(713) 682-4000 sa***@************es.net

When Should I Update My Passwords?

How to Recover Deleted Files

How to Secure Your Business Mobile Phone

How to Avoid a Spear-Phishing Attack

How to Protect Customer Data

What is Phishing?

Top Access Control Trends for 2019

The Benefits of Two-Factor Authentication

Why Your Office Needs an Access Control System

Watch out for this persuasive phishing email

Getting ready to switch to VoIP phones

New Spectre-style attack discovered

Office 365 security considerations

IT security policies your company needs

HTTPS matters more for Chrome

Protect your Facebook and Twitter from hackers

Be Smart and Back Up Your Valuable Data

New security features on Office 365

Safety tips for watering hole attacks

Blockchain is much more than Bitcoin

Posts Tagged ‘security’

When Should I Update My Passwords? - WesTec Services

When Should I Update My Passwords?

Written by WesTec on . Posted in Cybersecurity, Passwords

Sometimes, accounts will ask you to update your passwords for security reasons. This often feels like an unnecessary task meant to make your life more complicated. However, in a world full of hackers and online predators, one must regularly update their password to protect valuable information.

Change Your Passwords Regularly…

When Should I Update My Passwords? - WesTec ServicesBy regularly changing your login information and passwords, you make it harder for someone to steal information. This is increasingly important for accounts without two-factor authentication. Communication accounts, like email and chatting apps, should also be updated every so often for increased protection.

…But Don’t Change Them Too Often

Traditionally, experts recommended you change passwords every 30 to 60 days–this is no longer the case. Mandatory password updates lead to money loss and lack of productivity with minimal security payoff. Now, changing your password doesn’t hold near the protection it used to. Because cybercriminals continue to learn more advanced hardware and software, they can typically discover your password if they look hard enough.

As humans, we tend to create patterns. This is no different in password creation. Typically, we use similar letters, numbers and themes when updating a password. Updating your password too often leads to confusion with little added benefit.

Keep Your Data Secure

As a rule of thumb, update your passwords when there is proof of some sort of security breach or online attack. This includes unauthorized use of an account or evidence of malware. By doing so, you’re preventing a hacker from gaining access into your personal accounts and obtaining sensitive, private information or data.

There are other ways to protect your data. Contact the experts at WesTec Services for more information about our cybersecurity services.

If you’re not sure how to create a secure password that will outsmart the online hackers, read our recent article for tips.
How to Recover Deleted Files - WesTec Services

How to Recover Deleted Files

Written by WesTec on . Posted in Data Protection

Have you ever accidentally deleted a file and then realized you need it back? Unfortunately, it’s happened to most of us at least once–and we’ve all experienced the headache that follows.

Here are a few tips that can help you try to recover a deleted file from your device:

  1. How to Recover Deleted Files - WesTec ServicesMake sure the file is really deleted – If you’re not sure whether you permanently deleted a file, be sure to look for it before making an assumption. When attempting to recover deleted files, check the Recycle Bin or Trash on your computer. Typically, you can choose the filter “Date Deleted” to make your search easier. If your file was stored in a cloud storage like Dropbox or Google Drive, check your deleted files there–it may still be recoverable.
  2. Check your backups – Making regular backups of your most important files on your device can prevent you from losing critical data when you need it. If you do have a backup, you may be able to recover your deleted files. if you don’t have a backup, now may be the time to implement one.
  3. Try to recover the file – If you deleted a file on a magnetic hard drive, shut down the computer immediately. With the computer shut down, you should remove the hard drive from the computer entirely and place it in another computer as a secondary drive. Use file-recovery software to scan the drive. If you deleted the file recently and haven’t written to the drive much, you have a fairly good chance of recovering it.
  4. Professionally recover the file – If all other methods were not successful in recovering the deleted files, you may want to consider a professional data recovery service. Professional data recovery services deal with everything from deleted and overwritten files to dying hard drives that need to be disassembled and repaired.
To continually ensure the security of business data and important files, it is recommended to perform regular data backups to your computer. If you feel that you don’t have the time or expertise, WesTec Services performs data backup and recovery services provided by our expert IT consultants.

For more information on our data backup or recovery services, contact the experts at WesTec today.
How to Secure Your Business Mobile Phone - WesTec Services

How to Secure Your Business Mobile Phone

Written by WesTec on . Posted in Business Equipment, Security

Business mobile phones can be used for a range of commercial operations, including inventory control, customer relations, advertising, marketing, banking and more.

