Are Your Remote Workers Using Faulty Devices?

When did you last check if everything was okay with the devices your team uses when they work remotely? According to a report by EuroPC, 67% of remote workers are using faulty devices for work. And the reason?

They’ve likely damaged the device themselves and are too scared to tell you!

Laptops, keyboards, and monitors are most likely to be damaged (in that order). And it’s usually because of food or drink spills … though some blame their partners, children, and even their pets.

Using a device that doesn’t work properly is a problem.

First, it’s going to damage your team’s productivity. Tasks might take longer or be more difficult to complete. Employees who try to fix the problem themselves risk causing further damage. But the other issue is that of security.

In some cases, your people will stop using their damaged company-issued device and use a personal device instead, which puts your data at risk because their personal devices won’t have the same level of protection as your business devices.

It also means that if they’re connecting to your network, it might not be a safe connection, potentially leaving the door open for cybercriminals.

And because your IT partner may not monitor personal devices, they won’t spot an intrusion until it’s too late.

Our advice? Make it a routine to check that everyone’s happy with their devices. And have a policy that they won’t get in trouble for accidental damage, so long as it’s reported immediately.

If you need help replacing your organization’s hardware, contact Yeo & Yeo Technology.

Information used in this article was provided by our partners at MSP Marketing Edge.

Email is a foundational communication tool for every business. Unfortunately, it’s often the source of cyberattacks. Ensuring your organization’s email security is ready for hackers’ new methods is paramount to keeping data safe. Here are some of the most common email-based cyberattacks and how to protect against them.

Malicious Attachments

The use of attachments to spread malware is still a favorite of hackers. They often combine this form of social engineering with other techniques. The scenario seems legit because the receiver was expecting it. However, one click to download, and the hackers can penetrate your network and steal sensitive information.

How to Protect Against It

You’ll need an email protection feature that scans attachments in real time. Additionally, a solution that flags suspicious emails is valuable. Such a feature can automatically remediate potential threats based on preconfigured actions.

Phishing Attacks

Protecting email from opportunists has become more complex since the pandemic. Phishing attacks are no longer easily detectable based on misspellings and obvious “scam” language. These more sophisticated deployments impersonate companies, vendors, and colleagues believably. One example is supply chain phishing. Companies are reaching out to new sources for materials and products. A supplier’s website may be labeled as “trusted,” but it’s really a spoofed site.

How to Protect Against It

Phishing email detection will also benefit from the flagging feature mentioned above. Another tool to use is link protection. This functionality prevents users from accessing sites blacklisted as phishing sites or having malicious code. If your user clicks, the technology checks the reputation of the page. If unknown, it completes a real-time scan. Users then receive warnings if the feature marks it as suspicious.

Another critical aspect of mitigating phishing is ongoing employee training. Make this part of your culture so that employees can recognize these attempts. Most research on cyberattacks points to humans as the weakest link. Therefore, continuously educating and informing your people is crucial.

Ransomware

A survey from 2021 found that 51 percent of U.S. companies suffered a ransomware attack in the year prior. Most of those were SMBs. In all, there were 304 million attacks in 2020.

The increase in these attacks demonstrates that hackers are often successful. Money motivates ransomware attacks. They also see an opportunity with SMBs that don’t have the same advanced security layers as larger companies. Again, email can be a way in for these criminals.

How to Protect Against It

SMBs should upgrade their email system to gain the same robust protocols as enterprises. Securing the email channel from viruses, spam, malware, and targeted attacks is essential. A trusted technology partner can provide this to you affordably and deploy it.

Outbound Email Leakages

With the shift to remote or hybrid workforces, email usage is up for many companies. Sending attachments that contain confidential or proprietary information is, as well. However, just sending a document like this as an attachment could be risky.

Developing protocols on what is acceptable is good, but having a process still may not prevent problems. You need technology to make sure everyone follows it, without exception. This is even more urgent for highly regulated industries like healthcare and finance.

How to Protect Against It

The best way to mitigate intentional or accidental leakage is with email encryption for outbound messages. It monitors email content to identify anything that appears confidential. It also tracks the distribution of the content. You prescribe the policies for the feature to meet your regulatory environment.

Another way to protect against this is to keep documents in a secure file share system. By doing so, the data never leaves this secure ecosystem. You may consider including this to keep confidential content out of emails.

Email Security with an Easy Interface

Having an email protection solution doesn’t have to be cumbersome or expensive. With an intuitive interface, you can achieve the control you want. Contact Yeo & Yeo Technology to learn more.

