alt tag

Posts Tagged ‘cybersecurity’


Addressing the Unique IT Management Needs at Law Firms

Wednesday, April 11th, 2018

Law firms face many unique IT management challenges that stem from the confidential nature of the information they work with. And that confidential data is why law firms must make the protection of information a key IT priority. Threats can come from outside (such as hackers using pressure to extort money from the firm) as well as inside (from technology failure). In order to adapt as threats change, it is important to understand both why law firms are prone to specific IT management challenges and how to address those challenges.

Why Are Law Firms a Prime Target for Ransomware?

As with other businesses, law firms must be ready for the growing number and scope of ransomware threats.

Hackers see law firms as ideal targets because lawyers may opt to pay the ransom to recover information for a case with an immediate court date.

Additionally, hackers may seek to exploit a larger law firm’s substantial financial backing to get an easy payday: A $300 ransom is worth much more to an individual than it is to a large firm. The 2017 ransomware attack against prominent global law firm DLA Piper demonstrates how serious these attacks can be.

Law Firms Are Vulnerable to Data Theft

While technology automates a great deal of law firms’ work, it also brings additional risks for information theft. The 2017 Equifax hack demonstrates exactly how far-reaching damage can be when hackers steal personal information.

Law firms also need to be concerned about keeping confidential client information confidential. Hackers may try to steal information stored on servers or personal computers through malware attacks and software exploits.

What’s less obvious is how criminals can use social engineering — such as posing as a client via email or during a phone conversation — to get law firms to give up confidential information.

External and Internal Data Loss

Law firms work with a substantial amount of information that can go missing due to both external and internal factors. For example, a firm’s server or an employee’s laptop may fail and lose all the data stored on the device. Additionally, employees may not always properly manage their documents and information, which makes them difficult to find. In fact, poor document management can cost a firm hours of productivity every week. IT management can help organize information through platforms such as a document management system to help minimize data loss related to human error.

Law Firm IT Management Solutions

While law firms face many unique IT challenges, businesses can take several steps to minimize risk and mitigate damage:

  • Implement a three-copy backup policy to safeguard against data loss related to ransomware, malware, device failure and human error.
  • Make sure that all software on all devices is up to date and running the latest version. Hackers tend to exploit user laziness by attacking security holes that could have been patched had the user not skipped an update.
  • Confirm that all information exchanges are secure. Don’t fall for social engineering schemes or use compromised public Wi-Fi networks.
  • Use document management systems to prevent losing data from mismanagement. These also serve as a type of backup.

If you would like to learn more about how your law firm can better manage its IT assets and protect itself from online threats, contact the IT experts at MPA Networks today.

Training Employees in Data Security Practices: Tips and Topics

Tuesday, April 3rd, 2018

While there’s plenty of technology available to keep your business’s data protected, the human element is still the most important piece to consider in safeguarding your company’s data. Properly training employees to understand and implement data security best practices works best when your business makes a cultural shift toward prioritizing IT security. Successfully training your staff is half about knowing how to train them and half about knowing which topics to train them on. Businesses that embrace a proactive approach to training employees on data security will have a much better track record than those that take a reactive approach.

Training Tips

Don’t just make a plan: Implement a program that focuses on training all employees. Have your business take an active role in implementing a data security program. This ensures training is far more effective than simply creating security practices, offering one-time training and hoping it works.

By implementing regular security training meetings on changing topics, your business can train your staff on a wide range of concerns.

In addition, your company can benefit from focused training while constantly reinforcing security as a priority. Hold multiple sessions that get into each topic in depth to help your employees better understand data security.

Training doesn’t end when the session ends — it’s an ongoing process. As an extension of training, your security staff should frequently send out reminders about security concerns to help employees remember what they’ve learned. Make your data security training materials easily accessible in the event staff members see a reminder and realize they should read up on a topic if they’re unclear of what the reminder is about. Additionally, C-level staff, IT and supervisors should lead by example.

