured. Zero-trust is a strong cybersecurity framework that is being adopted around the world. 

It takes a stance of not trusting a user or program by default until they can authenticate access privileges. Some of the tenants include using a safe list for programs that can run on your system rather than trying to identify and block those that can’t. This ensures that any non-approved program is blocked by default, no matter what it is.

Zero-trust is a strategy that is adopted across your entire cybersecurity environment. You can begin with a few zero-trust measures and then add more as time and budget allow to improve your security.

Adopt the Rule of Least Privilege

Credential compromise has risen to the #1 cause of data breaches globally, with stolen login credentials responsible for 20% of data breaches.

With most data now residing in the cloud along with things like business email accounts, hackers are going after usernames and passwords because having a legitimate user login is the easiest way to breach a company account.

Adopt the Rule of Least Privilege this year. This rule states that you should only give employees the minimum permission level in a system as needed for them to perform their daily tasks.

The fewer privileged accounts you have with admin access in a cloud account, the less risk you have of serious damage being done if a hacker steals one of your employee logins.

Implement Multi-Factor Authentication (MFA) Across All User Accounts

One of the tenants of Zero-Trust is multi-factor authentication. This is one of the strongest protections you can put in place to prevent account takeovers and insider attacks.

According to Microsoft, MFA is 99.9% effective at blocking fraudulent sign-in attempts on an account.

If you’re worried about employee pushback about MFA being inconvenient, then couple it with the implementation of single sign-on (SSO). SSO consolidates the employee experience into one login to access all work applications, which saves users time even if they use MFA.

Have Cloud Account Security Professionally Configured

Misconfiguration of security settings is one of the major causes of cloud account breaches. Today’s platforms like Microsoft 365, Salesforce, Google Workspace, etc. come with a lot of security flexibility, but the most secure settings aren’t usually defaulted.

For example, MFA is typically available, but not generally pre-enabled. Users need to enable it themselves, along with several other security features.

Resolve this year to have an IT security professional, like BrainStomp, configure your cloud platform security settings to ensure your accounts and data are properly protected.

Test Restoration of Your Data Backups

Do you have a recoverable backup of all your data in the case of a ransomware attack? If so, when is the last time you tested the data restoration process?

Many companies never do this, and it leaves them at high risk should they suffer a ransomware attack or other data loss incident. There are several cases of companies (like Colonial Pipeline) being hit with ransomware, and having a backup, but paying the ransom anyway because they never tested data recovery and aren’t sure how long it will take. So, they opt to pay the attackers because they think it will be faster.

Add at least two data recovery drills to your calendar this year as part of a business continuity strategy. This helps you ensure you have a backup and recovery system that can restore data quickly, gives you important timeframe details, and helps your team become familiar with the process.

Get Help Improving Your Cybersecurity This Year

Cybersecurity isn’t something to put off until “later.” BrainStomp can help your business target your most vulnerable areas and implement solutions that protect you from costly breaches.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing attacks nearly doubled in 2020 as compared to the prior year and we’re seeing a similar trend in 2021 with phishing on the rise. This method of attack is by far the most prevalent and it continues to evolve and get more sophisticated all the time.

Without protection against various phishing tactics, companies can face multiple threats to their network security, including ransomware, data breaches, credential theft, and account takeovers. 

Phishing has become more dangerous over the last few years because many attack campaigns are run by large criminal groups or state-sponsored hacking organizations. These groups invest money into making phishing more effective and continue to optimize how much money they can make and how fast they can deliver attacks.

This in turn increases the volume of attacks and the risk level. 

One of the ways to stay one step ahead of phishing attacks is to know what new tactics are being used so you can properly prepare your team. Following are some of the alarming new phishing trends being seen by industry cybersecurity experts around the world.

1. Increased Use of Breach Specialists (Initial Access Brokers)

Initial Access Brokers are hackers that specialize in getting inside a network. They facilitate that first breach, so others can then conduct their attacks. Because this is the main focus of this group of outside contractors, they’re very good at it.

