Security Risks of Using Public Wi-Fi

Public Wi-Fi can be quite dangerous.

Here is a detailed list of the most common risks of using it and how to mitigate them.

Security risks public WIFI

June is the Official National Candy Month. Thus, it is only fitting that we spend some time talking about the sweet things in life. For instance, we are going to talk about how you can sweeten the Wi-Fi experience within your business premises for customers and members of staff. Most companies imagine that things such as public Wi-Fi are a background consideration. However, with the internet playing an increasing role in the success or failure of businesses, it is important to ensure its security. Here are a few things about the security of public Wi-Fi and possible solutions that I have prepared.

Some of the Risk You Face When Using Public Wi-Fi.

On public Wi-Fi, there are numerous methods, which people with malicious intentions can use to get to you. Here are some of the most common:

· MITM interceptions.

The ‘Man IN The Middle’ attacks are a common form of attacks on people on public Wi-Fi. These attacks when an adversary captures the data you are sending. Most hackers who use this method exploit flaws in apps or websites to view information going through them. The information could include passwords, financial data, and other data that could be used for identity theft.

There are many different types of MITM attacks. However, the most common are those that occur over unencrypted Wi-Fi networks. Even when you are accessing a secure website, security is not guaranteed if the network is not encrypted.

· Fake Hotspots.

Criminal create fake wireless networks all the time to steal from people. When you connect to such a network, you give criminals an opportunity to monitor all your data.

· Wireless “sniffing.”

This is a practice where your data is observed, intercepted, and interpreted. It helps experts to diagnose any problems on the network. In the wrong hands, it can be used to monitor and collect data from unsuspecting victims.

1. Check the Terms and Conditions.

In your desire to get some free internet, it can be quite tempting to click through any terms and conditions that pop up on your screen. However, you should be careful about what you sign up for in public. A huge amount of free public Wi-Fi also takes something from you. These firms will give you some bandwidth as long as you agree to give them your email address and a phone number for instance.

The terms and conditions include details on how the company will make use of the data they collect from you. If you can bear to wait for just a few minutes, it can be quite beneficial to read what you are giving up. It is one of those times when having an alternative email can prove useful.

2. Stick to Advertised Wi-Fi Networks.

Just because you see free Wi-Fi pop up on your screen does not mean you must connect to it. Hackers are known to set up free Wi-Fi that they use to mine data from unsuspecting individuals. If you see open Wi-Fi that is not advertised publicly, you will have to think twice about using it.

3. Only Visit Secure Sites on Wi-Fi.

The green padlock at the top left corner of your browser shows you that you are connecting to a secure site. This sign is even more important when you are relying on free Wi-Fi. Think hard before doing anything important when on free Wi-Fi. For instance, avoid making any credit card transactions on public Wi-Fi.

Additionally, it is best to use a mobile browser rather than an app when on public Wi-Fi. Mobile browsers are better at checking the security of sites than apps. Some apps could be accepting fake security credentials without you knowing about it.

For apps, you are at the mercy of developers when it comes to app security. You should only use apps from trusted companies when using public Wi-Fi. Such companies spend millions every year to ensure that their apps are secure. However, even then you are not guaranteed of being secure.

4. Make Use of VPN.

A VPN connection is something that you must have if you are using any device that you also use for your business when on public Wi-Fi. That way, even when a hacker manages to gain access to your connection, they will only receive encrypted data. Since most hackers are in search of easy targets, they will discard encrypted data rather than try to decrypt it.

5. Switch Off Sharing.

When your device is connected to the Internet in a public area, you will not want to share anything. You can turn off sharing in the Control Panel depending on the OS you use. You may also opt to have your OS do it for you by choosing “Public” the first time you connect to a public network.

6. Switch Off Wi-Fi Capabilities in Public.

Even when you are not actively connected to any Wi-Fi network, your computer hardware can still transmit data to any network that is in range. There are measures in place to keep such networks from getting in touch with you. However, hackers can be quite smart, and they can get into your laptop. Besides that, switching off Wi-Fi settings allows you to extend the battery life of your device.

7. Have some Great Protection.

Even when you take all the above measures, you will run into issues sometimes. It is a fact of the modern world in which we live in today. That is why you must purchase the best Wi-Fi security solutions for your devices at all times. Such programs will constantly check for malware and scan any new files that you download. When purchasing security software for your business machines, you should not spare any expenses. Cheap could come to haunt you in a big way eventually.

Other Useful Tips.

Avoid downloading anything when using public Wi-Fi. Additionally, always ensure that the OS and all other software are always up to date. Although your device automatically manages your connection when you are on public Wi-Fi, it is always best to double check.

