Remote Working with Office 365

by

Working from home is a big change in an already tumultuous time. Yet there’s a bright side. The quarantine could be your opportunity to reinvent how you work — for the better. Migrating to Microsoft Office 365 has benefits now. Plus, when you’re back to business as usual.

Office 365 is the cloud-based version of Microsoft Office. With a subscription, you get both the desktop and online versions of apps you already know. This includes Outlook, Word, Excel, PowerPoint, OneNote, SharePoint, Teams, Yammer, and more.

Office 365 enables collaboration in many ways, on desktops, tablets, and smartphones. For example:

  • Outlook — primarily associated with email, but also lets you share notes and files
  • Teams — a hub for instant messaging, video conferencing and calls
  • SharePoint — an internal content management platform. SharePoint lets you customize team sites where you automate workflows and share resources
  • Yammer — a social network connecting all the users in your organization
  • OneDrive — allows users to share and co-author documents securely

Remote Work with Teams

Microsoft teams at its core is a chat program. But it does so much more. On all your devices, both iOS and Android, Teams allows “channels”. You can have company-wide or small task group channels. Or use a separate channel to instant messaging to a single person.

You can also invite clients or customers into channels to join the discussion. Additionally, you can set up security features that filter what they can access. You don’t want them to know the ingredients to your secret sauce!

Within Teams channels, users can share documents, spreadsheets, and presentations. Teams also integrates with other software. The options include Zendesk customer support, Asana project management, or Zoom video conferencing.

Using Teams in Office 365 creates a streamlined platform for remote work.

Remote Work with OneDrive

Working in the office, your users always had access to the business file server. OneDrive is the cloud equivalent. Yet, since it’s online, it’s always accessible. Microsoft’s hosts the file storage to let you access and share work files from all your devices.

Employees can even work offline. Any changes or edits to files automatically upload when you next connect.

Share OneDrive folders or files with external partners as well. Again, you can secure access with limits on who can see what and specifying what actions they can take. You can even set up automatic revoke access after a set time limit.

Office 365 & Business Security

An Office 365 subscription protects from viruses and cybercrime. It also offers ways to recover your files from malicious attacks.

Office 365 apps update with security patches without any effort on your part. Plus, Outlook scans email attachments and checks links for viruses or phishing scams.

OneDrive helps you restore files, so they’re not held captive in a ransomware attack. Office 365 also lets users encrypt email, prevent forwarding, and secure sensitive files.

Office 365 lets your business communicate and collaborate in real-time. Work on any device, anywhere, at any time. Enjoy business agility and flexibility with internal and external users.

Migrating to the cloud isn’t as simple as pressing the “start” button. Still, our tech experts can get you up and running quickly and with ease. Let us help you go online and get back to business as usual, even working remotely. Call us today 312-600-8357.

How to Stay Focused Working from Home

by

Working from home is not for everyone – we’ve all heard that said before – but many of us worldwide are now being forced to work from home. It can be challenging, especially when you have to adapt in the midst of all the other uncertainties COVID-19 has brought. These strategies can help you stay focused when working remotely.

Reserve your office space

Set up a temporary home office. Pick a space, if you can, that is away from distractions and has a door that you can close. Try to organize this space so that you feel more as if you’re going into the office. Clear those personal bills and photo albums waiting for assembly from your desk.

Creating a distinct space can help with the mental association that you are going to work. You’ll also find it easier to focus if you dress as you would for work. Shower, and put on makeup if you normally do. Getting out of your pajamas and putting on your “game face” puts you more in work mode.

Stick with your routines

Keeping a similar schedule can help, too. If you go to the office at a certain time every day, that’s when you should show up at your home workstation. If you took breaks at consistent times when on-site, do the same at home. This helps tell your brain it’s business as usual, even when you’re working in the laundry room on a folding card table!

You may not be able to go out and grab a coffee or eat lunch out with colleagues, but you can still go have a cup in the kitchen or order lunch from a local business that’s delivering – help them to stay in business too!

If you used to write emails first thing, do that still. If your team had a weekly conference call Wednesdays at 11, try to keep that, too. You can use voice or video conferencing to stay in touch while remaining at a safe distance.