Information used in this article was provided by our partners at Intermedia.

If you’re responsible for managing your organization’s fixed assets, you understand the challenge of efficiently accounting for inventory and tracking everything. This high-priority task leaves little room for inaccuracies as the cost of getting it wrong can add up in a big way.

In today’s competitive market, it is more important than ever for companies to minimize their compliance risks by properly depreciating their fixed assets. If a company does not know what fixed assets it has on the books, it will soon have a complex and time-consuming problem.

What are ghost and zombie assets?

Failing to adhere to correct depreciation schedules can create ghost and zombie assets. Ghost assets are visible on the balance sheet but can’t be physically located, while zombie assets exist within the company but aren’t added into a depreciation schedule.

Ghost assets can result in false decreases in tax liability and compliance standard violations. Zombie assets can cause companies to overpay on property taxes and insurance costs.

Both ghost and zombie assets arise from improper tracking of fixed assets. Managing fixed assets on spreadsheets, while commonplace, leaves you more susceptible to ghost and zombie assets as it doesn’t provide real-time visibility and relies on error-prone manual data entry.

Like virtually every other business challenge, technology through digital transformation offers a solution. Adding fixed assets software to your existing ERP or accounting system can automate your asset tracking to help you easily plan, depreciate, track, and report.

Below are five ways technology can mitigate the risks of ghost and zombie assets.

Inventory management

To support optimal management, fixed assets should be inventoried regularly using a consistent method at every business location. A fixed asset management solution includes built-in quality and accuracy checks to assist with physical inventories and managing data in one central location. The accounting and facilities departments and any other stakeholders should be able to easily access inventory data to establish a system for conducting inventories, as well as creating new assets in the fixed asset management system upon purchase. In this way, both the facilities team and fixed asset accounting managers can be confident that ongoing operational procedures will result in the most accurate information possible in the companywide fixed asset management system.

Asset tagging

If your organization owns multiple fixed assets that are nearly identical, it can be easy to dispose of the incorrect asset when assets are being retired. The best practice is to tag each asset with a unique identifier in the form of bar code labels. This provides the additional advantage of speeding up the inventory process through handheld technology that can scan and record each bar code in seconds. Labels are an essential aspect of fixed asset management that is often overlooked. Due to environmental requirements, bar code necessities, and custom printing needs, your solution should offer a variety of labels that can be printed on-demand to meet your specifications.

Tracking and depreciating fixed assets

Using a spreadsheet, essential data and details about assets can be difficult to manage. Tracking disposals, transfers, labor, locations, materials, and capital investments, as well as generally accepted accounting principles (GAAP), are examples of the key information you’ll want to easily access and filter on one platform for a pulse on self-constructed assets. Digital tracking allows you to customize the specific data points you’d like to track through automation, saving you the time it would take to search manually and facilitating a confident analysis. Robust solutions allow you to create custom depreciation methods, so you can track hundreds of different types of assets comprehensively and in real-time, in most cases.

Workflow integration

Many stakeholders feed into the fixed asset management process, and your solution should support this level of collaboration. Spreadsheet formulas can break when passed from one employee to another, or improper cell reference can lead to inaccurate values. These inaccuracies can then lead to bigger problems.

A centralized repository of asset, lifecycle, and performance data as part of your fixed asset management solution can help resolve these data challenges. Integration with your organization’s purchasing or accounting software adds another layer of control and simplicity. Purchasing data is automatically loaded from one business stream to another, reducing human error and ensuring accuracy at each touch point. An integrated accounting and fixed asset reporting system eliminates the need to duplicate entries or export data between systems.

Project management

As time progresses and assets need to be replaced (or depreciated), you’ll want to start planning for the budget and other resources, especially if you have multiple locations. This allows you to track assets through the entire life cycle and reduce the risk of zombie assets from conception.

Conclusion

Manually managing fixed assets can eat up a considerable amount of staff time that could be better invested elsewhere. A dedicated solution, such as ERP Software, can provide real-time visibility into your fixed assets and protect your organization from excess loss and avoidable risk.

Information used in this article was provided by our partners at Sage.

The United States FBI has warned that scammers on LinkedIn are a “significant threat,” CNBC reports. Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento field offices, told CNBC in an interview that cryptocurrency scams have been prevalent recently.

“This type of fraudulent activity is significant. There are many potential victims, and there are many past and current victims,” Ragan said. “Cybercriminals are always thinking about different ways to victimize people and companies. And they spend their time doing their homework, defining their goals and strategies, and the tools and tactics they use.”

