Software Updates Gone Wrong – updating applications and software can often time break a fast website and a restore from backup will be required.
Hardware Failure – incorrect drive information, outages, the drive does not power on, file corruption, etc.
Physical Disasters – hurricane, fire, flood, etc.
Any of these situations can result in a permanent loss of data if you don’t have a backup. We have partnered with Acronis to deliver a reliable and easy-to-use backup solution and cybersecurity solution.
Protect Your Critical Data With Acronis Cyber Backup or Acronis Cyber Protect.Activate 1 Month FREE!
We can all agree 2020 has not been the year we had hoped for last December. Far from it!
From the way we live our daily lives, to the way we shop for groceries or do our jobs, everything has been disrupted. As more and more businesses move their employees towards remote work, online security is becoming an ever-growing concern.
What started out of necessity is turning into a new business model. And this has been the trend for years now.
According to an analysis performed by FlexJobs and Global Workplace Analytics (GWA), a research and consulting firm based in San Diego, California, between 2005 and 2017, there has been a 159% growth in remote work.
This trend has accelerated even more as a result of Covid-19.
According to a recent survey by the Global Workplace Analytics (GWA) and Iometrics, a workplace services firm based in Irvine, California, work from home during Covid-19 has increased from 31% to 88%.
Here at SoftSys Hosting many of our employees work remotely as well. I myself have been working remotely for 10+ years now. While more and more businesses are making the shift towards remote work, we are also seeing concerning increases in online security threats.
With this in mind, we have compiled a list of seven tips you should follow to keep your data secure while working remotely.
7 TIPS TO IMPROVE THE SECURITY OF YOUR DATA WHILE WORKING REMOTELY
ONLINE SECURITY TIP #1: HAVE A CYBERSECURITY POLICY IN PLACE
If you are a business owner, you need to have a data security policy for your organization. Your cybersecurity policy should provide you and your employees’ guidelines on how to keep your data and your customers’ data secure. It should also provide recommendations on how to manage cybersecurity risks.
A good place to start is the National’s Institute of Standards and Technology (NIST) Cybersecurity Framework which includes best practices to help businesses manage cybersecurity risks. The framework has been used by 30% of US organizations, according to Gartner, and the usage was projected to increase to 50% by 2020.
The Cybersecurity Framework consists of five high-level functions that are applicable to risk management in general, including cybersecurity risks. The five core functions depicted are: Identify, Protect, Detect, Respond, and Recover.
Start by assessing your organization’s ability to maintain data security. What data is being collected in your company, how are your data stored by your employees (on local devices, on internal company systems, in the cloud, etc.)?
Ensure that your employees are following workplace security policies. There are some self-evident rules that should be followed in any company (don’t use your work computer to access sites unrelated to your work) but you need to state them in a documented cybersecurity policy.
Once you have documented the policy, share it across your entire organization, and make sure your employees understand and comply with the rules.
ONLINE SECURITY TIP #2: SECURE YOUR WEBSITE WITH AN SSL CERTIFICATE
A Secure Socket Layer certificate (SSL certificate) does exactly that! It will encrypt, or conceal if you will, your data from hackers and bad actors. It’s basically a small data file that will digitally bind an encrypted key to a company’s details.
In addition to encrypting data between your browser and the end server, the SSL certificate will also authenticate the server. In other words, it makes sure that your information is shared with the correct server hosting the website and not with a hacker who tries to steal your information.
While there are some free SSL certificates, such as Let’s Encrypt, we generally recommend a commercial SSL for any website that collects sensitive information. There are several reasons for that, but one good reason is free SSL certificates such as Let’s Encrypt offers no warranty if something goes wrong. All commercial brands will include a warranty. The vetting performed for a commercial SSL is also much more stringent.
At SoftSys Hosting we offer several trusted SSL certificate brands including Comodo, GeoTrust, Symantec and more.
Bottom line, if you collect sensitive information on your website, make sure to protect your customers’ data by using a trusted SSL certificate. By the same token, pay attention what website you and your employees are accessing. These days most browsers will show a warning if a website is not HTTPS secure.
ONLINE SECURITY TIP #3: USE STRONG PASSWORDS
Most of us dread setting up a password. We have so many of them and often times, out of convenience, we tend to either use a common word for a password (like our pet’s name) or use the same password for multiple systems.
According to a study performed by Digital Guardian on password security habits, 10.8% of the responders reuse the same password across all their accounts.