Avoid distractions

This is going to mean different things for people. Working from home with children is tough, especially as you’re now supposed to be supervising their online learning. Giving them a dedicated space for schoolwork can help to keep them motivated and away from you. You might tell younger children to expect your attention at breaks (e.g. “I’ll play three rounds of Candyland when the big hand reaches 12 and the little hand reaches 3”).

The news and social media are other traps for those working from home. No one is watching over your shoulder, and it’s easy to think, “I’ll just check …” That’s how you lose 30 minutes of productivity watching pandas wrestle on a zoo-cam.

Still struggling? You could consider setting up one operating system account for work and another for personal use creating different browser profiles. And if you’re still getting distracted, you could install a browser plug-in that forces you to stay on track.

Keep deadlines

Setting deadlines can help you stay motivated. The longer you have to get something done, the slower you’ll work – it’s inevitable. So, maintain some pressure by setting tight, but realistic targets.

Share your deadlines with other colleagues using an online task management tool. This can help with accountability.

Be patient

This is a stressful time, and you’re being asked to deal with many changes. So, you need to be patient. Working in sprints could help your motivation and attention span. You might set a timer and focus completely on work until the bell chimes. One theory is that the most productive people take a 17-minute break every 52 minutes, but you’ll want to see what works for you.

Another approach is to say you’ll do 30 minutes of good work on that thing you’re avoiding. Worst case: you get only 30 minutes of it done. At least you’re further ahead. But you might find it only takes 30 minutes to complete or that you’re so close to finishing that you keep going and get the job done.

Have the right tech

Make sure you have the right tools to do your job. Working from home is challenging enough, so make it easier with reliable internet and Wi-Fi connections, and access to the required files.

Need help with working from home? We can’t actually be there to cheer you on and keep you motivated, but our tech experts can get you set up with the most efficient home office solutions. Contact us at 312-600-8357 today!

How to Stop Your Business Becoming a Victim of Social Engineering

by

You can have top-notch security in place but there is still one danger: social engineering. It’s the old kid on the block, but most of us have never heard of it. Perhaps the more familiar term is ‘con’: the art of manipulating people to take certain actions or divulge private information. Social engineers are a special type of hacker who skip the hassle of writing code and go straight for the weakest link in your security defenses – your employees. A phone call, a cheap disguise or casual email may be all it takes to gain access, despite having solid tech protections in place.

Here are just a few examples of how social engineers work:

Email: Pretending to be a co-worker or customer who ‘just quickly’ needs a certain piece of information. It could be a shipping address, login, contact or personal detail that they pretend they already know, but simply don’t have in front of them. The email may even tell you where to get the data from. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly sends a reply.

Phone: Posing as IT support, government official or customer, the hacker quickly manipulates your employee into changing a password or giving out information. These attacks are harder to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.

In-person: A delivery man uniform gets past most people without question, as does a repairman. The social engineer can quickly then move into sensitive areas of your business. Once inside, they essentially become invisible, free to install network listening devices, read a Post-it note with a password on it, or tamper with your business in other ways.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated, but they are extremely effective. Your staff has been trained to be helpful, but this can also be a weakness. So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk clerk taking calls all day would be at higher risk than the factory worker, for example. We recommend cyber-security training for each level of risk identified, focusing on responding to the types of scenarios they might find themselves in. Social engineering is too dangerous to take lightly, and far too common for comfort.

Talk to us about your cybersecurity options today. Call us at 312-600-8357

Steer Clear of Coronavirus Scams

by

With the world grappling with a health pandemic, scams are shocking. Regrettably, bad actors are everywhere, always looking for opportunities, and they’re seeing one in the coronavirus. This article outlines what you need to watch out for and how to stay cyber safe.

The last thing you want to read right now is that there’s another threat out there – sorry, but it’s true. Cybercriminals take advantage of fear. They take timely concerns and use them to target victims. Using the anxiety and upheaval around coronavirus is their mission.

So far, several coronavirus-related attempts to cyberscam people have been reported. There are examples of:

  • emails that appear to come from government health departments;
  • offering a tax refund to get people to click on malicious links;
  • memos to staff that appear to come from large employers;
  • COVID-19 test offerings from private companies;
  • fake websites promising to sell face masks or hand sanitizer;
  • soliciting donations to help fund a vaccine.