LinkedIn stated in a blog post last week, “While our defenses catch the vast majority of abusive activity, our members can also help keep LinkedIn safe, trusted, and professional. If you encounter any content on our platform you believe could be a scam, be sure to report it so our team can take action quickly. This includes anyone asking you for personal information, including your LinkedIn account credentials, financial account information, or other sensitive personal data. We also encourage you to only connect with people you know and trust. If you’d like to keep up with someone you don’t know but that publishes content that is relevant to you, we encourage you to follow them instead.”

LinkedIn also offered the following red flags to watch for:

• “People asking you for money who you don’t know in person. This can include people asking you to send them money, cryptocurrency, or gift cards to receive a loan, prize, or other winnings.”
• “Job postings that sound too good to be true or ask you to pay anything upfront. These opportunities can include mystery shopper, company impersonator, or personal assistant posts.”
• “Romantic messages or gestures, which are inappropriate on our platform, can indicate a possible fraud attempt. This can include people using fake accounts to develop personal relationships and encourage financial requests.”

Don’t get scammed by social media attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. New-school security awareness training can teach your employees to follow security best practices, so they can avoid falling for social media attacks.  

This article was provided by our partners at KnowBe4.

According to new research, four in five malware attacks delivered by encrypted connections evade detection. And since two-thirds of malware is now arriving this way, it has the potential to be a big problem for your business.

This type of threat has already hit record levels and continues to grow. So, if you don’t yet have a response and recovery plan in place, now’s the time to create one.

It sits alongside your cybersecurity software protection and regular staff training. The plan details what you do in the event of a cyberattack.

Having the right plan in place means all your people will know how to sound the alarm if something is wrong. It ensures downtime and damage are kept to an absolute minimum.

The faster you respond to an attack, the less data you should lose and the less it should cost you to put things right.

Of course, you should also follow the usual security guidelines, ensuring that updates and patches are installed immediately, and regularly checking your backup is working and verified.

Businesses that don’t place high importance on their own cybersecurity planning are the ones hit hardest by such an attack.

Can we help you create your response and recovery plan? Contact Yeo & Yeo Technology today.

Information used in this article was provided by our partners at MSP Marketing Edge.

Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, informing them that their account was put on hold.

“Intuit has recently received reports from customers that they have received emails similar to the one below,” the company said in an alert. “This email did not come from Intuit. The sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit. Please don’t click on any links or attachments, or reply to the email. We recommend you delete the email.”

If a user has clicked on a link or downloaded something from the email, Intuit offers the following recommendations:

• Delete the download immediately.
• Scan your system using an up-to-date anti-virus program.
• Change your passwords.

The phishing emails appear convincing and contain good grammar, stating, “Dear Customer, We’re writing to let you know that, after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account. If you believe that we’ve made a mistake, we’d like to remedy the situation as soon as possible. To help us effectively revisit your account, please complete the following verification form. Once the verification has completed, we will re-review your account within 24-48 hours.”

The email contains a button that says “Complete Verification.” If a user clicks this link, they’ll either be asked to download a malicious file or taken to a site designed to steal their information. Intuit notes that users can verify if they’ve received a legitimate email from Intuit by signing into their account and checking to see if they’ve received the same message online.

Be Proactive – Don’t Wait to Fall Victim!

Cyberattacks are likely taking place every day on your business, with email responsible for 91% of all attacks. Small to mid-size companies are the prime target and most vulnerable.

Our 13 Ways to Protect Your Business Against Cyberattacks checklist, provides steps to improve your cybersecurity. Developing a comprehensive cybersecurity program that includes a plan for educating your workforce is the best defense.

This article was provided by our partners at KnowBe4.

If you’re reading this, you’ve already heard ‘digital transformation’ somewhere. In a nutshell, this refers to an organization adopting digital technology to improve efficiency, add value, and drive innovation across the business.

Every organization moves at its own speed when rolling out new tech. An organization’s digital transformation strategy is a plan of action to reposition itself in the digital economy. Like the world we live in, customer habits are constantly evolving—so too should the way companies operate if they want to keep people engaged and stay successful.

Getting human buy-in for digital transformation

Winning businesses innovate, tapping into emerging technology to change how their employees work. But for a truly successful transformation, you need buy-in from the top down.

To help your coworkers understand the need for innovation, take a practical approach using examples like buying groceries or fueling up a car. Most people don’t realize that they’re interacting daily with BOTs that use RPA, ML and AI, paying with NFC, and doing so from the Digital Operating Platform (DOP) that they hold in their hand.

