The internet is a portal to anywhere. Employees can use the browsers on their work computer for good reasons, such as doing research for a work project or looking up customer or lead information.

They can also use it for activities that you would not consider work-appropriate, such as visiting an offensive website or watching funny animal videos on YouTube.

69% of surveyed employees admit to shopping online while at work, and if you look at just the millennial age group, that percentage jumps to 81%. 

When employees use the internet at work for personal use it can cut into productivity, but also leave your network security open to risks. Landing on a sketchy website can cause an injection of malware into the work device being used, and this could quickly spread to your entire network.

Threats like ransomware, adware, spyware, viruses, and more can easily be unleashed by an unsuspecting employee that’s visiting websites they should not be while at work.

How do you control the websites employees visit when you can’t exactly be standing behind each one all the time? Through web filtering.

Benefits of Web Filtering

Web filtering allows you to set up specific sites that your network will not allow. If a user tries to visit a site that is in a blocked category, they would be met with a message letting them know that the site was blocked.

Using web filtering has multiple advantages for your organization.

Improves Employee Productivity

If employees are doing their holiday shopping when they should be working, that eats into company productivity. While you can tell employees visiting non-work-related websites is frowned upon, in many cases, they’re going to do it anyway.

Web filtering gives you a way to ensure non-work-appropriate sites are blocked, which improves company efficiency.

Improves Network Security

Being able to block potential phishing sites and sites known to be heavily populated with adware (like pornographic sites) improves your overall network security. 

Makes Administration Oversight Easier

You don’t have to look through tons of internet usage reports to try to see how many employees are wasting time on the internet. Instead, you can simply filter out the sites you see as a problem, blocking anyone on your network from visiting them. This takes much less administrative time and is a more automated solution.

Optimizes the Allocation of Network Resources

When someone decides that no one is looking and they can stream a show from their computer, that streaming is taking up your company’s bandwidth. Company resources get used when employees use the internet at work for personal use, which could actually cause cloud-based work applications to lag and freeze up.

Web filtering ensures that this doesn’t happen.

What Categories Should We Filter For?

Web filtering is completely customizable according to your company’s needs. 

Here are some of the categories that BrainStomp filters for to give you a few ideas.

Adult

Advertisements

Alcohol

Animals and Pets

Arts

Astrology

Business and Industry

Cannabis

Chat and Instant Messaging

Cheating and Plagiarism

Child Abuse Content

Cloud and Data Centers

Computer Security

Computers and Internet

Conventions, Conferences, and Trade Shows

Cryptocurrency

Dating

Digital Postcards

Dining and Drinking

DIY Projects

DoH and DoT

Dynamic and Residential

Education

Entertainment

Extreme

Fashion

File Transfer Services

Filter Avoidance

Finance

Freeware and Shareware

Gambling

Games

Government and Law

Hacking

Hate Speech

Health and Medicine

Humor

Hunting

Illegal Activities

Illegal Downloads

Illegal Drugs

Infrastructure and Content Delivery Networks

Internet of Things

Internet Telephony

Job Search

Lingerie and Swimsuits

Lotteries

Military

Mobile Phones

Museums

Nature and Conservation

News

Non-governmental Organizations

Non-sexual Nudity

Not Actionable

Online Communities

Online Document Sharing and Collaboration

Online Meetings

Online Storage and Backup

Online Trading

Organizational Email

Paranormal

Parked Domains

Peer File Transfer

Personal Sites

Personal VPN

Photo Search and Images

Politics

Pornography

Private IP Addresses as Host

Professional Networking

Real Estate

Recipes and Food

Reference

Regional Restricted Sites (Germany)

Regional Restricted Sites (Great Britain)

Regional Restricted Sites (Italy)

Regional Restricted Sites (Poland)

Religion

SaaS and B2B

Safe for Kids

Science and Technology

Search Engines and Portals

Sex Education

Shopping

Social Networking

Social Science

Society and Culture

Software Updates

Sports and Recreation

Streaming Audio

Streaming Video

Terrorism and Violent Extremism

Tobacco

Transportation

Travel

URL Shorteners

Weapons

Web Cache and Archives

Web Hosting

Web Page Translation

Web-based Email

Academic Fraud

Adult Themes

Advertising

Adware

Anime/Manga/Webcomic

Auctions

Automotive

Blogs

Business Services

Chat

Classifieds

Drugs

Ecommerce/Shopping

Educational Institutions

File Storage

Financial Institutions

Forums/Message Boards

German Youth Protection

Government

Hate/Discrimination

Health and Fitness

Instant Messaging

Internet Watch Foundation

IT-ADM

IT-AGCOM

Jobs/Employment

Lingerie/Bikini

Movies

Music

News/Media

Non-Profits

Nudity

P2P/File sharing

Photo Sharing

Podcasts

Portals

Proxy/Anonymizer

Radio

Religious

Research/Reference

Search Engines

Sexuality

Software/Technology

Sports

Tasteless

Television

Terrorism

Video Sharing

Visual Search Engines

Web Spam

Webmail

Get Help Setting Up Web Filtering on Your Network

BrainStomp can help your business put an affordable web filtering solution in place and get you set up with the best filtering categories for your needs.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Having the ability to look at business data in a meaningful way is important for finding insights. Being able to identify a downward trend and address it or capitalize on a positive data point can help businesses grow and improve profitability.