Here are few ways to ensure your mobile phone and its valuable data is protected against hackers and malware:

1. Update your phone.

Most of us are guilty of ignoring operating system updates on our business mobile phones. However, the longer you wait to update your phone, the more out of date your systems are, making you an easier target for hackers who can easily identify and exploit system vulnerabilities.

How to Secure Your Business Mobile Phone - WesTec Service2. Lock your device.

If your business mobile phone contains private information about you or your business, it is important to always engage the four- or six-digit passcode on your device. Don’t use the same password for all your accounts and be sure to change your password occasionally for good measure.

3. Manage app permissions.

On your mobile phone, you can grant apps permissions, like access to the camera, microphone, your contacts, your location, your pictures, and more. Be sure to keep track of which permissions you’ve given to which apps, and revoke permissions that are not completely necessary.

4. Back up your data.

Things happen, but you can always be prepared. When you back up the data on business mobile phones, you are able to protect your important documents and images in case of any loss.

5. Ignore spam and phishing emails.

One of the easiest ways for hackers to access your information is through email. Be sure you don’t click on links in promotional emails, open suspicious attachments or run updates that are promoted through emails. If you need to access sensitive information, report directly to the organization’s website to login.

Connecting the dots with business mobile phones can be confusing, time consuming and costly. For a reliable business mobile phone provider in Houston, contact the experts at WesTec today.
How to Avoid a Spear-Phishing Attack - WesTec Services

How to Avoid a Spear-Phishing Attack

Written by WesTec on . Posted in Data Protection

As we discussed in a previous article, phishing is an attack that uses disguised emails as weapons aimed at masses of people. However, spear-phishing is a targeted attempt to steal sensitive information from a specific victim, such as account credentials or financial information.

During a spear-phishing attack, the perpetrator attempts to acquire personal details on the victim’s friends, hometown, employer, hang-outs, and their recent online purchases. This is typically done by disguising themselves as a trustworthy friend or entity through email, social media, phone calls, or text messages.

Because spear-phishing is the most successful form of acquiring confidential information online, it is important to practice how to avoid an attack.

How to Avoid a Spear-Phishing Attack - WesTec Services1. Beware what you post: Review your online profiles. How much personal information is available for potential attackers to view? If there is something you do not want the public to see, delete it, or ensure your privacy settings are properly configured.

2. Use smart passwords: It is not wise to use the password for every account you own. In this case, if an attacker has access to one account, they effectively have access to all of your accounts. Passwords with random phrases, letters, and numbers are secure.

3. Use logic with emails: If an organization sends you a link in an email requesting a specific action or sort of personal information, go directly to the organization’s site rather than clicking on the link. Calling the organization can also help clarify the issue. Real businesses will not email you asking for your username and password.

4. Update your software: Software systems include security updates that should help protect you from spear-phishing attacks, as well as others. If you receive notice of a new update, be sure to take advantage, or enable automatic updates.

  To learn more about how you can protect your data or sensitive information, contact the experts at WesTec.
How to Protect Customer Data

How to Protect Customer Data

Written by WesTec on . Posted in Data Protection, Network, Network Health Check Audits, Security

We place our information online every day. We’re more than happy to hand over our email, phone number, address and credit card information to purchase a product on the internet. In a world where ecommerce is becoming the standard, businesses must do what they can to protect customer data.

Follow Current Encryption Practices

Encryption practices change regularly to evolve and combat cybercriminals. Often, organizations who failed to stay up-to-date with the latest data protection trends fall victim to cyberattacks. To help protect customer data, create a recurring reminder to analyze your company’s security practices and make updates as necessary.

Limit Access to Customer Information

For additional protection, limit who within your business can view customer data. Not every employee needs access to customers’ personal information. When only necessary employees have access to customer information, hackers have a harder time finding a weak point to break into company databases.

Don’t Ask for Unnecessary Information

As a company, it is important to only collect the information you need to complete a transaction or service to your customer. Customers get weary when a business asks for unnecessary information. By only collecting necessary information, there is less for a hacker to steal. This protects customers and their livelihoods.

customer dataEducate All Employees on Security Policy

While you may limit who can view customer data, make sure every employee knows and understands the company security policy. Even though an employee may not have access to the customer database, their actions could affect the privacy of customers. For example, if someone were to take a company laptop to a coffee shop and used the open wifi, a nearby hacker could potentially break into the company’s database through the network and steal personal information.