However, I’ve heard of numerous cases where online systems were hacked due to weak passwords. According to a 2020 research by PreciseSecurity.com, 30% of ransomware infections in 2019 were caused by weak passwords.
I myself have been the victim of this when a hacker got into my Netflix account and changed my password. I guess the need to binge-watch Netflix can drive people to do strange things?? Luckily, I was able to fix that issue within minutes and none of my data was stolen.
I got lucky that time. Lesson learned!
Both NIST and the FBI recommend using passphrases over passwords for enhanced security.
“A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage but is generally longer for added security.” NIST Special Publication 800-63 Revision 3, Digital Identity Guidelines
As a business you need to ensure your employees use passphrases or long passwords with at least 8 characters in length, when accessing your systems. And if you have a lot of passwords, like I do, you might want to use a password manager. Some examples of password managers are 1Password, KeePass and BitWarden.
ONLINE SECURITY TIP #4: AVOID CONNECTING TO PUBLIC WI-FI
You can work remotely from anywhere if you have a quiet place and a good internet connection. Access to public Wi-Fi has been an enormous aid to remote employees these days. You can find free public Wi-Fi in coffee shops, restaurants, hotels, sometimes even in outdoor public spaces. But the truth is they’re not always secure. Sometimes though you might have to travel for work, and you might not have any other options but to use a public Wi-Fi.
In those cases, try to avoid Wi-Fi networks that don’t require a Wi-Fi Protected Access (WPA) or WPA2 password. Between the two WPA2 is more secure. You should also ensure that you have logged out from your systems when you finish working.
If you regularly use public Wi-Fi you can have a secure connection, even when using public Wi-Fi, by using a VPN service. A VPN can be configured in multiple ways. One popular way to configure a secure VPN service is as a Remote Client VPN (also known as Remote Access VPN).
This type of VPN configuration will encrypt traffic between your local device and the system/business software that you are accessing. Note that a Remote Client VPN won’t encrypt everything that you access through your computer. Only those specific systems for which the VPN has been configured will be secured.
The VPN will create a secure tunnel all the way, regardless of what Wi-Fi connection you are using.
There are multiple popular VPN solutions like SiteLock VPN, VyOS, Vyatta, OPNSense, and more.
SoftSys Hosting customers can activate a high-speed secure VPN with military-grade encryption. Using our high-speed VPN solution you will be able to:
hide your IP for secure anonymous browsing.
access blocked websites in 40+ countries.
protect your data when using public Wi-Fi.
watch streaming services anywhere & more.
Be aware though that some VPN providers might be the target of cyberattacks themselves. That is the case with unpatched Pulse Secure VPN servers who have been the target of malicious attacks.
ONLINE SECURITY TIP #5: KEEP YOUR COMPUTER SECURE
In today’s technological world we use our computers, laptops, smart phones every single day. In fact, what are you doing right now?
Most of us store work-related information on our local devices: client proposals, website descriptions, accounting information, login credentials, you name it! Hackers, scammers and other bad actors are becoming more and more clever these days. It’s almost as if their only purpose in life is to find new ways to steal your data.
From malware and ransomware to spyware, hackers will try anything to get their hands on your credit/debit cards, PayPal accounts, and other sensitive information.
According to a survey by Positive Technologies in the last quarter of 2019 credit/debit card information made up 32% of all information stolen. In other words, one-third of the information stolen by hackers was payment card information!
What can you do to prevent hackers from gaining access to your sensitive data? Start with an antivirus. Some popular antivirus solutions are Malwarebytes, Avast, and Bitdefender. You should set up regular automatic full system scans using a reliable antivirus solution.
But an antivirus is not enough! It will not protect your computer against malware and other types of malware attacks. You need a solution that’s specifically designed for that.
At SoftSys Hosting we have partnered with Acronis to bring you Acronis Cyber Protect, a security solution that integrates backups, disaster recovery, a next-generation anti-malware and cybersecurity into one single affordable and easy-to-use solution. The Acronis Cyber Protect solution can be enabled on any local computer, mobile device (Android/iOS), Virtual Machine, cPanel/Plesk Web Hosting Servers and more.
Lastly, when thinking about the security of your local computers you should make sure all your software is up to date. Software vendors often time include critical security patches when releasing a new software version. If you use software that’s no longer supported or End of Life (EOL) as it is often called, you are only increasing the risk of getting hacked.