In efforts to optimize the success of phishing campaigns criminal groups are increasingly hiring these experts to launch that initial part of the attack that gets them inside a network. This can be through an elaborate credential theft campaign or a tactic using malware to breach a network device.

2. SMS Phishing is Increasing

SMS phishing (smishing) is on the rise and many employees aren’t aware. They’re used to being careful of unexpected emails and may even be well-trained in tactics like hovering over links to reveal the URL beneath them. However, many aren’t expecting to receive fake text messages that look like the shipping notices they normally get from Amazon and other retailers.

Mobile phone numbers are becoming easier to get, which is why scam robocalls have become such a problem for mobile device users. Cybercriminals are also using these numbers to launch phishing campaigns via text message deploying hidden links that users often can’t roll over in the same way they can on a computer.

3. More Use of Brand Impersonation

Impersonating another company is a common phishing tactic to fool users into thinking a phishing email is legitimate. They’ll use their logo, signature, and make a carbon copy of emails from brands like Microsoft 365, Amazon, and Netflix.

But scammers don’t only impersonate larger companies. Your business needs to watch out for the use of brand impersonation when it comes to vendors you do business with, such as your internet service provider or website host. 

4. Monetization of Business Email Compromise (BEC)

Up until now, ransomware has been one of the most lucrative types of phishing attacks that hackers could launch, which is why ransomware has been exploding in volume in recent years. But now hackers are finding out that compromising a company email address can also rake in the cash.

Once they breach a user email address (preferably someone in a managerial position), scammers can send out emails from that person’s email account to other employees. Those employees will typically not suspect a phishing attack because they recognize the person and see their real email address is used.

BEC is often used with gift cards scams, where the scammer will direct employees to purchase gift cards and reply with the codes.

5. Increased Targeting of Smaller Companies Using Spear Phishing

Smaller companies need to worry about the increased use of spear phishing. This targeted form of attack that uses more personal details used to be saved just for the larger organizations because of the research needed.

But now with the efficiency improvements of phishing attacks, small businesses are also being singled out and targeted in the same way.

6. Disgruntled Employees Are Being Targeted for Their Passwords

You may want to ensure you don’t have any particularly unhappy or disgruntled employees because they could potentially be the source of a breach. In efforts to conduct attacks on company cloud accounts, hackers are phishing for user login credentials.

One of the new tactics they’re using is to outright offer employees cash for their login details. They play the numbers, thinking that most companies have at least one disgruntled employee that might take them up on that offer. If they do a little searching on social media, it may also not be hard to find someone unhappy with their employer based upon the things they are posting.

Are You Due for a Review of Your Cybersecurity Strategy?

Companies must evolve their cybersecurity strategy to keep up with the evolution of phishing and other cyberattacks. BrainStomp can help your business with a full review of your current protections and make suggestions for any areas of risk.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

As of June 2021, Windows has over 72% of the desktop operating system market share, so a majority of companies are having to make the decision of when to upgrade from Windows 10 to the just-released Windows 11.

Upgrading your business technology solutions, especially one as important as the OS that runs employee PCs, is an important timing decision. Companies don’t want to upgrade too soon and face downtime and other issues due to bugs that have yet to be worked out.

But waiting to upgrade also has a downside. Employees can miss out on productivity-enhancing features that could improve their workflows. Additionally, a company could get caught having to rush to upgrade before the older OS loses vital security support or risk increased exposure to a cyberattack.

When it comes to Windows 11, out for a little over 2 months now, many companies are weighing the pros and cons and trying to decide exactly when to upgrade their office devices. 

We’ll go through the pros and cons of upgrading now to help you make a more informed decision on when to roll out your Windows 11 companywide upgrade.

Reasons You May Want to Wait to Upgrade

If Your Company Uses Oracle VirtualBox

The Windows 11 release has been largely well-received with few issues. Nearly all bugs that have been found have already been resolved, according to the Windows health and status page.

However, there is still a confirmed issue with Oracle VirtualBox and its compatibility with Windows 11. Users might be unable to start Virtual machines and may receive an error message. 

The Widgets Panel Needs More Work

While many of the features have rolled out without a hitch, one in particular still needs more work and is minimally helpful right now.