What to Watch Out For

Another concern is the number of bogus websites registered with names relating to COVID-19. The site can look legit but is set up to steal information or infect the victim’s computer with malware.

You may get an email promising the attached information offers coronavirus safety measures, or information shared by the World Health Organization (WHO) if you click on the link, or a similar email pretending to be from a reputable news source, such as the Wall Street Journal (WSJ).

In another example, an email impersonating a healthcare company’s IT team asked people to register for a seminar “about this deadly virus.” Anyone who didn’t question why IT was organizing the meeting clicked to register. By filling out the form, they gave their details to hackers.

What to Do

Be cautious. It’s understandable that you’re anxious, but don’t let that stop you from taking cyber precautions. You should still:

  • be wary of anything that tries to play on your emotions and urges immediate action;
  • question where emails are coming from – remain vigilant even if the communication appears to come from a reliable source;
  • hover over links before clicking them to see where they will take you – for example, in the WSJ example, the Web address was for the “worldstreetjournal”;
  • avoid downloading anything you didn’t ask for;
  • doubt any deals that sound too good to be true (“a mask that stops the virus 99.7% of the time!”);
  • ignore any communications requesting your personal information;
  • don’t be suckered by fraudulent pleas for charity.

Global health organizations generally do not send out emails with advice. Instead, navigate directly to that reputable health institution for real news.

If you’re still not sure about the validity of the communication, check it out. Do so by calling or using another medium to get in touch with the “source” of the received message.

While there is not yet a vaccine for COVID-19, you can put anti-virus protection on your computer. Also, make sure that you’ve applied all available security updates to keep your software safe.

We hope you’ll take care and stay healthy both physically and online in these tough times.

Need help installing security software and keeping your technology safe? Our cybersecurity experts can give your home a tech immunization. Contact us today at 312-600-8357!

Is Your Business’s IT Ready for the Coronavirus?

by

The Coronavirus is spreading as fast as feared. Businesses must be ready for the worst. One priority? Protecting the health of employees. Preparing the way for remote working is one top recommendation.

News of the virus, which the WHO is now calling COVID-19, has prompted urgent interest in remote work. Business collaboration software, virtual desktops, and private networks can all help. This tech helps the business continue as usual, even with quarantined employees.

It’s difficult to imagine you aren’t aware of the looming health pandemic. Trying to limit the contagion, we’ve already seen big business take major measures. These include:

  • Nike temporarily closed its European headquarters when an employee was diagnosed with the virus. After the first death in Washington state in the U.S., the company also closed its world headquarters for a deep clean of its campus.
  • Twitter told its roughly 4,900 employees to stay home to work.
  • The NBA suspended its 2019-2020 season after a player tested positive for coronavirus

Other businesses are weighing up the options. Furloughs? Changes to sick leave? Or encouraging work from home. The last option appeals, but how do employees work remotely? How can they continue collaborating with people they used to sit beside, meet in the office, or travel to see? Technological solutions.

The Right Technology for Remote Work

Remote workers want a centralized platform with a simplified (yet secure) login process. Business collaboration software is a great enabler of mobile, flexible work. Replace in-person meetings with voice or video conferencing. Streamline chat, voice, and video in one software platform. Tools such as Microsoft Teams, Google’s G-suite, or Slack, allow a business to create team channels.

Business collaboration tools also simplify access to email, calendars, documents, and file sharing. Employees can use a single sign-on to access business tools and data. This supports improved efficiency and increased transparency.

Providing a virtual desktop can provide access to important business applications, as well. Virtual desktops in the cloud allow users to work separately from their personal computers. The software virtualizes the user’s unique desktop environment at any workstation. All the data and applications are stored on a central server. Users access apps, folders, and toolbars from anywhere, with a consistent, secure experience.

Using a cloud-based solution also provides peace of mind. While remote workers access the corporate network, sensitive data isn’t stored locally. So, the business needn’t worry about the loss or theft of sensitive data. Plus, cloud-based virtual desktops are easy to rapidly install outside a quarantined area.