Wait a minute. What does all that mean?

That is a pretty wordy statement, so let’s break it down.

• A BOT is a software program that performs repetitive tasks. BOTs are used to take orders, such as an order for Starbucks that we place on our phones.

• Through AI—Artificial Intelligence—the BOT may also suggest or ask if you want to order something additional such as “Egg bites are frequently ordered with this coffee. Would you like to add them to your order?”
• Through ML (machine learning), the BOT might say, “Last time you purchased a croissant, would you like to add this to your order?”

Ask your team to use personal buying experiences to relate back to your organization’s customer buying experience and how it can be improved through technology. That’s the key to understanding the tech, the benefits it might have, and the direct correlation it might have with your customers.

Dream it, then do it

Getting staff to envision better, more efficient ways of working will help propel your business forward with your digital transformation projects, no matter the size.

The hardest part? Getting everyone in the organization comfortable with the change in processes. The move from the way things have been done for years to a more efficient, happier place to work.

The International Data Corporation (IDC) reports that digital transformation initiatives led, on average, to a 14% financial uplift during the pandemic.

Empowering people with the knowledge they need to use emerging technologies is a big deal for organizations investing in digital strategies. That covers everything from taking manual administrative tasks and automating them to free up valuable resources to streamlining processes that create more time for strategic activities, like revenue generation and cost mitigation.

Above all, it gives employees something priceless: the sense of empowerment and self-worth that comes with knowing they can use technology to amplify their impact on your organization.

Information used in this article was provided by our partners at Sage.

Many companies are using hybrid work models instead of expecting employees to go back to the office full-time. With a hybrid model, business leaders can realize the benefits of both in-office and remote work.

Here’s a look at the hybrid work model and what employers can do to support a more flexible workplace.

What Will Hybrid Work Look Like?

A hybrid work model refers to any model that involves a combination of in-office work time and work-from-home time. The specifics of your model will depend on several factors, such as office space, what your employees prefer, and how many staff members you need in the office.

Here are some questions to consider when creating your business’s hybrid model:

• Will employees come to the office on a set number of days, such as two days in the office and three at home?
• Are those days fixed, or can they change each week?
• Are there specific requirements for meetings, or will your company offer the flexibility of virtual meetings, giving your employees more agency over where they work?
• How will these changes impact scheduling if your organization cuts back on office space? Will employees have to follow a staggered schedule so that there are never too many people in the office?

5 Ways Employers Can Support Hybrid Workers

A hybrid work model doesn’t guarantee a productive, engaged, and efficient workforce. Employers need to take action to ensure all employees are supported.

1. Talk to your staff to find out what their preferences are. Just because global and national surveys say that a certain percentage of employees want two or three days of remote work doesn’t mean that’s what your employees want. Take an in-house survey to determine where your team stands on the remote work debate.
2. Set clear goals. Make clear what’s expected in terms of productivity, in-person and virtual participation, and check-ins.
3. Onboard new employees. While your existing team may be remote-work pros at this point, your new employees may need help adapting to a hybrid work model. Create a system for onboarding new employees. For example, put together training material on remote work best practices and cybersecurity essentials, meet with new employees every day for an initial period and invite feedback on your organization’s model.
4. Provide resources for remote employees to keep them engaged and ensure they have the proper setup at home. Ergonomic office furniture, suggestions on privacy and quiet time, and secure hardware can all help to boost productivity.
5. Support your employees with the right tools. With cloud communications technology, collaboration and productivity will be seamless whether employees are at home, in the office, or working in another location.

Here are some of the essential tools for hybrid work:

• Cloud-based phone system. With VoIP technology, calls are sent via the internet. Employees can make calls from anywhere they have an internet connection – they don’t have to be in the office to make and receive business calls.
• Unified communications. A UCaaS solution streamlines communication by housing all of your tools in one platform and integrating data. Video conferencing, phone, chat, and file sharing all happen from one place.
• Contact center software. If you have contact center agents, use a cloud-based contact center solution to empower them to work from wherever.

Find Your Hybrid Happy Medium

Hybrid work models are a balance between remote and in-office. When done well, they provide the structure and social interaction that comes with working in an office and the agility and independence of working from home. As your organization establishes a post-pandemic work model, be flexible with the details until you hit the perfect balance for your teams.

Information used in this article was provided by our partners at Intermedia.

A few years ago, companies thought very little about video conferencing. It was nice to have and used by some progressive companies with remote workers. Now, it’s one of the most valuable pieces of technology a business has. With the shift to either fully remote or hybrid work, a video conferencing solution must meet today’s needs.