When you are done with a Wi-Fi, always forget the network. That way, you can reduce the security risk to your device. Additionally, make simple choices like using different passwords for each app.

Are Voice Message Notification Emails The Latest Ransomware Delivery Vessel?

Ransomware attacks are now being delivered via voice message notification emails to unsuspecting victims.

A June 2016 Federal Bureau of Investigation (FBI) report revealed that an average of 4,000 ransomware attacks occurred per day in 2016. During 2017, the number of ransomware attacks continues to grow as hackers combine effective phishing scams with malicious code. In fact, by Quarter 3 of 2016, 97.25 percent of phishing scams were embedded with ransomware. Now, in 2017, hackers are beginning to use voice message notification emails as the latest tool for delivery ransomware to unsuspecting victims.

Cyber Security

How And Why Are Hackers Using Voice Message Notification Emails To Deliver Ransomware?
Hackers are notorious for discovering new loopholes, “open doors,” and methods for delivering malicious code. Hackers successfully leveraged billing notifications and banking emails during 2016 to gain personal information from unsuspecting Australian bank members. Banks and businesses throughout the world have since become more diligent about alerting their customers to phishing scams, particularly those embedded with ransomware. During 2017, hackers have now turned to voice message notification emails as a way to target an even larger group of individuals. Anybody can receive an email with a voicemail notification, which means that this type of attack poses an even larger threat to both individuals, businesses, and government organizations.

There are currently two main types of ransomware strains that are being used during voice message notification email attacks: Cerber and Zepto.

  • Cerber — One of the most prevalent ransomware strains is Cerber. This particular type of ransomware can use text to speech synthesizers to pressure victims into paying the designated ransom. The seemingly legitimate email has a voice message that is attached as a .WAV file within a .zip folder. Victims unsuspectingly download the file and folder. The ransomware is hidden within the .ZIP folder. It is designed to immediately install and change the names of files to [original file name].crypted. Unfortunately, the chosen delivery mechanism means that victims will discover the attack once it has already taken effect. In fact, the default settings of Microsoft Outlook, which automatically enables missed call notification emails, is readily being exploited by Cerber.
  • Zepto — A Locky copycat, Zepto ransomware is delivered via .WSF files. This type of ransomware has recently expanded beyond its initial malicious .DOCM attachments and zipped .JS files. Now, Zepto uses .WSF files to encrypt the original files on the victim’s PC. The HTML-formatted digital ransom notes are automatically placed in folders and the original file names are encrypted with a long alphanumeric string that ends with the .ZEPTO file extension. Unfortunately, as of the writing of this post, there isn’t a decryptor available for the Zepto ransomware.

How Can Businesses Protect Themselves Against The Latest Attacks?
Both Cerber and Zepto are delivered via phishing scam emails. In order to protect their vital data and files from encryption, businesses must educate their employees on cyber security best practices, including how to spot a phishing scam email. The following tips can help employees recognize potentially malicious emails that contain ransomware:

  • Anti-virus software might not recognize that the attached .ZIP files are malicious; as such, users need to pay close attention to file formats. Additionally, an anti-virus software with behavioral capabilities should be used to further increase the likelihood that ransomware voice message notification emails will not be delivered to inboxes.
  • Automated voicemail systems typically deliver .WAV or MP3 files that are not embedded within a compressed .ZIP folder.
  • Automated voicemail systems do not use the following types of file formats: .ZIP, .PDF, .DOC(M). If a voice message notification email contains the latter file formats, then it is highly likely that it is a phishing scam that is embedded with ransomware.

In addition to the above tips, employees should be educated on the type of voicemail files that are delivered via your company’s chosen phone system. In this vein, employees should be trained to recognize the format, text body, naming of attachments, email address, and delivery method of voice message notification emails. You can further safeguard your business data and files simply by teaching your employees how to recognize a legitimate voice message email vs. a phishing attempt. Through the latter efforts, employees are less likely to fall victim to the generic-looking or poorly constructed voicemail phishing attacks that hackers have begun to use.

The Bottom Line: Protect Your Vital Data Today
Businesses that use a phone system with voice message notification emails are at a high risk for the above types of ransomware attacks. The moment that an unsuspecting employee downloads the malicious files, the ransomware is installed and the results can be devastating. To protect yourself and your vital business data, you need to ensure that employees are properly educated on how to detect phishing scams and ransomware attacks, leverage a secure offsite backup of your data, and use the right antivirus software. To further safeguard your business data and files from voice message notification email attacks, contact the cyber security experts at Alliance Technology Partners located in St Louis, Chesterfield, and surrounding area. via sales@alliancetechpartners.com or (314) 649-8888.

