Blog

May 16th, 2017

With a quick Google search, numerous VoIP distributors instantly appear. The problem is knowing whether they will meet your business’s needs. To attract consumers, these professionals throw around superlatives such as 'the best' or 'world-class' -- but that doesn’t always mean they are. Before committing to a distributor, here are some things you should take into consideration:

Highly-trained technical support A good VoIP distributor will provide technical support both before and after the sale. But a great VoIP distributor will offer highly skilled, well-trained, and certified support. Make sure your distributor’s IT team has been trained on the latest advances in VoIP technology and has obtained the appropriate certifications.

Provisioning capabilities Provisioning means providing service to the user. This includes the hardware, wiring, transmitting the voice and data, and especially the final configuration. It can also refer to configuring the hardware and software in order to provide service. In other words, when a device is provisioned, it works. Ask your potential distributor how many stations and ports they have available, and whether or not they offer custom provisioning packages.

API services Check whether your VoIP distributor offers Advanced API services. Short for Application Program Interface, an API is a set of routines, protocols, and tools for building software applications that specify how software components should interact. It helps streamline your ordering process and ensures your hardware will arrive correctly provisioned on your service platform.

Training programs Before committing to any VoIP distributor, be sure to check their educational resources. How often do they offer webinars on new products? Do they provide training and educational material on their websites and product portals? Also, check whether your VoIP distributor will create custom training materials for you and your customers.

Remember, a VoIP distributor that offers a complete suite of telephony services helps you overcome your business's phone service obstacles and lets you better serve your customers.

For more information, don’t hesitate to get in touch with us.

Published with permission from TechAdvisory.org. Source.

Topic VoIP
May 10th, 2017

As the technology that recognizes and thwarts malware becomes more advanced, hackers are finding it much easier to trick overly trusting humans to do their dirty work for them. Known as social engineering, it’s a dangerous trend that is becoming increasingly prevalent. Read on to educate yourself on how to avoid the most recent scam and those that came before it.

Broadly defined, “phishing” is any form of fraud in which an attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

These messages prey on users who click links, images and buttons without thoroughly investigating where they lead to. Sometimes the scam is as simple as an image with a government emblem on it that links to a website containing malware. Just hovering your mouse over the image would be enough to see through it. But some phishing schemes are far more difficult to recognize.

The Google Defender scam

Recently, an email spread to millions of Gmail accounts that almost perfectly imitated a message from Google. The text read:

“Our security system detected several unexpected sign-in attempts on your account. To improve your account safety use our new official application “Google Defender”.

Below that was a button to “Install Google Defender”. What made this scheme so hard to detect is that the button actually links to a totally legitimate site...within Google’s own framework. When third-party app developers create Gmail integrations, Google directs users to an in-house security page that essentially says, “By clicking this you are giving Google Defender access to your entire inbox. Are you sure you want to do this?”

Even to wary users, the original message looks like it came from Google. And the link took them to a legitimate Google security page -- anyone could have fallen for it. The Gmail team immediately began assuring users that they were aware of the scam and working on eradicating it and any potential copycats.

There’s no happy ending to this story. Although vendors and cybersecurity experts were able to respond to the crisis on the same day it was released, millions of accounts were still affected. The best way to prepare your business is with thorough employee training and disaster recovery plans that are prepared to respond to a breach. To find out how we can protect your business, call today.

Published with permission from TechAdvisory.org. Source.

Topic Security
May 8th, 2017

To truly make an impression on consumers, small- and medium-sized businesses are pulling out all the stops. Standing out from your competitors could increase your chances of earning revenue. Many SMBs are now turning to social media and content marketing strategies to gain a competitive edge. Stay one step ahead of the rest with these tips:

Come up with and implement a media crisis management plan It’s normal for businesses to go through a crisis or two. Avoid embarrassing public relations nightmares by having a social media crisis management plan in place and ready for implementation.

Create buyer personas Social media data is a great tool to gather information about your potential customers, and in doing so, create buyer personas. Buyer personas are comprised of generalized characters that help build an ideal picture of your business in the market. Key demographic information includes age, location, and even reasons for buying and product-related concerns.

Track the impact of your content marketing When it comes to content marketing efforts like blogging and social media, it’s essential to have a system to measure results. You can measure how these efforts impact your brand awareness by using metrics such as social media reach, brand mentions, media mentions, and branded searches.

Integrate user-generated content on social media Businesses can utilize social media as a way to interact with consumers. This includes sharing some of their content on your own channels. Not only are user-generated content more cost-efficient, they also shorten the customer’s path to purchase.

Use Hootsuite to manage Twitter chats A Twitter Chat happens when you use Twitter to talk about a common interest with others during a preset time. It's like an online chatroom where you add to the discussion by tweeting. Efficiently managing tweets and responses is integral. Fortunately, applications like Hootsuite simplifies the whole process. It easily monitors, searches, and saves Twitter Chats onto the Hootsuite dashboard for future reference.