Determining which platform is right for you depends on reliability, security, features, and cost. A key consideration is implementing something that will work for you today and in the years to come.

Assessing Your Needs

Before you go to the market to see what’s available, you’ll benefit from a needs analysis.

• Accessibility: Do workers need to use it on any device and from anywhere?
• Budget: What are you comfortable spending on the solution?
• Usage: Will you use it for company-wide meetings, smaller department sessions, webinars, customer calls, etc.?
• Features: What are the must-haves that will make the tool valuable?
• Users: How many will you have? Will there be anticipated monthly meetings?
• Security: What are any concerns you have about this channel of communication?
• System configuration: Will it be part of a unified communication(UC) platform or a single application?

Once you answer these questions, you can begin to compare offerings. In doing so, there are some key things to prioritize.

Video Conferencing Should Provide an Easy User Experience

Ideally, you’ll find a solution that requires no training. Starting and joining sessions should take seconds with one click. Users can participate on their desktop with a headset or mobile device with no issues.

Screen Sharing and Annotation Plus Meeting Notes

In addition to screen sharing, screen annotation supports better collaboration. This feature is beneficial if you need to work on a document or detail the next steps. Further, having a notes feature makes follow-up simple. The system captures notes in real-time. Post-meeting, all attendees receive a copy.

Integrations Provide a Streamlined Process

Depending on your tools, most video conferencing solutions can integrate with Outlook, G-Suite, Slack, Microsoft Teams, and other comparable applications. Having the ability to connect programs will be a time-saver for busy employees.

Added Features That Deliver Value

Several additional features that not all platforms provide may be vital to your business.

• Can the meetings be recorded?
• Does the platform have the ability to transcribe?
• Are there remote control options that allow participants to control a keyboard or mouse?

Security Shouldn’t Be an Afterthought

Security should be a priority in implementing a platform. Be sure to evaluate products based on their adherence to regulations and best-in-class data security measures.

Reliability Means Everything

A video conferencing solution can have all the bells and whistles, but it won’t mean much if the system is unreliable. Ask providers questions about their uptime availability and support capabilities should problems arise.

Explore YeoVoice powered by Elevate

In implementing a video conferencing system, you want one that checks all the boxes and is easy to use and affordable. That’s what you’ll find with YeoVoice. Contact us to learn more and schedule a demo.

Information used in this article was provided by our partners at Intermedia.

How does speech recognition work?

Software breaks down your speech into individual sounds, then analyses them using algorithms to find the most probable word that fits. It will also look at sentence structure that humans typically use.

How can I make my passwords more secure?

Use a password manager. It will generate and store strong, random passwords for all your accounts. We can recommend the best one for your business.

Is a paperless office better for security? 

While paper documents are impossible to steal remotely, there’s no chance of recovery once they are lost. Go paperless and invest in a good backup. Just make sure your IT partner is regularly checking it’s working correctly.

Information used in this article was provided by our partners at MSP Marketing Edge.

The Verizon Business 2022 Data Breach Investigations Report (2022 DBIR) examines an unprecedented year in cybersecurity history and sheds light on some of the leading issues affecting the cybersecurity landscape. 

Of particular concern is the rise in ransomware breaches, which increased by 13 percent in a single year – representing a jump greater than the past five years combined. As criminals look to leverage increasingly sophisticated forms of malware, ransomware continues to prove particularly successful in exploiting and monetizing illegal access to private information.

Where once threat groups would use ransomware to encrypt a victim’s data and refuse to release the decryption keys unless the ransom was paid, they now are getting deeper into extortion. This includes exfiltrating the data and threatening to release it publicly, wiping storage drives clean unless demands are met, or going after a victim’s customers.

Organized crime also continues to be a pervasive force in cybersecurity. Roughly 4 in 5 breaches can be attributed to organized crime – with external actors approximately four times more likely to cause breaches in an organization than internal actors.

Heightened geopolitical tensions also drive increased sophistication, visibility, and awareness around nation-state affiliated cyberattacks.

In a finding that exposes the cost of human influence, people remain – by far – the weakest link in an organization’s cybersecurity defenses. Twenty-five percent of total breaches in the 2022 report resulted from social engineering attacks. When you add human errors and misuse of privilege, the human element accounts for 82 percent of analyzed breaches over the past year.

In today’s day and age, security awareness training is a vital tool to educate employees and build a human firewall capable of decreasing the chances of human error and preventing cyberattacks. Interested in learning more about our security awareness training solutions? Contact Yeo & Yeo Technology.

