Best Ways to Protect Your Google Apps Account from Being Hacked

/in ,

We have seen an alarming increase in the number of Google Apps accounts that have been “hacked” across both our business and education customers. Securing your Google Apps account is crucial to protect your sensitive information and prevent unauthorized access.

Google Apps platform security is NOT the issue.  ALL of the hacked accounts are due to compromised user identities.

In every case we have encountered, the users have used their Google Apps email address and password with another service that has had a breach, or has had malware on their computer that provided username and password keystrokes to the hackers.

In both types of incidents, hackers then log in as the user and cause mayhem.

Essential Steps to Make Your Google Apps Account More Secure From Hackers:

1) Educate your users that they are not to use their Google Apps password for any other account not explicitly authorized. Users should also not use their Google Apps email address as the username for personal accounts with other services. It’s also critical to understand the risks of using third-party apps.

2) Check Your Systems for malware and make sure your endpoint protection is up to the task. If not, we recommend Webroot Endpoint Protection and Web Security Services (the link is to our edu site, but the service is available to business and government customers as well).

3)  Implement Two-Factor Authentication (2FA).  In business environments, users should be using 2FA to secure their accounts.  Implementation can be involved if you have other services linked to Google Apps, as you will need to generate service-specific passwords.

4) Use Strong Passwords: Create a strong, unique password for your Google account. Avoid using easily guessable information and include a combination of upper and lower case letters, numbers, and special characters.

5) Review Account Activity: Periodically review the recent activity on your account. Google provides a “Last account activity” feature that allows you to check for any suspicious login attempts.

6) Check Account Permissions: Regularly review the apps and services that have access to your Google account. Remove access for any applications or devices that you no longer use or trust.

7) Beware of Phishing Attempts: Be cautious of phishing emails or websites that attempt to steal your login credentials. Always verify the authenticity of emails and URLs before entering your Google account information.

In education environments, 2FA is not practical for all users, as students and many faculty members may not have mobile devices available to access the Authenticator.  For schools, we recommend any user with partial or full administrative privileges have 2FA active.

FAQs About Keeping Your Google Account Safe from Hackers

Activating 2FA is covered by our support agreements.

For customers and others without support agreements, mention this blog post and we will discount our hourly support fee by 10%; W

We will discount Webroot deployment fees by 50%.  

Both offers expire on December 31, 2014.

Please contact our Service Desk for 2FA assistance; contact Sales regarding Webroot.

 

OneDrive Unlimited Storage is, in fact, Limited

/in


Microsoft made headlines recently by lifting it’s 1 TB free space limit and offering customer “unlimited” storage.  As recently reported by Tech Republic, however, the “unlimited” does not really mean “without limits” when coming from Microsoft.

Specifically, Microsoft limits OneDrive accounts to 20,000 files — a fact confirmed by Microsoft in the article.

A typical MS Office user may have an average MS Office file size of about 30 KB.  With a 20,000 file limit in OneDrive, most users will use less than 600 GB of space.  Increasing the free storage limit from 1 TB to unlimited is meaningless.  

The changes makes for good marketing but offers customers nothing.

Contact us if you are ready for solutions that enhance your business.

 

 

USPS Data Breach: What SMBs Can Learn

/in


As a small or mid-size business, you probably do not worry about hackers and data breaches. Your information is safely stored in-house or in a secure cloud service.  You do not have trade secrets or intellectual property coveted by foreign governments or industry. You accept credit cards, but those transactions are processed, saved, and secured by the credit card processor … you do not even have credit card numbers in your files or systems. It is not unreasonable for you to think that you are not a data breach target.

You are wrong.

The recent data breach at the US Postal Service should, however, serve as a wake up call. Hackers breached USPS systems not for customer data or credit card information; the hackers stole HR records for hundreds of thousands of postal employees and retirees (customer data was just a bonus). And, while the hackers were not able to go on an immediate debit-card spending spree, they captured all of the data necessary to steal identities — names, addresses, social security numbers, and more.

Regardless of your size, any personally identifiable information in your possession is an incentive for criminals. And you don’t need to be big to be caught. A stolen laptop, compromised account, or lost USB stick can enable data breaches in systems you think are secure.

Malware is the inbound marketing tool for hackers and identity thieves. 

When malware spreads, it makes its way onto business computers that the hackers may never have known existed. Malware often sits in wait, capturing passwords or other information and communicating the information to servers half way around the world. Hackers can then use this information to assess the value of the target and to gain more access to even more data. Hackers may also sell this information to other criminals.

Your business needs protection in place, and awareness of the scope of the problem is the first step.  Permissions monitoring and management, web filtering, device protection, endpoint protection, mobile device management, and user data protection may all be components of your solution.

Please contact us for a complimentary review of your current data protection coverage.

 

3 IT Shifts for Small Business: Mobile-Social

/in

Shifter
The nature of computing and how it’s used by business is changing – rapidly.  You have heard the buzzwords … mobile, social, cloud, big data, analytics, and others.  You probably have thought about your own business and thought the these changes are just for the enterprise.

Three major shifts in technology, however, can and will impact your organization:  Data; Cloud; and Mobile-Social.

Shift 3: Mobile-Social

Why do we combine Mobile and Social? Social would not exist without Mobile.  Before the mobile revolution, social was limited to “Other who viewed this also viewed …” cues like those on Amazon.com. Social works because it is quick, easy, convenient, and immediate.

And while mobile technology lets us stay connected to the office and provides us access to information, the real transformation with mobile and social technologies is engagement.

Engagement, driven by mobile and social technologies, lets you build trust and establish value. And, if done properly, lets you build trust and value in a secure manner.

Mobile-Social lets you expand the nature of your engagement. You can easily move beyond 1:1 conversations with your customers. The #hashtag and the @mention let you “listen in” on the conversations you customers are having with their friends, and can give you the opportunity to join the conversation.

While there are examples of social media posts going viral and shaming companies into better behavior. The real opportunity lies with this type of communication:

“We saw you post about X. We were not aware of this issue and will fix it quickly. A customer rep will call you shortly to assist you directly.”

And via communications like this:

“Thank you for mentioning your great experience with our service. We are sending you a small token or our appreciation for your business and support.”

Most small business, like yours and ours, could never afford the infrastructure necessary to facilitate, monitor, and act on social media interactions.  Cloud-based services, however, have the horsepower and economy of scale to enable us to leverage social-mobile technologies. And, make it possible to integrate our social-mobile applications with our operational and line of business systems.