Create better live broadcasts Livestreaming on social media platforms such as Facebook, Periscope, and Instagram is quickly gaining popularity. Before starting a livestream for your business, take time out to practice and prepare an outline before you roll the cameras. Don’t forget to promote it prior to the broadcast, and make sure you come up with a short and catchy video description.

All small- and medium-sized businesses are fighting for the same thing: the consumer’s attention. Business owners can’t afford to just blend into the background; if you don’t make a good, lasting impression, you might lose out on an opportunity to make money. And if you’re relying on social media and content marketing strategies to help you, make sure you are doing it right. If you have further questions, feel free to contact us!

Published with permission from TechAdvisory.org. Source.

Topic Social Media
May 5th, 2017

Good things come to those who wait, and this is especially true for small- and medium-sized businesses that plan on creating an eCommerce website. According to Vistaprint's study on 1,800 consumers, 42 percent of respondents are “very unlikely” to buy from unprofessional or ugly websites. Go through your site and ensure everything is in order. These key indicators might help:

A variety of clean photos Always take photos under professional lighting to really get the best images of your products. When customers are browsing, it’s normal for them to want to see as much detail as possible, so try to include as many photos, from as many angles your prospects might want.

Clear descriptions The last thing you want to do is to confuse your customers. That’s why it’s important to include all of your products’ technical information and dimensions before creating simple and straightforward product descriptions.

Establish policies Returns and refunds are an inevitable part of online shopping. In fact, a large percentage of online shoppers make purchase decisions based solely on how streamlined the returns policy is. Make sure to establish clear policies for returning and refunding items that are easy to find for customers.

About page Customers unfamiliar with your brand need a story they can relate to on your website. In your About Us page, include information on who you are and what you do that sets you apart from the competition. Whatever you write, make it accessible from any page on your site.

Navigation Fix broken links, make navigation straightforward, and remove outdated pages. You can’t sell 404 pages to customers, and if your site doesn’t make it easy to find what they’re looking for, game over.

Design Not everyone is a web design expert, luckily you can always hire one. If your budget is tight, there are DIY site builders specifically geared toward small businesses. Or with a relatively low monthly expenditure, you can hire a managed website provider.

With more revenue originating online, small- and medium-sized-business owners can’t afford to overlook the importance of creating a fully functional eCommerce website. Prior to going live, it’s essential to go through your entire site and resolve any mistakes before consumers see them. For further information on completing eCommerce websites, feel free to call us today!

Published with permission from TechAdvisory.org. Source.

Topic business
April 27th, 2017

Eavesdropping is the intentional act of secretly listening in on a conversation, usually not for the best of intentions. Although today the act also includes VoIP telephone systems, it’s not a recent trend. As exemplified by the SIPtap attacks of 2007 and the Peskyspy trojans of 2009, cybercriminals have had their eye on VoIP ever since it was introduced to the market. Here are five tips to combat VoIP eavesdropping:

Never deploy with default configurations Everyone wants to get things rolling as quickly as possible, but this often results in VoIP phones being deployed with their default configurations. You don’t want to do this because it allows the bad guy to search vendor documentation. Depending on your VoIP solution, you should have the option of changing default handset configurations. Otherwise, you’ll need to come up with a manual process to change phone defaults when you roll handsets out to your employees.

Listen to your handset vendors An ideal example of VoIP handset vulnerabilities happened in 2015, when Cisco detected vulnerabilities in IP phones which enabled an unauthorized attacker to listen in on phone conversations. If it weren't for those security alerts, several companies could have found themselves victims of VoIP eavesdropping. The lesson learned here is you must regularly monitor advisories from your hardware vendor. Without proper monitoring, you won’t know how susceptible your corporate VoIP phones are to being eavesdropped.

Update session border controllers Another tactic to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you’ll be updating your VoIP’s antivirus software; because cyber threats are constantly evolving, your security products should as well. Routine SBC updates are essential for secure SIP trunking as well as responding to new threats.

Encrypt VoIP calls Many cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service. If you work in a regulated industry like healthcare or finance, encrypting VoIP calls are essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure.

Build a hardened VoIP network Another method to fend off VoIP eavesdropping is to build a hardened VoIP network that includes:

  • IP private branch exchange (PBX) using minimal services so that the hardware can only power the PBX software
  • Firewalls with access control lists set to include call control information
  • Lightweight Directory Access Protocol lookup, and signaling and management protocol
  • Reinforced end point security with authentication at the endpoint level
In order to effectively combat VoIP eavesdropping, businesses need to take a holistic approach. This includes policies, deployment, as well as security practices to ensure malicious agents are unable to tap into your calls. Feel free to contact us for further information on how to protect your business.
Published with permission from TechAdvisory.org. Source.