Sources: https://www.theregister.com/2022/05/26/verizon-cybersecurity-report-ransomware/

https://www.verizon.com/about/news/ransomware-threat-rises-verizon-2022-data-breach-investigations-report

Many U.S. cyber insurers dramatically increased their rates in 2021, alarmed by increased cyberattacks that struck companies worldwide and drew the attention of national governments. Data from regulatory filings and collated by rating agencies shows that among the largest insurers, direct written premiums rose a whopping 92%, while direct loss ratios fell slightly.

Insurers significantly increased premiums for cyber coverage throughout 2021, as a string of high-profile attacks and government action helped boost demand for products, data collected by industry bodies shows. Analysts say the increase primarily reflects higher rates rather than insurers expanding the amount of money they are willing to cover.

Cyber insurers are also taking a tougher line on would-be clients, demanding security measures such as multi-factor authentication and more sophisticated endpoint protection, brokers say.

Although insurance qualification standards vary depending on the industry and the organization’s size, providers will typically look at a company’s internal controls to determine whether they want to offer coverage. Like many other forms of insurance, the better controls your company has, the better rates you will receive. Examples of cybersecurity controls include:

• Data encryption and backup
• Continuous vulnerability testing and remediation
• Employee security awareness training
• Patch management
• Anti-malware defenses
• Wireless device control

Is Your Business Protected?

Although cybersecurity insurance is a nice safety net, most companies never want to use it. Studies show that many small and medium-sized businesses won’t recover from a data breach, and those that do will have to overcome severe setbacks.

Organizations need to determine whether they have the breadth of knowledge necessary to implement their own controls or whether they can acquire the right internal expertise. If the answer to both is “no,” outsourcing to an MSP is the right move. Contact Yeo & Yeo Technology to learn about our managed services.

Information used in this article was provided by our partners at SentinelOne and KnowBe4.

Researchers at Netskope have observed a 450% increase in phishing downloads over the past twelve months, driven mainly by attackers using SEO (search engine optimization) to improve the search engine ranking of malicious sites. Most of these downloads were malware-laden PDF files.

“The top web referrer categories contained some categories traditionally associated with malware, particularly shareware/freeware, but were dominated by more unconventional categories,” Netskope says. “The ascension of the use of search engines to deliver malware over the past 12 months provides insight into how adept some attackers have become at SEO. Malware downloads referred by search engines were predominantly malicious PDF files, including many malicious fake CAPTCHAs that redirected users to phishing, spam, scam, and malware websites.”

Additionally, the researchers found that attackers are increasingly hosting their malware in the regions they’re targeting, which improves their chances of success.

“The report also found that most malware over the past 12 months was downloaded from within the same region as its victim, a growing trend that points to the increasing sophistication of cybercriminals, which more frequently stage malware to avoid geofencing filters and other traditional prevention measures,” Netskope says. “The findings reveal that attackers tend to target victims in a specific region with malware hosted within the same region. In most regions, the plurality of malware downloads originated from the same region as the victim. This is especially true for North America, where 84% of all malware downloads by victims in North America were downloaded from websites hosted in North America.”

Ray Canzanese, Threat Research Director at Netskope, stated, “Malware is no longer confined to traditional risky web categories. It is now lurking everywhere, from cloud apps to search engines, leaving organizations at greater risk than ever before. To avoid falling victim to these social engineering techniques and targeted attack methods, security leaders must regularly revisit their malware protection strategy and ensure all possible entry points are accounted for.”

Security awareness training can give your organization an essential layer of defense by teaching your employees to follow security best practices.

Information in this article was provided by our partners at KnowBe4.

Are your servers, your systems and your network all in-house? Or have you – like countless other businesses – moved everything over to the cloud?

Migrating your business systems to the cloud can be a big and scary process. Then why are we seeing so many companies doing it?

It’s simple – there are many benefits.

First, it saves you money. You only pay for the data you need rather than having a little more just in case. And it means that your systems won’t hold you back as your business grows.

But then there’s the security aspect too. When you migrate to cloud services, you benefit from a higher level of protection against data breaches and theft. Cybersecurity aside, if you had a disaster in the office, such as a burglary or a fire, you know your data is safe.

Of course, it’s a tricky process, and there’s a lot of planning involved. But if you’re working with an expert to make the transition, you can rest assured things will go to plan.

Our technology professionals can help you on your journey to migrate to the cloud. Contact Yeo & Yeo Technology today.

Information used in this article was provided by our partners at MSP Marketing Edge.