This Malware Downloader Can Infect Your PC Without Even a Single Click

A discussion of a particularly nasty strain of malware downloader and what you need to know to keep yourself, your business and your employees protected.  

Malware Downloader

Conventional wisdom tells us that if you’re trying to keep your employees, your clients and ultimately your business safe from virtual harm, a little bit of old-fashioned common sense goes a long way. You’ve likely already been investing in ongoing security training, making sure that you and your team know how to identify a phishing email when you see one or know how to spot a rogue download coming from a mile away.

But what happens if even this isn’t enough to get the job done? What if there was a new and terrifying form of malware that could infect any PC in its path, even if the user never clicked on any suspicious-looking links in the first place? It sounds like a nightmare scenario, doesn’t it?

Unfortunately, that’s precisely the type of situation that we now find ourselves in. Security researchers from Trend Micro and Dodge This Security recently uncovered a technique that cyber criminals have been using around the world. An advanced malware downloader could potentially uninstall a banking Trojan horse on your computer – even if you never “accidentally” gave it permission.

21st Century Cyber Terror

Generally speaking, Trojan horses in the past have been limited in scope because they require some type of input from the user in order to execute. A file doesn’t just appear on your hard drive – you have to give it permission, usually while you think you’re downloading something totally legitimate. Even at that point, in an enterprise environment, a password will typically have to be provided. These two barriers have been enough to stop a large number of potential cyber attacks… until now.

The new banking Trojan discovered by security researchers simply requires that the user hovers their mouse pointer over a hyperlink in a carrier PowerPoint file. At that point, the damage has already been down – the Trojan has infected the machine and there is little that can be done about it.

Research reveals that this technique has already been incredibly successful, striking victims around the world. It has been seen in various companies and organizations all across Europe, in the Middle East and even in Africa.

The good news is that you can still train your employees to avoid this type of situation – you just need to take your old techniques and update them with a new spin. In most cases, victims received an email that was usually finance related. They would get an email supposedly from a client or colleague with a subject line like “Invoice” or “Order Number.” The PowerPoint presentation – which itself was fairly harmless – was contained inside.

Once that PowerPoint presentation was viewed in a browser (as many popular options like Firefox or Apple’s Safari have the capability to do), users could easily be exposed to the rogue link and the virus hiding just behind it.

Embedded inside the link, which typically reads “Loading, Please Wait…”, is a malicious PowerShell script. Because of the nature of PowerShell, users don’t have to actually click it – they just have to hover over it. As this is a technique commonly used to check for rogue links in the first place (hovering your mouse over a link will usually give you a peak at the associated URL), it has been particularly damaging in many situations.

Equally, good news is the fact that if a computer is running a newer version of Microsoft’s Office productivity suite, end users will STILL need to approve the malware’s download before it has the opportunity to infect a PC. This is because more modern versions of Microsoft Office have a feature called “Protected View,” which automatically displays a prompt identifying something as a “potential security concern” as soon as a script tries to execute itself.

Once a computer is infected, it can easily steal everything from user credentials to bank account information and more in seconds.

This is just another in a long line of examples as to why ongoing security training is so essential for your employees. Every computer connected to your office network is a potential vulnerability just waiting to be exploited by someone who knows what they’re doing. If even one user falls victim to this attack, it could bring your entire network to its knees.

As always in terms of cyber security, the best defense is absolutely a good offense. In addition to making sure that your employees are aware of attacks like these, you’ll want to make it a priority for your IT team to update all software whenever possible. Many don’t realize that updates to productivity suites like Microsoft Office don’t just come with fancy new features and sleek new graphical user interfaces – they usually also include bug fixes and security patches designed to stop attacks like these from happening.

As far as this particular malware downloader is concerned, research indicates that it seems to have died down after almost 1500 detections at the end of May 2017. However, it is always a possibility that this was just a test run for something far bigger and more sinister that could make its way across the planet at some point in the not-too-distant future. Whether or not we’ll be seeing an increased use of this downloader at some point soon remains to be seen, but it’s still a good idea to prepare your team accordingly just in case.

Alliance Technology Partners is incredibly proud to act as your one-stop source for all of the breaking news, tips, tricks and best practices you need to not only keep you and your employees safe from digital threats but to wield the full might of modern technology to your advantage. If you’re in or around the St Louis, Chesterfield, and surrounding area. area and would like to find out more information about this topic, or if you have any additional questions that you’d like to get more specific answers to, please don’t delay – give us a call at (314) 649-8888 or send us a message at sales@alliancetechpartners.com today.

Happy Superman Day Everyone!