Company leaders that use data visualizations and advanced analytics are 5x as likely to make decisions faster than their peers and 3x as likely to properly execute those decisions as intended.

Last year, Microsoft made it easier for companies to create meaningful data analytics by combining PivotTables in Excel for the web with its business intelligence dashboard Power Bi. 

Let’s look at each of those pieces and then how they combine to make data analysis easier and more powerful at the same time.

What is an Excel PivotTable?

A PivotTable in Excel is a tool that allows you to calculate, summarize, and analyze data. It helps reveal data patterns and trends.

The PivotTable will pull in data from other resources and group it together into a single place, where you can organize that data in multiple ways and use graphs to create visualizations.

Using PivotTables, you can look at a large amount of data in a user-friendly way, have calculations run on that data in the background, and more.

Some of the things that PivotTables can do are:

• Subtotaling and aggregating data

• Summarizing data by categories and subcategories

• Creating custom calculations and formulas

• Expanding and collapsing levels of data 

• Making it easy for you to drill down into different summaries of source data

• Filtering, sorting, grouping, and conditionally formatting data

• Providing attractive and annotated reports

What is Power Bi?

Power Bi is an application that connects to multiple data channels throughout your organization to bring all your business data into one place. 

The platform has over 500 free data connectors that make it simple to connect to many different data sources, like Azure SQL, Salesforce, SharePoint, Excel, and more.

The platform allows you to create multiple interactive and visually engaging reports that are easy to share with others.

Why Bring Power Bi Data Into Excel?

Excel has been around for ages, and it is the “go-to” tool for a lot of organizations and their teams. While Power Bi gives a company the ability to bring all its online data sources into a single platform, Excel provides an easy user experience that people tend to be comfortable and familiar with.

It also has features, such as PivotTables and data types that allow you to do more with your raw data.

How to Create an Excel Pivot Table Using Power Bi Datasets

Step 1: Insert PivotTable

First, go to Insert in the top menu and click the PivotTable. Then choose From Power Bi (Microsoft).

Note, that your company must already have Power Bi in your Microsoft plan for this option to be enabled. 

Step 2: Chose the Dataset You Want

Next, in the Power Bi Datasets pane, you’ll choose the dataset that you want to bring into Excel. When you do this, a PivotTable will be created for you in a new spreadsheet of the workbook you’re in.

Step 3: Add Fields to Your PivotTable

Now, you’ll want to begin building out your PivotTable by adding the fields you want to work with from your dataset. The way that Excel creates the PivotTable is to add the fields that you select to Rows and to add any date and time hierarchies to Columns. Numeric fields are added to Values.

You can move fields from one area to another by dragging the field. 

Refreshing Your Data

Why connect data in an Excel PivotTable to Power Bi? Because the data can be live, and thus be updated as it comes in.

For example, say that you have sales and lead data from Salesforce connected to Power Bi. You could bring this into an Excel PivotTable and never have to worry about asking the sales team for the daily sales figures again. The data would refresh automatically as updates and new data are added to your Salesforce account.

To refresh your data inside Excel to capture any updates, you can use the following steps:

• Click anywhere in your PivotTable to show the PivotTable Tools on the ribbon.

• In that Tools area, click Analyze > Refresh.

You can refresh data automatically when the Excel workbook is opened by doing this:

• Click Analyze > Options

• On the Data tab, check the box for Refresh data when opening the file

Get Help Incorporating Technology Solutions to Boost Your Business

Knowing how to use technology to make things easier and get better business insights is important if you want to be competitive. BrainStomp can help your business with smart technology solutions that improve your bottom line.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Passwords have become a new “Holy Grail” for hackers and large criminal groups of all types. With much of the workload and data for companies moved to the cloud, getting in via a brute force attack is not easy.

Cloud service providers like Microsoft, Amazon, and Google spend millions each year on security and they have stringent defenses for their data centers and networks.

But if an attacker has the email address and password for a legitimate user of the cloud account, they can get right in. Depending on the privilege level of the account they breached, they can do things like:

• Steal sensitive data

• Access email 

• Add and remove users

• Infect cloud storage with ransomware

• Send phishing email from your email address

• Access payment card details

• And more

Breach of user credentials has become the number one cause of data breaches globally.

It’s important to have a comprehensive cybersecurity plan with several layers of protection. One of the critical layers is password security. All it takes is one unprotected password to cause a major breach that costs hundreds of thousands of dollars.

Breaches cost both companies and individuals because passwords are often shared across personal and work accounts.