Microsoft has introduced a new commerce experience (NCE) for license-based services. The new commerce experience offers partners more flexibility and capabilities when purchasing and managing products like Microsoft 365, Dynamics 365, Windows Intune, and other services that have been available for years.

These changes came in January of this year, and as of March 10, 2022, all new subscriptions are provisioned in NCE. As of July 1, 2022, any renewals must be renewed in NCE. If your renewal date is 7/1/22 or after, you will be made aware of the changes to renew through NCE upon this next renewal.

Key Differences Between CSP and NCE Licensing

• Pricing – There will be no changes to pricing unless you choose to have a month-to-month plan. In CSP (the legacy licensing), you could pay monthly or annually, and it was the same cost overall. With NCE, if you opt to stick with monthly, there is a 20% premium charge.
• Cancellation Options – In CSP, we could offer a prorated refund on any cancellations at any time. With NCE, you receive a prorated refund only within the first 72 hours of the subscription purchase or renewal.
• Trials – In CSP, there was a manual conversion to a paid subscription. In NCE, you get auto-converted to a paid subscription.
• Terms – In CSP, it was always annual terms, even if you paid monthly. In NCE, you can opt for monthly, annual, and multi-year.

Before the renewal date of your current CSP, your Yeo & Yeo Technology Account Manager will reach out to discuss your options and create an appropriate plan that meets your organization’s needs.

Have any questions about Microsoft NCE licensing? Contact us.

Sources: https://www.microsoft.com/en-us/licensing/news/new-azure-experience-in-csp

Shifting to a permanent work-from-home business model requires change — a new mindset, new processes, and new technology. Here are three questions you should consider if you’re transitioning your business to fully remote work.

Can management ensure employees have all the information and tools they need to be productive each day without coming off as overbearing?

A FlexJobs survey found that 31 percent of workers only need to hear from their boss a few times a week, 27 percent believe once a week is sufficient, and 22 percent wish their boss would rarely check in on them.

Unified communications provide the ability to chat with staff through SMS messaging or start a quick video call at the touch of the button. This way, management can quickly and easily connect with employees without inundating them with lengthy meetings and cumbersome technology.

Can employees create a quiet home office where they can stay focused, or does working from home create more challenges?

The same FlexJobs survey revealed that only about one-quarter of workers have a dedicated home office. Another 34 percent have to get creative to create a home office space once their employer made the shift to remote work. Another issue is work-life balance and perceived stress. Research shows that employees who are given more autonomy experience reduced perceived stress.

Do you have the right tools to facilitate seamless collaboration and communication?

Meetings and training will be virtual if your company transitions to a fully remote environment. Employees will need tools that make it easy to connect with co-workers and managers in a seamless way, such as secure file sharing and high-quality voice and video. Businesses that haven’t already will need to consider moving all or most of their operations to the cloud to make work from home a success.

If you’re thinking of transitioning your business, start with ensuring you have the right technology to empower your remote teams to thrive. Find out how efficient, productive, and engaged work-from-home employees can be with YeoVoice powered by Elevate, a comprehensive yet flexible cloud-based solution for wherever, whenever communications.

Information used in this article was provided by our partners at Intermedia.

Maintaining training standards is certainly a key piece of a successful remote workforce, and as the pandemic continues to impact the number of employees working from home (with some working there permanently), many organizations have questioned their approach to training.

A new perspective provides a shift to more employee-centric training programs that help to maintain healthy organizational culture. Here are some tips to make your training more engaging and useful for remote workers.

Use a “Bite-Sized” Approach

Many organizations have delivered online training regularly for a decade (or more). However, the concept of loading up 45 minutes to 2 hours of training content for a remote employee is becoming less and less the norm. Many organizations have decided that breaking up the training into smaller chunks that don’t overwhelm employees and providing more frequent training is the way to go. This “bite-sized” approach makes running the training program easier and is better received by all business units.

Implement Video as Much as Possible

Consider rolling out training or communication to the masses as a “video module” rather than large meetings in Zoom or Teams to allow people to watch when it makes the most sense for their professional and personal schedules. This helps to avoid “Zoom fatigue” that many workers are experiencing by having more control of exactly when to consume.

In this world of using a smartphone to make videos, you can easily break up the email and virtual meeting doldrums by mixing in videos into training campaigns. This provides the advantage of being able to track who has watched the training in its entirety. Remember, though, keep it short and to the point. 

Give Employees Freedom

Don’t “lock” your training modules. Sometimes people call these “non-skip” versions of courses. In these courses, all the controls are locked, preventing the employee from moving freely between screens. This is an attempt to force attention, even if they know the content and could move faster. 

