Posts

Malware Protection & Attacks

How to Protect Oneself from Malware Attacks

Protecting your company data is the most critical task your IT department has. This team of specialists works tirelessly to keep out intruders only to have their coworkers inadvertently let them differently. While your business may have many safeguards in place to catch and clean up these mistakes, there are ways to prevent malware attacks before they happen. Protecting oneself from malware attacks? How?


What this article is about:


Additional Layers of Security

You may think your employees are the most vigilant in the world, and they may very well be. However, without a layered security system in place, cyberattacks can still break through. Your business needs an extensive security suite of antivirus, firewalls, and antimalware software to help keep out unwanted visitors.

Using Updates and Plugins

One of the easiest ways for a hacker to attack your infrastructure is through holes in your company’s software. Whether it is the operating system, internet browsers, or mobile devices, keeping titles up to date is one of the most important things you can do to protect corporate data.

Browsers, operating systems, and plugins often receive regular security patches from their manufacturers. It is easy for you to push them off and let them wait until a more convenient time for your employees. However, by doing so, you are cracking a door for intruders to exploit. Once the updates roll out, act immediately to ensure the best coverage. Immediate action is doubly true for mobile devices which often get up off due to low storage or battery power.

On web browsers, ensure all employees enable the click-to-play plugin. Many attackers use the ads to install their viruses on to unsuspecting computers. These ads autoplay and often found on well-known sites. The click-to-play plugin stops Java or Flash ads from running, unless the user clicks on them, helping to reduce the chance of accidental infection.

Safe Browsing

Companies often restrict their employees online browsing abilities. However, even sites that your business has deemed okay for workers to visit need to be used with caution. Employees should do the following every time they go on the internet:

  • Log out of websites when finished: It does not matter if it is a social media site you regularly use to update information for the company or a banking site you use to check your balance during lunch, always log out. Hackers with the right skills can use your browser’s cookies to gain access to places you remained logged into.
  • Use Secure Connections: Sites with padlocks to the left of the URL provide a secure connection between your system and the website server. This added encryption helps to protect against intrusions in the data stream.
  • Strong Passwords: Don’t use passwords that are easy to guess such as birthdates, pets’ names, or anniversaries. Passwords should contain upper and lower cases letters as well as numbers and special characters. For optimal protection, you need a different password for each site you log into.

Other Important Tips

Most employees defer to their local IT department in the event of a computer malfunction. It is the best practice because you know that the gurus of IT are going to clean the system without infecting it further. However, for employees who work from home, having access to the local IT department might not be a feasible option. These workers are more likely to be taken in by fake tech support numbers that may appear on the screen when their system gets infected. Corporations can help by making sure all employees, home-based and onsite, have access to the correct contact for software and hardware support.

Also, educate your workers on phishing and spoofing scams that may appear in their inboxes. It is essential that you remind them never to call the institution the message is from to verify authenticity before using links. Learning how to spot phony messages can protect both your company and individual workers from data loss.

Malware attacks can happen to any business, big or small. Taking steps to protect your infrastructure and training your employees on safe practices can curtail any malicious intrusions. Even the most secure systems can still be successfully attacked, so in addition to education and layered security, you should also backup your data. CloudAlly offers complete backup and recovery solutions for Office 365, SharePoint/OneDrive, G Suite, Dropbox, Box and Salesforce, allowing you to quickly recover data in the event of a malware attack. Start to backup your data and your account with a Free 14 day trial.


Now that you know more about malware protection and attacks, you might want to have a look at what we created for you…

L2-Discover-Disaster-Recovery-Best-Practices-for-Business-Continuity

How to maintain G Suite security settings ?

Setting G Suite Security Settings

If maintaining security is not at the forefront of your business model, then you are opening yourself up to hackers and data loss. G Suite offers security features to help protect your employees’ accounts and maintain your company’s data integrity. This blog post will explain how to maintain: G suite security settings.


What this article is about:


View User Settings

As a G Suite administrator, you can access user security settings to ensure password strength is up to code and turn on two-step verification security protocols. To do this, you must first log into your administrator account and access the administrator console.

  1. Click users.
  2. On the user’s screen, you can verify the status of two-step verification enrollment. If you do not see a column listed for the two-step verification, click the more icon and choose select columns to expand your screen to include any missing options.
  3. Select the user whose security settings you wish to check.
  4. Click Security. Again, if security is not an option, select show more to find the missing section.

Two-step verification

If the user has enabled the two-step verification, the backup verification codes are accessible by clicking show backup verification codes. Google suggests all G Suite users utilize the two-step verification process for maximum security. As an administrator, you can disable this feature if an employee no longer has access to the mobile number they used to set up their security.

To begin the two-step verification initiation process log into your administration console and select set up two-step verification for your domain. At this point, you should notify all your users of your new security protocol and include instructions on how they can finish setting up their enrollment.

All users must opt into the two-step verification themselves regardless of company policy. After they choose to opt-in, users need to navigate to the two-step verification page to set up their codes. Once on the two-step verification page, select Get Started.

  1. Enter the email and password associated with the G Suite user account.
  2. Click the start set up button.
  3. When prompted, enter a mobile phone number in which to send a text message containing a six-digit verification code.
  4. Verify the phone number by entering the six digit code which you received.
  5. Choose to add the current computer as a trusted device. If the machine used to set up the two-step verification is and not your regular computer, do not select “trust this ”
  6. Confirm that you want to use two-step verification.