Poor Password Habits Can Lead to Big Problems

Acting against how important it is to keep passwords secure is the fact that many users have bad password habits.

A SurveyMonkey survey found that:

• 34% of people share their passwords with coworkers

• 22% of people admit to using the same passwords for work and personal accounts

• Only 12% of people use a password manager to securely store their passwords. 

Unsecure storage methods used for passwords can increase the risk of having your passwords stolen. People have so many passwords to remember that they often resort to these types of methods.

Do any of these look familiar to you?

• Using your phone’s contacts app to store passwords

• Storing passwords in an Excel or Word document on your PC (not password protected)

• Using sticky notes stuck to your computer to jot down passwords

Reasons You Should Not Share Passwords

We tend to trust certain people we work with and they may be good friends. So, you might not think twice about sharing a password with your friend at work. But sharing your password is like handing out a copy of your driver's license to share. It’s a huge security risk that can lead to major problems.

Here’s why.

You Have No Control Over the Password Security Once You Share It

While you may trust your friend and they might not mean to leave your password unsecured, mistakes happen. Bottom line is that you have no control over the security of your password once you give it to someone else.

Methods of Sharing Are Often Non-Secure

How you share that password with another person might allow the password to be intercepted. For example, if you send your coworker the password in a non-encrypted email, it can easily be seen by anyone trying to infiltrate your network.

Sharing a password on a piece of paper can also lead to a security problem. Imagine if that paper is thrown away, and then retrieved by someone wanting to harm the company, such as a disgruntled employee. 

You Are Ultimately Responsible for Your Password

When a data breach happens, IT experts will look at system logs to find out the source of the breach. If your account is connected to a breach or unwelcome activity in the system, you will be blamed.

If you share your password, then whoever has it can log in as you. The system reads you as the user and all activity tracked is associated with your user login. You could be blamed for something you didn’t do, such as downloading confidential information. 

Reasons You Should Not Leave Passwords Easily Accessible

It’s Easy to Search for Documents Called “Password”

If someone has a document on their PC where they keep passwords, there is a good chance that the word “password” is either in the title or the body of the document.

All anyone with access to the computer, either physically or through malware, would need to do to find that file is to search “password” in the file search. Without any protection, that entire list of passwords could easily be stolen.

There Are Better Ways to Secure Passwords That Are Convenient

You don’t need to store passwords on sticky notes or in a contact application, there is a much better way that is just as convenient. 

One of the best ways to store passwords securely is using a password manager. This type of app encrypts passwords so they can’t be read, even if someone accessed your computer without your knowledge.

It’s easy to use on a PC or mobile device, and you only need to remember one strong password to access all your others. Password managers can even auto-fill your passwords into login forms and can suggest strong passwords for your accounts.

Improve Your Password Security With Help from BrainStomp

BrainStomp can help your business put password security solutions in place that reduce risk and fortify the security of your cloud accounts and data.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Whenever there is a crisis, there are usually innocent people that end up paying the price. Well-meaning citizens and organizations will step up to help, but unfortunately, scammers take advantage of the situation.

Whether it is a natural disaster, a pandemic, or the latest crisis, such as the war in Ukraine, there are those unscrupulous people who will see an opportunity to trick people out of some money or sensitive information (like their SSN or banking details).

You can work hard to put IT security protections in place like a network firewall and password security, but many times a breach is initiated by an employee accidentally clicking on a phishing scam, like the ones that come in times of crisis. 

A study by Stanford University found that approximately 88% of all data breaches are due to human error. 
To help stave off human error, and not be the cause of it yourself, you should be aware of the types of scams that these bad actors perpetrate. 

Types of Scams to Watch Out For

These scams will generally come via phishing emails or text messages. Phishing by SMS (“smishing”) is growing fast, and unfortunately, many people don’t yet have this type of phishing on their radar.

Beware of any unsolicited messages coming in via text or email. Especially when tied to a crisis event. Here are some examples of scams that are making the rounds.

Ukraine Charity Scams

The war in Ukraine has caused many to want to help the people being forced out of their homes, and scammers are taking advantage of this.

One scam mentioned by Tom’s Guide has a headline that says “They Need Our Help” with images of war to pull at the giver’s heartstrings. But when the recipient of this message clicks to donate, there is often nothing about what percentage of the money will be donated or much information on the organization behind the push to collect funds.

These types of sites will take your money and could also steal your credit card details and sell them on the Dark Web.

Coronavirus Scams

COVID-19 and its variants are still around, and criminals have had a heydey for the last two+ years with all types of coronavirus-related scams. This includes scams that use:

• Fake contact tracing maps with hidden malware 

• Impersonation of a government agency to get personal details, purporting that it relates to some type of COVID tax relief

• Scams involving hard to get protection items or fake cures

During the pandemic, phishing has skyrocketed by 220% as criminals ramped up these scams.