The Widgets panel that is activated from the taskbar is designed to allow you to get quick access to different types of information like your Microsoft To Do list, news, weather, stocks, and email. But it has some problems, that include:

• Email widget is difficult for some users to connect to their Outlook email

• There aren’t that many widgets to choose from

• There are not many productivity-focused widgets

• The panel can be slow to load

Reasons You May Want to Upgrade Now

Easier Multi-Window Workflow

68% of surveyed office workers say that they spend at least 30 minutes a day switching between apps. This is often done because it can be time-consuming to size two or more windows on the screen at the same time and still reach the menu items and scrollbars.

The new snap layouts feature in Windows 11 solves this dilemma. It allows users to quickly snap a group of windows into an optimized view that allows them full access to scroll bars, menus, etc. 

This single feature can save your employees a lot of time and make their multi-window work easier and more fluid.

Snap layouts in Windows 11

Easy-to-Learn Upgrade Without Major Differences from Windows 10

This won’t be an upgrade that has your employees feeling like they’re in alien territory when they get to their upgraded desktop. Windows 11 doesn’t make major changes to the interface or navigation of Windows; it just enhances it to make it less cluttered and reduce the time it takes users to do tasks.

The biggest interface change that users will need to get used to is that the Windows Start Menu button has been moved from the far left of the taskbar to the middle.

Native Teams Integration Promotes Easier Connections

We’ve all known that one person that seems to have a hard time navigating video call applications. For those users and others, Windows 11 is going to make the chat, audio call, and video call experience easier. 

Microsoft Teams is natively integrated with an icon on the taskbar. Users can click to easy message or call anyone from their desktop without needing to open another app. This includes the ability to screen share during a call and to send and receive text messages. The person you are connecting with doesn’t have to be a Teams user to connect with them.

The Upgrade is Free for Compatible Windows 10 PCs

Another reason you may not need to wait to upgrade is that upgrading to Windows 11 won’t mean having to purchase a new operating system for all your computers in most cases.

The Windows 11 upgrade is free for Windows 10 PCs (home and business versions) that meet the minimum system requirements for the upgrade. 

Schedule Your Windows 11 Office Upgrade Today

BrainStomp can help your business upgrade all user PCs (in-office and remote worker) to Windows 11 smoothly without disrupting your normal business operations.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing attacks have been going through the roof so far this year. In May of 2021, they rose by 281%, and in June, increased another 284%. The quality of phishing emails, in general, is also going up, which makes them harder to spot, even for those that consider themselves tech-savvy.

These phishing scams now automate and personalize emails and the malicious websites that may be used with, tailoring them to the victim. Some attacks using a spoofed Microsoft 365 login page will even display an employee company’s corporate logo and background image.

Once you’ve clicked on a phishing email link or accidentally opened an attachment that could contain malware, it’s easy to panic and make things worse. For example, the thing you do NOT want to do is use your possibly infected device to go searching on the internet for free malware removal tools.

The longer you’re connected online, the more risk there is of other devices and connected cloud storage being infected. Additionally, you don’t want to trust a free antivirus that you found when searching in a rush, because it could also be a scam.

The things you do in the minutes following an accidental opening or click of a phishing email will make all the difference in how bad the damage may be to your business network and security.

If you think you’ve clicked on a phishing link or opened a dangerous file attachment, here are the immediate steps to take to try to mitigate the damage.

Contact IT Support ASAP

The first thing you want to do is contact your IT support provider immediately. We can keep you from making mistakes that will make things worse. 

You don’t know what you may be dealing with when you expose your device to the contents of a phishing scam, so it’s best to have a professional thoroughly review your system to identify and remove any viruses or other types of malware.

Disconnect Your Device 

Most malware is designed to spread rapidly through any connection it can find. This means that it can quickly infect other devices on the same network and syncing cloud storage services.

You should immediately disconnect your device from the internet and any other internal networks. Turn off the Wi-Fi from your desktop and unplug any ethernet cables that may be used for an internal or external network connection.

This isolates the device to hopefully keep any infection confined to just that one computer.

