This morning, Google announced a change in G Suite policy that can lead to account suspensions. Effective February 6, 2017, Google will begin automatically suspending users accounts that have been flagged for abuse of the SMTP relay service. The SMTP relay service allows non-Gmail messages to be sent through your Google account. Most often this is used to relay messages from internal systems, such as email notifications that your backups have completed successfully.
Unfortunately, this service can also be used intentionally or unintentionally to send spam. While a few cyber criminals use SMTP relay service to send spam, most of the abuse happens when a computer is infected with malware, usually without any user knowledge.
Being found with malware that is sending spam can and will disrupt your business communications.
Historically, Google has notified G Suite Administrators of the abuse and has provided a list of affected users. Beginning February 6, 2017, if the issue is not fixed within 24 hours of the notice, the user account(s) will be suspended automatically.
The best solution is prevention! Make sure that your endpoint protection systems and strategies are current and effective.
Recommendation: Webroot SecureAnywhere is a cloud-based solution that can be added to your environment without interfering with your current malware protections. Setup a free trial and see if Webroot catches risks that your current malware solution is missing. Click here for more info, a demo, or your free trial.
You may or may not know that International Data Privacy Day is January 28. To celebrate, our strategic partner, Privacy Ref, is offering a free 2 hour workshop on Privacy Program Fundamentals.
Join us on January 25, 2017 from 1:00 to 3:00 PM EST for this valuable session.
Topics to be covered include:
- Defining privacy
- Foundational privacy concepts
- Components of a privacy program
- Privacy frameworks
- Managing privacy risk
- Metrics for privacy
- Training & awareness activities
Westborough, MA — It is no longer a matter of “if”, but “when” small and midsize businesses will move to the cloud. For most SMBs, the first decision they make will be on which productivity cloud to use– MS Office 365 or Google G Suite. As noted in Cumulus Global’s most recent eBook, Picking Your Productivity Cloud, SMBs are wise to consider more than familiarity and cost when making this decision.
“SMBs that rely on inertia and simply go with the cloud ecosystem that is most familiar often find themselves hitting roadblocks or underutilizing the service over time,” note Cumulus Global CEO Allen Falcon. “Picking the right cloud for email and productivity tools becomes the foundation of your cloud ecosystem. A broader perspective is needed.”
Picking Your Productivity Cloud looks at six critical factors to consider when choosing between Microsoft Office 365 and Google G Suite. Beyond cost, the eBook discusses the impact of other IT systems and applications, company culture, and business goals. The ebook is available for free in our Resource Center Library.
Last week, we gave you three reasons why you, as a small or midsize business, are a viable and desirable target for cyber criminals.
If those reasons don’t give you enough reason to act, here are three (3) more reasons SMBs, and you, a target for cyber criminals…
SMB data is increasingly networked
- All of your systems — databases, email, documents, marketing, point-of-sale, and more — are likely running on a single network.
- Access to one of your systems can lead to access to others. Target’s POS system was hacked using a security flow in the HVAC monitoring system running on the same network.
- Moving data and systems into secure cloud solutions, and segregating network traffic minimizes the cross-over risk.
SMBs are using consumer products for business data
- Consumer grade services are often more affordable, but often lack the security and data protection features of the higher-priced, business versions.
- Separate work and home and use solutions designed for business, and, make sure to configure the security and privacy setting accordingly.
SMBs are often lax when it comes to security
- Many small businesses operate in an environment of trust; people know and trust one another. This trust can be exploited by a disgruntled employee or an outsider.
- Keep user identity management and passwords private and secure; Manage administrator and “super user” passwords so that they are unique, complex, and secure.
- Keep servers and systems with sensitive data/access secure; enforce screen locking and passwords.
- Educate your staff on security risks and behaviors.
Taking cyber security seriously is the first and best step in protecting your business, employees, and customers. Protection need not be overly complex; nor must reasonable protection be a budget busting expense. Reasonable measures balance cost and security.
As we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime. According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.
Why are SMBs, and you, a target for cyber criminals?
SMBs spend less on security while larger businesses are increasing their security protections.
- Your business is an easier target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
- Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.
SMBs do not have in-house security expertise.
- Keeping up with risks and trends is time consuming above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
- Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.
SMBS are moving into the cloud.
- Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”. Protecting your data means protecting the cloud systems and services you use.
- Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.
Start the new year off right with a review of your IT security and data privacy policies, procedures, and systems. Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.