ONLINE SECURITY TIP #6: BEWARE OF SOCIAL ENGINEERING ATTACKS
A social engineering attack is a type of email that aims to manipulate users into giving up sensitive information like passwords or bank account information. It typically aims to create a sense of urgency, fear, or manipulate emotions, and prompts the user to take some sort of action. This action could be clicking on a link or downloading a file on your computer.
Two common types of social engineering attacks are:
1. Phishing – where the attacker pretends to be a legitimate business, like your bank or a popular retailer.
The term “phishing” was first used on January 2, 1996, and it’s an analogy to the popular sport of “fishing” because the attackers try to “lure” users into disclosing sensitive information. Since Covid-19 phishing emails have been on the rise as well.
In April 2020 Google disclosed that they’ve blocked over 18 million phishing emails and malware per day!
2. Email spoofing – is similar to phishing, except the attacker will “spoof” the email header. The email could appear to be from your bank, except the email domain will not be the bank’s email domain. In other words, the sender’s email will not match the sender’s name.
The Ohio Graydon-Toole Group has a great comparison between the two.
As a rule of thumb, your bank will never ask you to provide sensitive information via email. Most of these bad actors also have a lot of grammar errors, so pay attention! Most importantly you can configure an anti-phishing solution. If you use a commercial email service such as Microsoft 365 (formerly known as Office 365) there are multiple solutions available including Microsoft Office Advanced Threat Protection (ATP).
ONLINE SECURITY TIP #7: ALWAYS HAVE A BACKUP PLAN
You should always have at least one backup of your critical data! I cannot reiterate enough how important this is.
Most of us live hectic lives. There are so many things on our daily to-do lists, we often time forget (or ignore) the really important ones. Having an automated backup solution is not something that should be taken lightly!
But I never had a backup before and nothing happened! Why should I get one now!?
I’ve read about and seen countless cases of people losing their data and they would give ANYTHING to get it back. There are some fortunate cases, where they might find an old backup amongst their files, but I’ve also seen situations where everything has been lost.
If you get so unlucky to fall victim to a ransomware attack you might lose years’ worth of work if you don’t have a backup.
At SoftSys Hosting we offer Acronis Cyber Backup both as a standalone solution or bundled with our managed service package. Acronis Cyber Backup is a trusted backup and recovery solution that allows you to configure automated backups with an hourly/daily/weekly/monthly retention. And because backups are incremental you can take more backups without running the usage/costs high.
There was a time when having a website for your business was optional. Today, many businesses can’t afford even a few minutes of downtime when their customers can’t access their site. That means, choosing a reliable web hosting service has become mission critical for most business owners. But that can be easier said than done, given the hundreds of options out there that range from providers , all of which differ in terms of their price and service offerings. But how do you know whether you need to spend $10 a month or $100 when it comes to a web hosting service? We would like to mention here some of the key tips, from business owners and experts alike, about the types of questions and issues you want to think about before deciding where to host your website:
Nobody can guarantee a 100% uptime. Incidents happen and the worst thing for a customer is having their business-critical website down. These are the times when support can truly make a difference. “Support has always been quick with everything and understood what I was asking them meaning they are knowledgeable as well. Never felt like these guys were reading from a script, they are real bonafied human beings and I like that.” says Yves Lacombe a long-time SoftSys customer. That means looking for providers that offer 24/7 support with customer service reps who are available for assistance immediately. SoftSys Hosting support has a stellar background, as we are always willing to go one step ahead in providing a fast and speedy resolution to customer issues.
Most companies buy their .com, .net, .org, etc. versions of their brand name, misspellings, service names, and more. It’s most efficient and convenient for brand management to have these in one control panel and know that you’re not going to lose any traffic. Softsys Hosting offers multiple domain aliases even on basic hosting plans thus allows even the smallest customers to park multiple domains on their plans without any additional charges.
Make sure your web hosting service provides adequate backup. There have been instances when customers mistakenly delete the entire directory of their website. Some have their websites compromised, while some got their account terminated and removed from the server due to payment glitches and came back later expected their account worked as before after making the payment. A regular backup is always able to save from these losses. Softsys Hosting provides multiple backup options including R1Soft and Acronis that offer the ability to restore backups with just a click and bring the website back up within no time. Support also plays a critical role in this time in assisting customer in faster recovery and restoring services with minimal downtime.
The last thing you want your customers to experience is a blank/error message when they type in your URL, so a hosting service with a strong reputation for uptime and redundancy is the one you should be looking for Opt for an uptime guarantee of 99 percent or more.