Making courses “non-skippable” is an ineffective way to promote culture and can make your training feel more like torture. Research on autonomy and adult learning shows that if you want your users to really learn, you need to treat them like adults. They will find a way around a locked module anyway if they are not motivated. 

Survey, and Survey Again

Finally, if you don’t have surveys and comments enabled on your content or you’re not reviewing those to help with your plan, you should start right away. 

When reading comments and reviews, don’t take them personally. Try to see them from a scientific perspective. Read all the comments, compare the ratings to other programs, and look for progress and trends.

We hope these tips will help you as you work to build a solid training program for your organization. If you’re interested in learning more about the structure and effectiveness of our Security Awareness Training solutions, contact Yeo & Yeo Technology today.

Information in this article was provided by our partners at KnowBe4.

QR codes have been around for many years. While they were adopted for specific niche uses, they never reached their full potential.

However, in recent years, with lockdown and the drive to keep things at arm’s length, QR codes have become an efficient way to facilitate contactless communications or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.

QR Code Fraud

As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code and hand over their payment details, believing they were paying for parking. In reality, they were handing over their payment information to criminals. 

The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes used to scam individuals. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply. 

Moving Beyond Fake Websites

There are many paid and free services that will allow you to create your own QR code, which can open up many opportunities for more elaborate attacks or techniques. It is essential to know how QR codes can be used to understand potential vulnerabilities. A QR code can:

• Create a pre-canned SMS message ready for you to send.
• Compose a pre-canned tweet ready for you to send.
• Share the public address of a crypto wallet.
• Provide access to quickly and easily connect to Wi-Fi.

There are other types of QR codes, but you get the idea – and all of these are relatively trivial to repurpose for malicious activities. 

Staying Safe

Fortunately, for these scams to be successful, criminals have to physically tamper with or place their own QR code, which comes at a risk to them. Also, none of these will automatically trigger an action on a phone. Rather, it will display a notification about the intended action. 

So just like email phishing, timely and appropriate security awareness training can be put into practice. Teaching users to be mindful and vigilant whenever payments, credentials or personal details are involved online is critical.

Information in this article was provided by our partners at KnowBe4.

Teams is great, but how can I make it less distracting?

Click the colored dot next on your profile, and you’ll see some status options. Choose ‘busy’ or ‘do not disturb,’ for example, when you need fewer distractions. You can also write a message, so your colleagues know when you’ll be free.

Why can’t I print?

Is your printer connected to your Wi-Fi? Are all the cables plugged in firmly? Is there sufficient paper and ink? If you’ve checked these and it’s still not working, try restarting your router.

How can I make sure my staff sticks to cybersecurity measures?

The very best way is to make sure they’re fully aware of the risks and the extent of damage a cyberattack could cause. Regular cybersecurity training for everyone in the business is also recommended.

Information used in this article was provided by our partners at MSP Marketing Edge.

Zero-day attacks can be a developer’s worst nightmare. They are unknown flaws and exploits in software and systems discovered by attackers before the developers and security staff become aware of any threats. These exploits can go undiscovered for months or even years until they’re repaired.

Google’s bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, the most ever recorded since its Project Zero team started analyzing these in mid-2014.

This is more than double the earlier record of 28 zero-day exploits detected in 2015. And cybercriminals are still using the same old techniques to get away with their mischief.

Of these 58 security flaws abused last year, 56 are similar to previously known vulnerabilities. Thirty-nine, or 67 percent, were memory corruption vulnerabilities, and most of these fall into the following familiar bug classes: 

• 17 use-after-free
• 6 out-of-bounds read & write
• 4 buffer overflow
• 4 integer overflow

Of the vulnerabilities examined, Chromium/Chrome had the most exploits, followed by Windows, Safari, Android, Microsoft Exchange Server, Internet Explorer and macOS/iOS.

How to secure your networks

Just as more companies continue to grow their businesses online, so, too, will the need for robust cybersecurity measures. Along with more surface-level tools like firewalls, companies should invest in three additional security measures.

• The first is a data backup solution so that any information compromised or lost during a breach can easily be recovered from an alternate location.
• The second is encryption software to protect sensitive data, such as employee records, client/customer information and financial statements.
• The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking.

As you begin considering your options, it’s generally a good idea to run a risk assessment, either by yourself or with the help of an outside firm. Ready to get started? Contact Yeo & Yeo Technology today.

Source: https://www.theregister.com/2022/04/20/google_zero_days/