Disaster Relief Scams

Much like the Ukrainian crisis scams, anytime there is a natural disaster like an earthquake, hurricane, typhoon, wildfire, etc. fake charity scams will start popping up on social media, your email inbox, and via SMS.

They’ll pretend to be collecting money for the victims and will prey upon the desire by good people to help others.

How to Avoid Falling for Crisis Scams

Go Directly to the Source to Donate

There are many wonderful legitimate charitable agencies out there that you can donate to that really are helping in the event of a crisis.

Instead of going through a link you see in an email or on social media, go directly to a charity’s website or a reliable watchdog site like the Better Business Bureau (BBB) Wise Giving Alliance at Give.org. 

Avoid Using Links in Text Messages or Email

Avoid clicking links you receive via email or text message, no matter how compelling and heart-tugging the message may be. These scams are written to get you to respond emotionally before you have a chance to question the legitimacy of the site.

Any type of link from a source you don’t know could easily lead you to a phishing site that does a drive-by download of malware onto your device as soon as the page loads.

Don’t Trust Social Media Posts Asking for Money

Social media phishing scams (known as social phishing) can be difficult to spot. Sometimes people we trust like a friend or family member may knowingly share a scam link because it has a compelling image. They don’t realize they could be setting their own friends up to get scammed.

Scammers will also buy social media advertising and target those that fit a certain algorithm. The information that Facebook and other social sites have on you allows them to sell very targeted advertising, and they haven’t done a great job of vetting who is doing the advertising.

This targeting allows scammers to customize ads that target your personality type. For example, if you’re tagged as a pet lover, then the ad you see might have an image of a war-torn region with an animal in the middle and a fake request that asks you to help pet shelters during the crisis.

Avoid the urge to click on these social posts to donate. Do it directly through a legitimate charity’s website instead.

Fortify Your Defenses Against Phishing

In addition to user training on phishing, there are also cybersecurity solutions that help prevent a click on a phishing link from resulting in a breach. BrainStomp can help your business with important safeguards to combat these types of attacks.
Schedule a free consultation today! Call 260-918-3548 or reach out online.

A recent cloud adoption survey from 2021 found that cloud adoption by companies is at an all-time high of 90%. It’s expected that that number will reach 100% this year if it hasn’t already due to the changes in workforce structure driven by the pandemic.

With much of what companies do moving to the cloud – data, software, processes – cloud environments are the new main target for cybercriminals.

Incidents of cloud credential compromise have been rising, with this now being the main cause of data breaches. Because many cloud providers (Amazon, Microsoft, etc.) have stringent data center security standards, hackers are finding other ways in, mainly through compromised user accounts.

98% of enterprises have experienced a cloud security breach in the last 18 months. 

This shift to the cloud means that businesses need to make cloud security a priority, and there are four essential areas that you need to be addressing.

1. Identity Security

The first area of cloud security you need to look at is identity security, also known as access management. User credentials were responsible for 61% of global data breaches in 2020, according to Verizon’s Data Breach Investigations Report.

Addressing identity security involves putting some of the following cybersecurity protections into place:

• Strong Passwords: Don’t just tell users they need to use strong passwords, enforce their use through security policies in apps that don’t allow weak passwords to be saved.

• Multi-factor Authentication: With a 99.9% effectiveness rate at stopping fraudulent sign-in attempts, this is a “must-have” safeguard for all your user accounts.

• Use of Single Sign-on (SSO): You can streamline the user experience and make access security easier to manage by putting an SSO application in place.

2. Network Protections

Hackers that gain access to your network or the network of a remote employee can make their way into a device and through that device, access cloud data, and accounts, such as email.

It’s important that networks are protected with proactive monitoring for any threats, a next-gen firewall application, and zero-trust security measures. One of these would be application safe-listing that only allows designated code to run, blocking all others (including malware or ransomware).

With many employees working remotely, companies haven’t always kept up with network security when it comes to those home networks. It’s a difficult needle to thread in some cases because the network and router are owned by the employee and used for more than just work.

But some simple safeguards like ensuring a strong router password, and setting up a guest network to segregate work devices from home devices are non-intrusive protections that can be put in place.

3. Device-based Security

The computers, mobile devices, and IoT devices that connect to your business cloud apps and data need to also have proper security to ensure they’re not compromised.

Once a device is compromised, a hacker can often gain access to a cloud account without even needing the password.

Device security best practices include:

• Patch and update management for software and operation system

• Advanced antivirus/anti-malware

• Code or biometric locks for screens

• Regular virus scans 

• Monitoring of device access to business assets

Using an endpoint device management application, such as Microsoft Intune, can help you better ensure device security of all those mobile endpoints. This is especially important now that employees are accessing data from multiple devices (desktop, tablet, and mobile) and can often do this while outside your immediate company network.

An endpoint device management application also helps you keep the business side of an employee device separate from the personal side. This can allow you to enforce document security policies and better secure access to any cloud accounts. 