Superman Day Is a Perfect Time To Start Your Journey To Becoming Your Own Information Technology Superhero

You don’t have to rely on an outside savior to fix your IT emergencies. Prepare your organization for contingencies with these helpful IT security tips.

Duck into a phone booth (if you can find one!) and don your cape because Monday, June 12, 2017 has been designated as Superman Day! It just so happens that this is concurrent with the time that the new Wonder Woman movie will be in movie theaters around the world, so superheroes are going to be on everyone’s mind.

Superman Day

It’s well known that Superman stands for truth, justice, and the American way, but his time working for the Daily Planet has probably also taught him to have a healthy respect for IT safety and security. In honor of Superman, we at Alliance Technology Partners in St Louis, Chesterfield, and surrounding area. want you to be prepared for the unknown in the IT world. Don’t wait around for a superhero to save you; instead, learn how you can create processes that will safeguard your data and tech in order to defend against mistakes and emergencies.

Create written procedures to guide your team members
A healthy IT ecosystem begins with everyone in your organization being on the same page when it comes to security procedures and other best practices. Without proper guidance, people do things however it suits them best at the moment, which may not always be the most secure way to operate. Set your teams up for success by clearly outlining the most secure and effective IT processes, so that they always have a guide they can consult in the event of questions.

And if you’re going to go to the trouble of outlining your IT processes, training your staff members on proper execution has to follow. Once you have properly set the expectations for how IT operations are to be conducted, and given your team members the tools they need to complete their tasks, then you will be able to hold everyone in the organization accountable for upholding proper IT practices.

Make cyber security a priority for everyone

When it comes to IT security, the weakest link in the chain metaphor is startlingly accurate. You can have 99% of the people in your organization following proper protocols for every piece of technology they use, and if just one person fails to uphold the same standard you could be putting yourself at serious risk. The importance of cyber security has to come from the top down, and eventually filter to every manager of every department, no matter how integral IT is to their daily job functions.

There are many ways that you can facilitate a more secure technological environment throughout all levels of your company. Remember that no measure is too small to help make your data more secure. Encourage users to keep up to date with software updates, set guidelines for proper data storage and deletion, and enforce strict password requirements, including changes for all software platforms at regular intervals.

Control access to data and keep a regimented schedule of backups

These days, almost every company in existence processes and stores some kind of sensitive digital data. Not only is this data often crucial for the organization to function properly, but it can also be a glaring target for hackers who wish to steal and exploit it.

Whether you’re talking about cyber criminals stealing customer credit card information, or important trade secrets somehow being made public, digital data can be a very valuable target. Limit access to these kinds of data to employees who need it and have been properly trained in security procedures. You may not be able to make yourself invulnerable to hackers, but you can make sure that your sensitive data is taken care of properly.

Additionally, it’s important to not neglect your data backups as well. The main problem with backups is that they often seem less consequential when compared to other mission critical tasks, and they tend to fall by the wayside when people get busy. Systems have a tendency to fail at the least opportune times, so make sure you hold your departments to the backup schedule so you can be prepared in an emergency.

Review your processes on a regular basis

Businesses are always in flux, and IT operations are no different. Hardware infrastructure, software platforms, user functions, and many more factors are going to change frequently as your company grows and its needs evolve. In that regard, the IT processes that you outlined when the company was in its infancy may no longer be optimal.

In order to ensure that your IT policy fits with your organizational realities, schedule frequent reviews of your processes with representatives from every department. Have them talk to their end-user employees to get feedback about how their use of certain systems may have changed, and how policies can be updated to help improve their use of the IT systems and enhance security measures.

Engage in ongoing IT professional development

Ongoing education is important for many areas of business, and this is especially true for IT management. Technology progresses at a rapid pace, and the only way to keep up with all of the changes is to make a commitment to keep learning. This will help you stay up to date on new technology that may be beneficial to your organization, and keep you apprised of potential dangers that you need to protect yourself from.

Running a company comes with numerous different responsibilities, and it can be difficult on your own to devote the necessary time to IT professional development. We want you to know that you have a partner who can work with you to ensure that your IT operations are in peak condition. To learn more about how you can become your own IT superhero, contact one of our representatives at sales@alliancetechpartners.com or (314) 649-8888.

Your WannaCry Response Guide: Quick Fixes For Malware Scares  

While you’re working out your long-term data security plans, here are the steps to take in the meantime.

WannaCry Ransomware

There are three general responses to a data attack like WannaCry. The first is the immediate, “What do we do to stop this and resume operations again,” the second response is a short-term, “What can we do to shore up data security while we recover and look at our strategy” and the third is a long-term, “What permanent changes do we need to make so this never happens again?”