Training Topics

The bad news is hackers will always create new threats for your staff to worry about — but the silver lining is that you’ll never run out of fresh topics to cover. Because of the fluidity of data security, your program will need to change which topics are covered in training and continually adjust strategy to address new threats. The following list covers just some of the many topics training sessions can cover:

  • Strong passwords and more secure authentication practices: This includes covering two-step authentication when applicable.
  • Secure Wi-Fi best practices: Explore red flags to look for when using public Wi-Fi and discuss whether public Wi-Fi should be used at all.
  • Physical device security: Cover topics such as encryption and disabling devices remotely to minimize data leaks for stolen/lost devices.
  • Use policy: Reaffirm that non-employees shouldn’t be using employee hardware.
  • Device security: Discuss the importance of keeping software patched and running security software on devices.
  • Popular methods of attack: Cover security best practices for avoiding popular phishing, man-in-the-middle and ransomware attacks.
  • Social engineering threats: Discuss the importance of the user as an essential line of defense when software can’t protect from threats.
  • Three-copy backup strategy: Explain that data is also at risk of being lost rather than stolen, and explore key backups to minimize these losses.

Hackers and thieves are known to exploit human complacency in security practices — and frequent training sessions will help employees stay aware. Is your business looking to improve its security practices? The IT consulting experts at MPA can help; contact us today to learn more.

10 Cyberattacks Your Business Should Defend Against

Thursday, March 29th, 2018

Cyberattacks are a major security concern for any business that uses the Internet. Even if your company doesn’t have a website, hackers can go after your email address and business service accounts.

Though they represent one of the more severe risks of a cyberattack, a data breach costs an enterprise $1.3 million and an SMB $117,000 on average.

Cyberattacks take many forms; your business should plan to protect itself from the following common types of cyberattacks:

1. Phishing: In phishing attacks, hackers impersonate a business in an email to persuade recipients to hand over personal information via a reply or to install malware. The email may also contain a fraudulent link to a fake version of a trusted website’s login page. Whaling and spearphishing are specific types of phishing that refer to attacks that single out a specific person or group.

2. SQL Injection: SQL injection is a technique cybercriminals use to exploit database-entry forms on a website. Rather than inputting a name, password, address or other information, a hacker will instead enter a code command designed to damage your database. This is typically successful when the website doesn’t properly sanitize and clean user-input data.

3. Cross-Site Scripting: XSS attacks occur when a hacker slips malicious code into your website or application. It’s common for hackers to exploit advertisement networks and user-feedback fields to sneak code onto a business’s public platform.

4. Man in the Middle: An MITM is similar to a phishing scam in that a hacker impersonates an endpoint in communication. For instance, the hacker might pose as a representative for your bank when communicating with you and pose as you when communicating with the bank — and obtain valuable information with this strategy. More sophisticated variations of this attack involve jumping into a legitimate conversation and impersonating a trusted individual.

5. Malware Attacks: Malware refers to malicious programs designed to infiltrate and disrupt user devices. Of all the different types of malware, ransomware is among the most high-profile and dangerous: It disables access to a device until the user pays a ransom. Trojans, worms, and spyware are other notable types of malware.

6. Denial-of-Service Attacks: DoS attacks disrupt networks and online platforms by overwhelming them with incredible amounts of traffic. Hackers can use these attacks to knock your website offline or slow your network to a crawl. Distributed-denial-of-service (DDoS) attacks are a DoS variation that utilize multiple devices to pull off the attack; one such example is the Mirai IoT Botnet, which caused a major internet disruption for the eastern United States.

7. Social Engineering: Social engineering refers to a hacker using psychological manipulation to get an employee to hand over confidential information or install malware.

8. Drive-By: These attacks trick a user into installing malware, usually a Trojan, by clicking a link in a web browser. Drive-bys typically exploit security holes in web browser plug-ins.

9. Unpatched Software: Unpatched software attacks are entirely avoidable: They work by hackers using known exploits in programs that have already been fixed. Hackers rely on the fact that some users neglect to install important updates.

10. Brute Force Password Hacks: Hackers may also seize your company and employee accounts through brute force password hacking. In this scenario, they use a program to continually guess an account’s password at login until the program finds one that works. Secure passwords will take far longer to crack, so hackers tend to target less secure accounts.