Let Consumers Know Their Information is Protected

The best way to build consumer trust is transparency. Let customers know you value their privacy. Take it one step further by detailing how you work to keep customer information stored safely in a privacy policy. If you’re unsure of how your business should protect customer data, or if your company wants information on the latest encryption practices, contact the experts at WesTec Services. We can help you create strong security protocols and install encryption software for data security.

What is Phishing?

Written by WesTec on . Posted in Cypbercriminals, Phishing, Security

Phishing is defined as a cyber attack that uses disguised emails as weapons. Hackers try to trick email recipients into clicking links or attachments they designed to steal personal information.

What is Phishing?

Here’s an analogy to better understand: Imagine a fisherman baiting a hook and tossing it into a lake in hopes of getting a bite. If a fish bites, the fisherman reels it in. But, if it doesn’t, the fisherman fails and the fish keeps swimming. Phishing is the same way. A cybercriminal can only gain access to your accounts or information if you fall for the bait. For example, a hacker might design an email disguised as your bank telling you your account has been compromised. They ask you to click on a link to verify your identity. If you click on the link and fill out the information, you have now provided them with the information to access your finances.

Types of Phishing

Hackers attempt to get victims to do one of two things to get what they want. Some cybercriminals try to trick you into giving up your information. This is similar to the bank example above. Other hackers prefer to have you download malware. Often, these types of emails will include a download attachment, often a .zip file or Microsoft document, embedded with malicious code.

How to Prevent Phishing Attacks

If you know how to spot a phishing attempt, you can avoid compromising your data and report it to the Federal Trade Commission. Here are the steps you can follow to confirm the identity of an email sender:
  • Always check the spelling of URLs in email links before you click
  • Watch out for URL redirects, where hackers sent you to a different website with identical design
  • If you receive a suspicious email from a source you know, contact them with a new email, rather than replying
To learn more about how you can protect your data and sensitive information, contact the experts at WesTec.
Top Access Control Trends for 2019

Top Access Control Trends for 2019

Written by WesTec on . Posted in Access Control System, IT, Management and Consulting, Network Health Check Audits, Network Installation

Access control systems continuously evolve with the newest technology trends. In fact, they must keep up with updates to protect companies, their employees and data from threats. With a rising number of security breaches, we can expect more companies to install access control systems. 

Access Control Reviews

Security breaches are encouraging companies to conduct full audits of access controls. Enterprises will review risks by user, role and business process to isolate and mitigate risks before they turn into high-profile breaches. By noting weak security measures, companies can make changes to better protect assets.

Individualized Access

In 2019, we saw to see a rising trend in individualized access. This ensures each person has their own username, password or identification code. Companies now have access to automated provisioning, which sets up user accounts and creates automated workflows based on job duties. 

Security Patching

Hackers will do anything to break into security systems. While this has been a problem for decades, hackers are now specifically targeting overlooked points of access. To combat external threats, we expect access control systems to begin patching vulnerabilities, even if it means temporarily disrupting productivity. 

Threat Identification

Next year, systems will continue and expand their use of data analytics to monitor and mitigate threats. Companies will use their dashboards to monitor access, but they will also run possible scenarios to reduce risk and conflict. 

man using access control systemCloud-based Systems

The need for analytics, automation and access will encourage more businesses to install  cloud-based control systems. As companies increase their technology and mobile tools, they will want to protect their system in an effective way.  As we prepare to enter a new year and decade, businesses shouldn’t ignore threats from potential breaches. Our expert IT professionals at WesTec Services can help you analyze your current strategies and install a system designed to deflect security breaches. Contact us to learn more about our access control systems.
two-factor authentication benefits

The Benefits of Two-Factor Authentication

Written by WesTec on . Posted in Security, Social Media, Telecommunications

As technology continues to advance, additional security measures become necessary. Until now, single-factor authentication has been the standard. Single-factor authentication requires a username and password to enter an account. Consumers need additional security measures as cybercriminals become smarter. This is where two-factor authentication helps protect sensitive information and log-in credentials.  Two-factor authentication (2FA) isn’t a new concept, but is a necessary additional layer of security. It usually works by requiring the submission of a username and password, then asks for something additional to prove you are who you say you are. For example, some businesses will send a pin number to your cell phone you must provide for entry into a site.

