The State of the Phish Address for 2019 analyzes data from tens of millions of simulated phishing attacks in addition to the results of two surveys given to info-sec professionals and end-users all over the world.
Continue reading
Being a business owner in charge of new IT procedures can be a major pain, especially when it comes to your employees. How often do you experience push back on any significant change to your IT infrastructure or policies? You’re not the only one–many organizations are in the same boat as you, and it can be a difficult situation to be in.
The average employee is either unaware of the everyday IT security threats or what could happen as a result of poor data sharing habits. They probably know a passable amount of password security best practices at the most, and even getting to this point can be difficult.
We aren’t trying to sound negative–it just comes with the territory. You don’t hire your organization’s employees because they are tech-savvy (unless they are your IT department), but it’s still your responsibility to make sure they understand any new security initiative, as well as respond to any initial pushback.
To best illustrate this point, let’s take a look at password security.
Imagine this scenario; your IT provider creates a group policy that forces users to change their passwords every 30 days. Repeating the same password is out of the question, and it has to meet a certain complexity threshold in order to be accepted.
You might think this is a great idea, but your employees are going to spit fire at you the second they find out what’s happened. If they don’t, they will let it simmer on the back-burner, complaining about the new policy to anyone who will listen.
Eventually, you’ll find out about it, but this kind of scenario can quickly become a toxic work environment. You might have your organization’s best interests in mind, but your employees will only see it as an inconvenience.
This might seem on the extreme side, but you’d be surprised by how often this happens. Here are some other topics that might stoke the fire under your employees:
If your employees use their personal devices for work purposes, it’s a best practice to have a BYOD policy in place. Your employees likely will push back against this, but in reality, it’s in the best interest of your network security to have it.
The Internet is a major time-waster, and you might be surprised to see how much time is wasted away by employees streaming video or lurking on message boards. The solution is to block these sites, even if it seems a bit extreme.
Any time you implement a new solution, you’ll experience pushback, even if it’s something like adding an application or moving data to the cloud. Some might adopt the the solution no problem, but others will fight to the bitter end just to keep to their old solutions.
Ultimately, just about anything new is enough to ruffle your employees’ feathers and create some difficult situations. They don’t care that you’re trying to protect your business–even if it’s in their best interest.
The biggest reason why your employees might push back against any change to your IT policies is simple; they want to get their job done as quickly and efficiently as possible, and they see change, whether it’s in the form of a new application or a password reset, as an inconvenience. Something meant to secure your network will look like a roadblock to your employees, and when it gets in the way of them doing their job, of course they will fight back.
It doesn’t matter if you’re trying to improve the company as a whole. Someone on your staff is going to look at the new solution as a disruption of everything they know. Some might even see a BYOD policy or content filter as a sign that they aren’t to be trusted, when in reality it’s just to protect your organization from the possibility of a data breach. There’s only one solution to this goal, and it starts with you, the business owner.
If you want your employees to embrace change, it all starts at the top. Your C-level administrators and managers should also be on-board with any change going on in your workplace. It helps to show employees that they aren’t the only ones who have to abide by the rules–even their boss does. Remember, your job is to make sure your employees know why these solutions have to exist, and you have to remember that you don’t need their permission to do what’s best for your business.
If your business wants to improve network security, WheelHouse IT can help. To learn more, reach out to us at (877) 771-2384.
Network is a word that’s commonly seen in the office environment in many different ways. In particular, you’re likely to hear about network security, network maintenance, social networking, and switches, but what does it all mean?
In this week’s tech term, we’re going to address what a network is and how it works to tie your business together.
A network can be many things, but it’s generally a group of computers or hardware devices that are connected. These devices share information and communicate, allowing resources to be shared between them.
Networks are used for different purposes, but the most commonly found one is for a collaborative office environment. A network can accomplish all of the following:
Perhaps the most well-known and accessible net out there is the World Wide Web. The Internet is the largest net out there, and it shows what can be done with enough computing and enough devices.
No matter how you use a network–whether it’s the Internet or your business’ internal environment–security is a key point that needs to be addressed.
Thankfully, keeping your network secure doesn’t have to be challenging. A quality IT provider like WheelHouse IT can make it much easier to manage IT security for your organization. It all starts by thinking about security in a proactive way.
We offer several solutions that can help you secure your business, including methods to keep your employees well-informed of basic security best practices, regular password updates, infrastructure updates, software implementation like firewalls and antivirus, and implementing a VPN.
WheelHouse IT can help your business optimize security. To learn more, reach out to us at (877) 771-2384.
When it comes to safe surfing, your choice of browser can easily impact your security, as each handles how it informs you whether or not your connection is encrypted differently.
This is especially important to recognize, especially when the Chrome browser will soon run counter to the advice users have received for quite some time.
There are two different kinds of websites that use hypertext transfer protocol to deliver content. The first, HTTP, lacks the security that the “S” in HTTPS signifies. If your URL does include HTTPS, it means that the data that you input into the website is protected by encryption measures, keeping it safe from any prying eyes. Historically, this meant that best practices demanded that a user check for a padlock icon in the URL to be sure their browsing was secure.
However, Google is finally acting on a promise to take the opposite tack and instead label those websites that haven’t taken the time to encrypt their communications with their host server. The hope is that this will pressure websites to adopt HTTPS, especially seeing that Chrome is the most commonly-used browser. This approach has been lauded by security pros.
The remaining three of the big four browsers, Safari, Firefox, and Edge, also have plans to change things about their approach to security, but not all of them have plans to flip the script entirely.
While Firefox will very likely follow in Chrome’s footsteps at some point, as of right now it still subscribes to the “confirming the page is secure” approach.
However, Firefox also alerts the user if a HTTP page contains a login form by displaying a padlock with a strike-through in the URL, and by adding a warning that displays when the cursor moves over one of the fields. There are also plans to make all HTTP pages display the strike-through padlock, no login forms required.
As of yet, Apple has stuck with tradition, in that they will confirm that a website’s connection is secured through a digital certificate and encryption. However, it is also important to recognize that Apple has also taken additional steps to ensure security, albeit different ones.
For example, if a user is on an HTTP page and tries to input login credentials or other sensitive data, the browser will alert them in a similar way as Firefox will, alerts popping up both at the field in question and in the URL bar.
Again, like Apple, Edge only informs a user when a page is protected, although there is the option to access additional information that explains that the user’s connection isn’t encrypted and could therefore pose some risk.
However, this does not extend to input fields on HTTP sites, so you will not be warned before inputting sensitive information into these fields.
In today’s day and age, it is crucial that your business remains secure. Paying attention to the security of the websites you frequent is just one part of that. For assistance with the rest of your cybersecurity, reach out to WheelHouse IT at (877) 771-2384.
Watch the video below and find out why you should fill out this form and start a conversation today.
"*" indicates required fields