IT security is an incomplete process unless your business has the right hardware, software and employees working together to prevent attacks. The IT consulting experts at MPA Networks can help. Contact us today.

Cybersecurity and C-Level Execs: Protecting Data While On the Go

Monday, March 26th, 2018

While all employees need to be mindful of security, the nature of C-level executives makes them more attractive targets for hackers. That means it’s necessary for them to take greater precautions.

According to TechRepublic, C-level executives are more vulnerable than other employees because of the mobile tendencies of their work, and they are higher-value targets because of their access to confidential information. Hackers often use lower-level employees as a way to work up to C-level executives to get the information they’re looking for.

Because of their vulnerabilities and target value, C-level executives need to adhere to the strictest security practices.

Internet Access Security Risks

Hackers can do a lot of damage with little effort if executives connect their devices to unsecured networks. C-level executives tend to travel frequently, which can expose their devices to vulnerable Wi-Fi networks. Coffee shops, airports, hotels and exhibition centers are among the largest and most vulnerable network threat locations — and all are places executives tend to frequent. Executives may be working on unsecured Wi-Fi or even worse: hacker-implemented Wi-Fi masquerading as a legitimate access point.

Your company’s best defense against vulnerable public and private networks is to avoid the “penny wise and dollar foolish” mindset: Pay for an unlimited mobile data plan with tethering support for your executives. Using mobile 4G internet on the go eliminates the risks of using out-of-office networks, and tethering support will allow C-level executives to connect their devices that don’t have built-in 4G mobile network access. Your company can also invest in network tunneling, VPNs and other security measures.

Executive Data Access Is an Attractive Target

Consider this hypothetical example: Bob from H.R. has access to everyone’s Social Security numbers, while Janet from accounting has access to the company’s financial records. But Sam the CEO has access to all that information and more. Because of this, hackers view executives as the biggest fish in the sea, and they will target executives over all other potential targets. This is an even bigger problem on outside networks than within the office network because executives don’t have all the security technology that the office provides protecting them.

In addition to preventing the attack, it’s also wise to limit the amount of data access an executive has on devices they use when traveling — especially for international travel.

Executives should use “burner” laptops/phones that only have the information they need for the trip in order to limit data exposure in the event of a hack. For example, don’t store a payroll spreadsheet containing every employee’s Social Security number on a travel laptop.

A stolen device is also an important risk to consider, so your business should always use encryption and secure passwords on executive devices used when traveling.

Email Is a Primary Attack Avenue

Email security needs to be a priority: It’s everywhere, so it’s irrational to think executives will only read and reply to emails in an office setting. C-level executives are primary targets in “whaling” attacks — high-value targeted email phishing scams. The main concern is man-in-the-middle attacks, where a hacker poses as a trusted individual in a conversation. Technology can only do so much to safeguard against whaling scams. Hackers may learn a great deal about a specific target and tailor their methods based on that information — unlike a standard phishing scam that involves throwing out a generic net to see who falls for it.

IT security is important at all levels, but lapses at the executive-level can have disastrous results. The IT consulting experts at MPA Networks can help your business implement strong security practices so your company can avoid catastrophic security breaches. Contact us today to learn more.

5 Commonly Overlooked Workplace IT Disasters

Wednesday, February 28th, 2018

Because IT staff get so invested in making sure software, networking and security elements are working, they sometimes overlook the human, environmental and contingency planning factors that can invite workplace IT disasters. In many cases, preventative work becomes an afterthought for IT staff who are expending all their energy on regular operations. Thankfully, planning ahead can help businesses minimize their chances of dealing with the following commonly overlooked workplace IT disasters. Here are five problems to watch out for:

1. Knowledge Loss

It’s common for an IT staff member to take on project ownership, often resulting in excellent work. However, it’s a problem for your business if the only person who understands how a project or a system operates decides to leave for another position. The rest of the team can have a difficult time picking up where the lost employee left off, especially if something breaks or needs immediate adjustment and they’re under pressure to fix it ASAP. Avert a crisis by cross-training IT staff: At least two people should know how anything works.

2. Insufficient Documentation

Proper documentation can mean the difference between a brief disruption and a catastrophe.