Back Up Files to a Local Drive

There is a chance that you may lose files due to malware infection of your device. Some worms can be destructive and eliminate files one by one. In other cases, to remove a particularly persistent malware, you may end up losing some or all of the data stored on your hard drive.

Use a local (not cloud) external backup to create a copy of your hard drive. You don’t want to use a cloud backup in this case because it would mean reconnecting your device to the internet.x

Also, don’t reconnect to a central server to back up, as this puts that device in danger of being infected. Use a single external hard drive backup that is only connected to your device to copy all the data.c

Scan Your System for Malware

Use any antivirus/anti-malware program that is installed on your device or can be installed without reconnecting to the internet to scan your device for signs of malware. Not all of these applications are equally as thorough, so it’s best to get the help of an IT pro for this.

We know the industry-standard and best antivirus/anti-malware apps to use to ensure that any malicious code hiding in your system is detected, quarantined, and removed.

Change any Login Credentials You Have

It’s best when you’ve had a phishing incident to change all your login credentials. If you had saved those in the browser or elsewhere on your infected computer, then there is a chance they could’ve been compromised.

Using a password manager is a good idea because it will suggest strong, unique passwords for all your logins and you only have to remember a single password to access all the others.

Clear Browser Data

Spyware can take a look at areas of your system where important information is stored, and this includes your browser. A hacker that knows you frequent certain online shopping sites has a roadmap of where to try any compromised passwords.

Clear all your browser data, including cookies and history, so there is less information that an attacker could use to steal your information or compromise your accounts.

Don’t Freeze Up If You Encounter Phishing…Call BrainStomp!

If you interact with a phishing email or social phishing post, call us right away! BrainStomp can help you isolate the infected device and quickly deal with any malware infection with a goal to mitigate your costs and downtime.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

The number of passwords that people have to keep up with continues to increase each year. There are accounts for work applications and personal accounts like online banking. Using retail sites also introduces a whole new slew of account passwords you need to make.

We juggle an average of 100 different passwords for various account logins now. That volume of passwords leads to users reusing passwords, using easy-to-guess passwords, and storing passwords in an unsecured manner.

With most companies moving much of their data and processes to the cloud since the pandemic, password breach has become a major threat to data security.

One way that people try to cut down on the number of new passwords they need is to use their Google, Facebook, Apple, or another major account to create a new account with a 3rd party site.

Sites like Zoom, eBay, and many others allow you to use a “sign-in with…” option instead of creating a unique login credential for their site.

This often takes less time to get started, especially if you’re already signed into the service. Once you’ve connected the 3rd party account to your Google or Facebook ID, you then will be served up that FB or Google login page anytime you want to access that specific site.

This sounds like a great way to reduce the number of passwords you use, but is it a good idea?

It turns out that there are a lot of risks involved when you connect 3rd party accounts to your FB or Google login. So, while, it may be convenient it can also be a worse option than just creating a unique account with a site. Here’s why.

The Data Shared Can Be More Than You Think

When you connect 3rd party accounts to your Google or Facebook account, you’re sharing data between them. This means that accounts like Uber can tap into your Google Wallet, and task sites like Doodle can read your calendar. 

Setting up your Trip Advisor account with Facebook will expose your Friends List, with the 3rd party site using it to tap into your friends’ travel details and reviews.

One trick these services use to lull you into a false sense of security is to initially only ask for permission to share a little data, like your email address and profile information. But then, over time, you’ll get additional prompts to share more data until you end up exposing more than you realize.

One Breach Exposes Multiple Accounts

One of the cardinal rules of good password security is to make unique passwords for all your accounts. When you sign in to other sites with your FB or Google login, you’re breaking that rule.

You’re sharing that one password across all the sites you connect, leaving them all at a higher risk of being breached.

If a hacker gains access to your Facebook or Google account, then they have the keys to unlock other connected accounts as well. And it’s not hard for them to know what they are because they’re listed in the settings of the main account under an area that shows app access.

Downtime Can Impact Your Access

You create a single point of failure when you use your Google or FB account as the authentication process for 3rd party sites. Should one of those major sites go down, you can no longer authenticate to get into other connected accounts.