Topic VoIP
April 24th, 2017

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades -- and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com -- which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
April 20th, 2017

2017April20Business_AThere was a time when mobile phones were used exclusively for calling and texting. Now, they can do so much more. Regardless of your level of tolerance or skill for managing documents in such a small gadget, mobile devices allow you to send and receive email, download and upload media files, store data, and even close business deals. As mobile devices became indispensable in everyone’s personal and professional life, the security risks have also increased -- and backing up became more critical than ever.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Published with permission from TechAdvisory.org. Source.

Topic business
April 12th, 2017

2017April12VoIP_ASkype has made many improvements to become the go-to audio and video communication tool. But as more people turn to Skype to conduct their business, hackers are sure to follow. Recently, Skype has been plagued with fake Flash ads, which if triggered, lead to devastating ransomware infections. Read on below to find out how you can stay safe from this attack.

Initial reports found that the fake Skype ad was disguised as a critical Flash update. Clicking on the ad triggers a download of a seemingly innocuous HTML application named “FlashPlayer.hta”. If opened, the app would download malicious code that encrypts the victim’s files and holds them hostage until a ransom is paid.

According to security experts, hackers were obfuscating malicious code in the fake ads, which helped the ransomware evade detection from common antivirus tools. Many other users in the past have encountered similar Skype ads, but this is one of the first few scams that delivers ransomware.

To protect yourself against this ransomware you need to do the following:

  • Be critical - you must be careful of opening suspicious ads and links from Skype -- or any content off the internet for that matter. Before you click on a link, hover over it to see where it leads. Unsolicited emails with links and downloadable files should also be avoided unless you’re certain it’s coming from a credible source.
  • Download only from trusted sources - just like the tip mentioned above, make sure the software you download are from trustworthy app stores. In this case, Adobe Flash plugins should be downloaded directly from the official site, not from random ads.
  • Install security software - strong antivirus, intrusion prevention systems, and other cybersecurity solutions can detect and block ransomware before it makes your entire system unusable.
  • Invest in backups - storing your data in multiple cloud-hosted data centers will help you recover critical files should ransomware manage to infect your local computers.
When it comes to ransomware, hackers don't always return your files and we never recommend giving in to their demands. Staying informed and being prepared is the best solution to any malware.

Skype is the last place you’d expect a hacker to turn up, but if you don’t account for all possible vulnerabilities -- including security flaws in your VoIP solution -- your business has a bleak future. Contact us to protect your VoIP, your cloud, and your business today.

Published with permission from TechAdvisory.org. Source.

Topic VoIP
April 10th, 2017

170px-01Does your business have a social media policy? If so, when was the last time you updated it? If you're taking too long to answer these questions, that isn’t a good sign. Because you should be conducting regular reviews, at least annually. You'd enjoy innumerable benefits, and deter your employees from obsessing over Snapchat filters in the process.

Avoid legal trouble Do you remember Chipotle’s social media debacle in 2015? It lost a lawsuit for firing an employee that posted negative content on social media because it turned out that Chipotle’s social media policy violated federal labor laws. That’s why you should work with your legal team to keep your policies up to date: so they comply with the Federal Trade Commission and the National Labor Relations Board.

Protect company information Social media policies can actually help safeguard sensitive data from hackers and cyber attacks, especially in a bring-your-own-device (BYOD) working environment. Employees must know the proprietary company information that must never be shared, as well as understand that confidential information -- such as marketing tactics, non-public financials, and future product launches -- are to be communicated only ‘internally.’ A good example is General Motor’s social media policy, which clearly spells out what can and can't be disclosed to the public.

Define which kinds of social media activities are and aren't allowed Although posting offensive or insensitive material on a company-branded social media page being is an obvious no-no, it still happens. For the people handling your company’s social media, what precautionary mechanisms are in place to avoid a public relations disaster? Are there rules for different platforms? Beyond that, however, is a lot of gray area when it comes to if and how employees will be held accountable for what they post on their personal profiles. When social media policies clearly outline how employees should behave online and the punishments that come with violating that agreement, you can deter rogue employee posts and avoid a viral fiasco.

Effective social media policies need to be fluid and responsive to the fast-paced modern business environment. Taking the time out to perform yearly social media policy reviews will save your employees a lot of confusion while helping your company steer clear of potential PR and legal nightmares. If you have further questions, don’t hesitate to send us an email or give us a call!

Published with permission from TechAdvisory.org. Source.

Topic Social Media
April 6th, 2017

2017April6Security_AWikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and...TVs? Let’s see just how worrisome they really are.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:
  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide
Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering -- and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug -- which was patched in an OS update years ago.

But what about iOS -- surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Published with permission from TechAdvisory.org. Source.

Topic Security