IT staff should prioritize documenting everything from programming code to network infrastructure maps to device use walkthroughs.

This information makes it much easier to understand how something works and how to fix it if something isn’t working. Proper documentation helps staff avoid creating disasters when making changes to something they don’t understand. Additionally, IT staff may forget how something works, and documentation decreases the learning curve.

3. Overheating Computer

Too much heat is bad for computers — it causes unplanned shutdowns and eventual device failure. In addition to making sure computer software is patched, IT staff should periodically make sure computers aren’t being used in high-heat conditions. Computers used in areas that don’t have air conditioning, lack clear airflow passage and pull in dust can all result in overheating.

4. Environmental Problems

Heat isn’t the only elemental factor that can prompt an IT disaster: A leaky pipe, a blocked vent or extreme humidity can also damage hardware. These disasters may require replacing computer hardware or entire devices. Servers and network hardware often get tucked away in closets, basements and spare rooms to stay out of the way of daily operations. Issues like exposed pipes, bad airflow, dust, debris, humidity and poor temperature management create conditions ripe for an IT disaster. For example, a pipe leak can flood a room and destroy a server. IT staff should look for and mitigate environmental factor risks.

5. Use of Improperly Tested Tech

While having confidence that you can plug in technology and it will work is a testament to advancement, it is still a recipe for disaster in the IT world. Just because a device turns on and connects to a service doesn’t mean that it’s ready for use. For example, IT staff need to thoroughly test a new AppleTV in the presentation room before a C-level employee uses it in a presentation for investors. While short-term technical failures aren’t a disaster as far as IT is concerned, they can have far-reaching effects in other areas of the business.

In some cases, not having a disaster recovery plan in place before catastrophe strikes could be considered an overlooked IT disaster in itself. The IT consulting experts at MPA Networks can help your business avoid potential overlooked disasters. Contact us today.

Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Do You Have a Crisis Management Plan for a Cyberattack?

Thursday, February 8th, 2018

A cyberattack crisis management plan is your business’s best defense for minimizing cyberattack damage after technology-based preventative measures have failed. Unfortunately for most businesses, cyberattacks are not a matter of if, but a matter of when. Establishing a crisis management plan can help your business minimize data compromise, limit attack scope, decrease recovery time and reduce harm to your reputation. Having a plan in advance means your operation can immediately get to work on containing the attack when it occurs rather than allow it to incur further damage while you scramble to develop a plan during the breach.

What Threats Do Cybersecurity Attacks Pose?

Cybersecurity attacks aren’t going away. According to CBS, as of 2015, criminals contributed to 1.5 million annual cyberattacks. These attacks can have major repercussions for a business.

According to IBM, the average breach costs a business $3.6 million.

Some attacks can lead to massive fallout that can put a business in financial trouble. In 2016, there were 15 breaches that exposed more than 10 million identities, Symantec reports.

The technical side of preventing cyber-attacks is an ongoing cat-and-mouse game. The tech industry pushes to close security holes as soon as — if not before — hackers find and exploit them. Hackers like to take advantage of businesses that haven’t applied software patches to close established security holes.

Malware, ransomware, botnets, IoT vulnerabilities and email phishing were all major threat sources in 2017. In particular, ransomware is a growing problem because businesses are paying more than $1,000 on average to recover “locked” data. Many of these payouts could have been avoided by implementing proper crisis management and disaster recovery plans in advance. While big businesses offer big targets, SMBs still need to protect themselves from attacks.

What Your Plan Should Contain

A cyberattack crisis management plan revolves around three main elements: preparation, response and recovery. Every step is crucial, because a poor response can actually make the situation worse. According to WIRED, Equifax’s management response could have stopped the problem before it started in their major 2017 breach, if they had not done such a poor job. Here’s what to consider:

  • Prepare: Your business should prepare for extreme-level attacks in advance. Part of this process involves creating a response team with key players from all necessary departments. The plan should include what each group needs to do in the event of an attack. The crisis response team should take action to plug major known security holes as they are discovered to prevent a breach.
  • Respond: The response team should identify the attack, secure the compromised systems, and investigate the cause of the breach in that order. Next, the team should take action to prevent further attacks that exploit the same or similar security holes.
  • Recover: The cycle continues after your business contains the threat. The response team should next work to minimize public damage and repair customer trust. According to a 2011 Ponemon Institute study, larger businesses say they averaged $332 million in diminished business value following a customer data breach.