Improved Security

With a second form of identification needed for verification, two-factor authentication makes it harder for an attacker to impersonate a user. In the event a cybercriminal gains password access, they can’t produce the additional element required to authenticate.

Increased Productivity and Flexibility

Employees can work remotely when their employers implement a second factor of authentication. They can securely access important applications, data, documents and back-office systems from any device or location with little risk.

Lower Security Management Costs

Approximately 40% of all help desk calls are related to password resets. With secondary authentication, businesses can expect less of the budget to be spent on security needs. It provides a safe way for employees or consumers to reset their account password by using the additional element to prove their identity, meaning they can handle the issue without contacting an IT professional.

Reduce Fraud

Identity theft is a common goal of cybercriminals. With two-factor authentication, businesses add extra mobile protection for customers, the site and the transaction. Adding a second element in your authentication process builds a sure brand consumers trust.  Ready to add two-factor authentication to your website? Contact your Houston IT experts.

Why Your Office Needs an Access Control System

Written by WesTec on . Posted in Office, Security

Installing an access control system proactively protects your business. ID key entry, fingerprint scanners and video monitoring can ensure only authorized individuals enter a space. WesTec’s access control systems are completely customizable, making it easy for companies with all budgets to protect its employees and assets.

Customizable Access

An access control system can be customized to fit the needs of a business. For example, you can restrict access to certain areas to specific employees. A company can also restrict the times employees enter the building, but give 24/7 access to necessary personnel. Systems can also track an employee’s hours by recording when he or she clocks in and out.

Protection From Intruders

Access control systems make it difficult for unauthorized individuals from entering a space. With the right hardware, including video monitoring, management can monitor a door when an intruder forces it open.

Data Security

If you store expensive equipment, sensitive data or financial information on-site, consider installing an access control system. WesTec employees can set up two-factor authentication for added security. With an additional authentication measure, such as a fingerprint scanner or pin code, there is no risk of an intruder entering with a keycard.

Employee Safety

Today’s society becomes more violent with each passing day. In a world where threats could be anywhere, it is important employees feel protected. Door access control guarantees the only individuals in a space are the ones meant to be there. WesTec offers a variety of access control systems from leading manufacturers. To find the perfect access control system for your business, contact WesTec Services’ highly trained personnel.

Watch out for this persuasive phishing email

Written by Rick Schissler on . Posted in Office

Watch out for this persuasive phishing email

 August 27th, 2018
Watch out for this persuasive phishing email

Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s a new phishing scam making the rounds and the digital bait is almost impossible to distinguish from the real thing. Here are the three things to watch out for in Office 365 scams.

Step 1 – Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 – Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.

Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 – Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: jo*****@***1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site’s URL before entering your password. A zero can look very similar to the letter ‘o’ (e.g. 0ffice.com/signin).

Third-party IT solutions exist to prevent these types of scams, but setting them up and keeping them running requires a lot of time and attention. Give us a call today for information about our unlimited support plans for Microsoft products.

Published with permission from TechAdvisory.org. Source.

Getting ready to switch to VoIP phones

Written by Rick Schissler on . Posted in VoIP

Getting ready to switch to VoIP phones

August 10th, 2018
Getting ready to switch to VoIP phones

Voice over Internet Protocol, commonly known as VoIP, allows you and your employees to make and take phone calls over the Internet using your existing broadband connection. It saves you loads of money and increases team efficiency. If you’re considering moving to a VoIP solution, here are some of the most important aspects to address before the switch.

Network stability

Implementing a VoIP phone system presents unique challenges, such as maintaining a consistent internet connection. Backup internet connections and uninterrupted power supplies are just some of the hardware you should have to ensure reliable VoIP calls. If your internet goes down or the power is knocked out, business goes on as usual.

Bandwidth

Beyond a stable connection, VoIP calls also need minimum network speeds to function. Estimating your current bandwidth and VoIP’s needs is crucial to ensuring your calls are clear and free of drop outs. Before benchmarking your internet speed, decide on how many users, handsets, and calls per day your new VoIP solution will need to handle.

Security

As with anything connected to the internet, VoIP is susceptible to cybersecurity threats and breaches. You could fall victim to information theft and malicious attacks if you don’t have robust and preventive security measures in place. Your best bet is to deploy a firewall to monitor the flow of traffic and protect your systems from security threats.