You might find that some hosting services make it difficult to make changes to your site. If so, avoid them. Make sure the host you choose gives you access to the server so that you can easily create new email accounts, make changes to server settings, etc. Softsys Hosting uses Plesk, cPanel, etc. which provides customers with the ability to have complete control over their hosting account. Almost all the features are available so customers are able to manage hosting themselves without the need to contact support frequently.
Shared Or VPS
For small websites and on a limited budget, customers prefer a shared hosting service, which basically means that your site is being hosted along with dozens of other sites which is why you might pay as little as $7 a month for hosting fees. The downside, though, can be that troubles with one of those sites could lead to problems for all the sites hosted on that . Having a fast website response time is crucial so that your visitors don’t grow impatient and click away and that Google uses page load speed as one of its many factors in determining whether your page will be shown high in search results. That’s why some customers prefer to pay more for access to a Virtual Private Server (VPS). VPS is a bit more complicated to set up, but from as low as $8 a month, customers have a much higher quality web server and faster performance.
While you might be shopping for a hosting service for your small business, you should consider partnering with a service that can scale with you as you get bigger. That can mean that the service offers different tiers of service based on the number of expected visitors you receive each month where, as your business takes off, you can easily upgrade your plan. You must make sure that your service provider – or at least your service plan – are capable of dealing with spikes.
Even if you’re excited about everything your new web hosting service has to offer, make sure you read the fine print about what they will say if you decide to take your business elsewhere. Softsys Hosting offers such services when most of customers are able to cancel their service simply by submitting a cancellation request.
You can often get into surprise elements when moving into the cloud. If you don’t feel confident, find a vendor that you can trust. A good way to evaluate a vendor is getting recommendations. Going through reviews or asking for client recommendations are also a good way to proceed. Once you’re there, ask for a detailed bid – you’re less likely to run into surprise costs.
Dividing The Overall Tasks
Cloud migration is a daunting task involving almost every business function and not everything can be stopped in case any issues come up during the migration process. Therefore the best approach for a business is to build in milestones where it would be possible to temporarily stop the migration for whatever reason.
Everybody will agree here that cloud is considered a reliable and secure place to store data, but contrary to this, the migration process isn’t easy if you don’t have the right kind of developers/experts to channel you through the process. Every service provider offers a certain set of tools to guide you through the process so that you can do it manually, however finding the right team will save you both time and money.
By migrating your business to the cloud, you open it up to anyone with online access. One should carefully plan and place necessary tools to enhance the security aspect of the cloud platform specially from the user devices.
Know How It Works First
It is important that you know the platform inside out. Don’t move or use the cloud until you fully understand what is involved and how it works. It’s better to have a clear picture before you put your business into something you are not fully aware how it works, including how your information can be secured.
Consider The Application You Want To Use
Not every cloud application fits all. Depending on your cloud strategy and business objectives, the application might only solve certain parts of your migration or needs and not be flexible enough to transfer all of your intended data. Compare cloud applications. Weigh the costs, security, flexibility, storage, and the efficiency of the application before you decide to go with a specific solution.
Manage Every Step Of The Process
Migrating to the cloud is a big step and one that can have some positive effects on your business. However, such a major change also carries some risks with it. Do not think of it as flipping a switch and making the change all at once. Nor should you put all the responsibility on the shoulders of the cloud vendor. Take steps of your own to stay organized and maintain security.
Make Multiple Backups
We cannot stress this enough. Always copy your critical applications to cloud backups drives. The best strategy is to set up automated backups to multiple locations. These backups can and will save your business one day.
Since COVID-19 became a global pandemic and steps were put in place to contain its spread, more and more people have been forced to work from home. This transition requires many changes in how individuals and organizations operate and communicate, especially in terms of using computers, personal devices, and specific software that enables remote work.
At the same time, cybercriminals recognize that attacking home users is much easier as they are typically less secured outside their office, where security policies and measures are enforced (at least at some level). Yet to do their jobs, these remote workers need to connect to various servers and access and create confidential, sensitive documents and data from their less-secure home office environment.
The risk of losing important data or being compromised becomes much greater at home. That is why every remote worker should be prepared to secure his remote workspace. Here are five recommendations for securing a home office.
1. Use a VPN
Whether you are connecting remotely to company resources and services, or you are just browsing web resources and using telecommunication tools, use a Virtual Private Network (VPN). VPNs encrypt all of your online traffic to prevent hackers from capturing your data in transit.