In early October, Facebook was down for nearly 6 hours due to a network connection issue. This meant that millions of users could not get into their Facebook account nearly all day. But those that had used “Sign-in with Facebook” to set up other accounts were also locked out of those accounts.

All cloud providers can go down and have outages that last hours. Having 3rd party sites rely on your FB or Google ID is setting yourself up for a major account lockout not if, but when, one of them goes down.

It Can Be Harder to Personalize Profile Details

When you use your Google or FB ID to set up an account on another site, your details like email address, phone number, and profile photo are usually shared with the 3rd party site. That site may not even have a way for you to change your profile photo and is just syncing the one in your Google or Facebook account.

That connection can make it difficult to change profile details in the 3rd party site if you want them to be different than the ones in your FB or Google account.

Need Help With Password Management & Security?

BrainStomp can help your business with affordable password management and security solutions to reduce your risk of a major cloud account breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

With the end of the year only a couple of months away, the window is closing for making any business moves to reduce your tax bill come next April. One area where you can gain multiple deductions is technology upgrades. 

Whether you’re a small business owner or freelancer working online, you can use the deductions laid out in Section 179 of the IRS tax guidelines to find deductions for many office equipment and technology purchases. 

The guideline also includes a temporary bonus depreciation deduction that allows you to deduct 100% of the depreciation for new equipment all at once, rather than waiting for several years. This could effectively double the tax benefit of purchasing new technology before the end of the year.

Types of purchases that qualify under this deduction include:

• Hardware (computers, servers, routers, etc.)

• Software (“Off-the-shelf”)

• Security and alarm systems 

• Office equipment (printers, copiers, etc.)

• Communications equipment (VoIP desk phones, headsets, etc.)

If you time your technology purchases before December 31, 2021, then they’ll qualify for those tax credits, and you can get a partial payback in just a few short months come tax time.

What types of upgrades are popular right now? Here are several to consider that will improve your business operations, enhance security, and help you boost productivity.

New Mesh Network Wi-Fi

Optimizing your internet connection is one upgrade that positively impacts multiple processes. It enables your employees with faster connections for doing their work, improves video conferencing reliability, and more.

Mesh networks use multiple router units, called “nodes,” that improve signal strength, speed, and reliability. It can also help you reduce problems with Wi-Fi weak spots or dead zones in your building.

Security Cameras & Alarms

Cloud security systems have made physical security more affordable for small businesses. IP security cameras are portable, easily installed, and can be controlled from a smartphone app.

This is an upgrade that you can not only deduct on your taxes but one that can also decrease property insurance premiums.

Digital Door Access System

Another physical security upgrade that’s popular is moving away from key-controlled doors to a digital access system. This is more efficient and removes the need to have doors re-keyed due to employees that leave unexpectedly or a lost key. 

This type of system also gives you the ability to track who is accessing which office at what times, which can be vital should you have a robbery or an incident of missing equipment.

New Windows 11 PCs

With the release of Windows 11, it’s a perfect time to review your business computers to see which ones may be due for replacement.

If you’re operating a PC older than 4 years, it could be costing you an average of $2,736 annually in maintenance and lost productivity costs.

Identify any PCs that are getting old and those that don’t meet the minimum requirements to upgrade to Windows 11. Place your purchases for new replacement PCs with the updated operating system already installed before the end of the year.

AV Equipment Upgrades for Video Conferencing

Video conferencing has taken on an entirely new level of importance due to the pandemic. It has become the default method of meeting with clients and internal teams working remotely.

If you have a low-quality AV system at your office, it can put a hamper on your video calls and be distracting.

Upgrading your AV equipment can improve meetings, make them more time-efficient, and put your company in a positive light when meeting with clients (e.g., if you have your “act together” when it comes to video calls, it improves your reputation.) 

Remote Team Software & Office Equipment

It’s expected that the number of permanent remote workers will double this year. Many companies are adopting hybrid working environments where employees are working either part or full time from home. 

Remote employees need to be enabled with the right equipment, just as employees working in an office. This means providing things such as:

• PCs or laptops

• Headsets

• Filing cabinets

• Printers

• VoIP desk phones,

• Etc.