The first and third responses get a lot of airtime, but we’d like to talk about the second response – the short term, immediate action that you can take once you get your business up and running again. These steps are vital to ensuring customers that you have improved your security and preventing aftershock-like malware created by copycats in the wake of a successful attack. Even if your company hasn’t been attacked, if a data attack has made you a little nervous, these short-term steps are a great idea to increase protection and prevent future problems.

Patching Schedule

One of the notable things about WannaCry is that it could have been prevented with the right patches. Microsoft actually provided patches to fix that particularly vulnerability months before the WannaCry ransomware (which targeted Windows computers in networks, especially older versions of Windows). The reason WannaCry was such a huge problem was that companies had just ignored the patch: Not for any good reason – they had just gotten into the habit of never patching their systems.

It’s puzzling because we know some of those organizations had IT departments, but we can’t figure out what they possibly could have been doing. Patching schedules are IT 101, and these businesses flunked out: Fortunately, it’s never too late to check on your own patching schedule and make sure that…well, that it exists. Your organization needs to be aware of when a patch is released and must mandate that the patch is uploaded to all applicable platforms ASAP. For some adaptable companies, continual awareness and automated “as soon as you get them” updates is the best policy. For other companies, it can be more helpful to set up a schedule of checking for updates, such as a weekly or bi-monthly inspection. Either way, have a plan!

Updated Antivirus Software

Antivirus software is in a curious period of evolution at the moment. Older antivirus software looks at DAT files kept on a malware registry, basically a collection of the information about current malware (sort of like matching fingerprints to a criminal database). However, malware moves so quickly these days that some of the DAT files aren’t updated fast enough to catch the latest attacks.

That’s why the newer versions of antivirus software use advanced tracking technology to find actions and data that appear to be DAT files in the making – and warn administrators ahead of time. Obviously, the latter is more effective than the former, so making the switch makes a lot of sense in the wake of an unfortunate data attack (or fear of one).

Employee Training Session

Yep, it’s time: Call all the employees together for a company meeting. Explain the data threat, why it’s a problem, and what employees need to do to protect their devices and company data. Lay out the requirements in a few clear steps that everyone can understand. Communication is very important at this stage, and a forgetful or confused employee can cause a lot of damage. Educate and reiterate to help prevent problems.

Expired Apps

This point is easy, to sum up: If an app is not compatible with the latest version of your operating system, stop using it. Companies simply can’t afford the risk of using apps that fall behind the latest updates (Windows 10 and macOS in their latest versions, for example). In practice, this is a difficult step to take for many companies, but we encourage you to make it part of a strategy. If an operating system has been updated but one of your apps is incompatible, give that app a month or two to come up with a patch. If it doesn’t, drop the app. This makes it far easier to keep up with the latest security methods and vulnerability fixes.

There are plenty of other short-term steps you can take to improve security and make sure your company is ready, including more careful partitioning and server management. If you have any questions about how to create your own strategy for your St Louis, Chesterfield, and surrounding area. business, we can help! Contact Alliance Technology Partners at (314) 649-8888 or sales@alliancetechpartners.com to learn more!

Planning a Security Overhaul? Here Are Key Tips on How to Start

Getting ready to adopt a new security strategy? Here are the top tips on preparing your company!

Security Overhaul

All right: Let’s assume your organization has taken note of WannaCry and other EternalBlue malware attacks and has finally decided that it’s time for a big security update to meet the threats of the modern digital world. That’s great news! Many companies don’t even make it that far. But now that your business understands the need for a security overhaul, it’s time to create a plan. And that’s where we have a few ideas to help out.

Clean House Beforehand

Let’s get an unpleasant subject out of the way first: If you are overhauling IT security because of a data attack, and some heads may roll. It’s a common reaction, especially for IT leaders that may not have adequately performed their duties. Even more, shakeups may occur if the entire IT department needs to be reorganized. It’s not fun, but it happens. However, we want to emphasize how important it is to make any personnel changes before you start on your overhaul. It’s common business wisdom: Get the right people in the right places, and then start your big project. So if someone needs to be fired, let them be fired quickly and find a replacement before beginning any major changes. Everyone needs to be on board for this.

Get an Outside Audit

When a company needs new data security practices, an external viewpoint can prove invaluable. Remember, a data security auditor has experience helping many different kinds of companies find what they need to change, and that experience can prove invaluable in creating the right kind of overhaul plan. More advanced audits can use white hat attacks and other services to find specific vulnerabilities if necessary, and follow-up consultations can prove equally valuable. You don’t have to go it along – and a third party may be exactly what you need to get away from myopic internal perspectives.