If your company has a VPN practice, you most likely will get instructions from your admin or MSP technician. If you have to secure your working place yourself, use a well-known, recommended VPN app and service – they are widely available in different software marketplaces or directly from vendors. If you are in need of secure VPN, get in touch with us and we will help you with it.
2. Be wary of phishing attempts
As a topic, COVID-19 is already being widely used in all types of phishing attempts – and the number of such malicious activities will only grow. Every remote worker needs to prepare for the increase in phishing attempts by understanding and recognizing the threat.
Themed phishing and malicious websites appear in large numbers every single day. These typically can be filtered out on a browser level, but if you have a cyber protection solution installed on your work laptop or your company’s MSP delivers that protection with a solution like Acronis Cyber Protect Cloud, you are also secured by dedicated URL filtering. The same functionality is also available in endpoint protection solutions, although in Acronis Cyber Protect we have a special category related to public health which is updated with higher priority.
Of course, those malicious links have to come from somewhere, and they are typically delivered in instant messages, emails, forum posts, etc. Do not click any links you don’t need to click on, and always avoid those that you did not expect to receive.
These attacks also use malicious attachments to emails, so always check where an email really comes from and ask yourself are you expecting it or not. Before you open any attachment, be sure to scan it with your anti-malware solution, such as Acronis Cyber Protect Cloud.
It also helps to remember that the information you really want regarding COVID-19 or similar pandemics can be found from official sources like the World Health Organization (WHO), your national ministry of health, and state/local government agencies. Refer to those official agencies rather than opening links or emails from unknown sources.
3. Be sure to have good anti-malware up and running properly
Having a good anti-malware solution installed is a must nowadays. With Windows, where the majority of threats are targeted, the built-in Windows Defender makes it easier. It does a good job of stopping threats, although it still cannot match the top anti-malware products from security vendors.
Acronis Cyber Protect Cloud delivers many well-balanced and finely tuned security technologies, including several detection engines, so we would recommend it to use instead of an embedded Windows solution. Simply having an anti-malware defense in place is not enough, however. It should be configured properly, which means:
A full scan should be performed at least once a day
A product need to get updates daily or hourly, depends how often they are available
A product should be connected to its cloud detection mechanisms, in the case of Acronis Cyber Protect to Acronis Cloud Brain. It is active by default but you need to be sure that the internet is available and not accidentally blocked by anti-malware software.
On-demand and on-access (real-time) scans should be enabled and adjusted for every new software installed or executed.It is also important that you do not ignore messages coming from your anti-malware solution. Read these carefully and, if you use a paid version from a security vendor, be sure that license is active.
4. Patch your OS and apps
Keeping your operating system (OS) up to date is crucial, as a lot of attacks succeed due to unpatched vulnerabilities. With Acronis Cyber Protect, you’re covered with embedded vulnerability assessment and patch management functionality. We track all identified vulnerabilities and released patches, which allows an admin or technician to easily patch all their endpoints with a flexible configuration and detailed reporting.
Acronis Cyber Protect not only supports all embedded Windows apps, but also more than 40 third-party key popular apps including all telecommunications tools like Zoom or Slack, and a lot of popular VPN clients that are used to work remotely. Be sure to patch high-risk vulnerabilities first and use success reports to confirm that patches were applied properly.
If you don’t have Acronis Cyber Protect and do not use any patch management software, it is much harder. At a minimum, you need to be sure that Windows gets all the updates it needs and they are quickly installed – users tend to ignore system messages, especially when Windows asks for a restart. Ignoring these requests is a big mistake.
Also, be sure that auto-updates to popular software vendors like Adobe are enabled and such apps like PDF Reader are also updated promptly.
5. Keep your passwords and workspace to yourself
While this step has been mentioned many times as the top piece of security advice, during the response to COVID-19 it is doubly important to ensure your passwords are strong and known only to you. Never share passwords with anyone, and use different and long passwords for every service you use. Password management software makes this easier. Otherwise, an effective approach is to create a set of long phrases you can remember. And when we say long, we mean long, since the old eight-character passwords are easily opened by brute-force attacks now.
Also, even working from home, do not forget to lock your laptop or desktop and limit access to it. There are many cases when people can access sensitive information on a non-locked PC from a distance. Don’t assume you are protected simply because you are not inviting anyone you don’t know or trust into your home office.