Office equipment is one of the items you can deduct on your business taxes, which will both help you enable your remote team to do their best and give you a financial benefit come next year.

It’s a good idea to take a survey of employees to find out what they most need to work productively from home before you make purchases. This ensures you’re not supplying unnecessary equipment and that you are providing the things that your team needs the most to optimize their work.

Get Help Planning Your Year-end Technology Upgrades

BrainStomp can help your business make wise technology upgrade decisions that provide the best impact for your investment dollars.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

October isn’t only the month of ghosts, skeletons, and goblins, it’s the month that we are acutely aware of something else that can be even scarier – cyberattacks.

2004 was the first year Cybersecurity Awareness Month was enacted, and for every year since, it’s been a time when we’re reminded of the importance of preventing devastating attacks like a data breach of personally identifiable information (PII), a ransomware attack, or something else. 

The theme for the month is “Do Your Part. #BeCyberSmart,” and we have several tips below to help you do just that.

Each of these adds another important layer of protection that makes your network security stronger and keeps your business safe from a costly cyber incident. 

Treat Business Information as Personal Information

It’s easy for an employee to feel more disconnected when they’re working with business data than when they’re guarding their own debit card number or SSN. But business information can contain highly sensitive information, including:

• Tax ID

• Customer credit card and bank details

• Employee SSN & payroll data

• Trade secrets

• And more

When working with business data, it’s important to treat it just like your own personal information and protect it from being shared or stored in a non-secure manner.

Keep Software & Apps Up to Date

Approximately 60% of data breaches are enabled because a system was left unpatched. When you put off software and app updates, it can mean that vital security patches are not applied.

All your devices should be put on a regular update schedule or have updates automated.

Watch for Phishing on Social Media Too

Most people know to watch out for phishing when it comes to their emails, but they aren’t as suspicious on social media. Social phishing has been growing and it’s often all too easy for scammers to find victims that will click shortened URLs to phishing sites.

Be wary of social phishing and use privacy settings to stop strangers from being able to access your profile information. 

Double Your Login Protection with MFA

Everyone should be using multi-factor authentication (MFA) on all their online accounts. It’s 99.9% effective at blocking fraudulent sign-in attempts. The few additional seconds it takes to log in are well work the big increase in protection.

If You Connect It, Protect It (IoT Security)

IoT devices pose one of the biggest security threats to a network because they’re often left less protected than computers. Yet, they are still endpoints that provide a way into a company network.

Make sure to secure IoT devices with protections like strong passwords, MFA, and keeping the firmware updated.

Keep Your Wi-Fi Connection Secure

That large Facebook outage that happened in early October was a reminder of just how important your network connection is to your business continuity. Facebook, Instagram, and WhatsApp all went down for nearly 6 hours because of a network connection problem.

Make sure you keep your network properly secured with a next-gen firewall and ongoing monitoring for any potential threats.

When on free or public Wi-Fi, it’s important to use a VPN (virtual private network) to encrypt your connection.

Be Careful About Permissions When Sharing Cloud Files

Cloud storage has made file sharing much easier. You can share any file or folder you like by sending someone a link. But if you aren’t careful, you could have an unauthorized intruder compromising your cloud storage account.

Review sharing permissions regularly and use options for time-sensitive links, meaning that after a certain period the link access expires.

Also, if you can share a file rather than an entire folder, that is more secure and can prevent an accidental risk when you add other files to that same folder that you didn’t mean to share.

Double Check All Email Links & Attachments

Phishing remains the top enabler of cyberattacks. Employees clicking links and opening attachments in emails are the most common ways that companies end up with large data breaches of malware infections. 

As a best practice, you should always double-check any links or attachments you receive to ensure it’s not a phishing scam. 

Establish Safe Computer Use Guidelines for Remote Employees

It’s easy for your data security to get out of hand if you don’t provide safe use guidelines for your remote employees. They may not realize that allowing a family member to use their work computer could constitute a violation of a data privacy compliance standard.

Take time to put together requirements for data security, device security, and router security.