Worried about securing those remote connections? Another option is a virtual private network (VPN). A VPN connects computers, smartphones, or tablets to a shared or public network as if connecting to a private network. These encrypted connections to the internet secure data and protect employees’ mobile activities.

Mobile Work Helps Every Day

You can hope that your employees stay healthy and your business remains unaffected, but why take that risk? Empowering remote work benefits business, even without the threat of a fatal flu.

Remote teams enjoy greater work-life balance. The workers spend less time commuting and are more productive. Empowered, they also feel trusted and more engaged.

Meanwhile, a business can save money on physical space and hardware investments. Additionally, the hiring pool of qualified personnel expands with remote work, and the business can offer its services more globally and flexibly. All that’s true whether the coronavirus becomes an issue for your business or not.

Enabling a remote workforce takes technology. Need help installing and connecting your employees? We can help. Contact us today at 312-600-8357 or help@prodigyteks.com

Do Macs Get Viruses?

by

Many Apple owners believe their Macintosh computers are immune to viruses. Apple itself has run ad campaigns promising its computers “don’t get viruses”. And those who have owned a Mac for years, decades even, are particularly prone to believing. After all, nothing’s happened to them yet. Regrettably, Macs do get viruses, and the threat is growing.

For a long time the argument was that cyber criminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows.

Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.

The research reflects the reality. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by total number of distinct vulnerabilities. Apple TV and Safari also made the list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac malware in 2017 than in any previous year”. By the end of 2017, the cyber security firm had counted 270% more unique threats on the Mac platform than in 2016.

Finding Apple’s Weak Spots

It’s obvious then that bad actors are no longer steering clear. They are actively looking for ways to exploit Macs.

A common approach is to use Trojans. Named after a gift wooden horse that hid an army, Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and open the gates to the cyber criminal.

In 2011, for instance, a Trojan called “Mac Defender” took advantage of people’s desire to protect their computers. The fake program appeared to be anti-virus software. Once the users installed it, they’d get an onslaught of pop-up ads encouraging them to buy more fake software.

Trojans get through the gates because you let your guard down. You are taken in by that supposed note from a long-lost friend. You think you want to see that pic of that famous celebrity. All it takes to stop this type of attack is suspicion of everything you might install or download.

A business would want to educate its employees about the importance of:

  • clicking on emails with care;
  • validating the source of any files they plan to open;
  • checking a website’s URL (being especially wary of those with less common endings such as .cc or .co);
  • questioning any promises of Ray-Ban sunglasses for 90% off or the latest iPhone for $29.99.

A new threat comes from within the Mac App Store, according to Thomas Reed, a Mac security researcher. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Reed found that cyber criminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.

Key Takeaway

Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe.

Find out what you can do to protect your Macs and guard against threats. Partner with a managed services provider to gauge your security levels.

Call us today at 312-600-8357!

Are You Due? What to Do When You Get a Renewal Notice

by

Your business relies on any number of service providers. You’re likely contracting for domain names, website hosting, data backup, software licenses, to name just a few. And that’s only your online presence! So, when a renewal notice comes in, you might just forward it on or file it away for future reference. Here’s what you should be doing instead.

First, when you get a renewal notice, you should confirm that it’s legitimate. This is especially true of domain names. Your business’s domain name and expiration date are publicly available. Anyone could look them up and send you an invoice. Scammers do. They monitor expiring domain names and then send out emails or convincing physical notices telling you it’s time to renew. They are not doing this as a civic service!

Instead, they will be trying to get you to switch your domain services to a competitor or, worse, hoping you’ll pay your renewal fee to their account, which has no connection to your domain.

  • Look out for the following indicators that the notice is a fraud:
  • The price is much more than you’d expect.
  • The deadline is within seven days.
  • You don’t know the business name.
  • This business has never contacted you before.
  • The notice requires you to send a check.

Handling Authentic Renewal Notices

Once you’ve determined the authenticity of the renewal notice, you’ll want to take stock. Putting your licenses or other online services on auto-renewal plans can be easier, but it may not be cost effective. Before re-upping your plan consider:

  • Are you still using this service?
  • Do you really still need it?
  • Do your current needs meet your current plan?
  • Should you upgrade or downsize?

You might also contact your provider directly and ask:

  • Is there a better product available now?
  • Are you eligible for a loyalty discount?