Unless the computer is a trusted device, each time your user logs in they will be required to enter the six-digit verification code. Mobile devices using Gmail and Google calendar may require app passwords in addition to their verification code. The app password is entered once and remains the same until the user updates their login information.

Password Strength – G Suite Security Settings

As the G Suite administrator, you can help protect your users’ accounts by monitoring and managing the length and strength of their passwords. Setting a length requirement prevents users from creating short passwords which are easy to hack. Start by logging into your G Suite administration console.

  1. On the dashboard navigate to security and then basic settings. If the security option is not visible on your panel, select more controls to browse to the security features.
  2. In the section labeled password strength, enter a minimum and maximum length the user passwords must abide. For example, must be between eight and 20 characters.
  3. Click save.

Also in the security section of the G Suite administration dashboard, you can monitor how secure user passwords are. Navigate to the password monitoring area of the security section. From here you can view a graph showing the overall strength of your users’ passwords. This bar graph will change over time depending common passwords that are known to be vulnerable and your password length requirements.

Keeping your G Suite user accounts secure is your best line of defense against hackers and data loss. It is also a good idea to back up all G Suite user information. CloudAlly offers an affordable backup service for all your G Suite accounts. You’re welcome to sign up for a free trial at and test it!


Now that you know more about how to maintain your G Suite security settings, you might want to have a look at what we created for you…

L7-G-Suite-DataSheet-squared

HIPAA compliance software – Office 365 HIPAA

Office 365 HIPAA

HIPAA Compliance Software

hipaa compliance softwareProtected health information is an important subject in the technological age. The use of mobile devices such as smart phones and tablets make it more consequential for companies to have protections in place. With the use of online services, like Office 365, HIPAA compliant takes on a new level of complexity. Not only does your business must have regulations and safe practices in place to protect sensitive data, but the online service must have HIPAA compliance software measure as well.

The IT manager can easily be confused by which services have the proper protections in place to help safeguard data.  A quick search and hundreds of names appear, all claiming to have the certifications necessary to meet your needs. While many do, not all are as compliant as they pretend to be. So, one wonders is Office 365 HIPAA compliant?

Certified to Protect

Microsoft has robust security features necessary to help protect information stored on their servers. The company offers two-factor security authentication to help keep your accounts secure. In short, Office 365 is HIPAA compliant.

As an Office 365 user, there are some things you must do to take advantage of their compliance standing. All companies using Office 365, must complete a business associate agreement, or BAA, with Microsoft. Once in place, Microsoft, for their part, will do everything in their power to ensure your protected health documents are secure.

Configuring Office 365 Email

After signing a BAA, Microsoft helps you set user emails to comply with HIPAA regulations using the Exchange Online Protection program. Only administrators can configure these settings, as they are reached from the Exchange Admin Center page.

Office 365 Backup
Once on the Admin page, select Compliance management, then select Data Loss Prevention. From here click on the “+” sign and select New DLP policy from the template. Scroll until you find HIPAA and choose template.

By default, Office 365’s HIPAA rules scan messages for Drug Enforcement Agency (DEA) number and Social Security numbers. However, if you need more coverage, you can add:

  • US Passport number
  • US Bank Account
  • US Driver’s License
  • US Individual Taxpayer Identification number

To add any of these items to your HIPAA configuration, just select them on the template. You can also customize rules to add fields such as Date of Birth.

Once enacted, Microsoft scans each email for selected sensitive information. In the event of an incident, Microsoft reports it as dictated by their standard notification procedures to the system administrators.

Office 365 HIPAA Compliance Is Not Enough

Using an email service that is HIPPA compliant, like Office 365, is not sufficient. Microsoft is only responsible for maintaining security on their end of the agreement. It is up to business owners to use best practices to protect customer information and comply with HIPAA regulation.

Adding two-factor security authentication is just one step to help protect your files in an HIPAA regulated situation. Using encrypted email when sending data contributes to protecting your customers from potential information loss.

Another step you can take is limit who on your staff can send emails concerning patient information. Limiting who can access and edit client files is also another way to protect sensitive data.

Patient consent forms, which must be signed for health information to be shared with anyone other than the patient, are the responsibility of your office. Microsoft does not take responsibility for this document. It is up to your staff to obtain and retain written permission. Under HIPAA regulation, this agreement is obtainable via email. However, you must inform the patient of any potential risks they may have using email to communicate sensitive data.

Properly managing where protected health information is the most important thing you can do to maintain HIPAA regulation. While mobile devices often come with Office 365, it can only help to increase the risk others gaining access to patient information. Misplaced laptops and cell phones can lead to stolen documents if saved internally.

Having a cloud backup in place can act as a barrier to malicious data loss. Storing information in the cloud keeps it from being stored on the hard drive of a mobile device that is easily lost. However, if you choose to store your information in the cloud, make sure your backup service is HIPAA compliant to adhere to government regulation.

CloudAlly is certified ISO 27001 and is thoroughly HIPAA compliant software. We offer business associate agreements with all clients who ask for them. Our Office 365 backs up email, calendar, tasks, and contact data.

Try us free for 15 days, no credit card required to sign up