Where Are Your Cybersecurity Weak Spots?

Are there some poor cyber hygiene areas at your company leaving you at risk? BrainStomp can help you with a full IT security review and follow-up recommendations to keep your business secure.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Virtually no company is immune from phishing emails. In 2020, it’s estimated that 75% of companies around the world experienced a phishing attack, and 96% of those attacks arrive via email.

Email scams are always evolving as hackers gain more sophisticated technology and work to keep up with what’s going on in the world. Scammers will often create attacks that tie into world events, such as the pandemic or natural disasters like Hurricane Ida.

Business cybersecurity awareness training also needs to keep up with seasonal scams that come around every holiday or tax season. Then, there are also those scams that continue year-round such as fake password reset scams or shipping notices.

One of the reasons that it’s so important to have ongoing employee awareness training, and not just a one-time training, is because there are always new scams to be on alert for.

Below are several dangerous email scams going around right now that you and your employees need to watch out for. In most cases, the links in these emails take the user to a malicious phishing website designed to steal personal information or infect their device with malware.

Feel free to share and print out this list to help your employees avoid falling victim to one of these.

Fake Shipment That Needs Your Attention

It used to be that packages only arrived in the mail once in a blue moon. But due to the ease of online shopping today and the global pandemic, it’s not unusual for a business or individual to get several shipments a month of different items.

This has led to an email scam related to mysterious shipments that “need your attention.” This scam plays on the facts that:

• People like getting packages

• There are so many things ordered online that someone can easily think a scam email is about a legitimate order

This scam will use the logo and signature of a company like USPS or FedEx and claim that a particular shipment is waiting for instructions. It may even have a small amount due. The “shipment” is just a lure to get the person to click the link and enter credit card details to pay the nominal shipping fee it states is due. The scammer is actually stealing those credit card details.

“Update Your Payment Details” 

Imagine you’re planning on watching that new season of your favorite show on Netflix later and get an email stating that your account is suspended. It’s enough to get you to immediately click the link to find out what is going on.

Scammers that steal Netflix logins can then sell those on the Dark Web, which has led to the rise of this scam that’s commonly used for Netflix, but can also be used for Disney+, Hulu, and other subscription entertainment services.

Image courtesy of the FTC

This email scam claims that you need to update your payment details and that your account is on hold or suspended until you do. This link will take you to a spoofed login page that looks just like that of the Netflix site but is actually a trap.

Vaccine Research Survey

There is a lot of interest in vaccines for COVID-19 right now, and whether someone is for, against, or just waiting, they often crave information. This has led to a rise in various vaccine email scams, one of which is a fake vaccine survey purporting to be from Johnson & Johnson, one of the vaccine makers.

This scam looks like a quick survey that only takes a mere “30-seconds.” That’s all the time a scammer needs to infect your system with malware after you click the link. 

Don’t be fooled by any unsolicited emails related to COVID or any of the vaccines. These are running rampant right now.

Apple ID Purchase Scam

Few things elicit an immediate response as fast as an email that pretends to be a financial alert. This Apple ID scam claims that someone just used your Apple ID to make a purchase. It provides a link to report a fraudulent transaction, which of course will take the user to a phishing site. One that could be designed to steal their Apple ID for real.

If you see any types of alerts like this from your bank or any other online account, go to that account directly through its website or app to check into any potential issue, and do not use any links contained in the email. It’s also a good idea to quickly hover over the link without clicking. This often reveals a fake right away.

Hurricane Ida FEMA Scam

The devastation of Hurricane Ida was barely a week past when FEMA put up a warning on their site about scams related to the disaster.

One email and text message scam going around states that there is a FEMA program that gives people $8,500 in assistance. This is not true.

The goal is to collect personal data from people like their name, address, SSN, etc. that can be used for identity theft and sold on the Dark Web. The promise of immediate assistance often has people providing their personal information before they figure out the whole thing is a scam.

Are Your Devices Scam-Proof?

Some protections can be added to your device, like DNS filtering, which helps protect you from clicks on malicious links. BrainStomp can help you scam-proof your devices to help you avoid a data breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.