The disaster recovery experts at MPA Networks can be a vital part of your business’s crisis management plan. Our experts can help your staff gets back to business as usual as quickly as possible. Contact us today to find out how we can help.

5 Specific IT Considerations for Remote Employees

Monday, February 5th, 2018

Businesses have a lot to gain by hiring remote employees, including the ability to recruit from a larger talent pool and the potential for less expensive workplace accommodations. However, remote employees introduce new challenges in IT security because of the lack of IT centralized IT management. While the majority of security best practices and techniques still apply, your business and its remote employees will need to take a more hands-on approach to properly protect devices and information. Remote workers introduce the following unique IT security challenges:

1. Increased Importance of Human-Based Security Policies

Remote workers need to be more self-directed when it comes to IT security, as there’s no physically centralized IT staff or infrastructure to reinforce safe practices. A business with remote employees should establish a well-developed set of strict security guidelines to protect both devices and online information.

2. Reduced Reliance on Centralized IT to Secure Devices

Any device used for company work needs to be secured with strong passwords, updated operating system software, current antivirus software and regular malware scans. All applications need to be patched to the most recent versions, too.

Hackers take advantage of weak security practices and known vulnerabilities that were patched by attacking unpatched software installations.

Employees will need to make sure all devices they use for work are properly updated and secured.

3. Potential Threats From Personal Devices

Just as with in-office staff, remote employees often use many different devices to do their jobs. They don’t use only the company-provided laptop; they may also use personal smartphones, tablets and computers. While remote IT services can access and update company-owned devices, ensuring personal devices are secured entirely falls on the remote employees.

4. A Lack of Office Network Security

Remote employees do not have the benefit of office network security. Instead, they are likely spending most of their time working on a personal network from their homes. This means employees need to configure their own secure Wi-Fi connection with a strong password and keep both their router and modem updated with the latest firmware. Additionally, remote employees need to change the default password on all networked devices, including the router and IoT devices.

5. Protecting Online Information

While office-based employees transfer a great deal of data over the internet, remote employees do almost all of their work online. If possible, your company can protect this data by configuring a VPN for remote employee use. Businesses should use cloud applications, such as Google’s office suite, whenever possible. These programs are automatically updated and won’t introduce legacy security issues with information exchanged online. Additionally, remote employees are likely to store and share most of their work over cloud-hosted platforms, so your company will also need to consider the security of those platforms.

If your business is considering the addition of remote employees or you want to make existing remote work more secure, the experts at MPA Networks can help. Through IT managed services and desktop management, we can provide your remote employees with security closer to what they’d expect from an office setting. Contact us today to learn more.

Does Fintech Pose a Threat to Cybersecurity at Financial Services Companies?

Monday, January 29th, 2018

Financial services companies should embrace a healthy dose of caution when implementing new fintech in their business. Fintech, or any technological innovation in the financial sector, is not inherently more or less secure than any other new technology, but because it works with substantial sums of money, it is a common target for hackers and would-be criminals. Financial services companies need to keep up with innovations in how people transact business including cryptocurrency, digital cash, blockchain technology, smart contracts and open banking in order to remain competitive. Therefore, it’s vital that companies working with fintech pay close attention to risk mitigation and security.

Fintech Is Growing

Bitcoin is likely the best-known and most publicly discussed story in fintech today. It’s an excellent topic for discussion because it’s well known outside of the financial industry for both its potential and problems. Bitcoin shows its potential with its fluctuating value, starting at just pennies a coin and reaching a peak value of over $15,000 USD as of early 2018. However, Bitcoin also has a high-profile case of the risk associated with new technology: the 2014 MtGox theft, which resulted in more than $800,000 in stolen Bitcoins.

As of early 2018, fintech startups continue to proliferate and innovate. Fintech startup funding reached $17.4 billion in 2016 and was on track to surpass that for 2017.

