Beware: Hackers prey on holiday MFA fatigue

Multifactor authentication (MFA) is the gold standard in offices around the world. We all know the drill: you use your username (often, and inadvisably, your email address) and, perhaps, as the password, the name of your first dog and the last four digits of your social security number.

Not very foolproof, but often the user isn’t too worried. In their mind, they know that if the hacker does figure out their login credentials using various tools or techniques, they still must find their way around MFA’s second layer of security.

Beware of “push bombing”

However, what the user may not realize is that hackers have developed many tried-and-true methods for accomplishing this, including social engineering attacks, spear-phishing, and DDoS attacks. And there is another favorite tool hackers have at their disposal, and it relies on users being tired, frazzled, or annoyed enough to “cave in.” And who isn’t fatigued or frazzled in the final sprint to wrap up Q4 and holiday gifts? The technique hackers like to employ this time of year is called “push bombing.”

Read More ›

Why SMBs need a robust patching program

A robust patching regimen is a pillar of “Cybersecurity 101.”

“But sometimes, believe it or not, that is such a basic task that it gets overlooked. For instance, checking the oil in your car frequently is a must, but that doesn’t mean people always remember to do it, even people who should know better,” says Raymond Peters, a cybersecurity researcher in Winnipeg, Manitoba.

Patching is essential to risk management

Frequent patching is something that every business needs to practice. “Not having a patching program as part of a basic risk management strategy is bad business and is essentially rolling out the welcome mat for cybercriminals,” Peters warns.

Read More ›

Beware of Google Chrome Complacency Risks

Google Chrome is about as ubiquitous on computers as a water cooler or a coffeemaker are in an office space.

Chrome is also the king elsewhere, unless the systems are Macs, and Safari is the browser of choice. With its minimalist, crisp interface and Google brand, most people are easily satisfied. Even IT Professionals, with too many other things to handle and not enough people to handle them, can also be sometimes lulled into Chrome complacency.

“Google is great for its ease of use, but that very ease can also apply to hackers – whether they be outside or even inside jobs,” says Parker Hodges, an independent cybersecurity consultant in Seattle.

Read More ›

Answering the Most Common VoIP Myths and Misconceptions

Voice over Internet Protocol or VoIP isn’t new technology, it’s been around for many years! However, there are many myths and misconceptions about the technology that are floating around today.  There are many rumours going around about VoIP – like that it’s expensive, a challenge to install, or that it’s unreliable.

This couldn’t be farther from being true! In fact, VoIP is not only extremely easy to adopt, but one of the most reliable ways for businesses to communicate.

Let’s take a look at some of the most common myths about VoIP – and the truth about each one:

Read More ›

5 Employee Bad Habits Risking Company Data

When people think about cyberthreats, they usually think of external threats caused by cybercriminals living in remote locations. However, 95% of security breaches are caused by internal human errors. Employee bad habits act as a catalyst for poor security practices within an organization and put a company’s data at risk.

Here are five common employee habits that can adversely impact a company’s security:

1. Poor Documentation Practices

  • Multiple employees view, edit and share your critical documents throughout the day. Without tracking who is accessing the documents, your data is more likely to get misplaced. You also need to incorporate access permissions, version control, etc., to limit access to critical data.
  • Employees who rely on manual documentation tend to miss key information, which creates room for errors and puts data at risk.
  • Employees who do not create or document a disaster plan for themselves or are not aware/trained on what to do post a cyberattack, tend to lose vital company data that can never be retrieved.
  • Lack of rules for accessing data from external networks can easily put your data at risk. You need to encrypt both your data transfer and storage.

Read More ›

2022 needs to see more spending on cybersecurity.

The annual State of IT report released by Spiceworks Ziff Davis, a global marketplace that connects technology clients and vendors with the most actionable and precise intent data, shows that managed security services spending is projected to increase in 2022. According to the report:

“In 2022, enterprises are expected to spend a significantly greater portion of IT budgets on security appliances. In fact, enterprises — with their bigger attack surfaces — are more likely to increase IT spending due to security concerns overall.”

Cybersecurity experts are pleased that companies finally seem to be willing to spend more on security. But how does Ziff Davis show security budgets being allocated? And how do independent experts view the shifting priorities?

Holistic security solutions a must

According to State of IT report, the top security expenditure in 2022 is expected to be employee security training tools (ESTT).

“Companies can no longer focus on singular solutions, they have to be holistic. The tools used to train employees in security protocols can be everything from cloud-based solutions to end-user education,” says Mike Medford, a cybersecurity specialist in Honolulu. “It used to be that there were more `silver bullets’ available to contain security threats, but that simply isn’t the case anymore. Companies must cast a wider net and that is ESTT.”
Read More ›

Announcing our new SaaS ERP platform powered by Datto

We are excited to announce our successful transition to a new best-in-class unified SaaS ERP platform with integrated Professional Services Automation (PSA) and Remote Monitoring Management (RMM) powered by Datto. The new PSA/RMM platform helps us provide secure and reliable end-to-end services focused on helping our clients with their evolving needs and our commitment to delivering best in class services and solutions.

In addition to maintaining complete insight into the computer networks under our management while performing tasks and services quickly and efficiently critical to your success, the new platform offers us better AI-based automation, better client engagement (i.e. client portal, desktop agent, etc.), as well as more detailed and accurate reporting on our service levels and overall performance as your business technology partner.

We look forward to serving you better and we always welcome your feedback and comments.

Show Your IT Infrastructure Some Love: It’s Been Working Really Hard for Your Business

Most of us have wrapped up our summer chilling and vacation by now and it’s time to dive back into work. But while we’re still drafting out the plan for fall work progress, what about giving your IT infrastructure a well-deserved break? Or even better: a much-needed upgrade.

Your mission-critical IT infrastructure needs an opportunity to refresh, too, so that it can continue to do its best at providing you with the power to maintain and accelerate your economic growth.

Instead of wasting money on inefficient hardware to collect dust, invest strategically in a Hyper-Converged Appliance (HCA) from NUMENTIS. Here are some of the benefits:

*             Unlock close to 100% of your underlying hardware potential

Read More ›

3 Ransomware Myths Businesses Need To Stop Believing Now

Despite the rising ransomware numbers and the numerous related headlines, many small and medium-sized businesses (SMBs) still don’t consider themselves at risk from cyberattacks. Nothing could be further from the truth. Smaller organizations are a prime target, and ransomware authors have only upped the ante in their methods to ensure they get paid. For example, many ransomware groups now threaten to expose or sell company data stolen in a breach if victims refuse to pay, meaning the business in question could have to shell out for heavy fines due to GDPR and similar regulations. In many cases, paying the ransom may be the most cost effective (and least publicly embarrassing) option. But what if your business can’t afford it? Or if the downtime from the attack is too much to recover from? And what’s the long-term psychological and emotional toll?

Here are 3 myths about ransomware that businesses need to stop believing to stay resilient against these evolving and insidious attacks.

Read More ›

5 Must-Have Features for a BCDR Solution

In today’s cutthroat environment, businesses cannot afford downtime due to cyberattacks, hardware or software failure, natural disaster or human error. That’s why a robust business continuity and disaster recovery solution (BCDR) is imperative for their survival. We at NUMENTIS deliver efficient BCDR solutions that our clients can rely on to keep business-critical processes up and running at all times.

Read More ›