Plan Ongoing Education

Employees are one of the worst vulnerabilities in any organization. Time and again, studies have shown that employees are careless with company data, and even when trained, still go against guidelines when it comes to basic tasks like using password protection or reporting the loss of stolen devices. It sounds cynical, but from a security perspective, you simply can’t trust them. The solution is an ongoing education effort that involves not only orientation training but constant re-training and reminders that explore the latest best practices and remind employees of just what is at stake.

Place Automated Detection Early On

Automated detection is an ideal way of keeping track of security for larger in-house projects. These systems basically track all data actions and look for unusual patterns that are associated with data attacks. They then report these findings to a human, who can go in for a closer look. It’s a great first line defense for monitoring any potential attacks, and highly efficient compared to past solutions.

Adopt the Right Service Security

The cloud has brought many new tools for data security, and – particularly important for smaller companies – allows you to shuffle off some security requirements to vendors and other external parties. It’s an opportunity…but don’t let it become an excuse. Take every vendor your organization uses and explore their security and encryption practices. Demand to know them if you have to. If they don’t meet current best practices then yes, it is time to find a new vendor for that service.

Create a Top-Down Strategy for Mobile Data Control

Because of a couple issues we already mentioned, such as difficulty trusting employees when they aren’t under direct supervision, mobile data is particularly vulnerable at this point in digital security. There are a few things you can do about that. Some organizations avoid putting data on mobile devices at all and use virtualization instead. Others use a more traditional method of creating security guidelines on an app by app basis. Others focus on properly protecting their Wi-Fi networks and only allow company data to be used on the business network. Often, a little of each strategy is necessary. Don’t be afraid to start back at the beginning and completely re-imagine your company’s mobile perspective.

Maintain a Robust Update Schedule

Every security strategy needs updates and patches to stay current. Plan for it, and make sure those plans don’t go ignored! For more questions on what your unique St Louis, Chesterfield, and surrounding area. business needs for proper data security and patching, contact Alliance Technology Partners. We offer a variety of IT services for companies that are ready to bring their security up to today’s standards: Contact us at (314) 649-8888 or sales@alliancetechpartners.com to learn more!

7 Tips for Talking to Company Leaders About Data Security

Need to approach a manager or board about data security? Here’s how to make sure it goes smoothly.

Cyber Security

Do you need to sell a data security or IT plan to company leaders? Whether it’s a full presentation or just a short but urgent talk with a manager about strategy, it’s important to make your point well…even if company leaders don’t know much about data systems. Ideally, all business decision makers should have some understanding of data policies these days…but we’re still working on that. For now, here are the top tips for approaching bosses.

1. Plan for a Short Amount of Time

We’re not saying your bosses have short attention spans…but the further up the company ladder you go, the less time you will have to explain your side. That’s just how it works. Presentations at the highest levels are kept to around 15 minutes even for urgent issues. A conversation in the office may be informal, but managers won’t want to spend much more than that on a topic before getting back to their work. Sometimes you might get even less of a chance. So treat your data security strategy like an elevator speech: Short and sweet, nailed down to a few points that you can explain in just a couple minutes.

2. Learn What Your Leaders Know

It’s a superb idea to find out how much tech experience that your business leaders have. If they tend to be more actively involved in data decisions, you can dive a little deeper into complex subjects and throw in some mainstream acronyms to help save time and respect their current knowledge level. If the leaders definitely do not have any experience in tech or data subjects, then forget about using acronyms or industry terms – instead, make your descriptions far more universal. Note that this isn’t always an age issue, but rather connected to leadership specialties and the past projects they have overseen.

3. Bring a Graph

One graph. That’s it. A graph that can fit on a single page. PowerPoint presentations are rarely your friend what trying to talk about data security. If you have information to support your point, then put it on a single graph that represents the issue and succinctly as possible. Busy managers rarely have time or patience to try to understand a whole slideshow or report, but they can look at one graph. Anyone can do that. The type of graph that you choose can vary, but pick a format that allows you to show data very clearly. An alternative is a single spreadsheet where you tweak a number or two to show overall impact – a slightly more sophisticated option that could be useful.

4. Brainstorm Your Communication

This is an excellent idea, especially for longer meetings with leaders. It’s likely they will struggle to understand things from your highly technical perspective. So before you start, have a brainstorming session and think about the communication options you can use to reach everyone. Settle on one or two really strong metaphors that accurately explain your ideas.

5. Skip ROI for Cost-Benefit Analysis

ROI is a tricky issue to tackle when explaining systems and security. It’s better to focus more on a basic cost-benefit analysis, which allows you to note the fines and losses that arise from data attacks, leaks or theft. Saying, “Here’s what we stand to lose if these measures aren’t implemented” can be a very powerful motivator.