Budget

VoIP is a long-term money saver for small businesses, but there are relatively small upfront costs when upgrading from a traditional phone system or another subpar VoIP solution. You need to take into account things like whether you’ll purchase deskphones, potential cabling challenges, and installation costs for VoIP-specific routers.

Staff

Employee training is key to a successful VoIP integration. You help these efforts by asking one, or several, of your staff to work with the vendor or IT provider to learn the new system and become in-office resources. While most people are already familiar with video conferencing software such as Skype, it helps to create user guides and manuals to educate those that aren’t as tech-savvy.

VoIP systems create countless cost-saving and business-enhancing benefits, but they should not be installed without certified help. Our dedicated professionals streamline the whole process so your solution is configured and optimized as quickly as possible. Get in touch with us today for information on how to embrace this groundbreaking technology.

Published with permission from TechAdvisory.org. Source.

New Spectre-style attack discovered

Written by Rick Schissler on . Posted in Security

New Spectre-style attack discovered

August 7th, 2018
New Spectre-style attack discovered

Security experts are constantly discovering new potential threats, and quite recently, they’ve found a new type of Spectre-style attack more dangerous than the original. Here’s a quick rundown of the new Spectre variant.

Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails. Malicious code running on a computer or web browser could be used to exploit this vulnerability, but ever since Spectre was discovered, Microsoft, AMD, Intel, and other tech companies released a series of updates to fix it.

What is NetSpectre?
To perform Spectre attacks, malware would have to run on a targeted machine to extract sensitive data. But in late July, Austrian security researchers found a way to launch Spectre-style attacks remotely without locally installed malware. The new attack is called NetSpectre and it can be conducted over a local area network or via the cloud.

So far, it’s impractical for average hackers to use this method to steal data. In tests, researchers were able to steal data at a rate of between 15 to 60 bits per hour, which means it would take days to gather corporate secrets and passwords. As such, NetSpectre will probably be used by hackers who want to target specific individuals but don’t want to resort to obvious methods like phishing scams or spyware.

Experts also warn that while NetSpectre may be impractical now, hackers may develop faster and more powerful variants in the future.

How should you protect your business?
NetSpectre attacks exploit the same vulnerabilities as the original Spectre so it’s important to install the latest firmware and security updates. You should also secure your networks with advanced firewalls and intrusion prevention systems to detect potential NetSpectre attacks.

Last but not least, working with a reputable managed services provider that offers proactive network monitoring and security consulting services can go a long way in protecting your business from a slew of cyberthreats.

If you’re looking for a leading managed security services provider, why not talk to us? We provide cutting-edge security software and comprehensive, 24/7 support. Call us today for more information.

Published with permission from TechAdvisory.org. Source.

Office 365 security considerations

Written by Rick Schissler on . Posted in Office

Office 365 security considerations

July 25th, 2018
Office 365 security considerations

It’s easy to see why Office 365 is an attractive solution for small and medium-sized businesses already familiar with the Office interface. More and more companies are making the move to the cloud, but there are security issues to consider.

Identify your company’s sensitive data…
Most files housed within your servers contain sensitive commercial and personal data that must be properly identified and protected. Do this by conducting a security audit before you undertake your migration.

Your audit should identify the types of data stored in the various parts of your company network, including which specific information needs extra safeguarding. Be sure to consider everything from trade secrets and contract details to the personal information of your clients.

…and then restrict access to it
Once you’ve worked out where your most precious data lies, you can check who currently has access to it and whether their access is appropriate. After all, it’s not necessary for everyone to be able to get at all the data your company owns.

Ensure that each of your employees has access only to the data that’s necessary for them to perform their duties. The great thing about Office 365 is it lets you conveniently set different levels of permissions based on user roles.

Watch out for insider threats
It’s wise to consider everyone in your organization when it comes to auditing data access permissions – and that includes system administrators who may have master access to every element of your network infrastructure.

A rogue administrator is the stuff of nightmares, since their elevated position gives them much greater leeway to siphon off valuable data without being noticed – or even to allow others to conduct questionable business and bypass the usual built-in security precautions. You can mitigate this risk by monitoring your administrators’ data usage and activities.

Use machine learning to foresee security breaches
Every action performed by your staff within Office 365 is automatically logged, and with relative ease you can create detailed activity reports. But the sheer number of events taking place within Office 365 in the course of your business’s normal operations means that even attempting to identify questionable behavior will be akin to finding a needle in a haystack.