Last week, our strategic partner Privacy Ref held their quarterly review of recent data breaches. In his presentation, Ben Siegel, CIPM, identified 4 lessons learned from recent data breaches, including: Google Android; Hillary Tentler, CPA; Folsom State Prison; and the Internal Revenue Service.
#1: Unauthorized Mobile Apps Create Risk
Issue: Users can download apps from sites other than the Google Play store. These apps are not “vetted” and gain access to tokens used to control users’ accounts.
Lesson: As the threat is outside of Google’s control, you need to put systems in place to prevent unauthorized apps from access your company’s data via mobile devices.
#2: Local Data is At Risk, Too
Issue: In the burglary of an accountant’s home, three hard drives were stolen and only one was recovered during the arrest.
Lesson: Physical devices, when stolen, can result in a serious data breach; While moving 100% cloud is more secure, it may not be a practical option for your business yet. You should ensure any local data is encrypted and subject to regular backup.
#3: Internal Breaches are Still a Breach
Issue: A file including names, social security numbers, and other sensitive data was saved to a shared location accessible to anybody in the organization.
Lesson: You can protect yourself from internal breaches with solutions that use defined business rules to automatically enforce permission restrictions based on the content of your files.
#4: It is Too Easy to Email Protected Information
Issue: Employees were sending emails with personally identifiable information (PII) clearly visible, in violation of regulatory requirements.
Lesson: You should not rely on people to do the right thing all of the time — mistakes happen and can be damaging and costly. System exist that scan and encrypt emails automatically if they contain sensitive or protected information.
Do you need a privacy assessment or a privacy plan review? Are you ready to better protect your data — on premise and/or in the cloud?
Contact us to discuss your needs.
For the second time this year, Yahoo! acknowledges a major security breach. This time, the breach occurred in 2013, resulting in the data loss of roughly 1 billion, (Yes, BILLION) accounts. More than usernames and passwords this breach included security questions and answers.
But, here are the scary facts:
- Yahoo! was unaware of the breach until a third party notified them that their user information was for sale on the “dark web”
- Yahoo! admits it was unaware of the breach and does not know how it happened
Because Yahoo! accounts are used behind the scenes in multiple services, and you may be using your Yahoo! identity for other sites and apps, the potential impact of the breach is just plain scary.
Active Directory was designed for on-premise local and enterprise networks. As the use of cloud continues to move forward, Active Directory has not adapted as quickly as needed to provided robust, unified, identity management. Here are three (3) reasons to consider replacing (or augmenting) Active Directory.
1) Active Directory is not “Cloud Ready”
According to a survey by security firm BetterCloud, almost 50% of SMBs will be all cloud by 2020, up from 15% today. Even SMBs are using more than one cloud service.
Keeping Active Directory means setting up sync services and other tools across multiple cloud platforms — a complex and expensive solution.
2) Users are Mobile and Working Remotely
Global Workplace Statistics reports that between 20% and 25% of employees already work remotely on a semi-regular or regular basis. And, 50% of employees hold jobs that are compatible with remote work. Since 2005, remote work has grown 103% and continues to grow.
Keeping Active Directory means requiring employees to log into the corporate domain when working remotely, typically by VPN. This is slow and cumbersome for users, and expensive to setup and maintain.
3) The Windows-Only World is Gone
Macs are normal part of the ecosystem; Computerworld reports that 90% of Fortune 500 companies officially support Apple desktops, laptops, and tablets. Chrome devices are starting to move from education to the business market. And, most employees work at least some of their day on smartphones or tablets; iOS and Android are now business operation systems.
Keeping Active Directory means bridging identity management and policies between network operating systems or adding third party products to properly manage users and devices.
The good news is that you do not need to live with the cloud-related limitations of Active Directory. You can run directory services, manage identities, and control access to devices (even when off-network) with cloud-based directory services. These services simply administration and provide a single system of record for user identities.
Want to learn more or give it a try? Contact us and we will show you how.
As reported by CloudTech, a recent survey of more than 500 IT professionals in companies with 50 to 2000 employees …
- 20% report extensive use of cloud
- 52% report significant use of cloud
- 24% report modest use of cloud
And, 56% of respondents indicated that cloud use will increase over time.
Phone / Fax / Email:
Headquarters / Boston:
4 Bellows Rd
Westborough, MA 01581
PO Box 1129
Westborough, MA 01581-6129
@WeWork Penn Station
315 W. 36th Street
New York, NY 10019
708 Church Street
Decatur, GA 30030