4. Visibility & Compliance

You need to maintain visibility into how your cloud data is being used and who is accessing that data. One data leak where an employee accidentally exposes personally identifiable information (PII) of a customer can lead to a data privacy compliance breach and penalty.

Another danger of not having full visibility into how your data is used in cloud applications has to do with shadow IT. This is the term used for cloud applications that employees may be using for work without your knowledge.

Without a cloud app use policy in place, well-meaning employees may start using an application they like on their own. This means that company data could be stored in an app that hasn’t been reviewed to see if it meets your compliance requirements.

It’s important to have visibility into all cloud data storage and activities happening in your organization and to educate employees on the apps that can be used for business data and those that cannot.

Get Help Ensuring Your Company’s Cloud Data is Protected

BrainStomp can help your business address each of the four important areas of cloud security to reduce your risk of a costly breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Windows 11 has been out for a few months now and has been largely well-received. The new operating system had just a few initial bugs with compatibility which were quickly addressed by Microsoft and has been without major problems for a majority of users.

Windows 11 replaces Windows 10, just as the older OS reaches less than four years before it’s retired in October of 2025. If you haven’t upgraded yet, you may want to think about doing so sooner rather than later.

There are a lot of advantages to upgrading to Windows 11, and the fact that the entire OS is not a large departure from the Windows 10 experience is a plus. It means that users aren’t feeling like they just stepped into alien territory when they boot up after upgrading.

The main interface and how you get around is similar to Windows 10, but 11 is worth considering because its development was focused on productivity and making it easier for users to do everyday tasks.

When looking at technology solutions for your business, the operating system that runs your PCs is a foundational piece of the architecture. It’s important that it is kept updated so you aren’t held back by compatibility problems with new applications or run into security vulnerabilities.

We’ll go through some of the great new features of Windows 11 below that can upgrade your user productivity.

Snap Layouts

One of the most useful features in Windows 11 is the snap layouts option. When you hover above the maximize icon on any window, you have the option to snap the window into a layout with 1 to 3 other open windows.

Images from Microsoft - Snap Layout with three windows

App switching is one of the most time-consuming tasks for people because it tends to happen all day long. 68% of surveyed users say they spend at least 30 minutes per day switching between apps.

Snap layouts allows you to reduce app switching by optimizing your view of several apps at the same time. This is better than trying to resize windows yourself because the view allows you to access all window scrollbars and menu items.

You can also easily snap windows in and out of the layout view.

Teams Calling & Messaging from Your Desktop

Video meetings have become the new norm, with many people still working from home for the foreseeable future. Lots of companies plan to keep remote teams in place even after the pandemic has passed due to the realization that if enabled with the right tools, employees can be just as or more productive. Additionally, companies can save money on physical building resources.

One of the hybrid work features that were introduced in Windows 11 is the ability to use MS Teams right from the desktop, without needing to open the full app. It comes installed with Windows 11 natively and has an app on the taskbar.

Users can click to place an audio or video call, and even share the screen right from their desktop.

One of the more helpful features if you hate having to type text messages on a tiny smartphone screen is the ability to send and receive text messages through the app. This allows you to text right from your computer to any mobile device. 

Streamlined Start & Search Menu

One of the more noticeable UI changes with Windows 11 is that the Windows Start icon has moved from the left side of the taskbar to the middle, grouped with the other icons. 

Users will also notice that all those complicated boxes and groups are now gone, and the Start menu has a more streamlined and uncluttered look.

You can pin most-used apps to the top and easily use the master search bar (which has been moved from the taskbar to the top of the Start menu) to search for anything.

Finding documents, webpages, applications, photos, and more is much faster when using this master search and will reduce the time it takes you searching for files in File Explorer.

New Widgets Panel

One feature that has a little more work needed, but is still helpful right now is the new Widgets panel. You can access this via your taskbar and it pulls information in for things like weather, news, stocks, and more.

You can customize the panel by adding the apps you want. One of the most helpful right now is the To Do widget, which allows you to create a quick list of tasks from your desktop and then check off items as you finish them.

Doing this from the desktop in the widgets panel is a bit faster than having to open another application to access a task list.

Need Help With Your Windows 11 Upgrade?

Upgrading all your business PCs to Windows 11 doesn’t have to be time-consuming. BrainStomp can help your business with a smooth upgrade and train your team on the most productive new features.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

A recent study found that as many as 80% of data breaches can be tied back to the compromise of privileged user credentials. These insider attacks happen when cybercriminals get their hands on a legitimate user login, either through the use of phishing scams or from the purchase of passwords after the breach of a large database.

The average employee has to keep up with over 100 different passwords, which makes it very challenging to use strong password practices, such as using long passwords that include special characters and making each password unique.

This, coupled with the fact that credential theft has become one of the leading types of cyberattacks, has made account access security a major risk factor for many organizations. Just one breach can lead to business email compromise, ransomware infection, data loss, and breach of confidential employee or customer information.