That’s not to say it’s unwise to be on the lookout for anomalies in normal usage – the export of unexplainably large volumes of data, for instance, could suggest that a member of your team is leaking intelligence to a competitor, or that they’re about to jump ship and take your trade secrets with them.

To make things easier, machine learning technologies can identify potential breaches before they happen by analyzing large swathes of data in seconds. Graph API is incorporated into Office 365, and allows for the integration of machine learning tools into your security environment to achieve just that. The same tools can also help you avoid being caught unawares by hackers, by identifying system login attempts from locations that are out of the ordinary.

By following these tips, you’ll be able to enjoy the powerful collaborative features of Office 365 while ensuring the robust security your business demands. To find out more about how we can help your Office 365 migration run smoothly, just give us a call.

Published with permission from TechAdvisory.org. Source.

IT security policies your company needs

Written by Rick Schissler on . Posted in Security

IT security policies your company needs

July 23rd, 2018
IT security policies your company needs

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow. Here are four things your IT policies should cover.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.

Published with permission from TechAdvisory.org. Source.

HTTPS matters more for Chrome

Written by Rick Schissler on . Posted in Google, Security, Web & Cloud

HTTPS matters more for Chrome

June 14th, 2018
HTTPS matters more for Chrome

HTTPS usage on the web has taken off as Chrome has evolved its security indicators. HTTPS has now become a requirement for many new browser features, and Chrome is dedicated to making it as easy as possible to set up HTTPS. Let’s take a look at how.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol(HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider(ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.

Published with permission from TechAdvisory.org. Source.

Be Smart and Back Up Your Valuable Data

Written by Rick Schissler on . Posted in Business

Be Smart and Back Up Your Valuable Data

May 10th, 2018
Be Smart and Back Up Your Valuable Data

Storing copies of your business data in the cloud will help you avoid the risks associated with broken hard drives, lost or stolen devices, and human error. That’s because entrusting your data to an expert cloud provider means you’ll have trained professionals handling the backup of your business assets online.

How should you go about choosing a cloud backup provider? Let’s take a look:

Learn more about their storage capacity

Before partnering with a cloud backup provider, ask them where they store their data. Many providers use cloud servers over which they have little control, which could be hazardous as it makes it harder to monitor activity and respond to anomalies. To avoid this fate, choose a backup service that operates their own cloud-based servers.

Next, you will have to determine whether your business assets can be backed up, since some cloud storage providers do not have the capacity to save bigger files like videos or other multimedia files. By asking these questions, you can find a cloud backup service that fits your business needs, and more importantly, can take care of all your files.

Get details on their security

It will be important for the cloud backup provider to explain in no uncertain terms how they will store your files. They should be encrypted and stored on multiple servers because redundant storage ensures your data has multiple copies saved online and can be retrieved at will. Even if an uncontrollable disaster befalls your company or the backup provider’s system, you’ll still be safe.

Compare your budget and backup costs

Before considering any cloud backup provider, you need to know how much the service is worth to you. How much money would you lose if your server crashed and all the data it stored was irretrievable? Compare that amount with the cost of a provider’s service, which could be charged by storage tiers, per gigabyte, or on a flat-fee unlimited plan.

When asking about the price of cloud backups, make sure to clarify any service limitations or restrictions. For example, how quickly can your storage capacity be upgraded? Is it possible to run out of storage? These are not things you want to discover in the middle of hurricane season.

Clarify data recovery timelines

Although storage availability is important, how quickly backups can be created and restored is also an essential factor. Ask providers how often backups will be created (e.g., hourly, daily, weekly), and how long it will take to restore them (e.g., hours, days, etc.). If those timelines are too long, it may be time to look for a better provider.

The most important thing is to know your needs before meeting with a potential provider. Let them know your business needs, budget, and recovery timelines. Our solutions and pricing are flexible and customized to your needs so you’re not stuck in a cookie-cutter plan.

Give us a call to find out more about cloud backup service and other dynamic ways to protect your data.

Published with permission from TechAdvisory.org. Source.

Mission: WesTec will be a “turn-key” solution for all of its clients’ business connectivity needs. It will offer efficient and effective solutions, directly and with strategic partners, that create tangible value for its clients at every point of contact. Westec will serve all people and entities with a servant’s heart.

Get in touch

2916 West TC Jester Blvd., Suite 104

Houston, TX 77018

(713) 682-4000

sa***@************es.net

Quick Feedback

    Privacy Policy