The company you’re dealing with wants to keep your business (hence, the renewal notice). That can give you some leverage in negotiating what you are paying or what service you are getting. You could treat an annual renewal notice as an opportunity to renegotiate terms. It’s not always going to work, but it can be worth a phone call as you try to keep business expenses under control.

Finally, you should pay attention to any deadlines on the renewal notification. Some are sent months in advance. That seems so helpful, but if you put it away to deal with later, before you know it you’ve missed an important date and the service is stopped.

You should always get a renewal notice for something like a domain name. The Internet Corporation for Assigned Names and Numbers (ICANN) requires companies to send reminders approximately one month and one week before your domain name expires.

Don’t leave your renewal to the last minute. With expired domain names, for instance, you can lose your website! Options and fees for renewing domain names, including expired ones, are going to vary, so be sure you know what your subscription involves.

Also, there are bad actors out there who monitor domain expiration to buy them up at bargain prices. Then, when you notice the subscription has lapsed, you have to pay a king’s ransom to get the Web address back. Yes, it can happen to you. In fact, the World Intellectual Property Organization (WIPO) handled a record 3,074 cyber squatting disputes last year.

Avoid being overwhelmed by all the subscriptions and service plans your business relies upon. A managed service provider (MSP) monitors your license and domain expiration dates to ensure your business is current. At the same time, the MSP has the expertise needed to determine what plans best suit your business needs.

Give us a call at 312-600-8357 to enjoy the peace of mind a managed service provider brings!

Don’t Get Hooked by Spear Phishing Attacks

by

Phishing attacks have been around for a long time in IT. Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective. Today, a more modern and more effective version of the same attack is commonly used.

A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users. The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.

By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts. Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack. It’s typically targeted at businesses and their staff.

A Convincing, Dangerous Attack

While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise. The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.

The attacker focuses on building a relationship and establishing trust with the target. By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.

Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.

A Trusted E-mail

The malicious email can appear to come from a vendor you deal with regularly. It may even look like an invoice you are expecting to receive. Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.

Such an attack is very difficult to detect. It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected. Even a single small mistake by an unaware member of staff can compromise your business accounts.

Defending Your Business

The key to stopping a spear phishing attack is education. Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.

Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding. Are you expecting this email? Is the vendor attempting to rush you into a quick decision or transaction? Have you checked all the details are correct and as you expected? Sometimes a simple query to the vendor can protect you against worst-case scenarios.

In many cases, a phishing attack can be halted in its tracks with a strong IT security package. Web filtering prevents malicious emails and links from entering the network, shutting attacks down before any damage can be done.

Good Security Practice

As with many types of IT threat, good security practices help mitigate damage. Locking down security to ensure employees only access the systems they need helps to prevent damage spreading across the network.

Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised. Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.

Give us a call at 312-600-8357 to audit your security practices. It could be the difference that secures your firm against sophisticated spear phishing attacks.

Time to Refresh Your Passwords

by

We often tend to be creatures of habit, particularly when it comes to technology. Passwords are a prime example. Many of us use the same logins for multiple websites and applications because we don’t have a photographic memory. A large percentage of users aren’t aware that this is one of the most significant security dangers they can face online. It has a simple fix too.

Regularly, in the news today, there are stories about major companies being hacked, their customer data stolen, and their customers left stranded. Hackers commonly use data stolen from one site to access others where login credentials have been reused between accounts. In some cases, access to bank accounts has been gained simply by using a compromised email account.

Businesses and individuals can face significant losses simply because a third party outside their control has been hacked or compromised.

The Danger Of Old Passwords

MySpace is a key example of why old and possibly forgotten services pose a security danger when passwords haven’t been regularly changed. Once a thriving popular network, the use of MySpace services declined drastically from 2007 onwards. While many people moved to new social networks, old accounts typically remained abandoned on their servers. Hundreds of millions of accounts remained on MySpace servers many years past the firm’s peak.

In 2016, MySpace suffered a data leak which exposed usernames, emails, and passwords of 360 million user accounts. Shortly after the hack, these details were published online for anyone to see. Many were used to access email accounts, servers, and accounts that shared the same details.