The accounts that interest hackers the most are those with higher-level access privileges. If they obtain the credentials of a lower-level user that can’t access any security settings or user management, the damage they can do is limited. 

But, if a criminal is able to breach an administrative account, they can often add and remove users, lock companies out of their own accounts, access payment details, and much more.

The best way to reduce your risk of a privileged account compromise is to audit these accounts regularly. Your goals during this audit include:

• Reduce the number of unnecessary privileged accounts

• Eliminate any unused privileged accounts

• Lower access levels for employees where possible

• Put monitoring in place for insider attacks using admin accounts

Steps for Conducting a Privileged Account Audit

Create a List of Cloud Accounts With Each Account and Privilege Level

First, you’ll need to compile a list of each user account in each business cloud tool that your company uses.

This may take a few days, as companies often find out they have more cloud apps than they realize. The average company and its employees use approximately 137 cloud tools, both free and paid.

The fastest way to do this is to see if the cloud platform can export your user list and their details. Your goal is to have a list of each cloud tool, all users accounts enabled in that tool, and the privilege level of each account.

Identify & Eliminate Any Unused Accounts

Your next step will be to identify and eliminate unused accounts. Leaving unused user accounts sitting in a cloud tool provides a prime target for hackers to infiltrate your cloud platform because the account is unmonitored.

Eliminating all unused accounts, both privileged and non-privileged, will decrease your risk of a breach as well as save you money on any paid cloud account subscriptions.

Review All Privileged User Workflows to See If The Access Level Can Be Reduced

Next, zero in on those users with privileged accounts that allow them higher access and more permissions in the platform than basic user accounts.

Interview users to ask how often they use the additional permissions. If you find someone isn’t using a higher-level function very often, then they don’t need to have that access level on their account. 

Adjust User Privileges Using the Rule of Least Privilege

For all privileged user accounts that you’ve identified as not actively using those admin permissions regularly, reduce their user access level. 

You want to apply the Rule of Least Privilege across all your user accounts in each platform and use it going forward when creating new user accounts.

The rule is simple and dictates that users should be given the lowest possible permission level in a system as needed to complete their daily tasks.

So, if a user only needs admin permission once or twice a year, they don’t need to have an administrative account. They can use a temporary access change to complete those or a dedicated admin account, which we’ll discuss next.

Consider the Viability of a Single Dedicated Admin Account in Each Cloud Platform

Where it is viable, use a single dedicated administrative account. This greatly reduces your risk of a privileged account compromise because you’re reducing your high-level accounts to just one per platform.

Microsoft 365, for example, allows you to set up a dedicated administrator account without paying an additional user license. This account doesn’t use email and is only used for administrative purposes.

Users that need to conduct admin duties, simply log out of their own lower-level user account and into the shared dedicated admin account. When finished, they log out, and back into their own account.

Monitor & Review Privileged Accounts Regularly

Because privileged accounts are such a big target for cybercriminals, it’s important to monitor them and conduct audits regularly. Access monitoring helps you spot any strange anomalies, such as a privileged account login at odd hours of the day and night.

Let’s Improve Your Cloud Security This Year!

BrainStomp can help your business audit and review your access security and improve your cloud protections for a more secure cloud environment.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Many business owners are in a hopeful mood right after the first of the year and are looking for ways to improve sales and grow their businesses. But no matter how much you grow, one ransomware infection or cloud account breach can mean devastating downtime.

A cyberattack costs a business an average of $200,000, which is more than many smaller companies can bear. Small businesses are also often targeted in these attacks, with over half experiencing a data breach within the last 12 months.

Mobile phishing threats soared by 161% in 2021.

New and more sophisticated cyberthreats are being developed and launched each day that endanger your company’s network security and business wellbeing. This makes cybersecurity one of the most important investments you can make to secure business continuity and growth. 

When making growth plans for your company for 2022, here are several New Year’s technology resolutions that you should include to ensure your IT infrastructure is protected.

Begin Transitioning to a Zero-Trust Security Approach

Cybercriminals are using AI and machine learning to improve the success of their phishing attacks. They continually come up with more sophisticated ways to steal user credentials and conduct insider attacks.

Just normal antivirus software isn’t enough to keep your on-premises and cloud assets secured. Zero-trust is a strong cybersecurity framework that is being adopted around the world. 

It takes a stance of not trusting a user or program by default until they can authenticate access privileges. Some of the tenants include using a safe list for programs that can run on your system rather than trying to identify and block those that can’t. This ensures that any non-approved program is blocked by default, no matter what it is.

Zero-trust is a strategy that is adopted across your entire cybersecurity environment. You can begin with a few zero-trust measures and then add more as time and budget allow to improve your security.

Adopt the Rule of Least Privilege

Credential compromise has risen to the #1 cause of data breaches globally, with stolen login credentials responsible for 20% of data breaches.

With most data now residing in the cloud along with things like business email accounts, hackers are going after usernames and passwords because having a legitimate user login is the easiest way to breach a company account.