6. Review Compliance and Benchmark Data

Be prepared to show your bosses what your competitors are doing here, and what current or upcoming regulations require. These are common questions, and it’s a great topic to bring up if they prove your point about much-needed change. It’s also a good idea to track down your sources and double-check the latest data: You may “know” the right answers to these questions, but find out the current news and details, so it doesn’t sound like you’re saying it off the top of your head.

7. Repeat Yourself

Find your bottom line, and say it two to three times. Many business leaders want this bottom line more than anything, but they may have trouble recognizing what it is if you only mention it once. So say it early, and say it as you wrap up, and maybe throw it in the middle too. In fact, if every sentence is some form of, “Once again, this is what we need to do,” that’s probably a good idea.

For more information on data security solutions for St Louis, Chesterfield, and surrounding area. , contact Alliance Technology Partners today! We’re available at (314) 649-8888 or you can send us a message at sales@alliancetechpartners.com to find out more about how services and how we can work with your company.

Memorial Day – Reflecting On Sacrifice

Memorial Day has been observed on the final Monday in May each year since 1971, but this occasion traces its roots back much farther in our country’s history. Originally known as Decoration Day, this day was first established during the Civil War in 1862 and was marked by loved ones decorating the graves of those who gave their lives serving in the Confederate Army. After the war, in 1868, the veterans of the Union Army soon added their own traditions to the mix, eventually leading to the creation of the ceremonies and customs we know today.

Memorial Day 2017

Today, Memorial Day is the more somber counterpart of Veterans Day. It is a day set aside to honor and remember those who have given their lives while serving in the military. It’s appropriate to mark this occasion by visiting cemeteries and war memorials, honoring their sacrifice.

This day holds special meaning for us at Alliance Technology Partners. We will be closed Memorial Day to honor the memory of all those who have gone before, and have given their lives for us. If you have to work, please take a moment to honor their memory.

6 Lessons Every Company Should Learn from the WannaCry Ransomware

WannaCry’s ransomware attack is mostly over – here are the lessons businesses must learn from the experience.

WannaCry

WannaCry was a particularly nasty bit of ransomware that infected Windows systems via network connections and encrypted important files to hold them as a ransom for bitcoins. The first wave of WannaCry is over, and we can learn a lot of important lessons from its rise and fall.

1. Operating Systems Change for a Reason

This is probably the number one lesson from WannaCry: The disappointing thing is that is a very familiar lesson that every security experts know well. You have to keep updating your operating system, not just to keep up with the times, but also to protect your business data.

This advice is so common that the real problem is probably something more insidious: Business leaders refuse to take responsibility for the platforms and operating systems they are using. WannaCry is the consequence for that leadership failure, and the sooner organizations recognize that, the better they will be able to plan for the future. Windows XP was particularly vulnerable to WannaCry – that’s an operating system that’s 1)12 years old, 2)surpassed by 4 newer versions of the operating systems with far more advanced tools and integration, and 3)an OS that hasn’t had any support at all from Microsoft (outside of this emergency patch) for nearly three years.

The very common excuse that business makes here is that, “We can’t update because of this regulation, or that compliance issue, or the need to maintain services to our customers.” First, these are incredibly weak excuses. A full upgrade will always take time, resources, and careful planning to meet necessary regulations. That’s part of the process, not an excuse to avoid it. Second, many organizations don’t even realize these are poor excuses because they haven’t actually asked experts. The first thing an organization should do if they are worried about upgrading an older operating system is to bring in an IT expert that has experience in these types of upgrades and ask for a consultation, advice, and ultimately a game plan for the best possible outcome.

2. Patches Don’t Just Get in the Way – They Protect Against Threats

Close behind the lesson about upgrading to new versions of your operating system is the importance of patching. Let’s divided this into two steps. First, your company must be aware of available patches, as they come out, and what they do. This is really easy, even if you aren’t in IT. New patches are heralded by blogs, emails, tweets and many other sources of information explaining what they are and what they accomplish.

Second, give top priority to any patches that are designed to fix vulnerabilities and increase security. Require all employees to download that patch on all machines, that day. Period. You don’t even have to turn on automatic updates, just make sure those patches are downloaded. WannaCry was patched back in March, but guess what? A lot of organizations have no patch plan or requirements, so it didn’t matter.

3. Lack of Awareness is a Vulnerability

Combine both our first lessons, and you get a reminder worth noting – companies cannot claim ignorance here. We have to be aware of the current security dangers, and how to deal with them. That means paying attention to what IT says, understanding how the business systems work, and knowing when a new malware or virus attack hits. These days, no manager can say, “Well, it’s not my problem.” It is.