Shared Responsibility

Even if you have never had a MySpace or social media account personally, how many of your employees or coworkers have one or more? Many have had more social media, forum, or game accounts than they care to remember. Have their passwords been updated since 2016?

Your business network protects your systems, work, and intellectual property. For many firms, it’s the single most critical component, the backbone to business operations. Keeping it secure regardless of the number of people, staff or clients using it is a crucial task.

Consider how many people currently have access and how many of those may reuse their password on another website or service. Just reusing your password once can expose you to the hacking of a third party entirely out of your control.

Password Management

Good security practice is to use a unique and strong password for every login you use. A strong password should include, where possible, capital letters, lowercase letters, numbers, and character symbols. Many consider this impractical or even impossible, but it is entirely achievable for every firm.

It is clearly impossible to manually remember a strong password for each one of the dozens of logins needed today. Few would even attempt to. A password manager makes storing, retrieving, and using unique passwords easy.

When using a password manager, an individual is required to remember only one single strong password to access a database which contains a different login password for each service. This database can be synced between multiple devices, saved and backed up to the cloud, and even used to create strong passwords for you.

Strong Protection

Password managers can be used to implement security policies that demand zero password reuse, between services or over time, and set strict limits over the duration a password can last. With the right policies in place, both your business and your employees are protected against attacks from hackers that have compromised third-party sites.

The maximum recommended lifetime of a password for any service is a single year. Make the start of the calendar year the time which you refresh your passwords and start new.

To help keep on top of your security and make sure your firm is safe well into the new year, give us a call at 312-600-8357.

How Losing a Mobile Device Puts Your Entire Business at Risk

by

Losing a mobile phone or laptop is an experience that everyone dreads. The expense and inconvenience of buying a new device are unpleasant, but only represents a fraction of the damage done when a device is misplaced. The cost of data contained within every device can add up to many times more than the total value of the device itself.

Chances are, you already use automatic login on a large variety of online services. Each of these services is vulnerable to an attacker having possession of your device.

Usernames and passwords – An obvious place for an attacker to start is the likely long list of usernames and passwords saved for future use by your browser. This is often done to save time when logging into sites that you visit often. Almost universally, people opt to save login information so that they don’t have to attempt to remember it every time they return.

In only a short amount of time, a browser is trained to log in to your Facebook, cloud storage, and bank details just by visiting the page using your regular device. These details, called up by the browser, are saved in a single list accessible to anyone with access to the device. For an unscrupulous stranger with a found device, this list represents a goldmine of information. Simply by finding a phone misplaced in public, they may gain access to a huge array of services.

The problem can be made many times worse where a single password or a combination of similar passwords have been used across several accounts. In some instances, an attacker need only gain access to a single one and reuse the same stolen credentials across many sites and services.

Email – Email accounts are a key target for attackers looking for access to your personal information. It is a service that many take for granted, logging in once the first time they set up the device and using automatic login every time after. It is a service that also unlocks a great deal more than just private messages. Of course, an attacker having free access to read your personal emails is bad news, but with email access, a malicious user can gain access to many of the most commonly used web services online.

Using the “forgotten password” button on many sites triggers a response that emails a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords to one of their choosing. Doing this both grants themselves access to your account and denies you access to rescue it.

Contacts – One of the best features of instant messaging is that your contacts know the messages come from you. When a message is sent from your device to someone you know it displays along with your name, details, and likely a photograph too. This can lead to identity theft, one of the biggest concerns of a lost or stolen device.

With contact information already programmed in an attacker has an opportunity to impersonate you when speaking to anyone in your contacts list. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.

Social Media – Your social media accounts are often the face of your brand. They can be a primary way to reach out and contact customers. They are almost always the first point of contact a client has with your business. They are also extremely vulnerable to being hijacked from a stolen device.

Fraudulent social media access can allow attackers to harvest both client and business data. Even without profiting directly, posting privileges can be used to cause irreversible damage to a business.

Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer.

We can help you to stay secure and remain in control even in the face of losing a device. Give us a call at 312-600-8357 and let us help secure your business.

ProdigyTeks

(312) 600-8357
159 N Sangamon Street Suite 262
 Chicago, IL 60607

Get Remote Support

Services

FOLLOW US