Adopt the Rule of Least Privilege this year. This rule states that you should only give employees the minimum permission level in a system as needed for them to perform their daily tasks.

The fewer privileged accounts you have with admin access in a cloud account, the less risk you have of serious damage being done if a hacker steals one of your employee logins.

Implement Multi-Factor Authentication (MFA) Across All User Accounts

One of the tenants of Zero-Trust is multi-factor authentication. This is one of the strongest protections you can put in place to prevent account takeovers and insider attacks.

According to Microsoft, MFA is 99.9% effective at blocking fraudulent sign-in attempts on an account.

If you’re worried about employee pushback about MFA being inconvenient, then couple it with the implementation of single sign-on (SSO). SSO consolidates the employee experience into one login to access all work applications, which saves users time even if they use MFA.

Have Cloud Account Security Professionally Configured

Misconfiguration of security settings is one of the major causes of cloud account breaches. Today’s platforms like Microsoft 365, Salesforce, Google Workspace, etc. come with a lot of security flexibility, but the most secure settings aren’t usually defaulted.

For example, MFA is typically available, but not generally pre-enabled. Users need to enable it themselves, along with several other security features.

Resolve this year to have an IT security professional, like BrainStomp, configure your cloud platform security settings to ensure your accounts and data are properly protected.

Test Restoration of Your Data Backups

Do you have a recoverable backup of all your data in the case of a ransomware attack? If so, when is the last time you tested the data restoration process?

Many companies never do this, and it leaves them at high risk should they suffer a ransomware attack or other data loss incident. There are several cases of companies (like Colonial Pipeline) being hit with ransomware, and having a backup, but paying the ransom anyway because they never tested data recovery and aren’t sure how long it will take. So, they opt to pay the attackers because they think it will be faster.

Add at least two data recovery drills to your calendar this year as part of a business continuity strategy. This helps you ensure you have a backup and recovery system that can restore data quickly, gives you important timeframe details, and helps your team become familiar with the process.

Get Help Improving Your Cybersecurity This Year

Cybersecurity isn’t something to put off until “later.” BrainStomp can help your business target your most vulnerable areas and implement solutions that protect you from costly breaches.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

Phishing attacks nearly doubled in 2020 as compared to the prior year and we’re seeing a similar trend in 2021 with phishing on the rise. This method of attack is by far the most prevalent and it continues to evolve and get more sophisticated all the time.

Without protection against various phishing tactics, companies can face multiple threats to their network security, including ransomware, data breaches, credential theft, and account takeovers. 

Phishing has become more dangerous over the last few years because many attack campaigns are run by large criminal groups or state-sponsored hacking organizations. These groups invest money into making phishing more effective and continue to optimize how much money they can make and how fast they can deliver attacks.

This in turn increases the volume of attacks and the risk level. 

One of the ways to stay one step ahead of phishing attacks is to know what new tactics are being used so you can properly prepare your team. Following are some of the alarming new phishing trends being seen by industry cybersecurity experts around the world.

1. Increased Use of Breach Specialists (Initial Access Brokers)

Initial Access Brokers are hackers that specialize in getting inside a network. They facilitate that first breach, so others can then conduct their attacks. Because this is the main focus of this group of outside contractors, they’re very good at it.

In efforts to optimize the success of phishing campaigns criminal groups are increasingly hiring these experts to launch that initial part of the attack that gets them inside a network. This can be through an elaborate credential theft campaign or a tactic using malware to breach a network device.

2. SMS Phishing is Increasing

SMS phishing (smishing) is on the rise and many employees aren’t aware. They’re used to being careful of unexpected emails and may even be well-trained in tactics like hovering over links to reveal the URL beneath them. However, many aren’t expecting to receive fake text messages that look like the shipping notices they normally get from Amazon and other retailers.

Mobile phone numbers are becoming easier to get, which is why scam robocalls have become such a problem for mobile device users. Cybercriminals are also using these numbers to launch phishing campaigns via text message deploying hidden links that users often can’t roll over in the same way they can on a computer.

3. More Use of Brand Impersonation

Impersonating another company is a common phishing tactic to fool users into thinking a phishing email is legitimate. They’ll use their logo, signature, and make a carbon copy of emails from brands like Microsoft 365, Amazon, and Netflix.

But scammers don’t only impersonate larger companies. Your business needs to watch out for the use of brand impersonation when it comes to vendors you do business with, such as your internet service provider or website host. 

4. Monetization of Business Email Compromise (BEC)

Up until now, ransomware has been one of the most lucrative types of phishing attacks that hackers could launch, which is why ransomware has been exploding in volume in recent years. But now hackers are finding out that compromising a company email address can also rake in the cash.

Once they breach a user email address (preferably someone in a managerial position), scammers can send out emails from that person’s email account to other employees. Those employees will typically not suspect a phishing attack because they recognize the person and see their real email address is used.