4. A Single Good Practice Can’t Protect You From All Malware

In the past, most ransomware like WannaCry was spread primarily through phishing emails, and strong anti-phishing strategy was very effective at dealing with the threat. But guess what? Things changes. Cyberattacks regularly evolve and find different, more insidious ways to locate new victims. You cannot count on a single strategy to prevent any particular threat.

5. Network Segmentation May Be Growing More Important

Network segmentation refers to devices that avoid connecting to the business network or connect only briefly in closely monitored situations to avoid data vulnerabilities and malware. Especially after WannaCry, this is looking like a good strategy for companies that handle a lot of sensitive information.

6. The Consequences Will Always Be Worse Than Necessary Preparation

Some of the organizations affected by WannaCry include the UK National Health Service, the South Korean and Chinese governments, and organizations in more than 150 countries. Emergency health services were canceled, governments were unable to offer services, factories were suddenly shut down, and much more. This led to tremendous losses, and will probably lead yet again to a whole lot of fines, firings, and the loss of contracts. It doesn’t matter how demanding security changes are, they are always easier than dealing with the aftermath of a bad attack.

For more information on how to prevent the latest malware attacks in St Louis, Chesterfield, and surrounding area. , contact Alliance Technology Partners and let us know about your goals! You can call us at (314) 649-8888 or send us a message at sales@alliancetechpartners.com.

7 Tips On How to Better Manage Your Business Facebook Group

Facebook Groups can be a valuable tool for your business – if you use them correctly!

How Can Facebook Groups Help Your Business-

A Facebook Group allows you to connect with a community of Facebook users over a shared feed and a common interest. The interest could be your business, your type of products, your general industry, or any related topic. Some brands are hesitant to jump into Groups, so we’re going to look at several of the benefits they hold for businesses that take the time.

Facilitate Conversation

It’s tough to manage a Facebook Group, especially if you already have a Facebook Business Page to worry about. But one of the most useful aspects to a Group page is the ability to just help people talk. You don’t need to be always on or always engaging with people to use a Group properly: Instead, stop by to ask questions, talk about the latest news, and offer new info about your brand. A healthy group will take care of a lot of conversation itself after this. Later on, when time opens up, you can go through the latest conversations and answer any specific questions or issues that may have arisen. The goal is to give your customers a sense of community, which increases loyalty and brings up any shared problems to the surface.

Offer Guides and Instructions

When any questions or problems do arise in the group – and are within your ability to deal with in an expert way – the Group also gives you an effective place to answer questions correctly where other interested parties can see what you are doing. If a question or topic comes up frequently, then you may want to consider posting a fuller guide or description to help the Group out. This is particularly useful for companies that sell consumer products, but there are applications for most industries with a little imagination.

Link to The Proper Page and Website

Do you have a Business Page on Facebook? If not, you should get one: They add a whole lot of value, including significant SEO when they are properly built and described. One of the advantages that Business Pages bring is the ability to link a Group to your specific business profile, essentially identifying it as the business in charge. When creating a Group of your own, always make this step a priority: You can link the two in the settings on your Business Page.

Reach Out on Social Media as a Business

One of the more recent updates that Facebook has made to the Business profiles is the ability to post in the Group as the business itself. This should be one of your first steps when setting up or entering a Group! As long as your Page is linked to a Group (described in the previous step), you will be able to post as your business page. This keeps your comments from showing up as one of the team member’s accounts, which can be quite confusing in a Group. Posting as the business adds a lot of authority, and shows valuable competency in social media too.

Create a Group Chatbot

Another change Facebook recently unveiled was work with developers to create more Group chatbots. These automated bots can be opened up in the Messenger window, where they can do…well, whatever conversational tasks they are programmed to. For most Groups, that means the ability to provide basic information and new, and for Groups focused on specific brands, that could extend to answering questions about products as well. This is a newer tool, but still very exciting for automated conversations and spreading information among newcomers.

Discuss Ideas and Productions

If you want to be a little more adventurous with your Facebook Group, then use it as a mini test lab to discuss the application of new ideas, services and products. This is a great step after brainstorming, because collected partners and customers will almost always be able to provide different angles and valuable opinions that would not have been available otherwise.

Use Facebook Live More

Does livestreaming have a place in your business? We encourage you to look for one, because the benefits of well-done livestreaming are myriad. For one thing, your Facebook Group is an excellent place to advertise your livestream before it takes place, answer questions after the livestream, and post the video once you are finished. Don’t let that synergy go to waste!

Find out more about how to use Facebook for your Alliance Technology Partners business today by contacting Alliance Technology Partners at sales@alliancetechpartners.com or (314) 649-8888 to talk about how our services can help out!