According to CB Insights, there were 26 venture-capitalist backed fintech firms with a combined value of $83.8 billion in Q2 of 2017.

Fintech is chipping away at the traditional financial institution, so the traditional businesses need to embrace it in order to remain competitive. Consumer demand drives financial services companies to use these new technologies; however, it’s the businesses that shoulder security risks.

Security Vulnerabilities Thrive in Fast-Growth Environments

Fintech’s incredible level of success is the very reason it’s a cybersecurity threat at financial services companies. With such a large number of innovations being adopted in the financial services industry, it’s inevitable that some technology won’t have sufficient security in place. If the vulnerabilities exist, it’s only a matter of time before hackers will find and exploit them. Because there are so many players with so much money on the line, it could lead innovators to push technology to the market as fast as possible at the expense of proper security development. Enterprise Innovation cites a survey respondent who expresses concern that the financial services industry can’t keep pace with how quickly fintech is evolving.

Unfortunately, there’s no easy way to cover all the possible threats that can come from new fintech — because those threats don’t exist until the technology exists. However, financial services companies must ensure they employ proper security practices. Firms need to use fintech platforms securely and ensure devices are always running the latest versions of software for security purposes. Additionally, businesses should be prepared for problems outside of their control with insurance. The 2017 Equifax hack is a warning sign for any business that wants to skimp on security, because it shows exactly how destructive the financial hacks that exploit poor security can be.

MPA Networks offers extensive experience and incredible expertise in providing IT service and support to financial services. If your business is expanding into fintech use, contact us today to learn more about how we can enhance the safety of your information and your customers.

Four Security Threats Your Company Could Face in 2018

Tuesday, January 16th, 2018

Hot off the tail of the massive 2017 Equifax breach that exposed personal information of 143 million customers, businesses are on high alert concerning IT security in 2018. While the IT security industry has been successful in mitigating and cracking down on many common threats, hackers are finding new ways to exploit devices that haven’t received as much attention and protection as PCs and servers have. Trends indicate that your company could be looking at security threats from previously ignored devices and sources in 2018. Be on the lookout for the following threats this year.

1. Missing Windows Updates Over Incompatible Antivirus Software and the Meltdown-Spectre Fix

This is one security threat your company could already be facing: There’s an inherent flaw in the way modern CPUs by Intel, AMD and ARM handle data that can be exploited to leak information. This is a substantial problem because it stems from the hardware as opposed to the software, and fixing it can negatively impact device performance. To make matters worse, some types of antivirus software conflict with Microsoft’s fix. If your business is using one of those incompatible programs, you need to switch to a compatible option to continue receiving Windows Updates as of January 2018. Those Windows Update patches are vital to keeping your company’s computers safe.

2. Internet of Things Devices Become a Bigger Threat

As of 2017, there were 17.68 billion IoT-connected devices, and that number is expected to grow to 23.14 billion in 2018.

Your office may interact with devices like an Amazon Echo, a smart thermostat and dozens of smartwatches. These are all IoT devices that could be the targets of security attacks.

These devices can be used to piggyback onto your office network. Additionally, DDoS attacks from hijacked IoT device botnets could be an even bigger threat in 2018.

3. New Devices Are Targeted

Ransomware is for more than just computers now. In 2018, IoT devices could be the next major target for hackers using ransomware to get your business to fork over payment to regain control. A workplace that’s lost control of the thermostat because of ransomware might be highly motivated to pay. Hackers may also be looking to exploit security holes in your office router and modem, as these devices are often neglected when IT staff applies regular security updates. Hackers often exploit the fact that many users don’t change the default password on these devices.

4. Watch out for Mobile Malware

The growing mobile device user base is making the Android and iOS platforms much more attractive targets for hackers over the traditional PC targets. According to Kaspersky, Android devices are more vulnerable to malware, but attacks are easier to identify and fix. While iOS devices are more secure, it’s much harder to tell if a device has been compromised.

Keeping up with IT security in your workplace is your best bet to avoid disastrous breaches and downtime. Our IT consulting experts can help your company identify and protect its security weak points. Contact us today.