BEC is often used with gift cards scams, where the scammer will direct employees to purchase gift cards and reply with the codes.

5. Increased Targeting of Smaller Companies Using Spear Phishing

Smaller companies need to worry about the increased use of spear phishing. This targeted form of attack that uses more personal details used to be saved just for the larger organizations because of the research needed.

But now with the efficiency improvements of phishing attacks, small businesses are also being singled out and targeted in the same way.

6. Disgruntled Employees Are Being Targeted for Their Passwords

You may want to ensure you don’t have any particularly unhappy or disgruntled employees because they could potentially be the source of a breach. In efforts to conduct attacks on company cloud accounts, hackers are phishing for user login credentials.

One of the new tactics they’re using is to outright offer employees cash for their login details. They play the numbers, thinking that most companies have at least one disgruntled employee that might take them up on that offer. If they do a little searching on social media, it may also not be hard to find someone unhappy with their employer based upon the things they are posting.

Are You Due for a Review of Your Cybersecurity Strategy?

Companies must evolve their cybersecurity strategy to keep up with the evolution of phishing and other cyberattacks. BrainStomp can help your business with a full review of your current protections and make suggestions for any areas of risk.

Schedule a free consultation today! Call 260-918-3548 or reach out online.

As of June 2021, Windows has over 72% of the desktop operating system market share, so a majority of companies are having to make the decision of when to upgrade from Windows 10 to the just-released Windows 11.

Upgrading your business technology solutions, especially one as important as the OS that runs employee PCs, is an important timing decision. Companies don’t want to upgrade too soon and face downtime and other issues due to bugs that have yet to be worked out.

But waiting to upgrade also has a downside. Employees can miss out on productivity-enhancing features that could improve their workflows. Additionally, a company could get caught having to rush to upgrade before the older OS loses vital security support or risk increased exposure to a cyberattack.

When it comes to Windows 11, out for a little over 2 months now, many companies are weighing the pros and cons and trying to decide exactly when to upgrade their office devices. 

We’ll go through the pros and cons of upgrading now to help you make a more informed decision on when to roll out your Windows 11 companywide upgrade.

Reasons You May Want to Wait to Upgrade

If Your Company Uses Oracle VirtualBox

The Windows 11 release has been largely well-received with few issues. Nearly all bugs that have been found have already been resolved, according to the Windows health and status page.

However, there is still a confirmed issue with Oracle VirtualBox and its compatibility with Windows 11. Users might be unable to start Virtual machines and may receive an error message. 

The Widgets Panel Needs More Work

While many of the features have rolled out without a hitch, one in particular still needs more work and is minimally helpful right now.

The Widgets panel that is activated from the taskbar is designed to allow you to get quick access to different types of information like your Microsoft To Do list, news, weather, stocks, and email. But it has some problems, that include:

• Email widget is difficult for some users to connect to their Outlook email

• There aren’t that many widgets to choose from

• There are not many productivity-focused widgets

• The panel can be slow to load

Reasons You May Want to Upgrade Now

Easier Multi-Window Workflow

68% of surveyed office workers say that they spend at least 30 minutes a day switching between apps. This is often done because it can be time-consuming to size two or more windows on the screen at the same time and still reach the menu items and scrollbars.

The new snap layouts feature in Windows 11 solves this dilemma. It allows users to quickly snap a group of windows into an optimized view that allows them full access to scroll bars, menus, etc. 

This single feature can save your employees a lot of time and make their multi-window work easier and more fluid.

Snap layouts in Windows 11

Easy-to-Learn Upgrade Without Major Differences from Windows 10

This won’t be an upgrade that has your employees feeling like they’re in alien territory when they get to their upgraded desktop. Windows 11 doesn’t make major changes to the interface or navigation of Windows; it just enhances it to make it less cluttered and reduce the time it takes users to do tasks.

The biggest interface change that users will need to get used to is that the Windows Start Menu button has been moved from the far left of the taskbar to the middle.

Native Teams Integration Promotes Easier Connections

We’ve all known that one person that seems to have a hard time navigating video call applications. For those users and others, Windows 11 is going to make the chat, audio call, and video call experience easier. 

Microsoft Teams is natively integrated with an icon on the taskbar. Users can click to easy message or call anyone from their desktop without needing to open another app. This includes the ability to screen share during a call and to send and receive text messages. The person you are connecting with doesn’t have to be a Teams user to connect with them.

The Upgrade is Free for Compatible Windows 10 PCs

Another reason you may not need to wait to upgrade is that upgrading to Windows 11 won’t mean having to purchase a new operating system for all your computers in most cases.

The Windows 11 upgrade is free for Windows 10 PCs (home and business versions) that meet the minimum system requirements for the upgrade. 

Schedule Your Windows 11 Office Upgrade Today

BrainStomp can help your business upgrade all user PCs (in-office and remote worker) to Windows 11 smoothly without disrupting your normal business operations.

Schedule a free consultation today! Call 260-918-3548 or reach out online.