Capstone Works, Inc. Blog

Do you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT provider. October is National Cyber Security Awareness Month, the perfect time to address the hidden risk of Shadow IT. If you aren’t dealing with your Shadow IT problem, your business is not as secure as you think it is!

There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed. In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are more tech savvy, and that makes it is less likely that every piece of IT in use has gone through a thorough vetting process or a risk assessment.

Shadow IT also includes personal devices. There is a growing tendency for team members to get work done at home using their own laptops, iPads, or desktop devices. Personal devices are notorious for lax cybersecurity practices. When employees sign onto the business network using their own devices, there is a major risk that they will bring a virus into that business network.

At this point, it is difficult to imagine an organization that is not implementing Shadow IT, whether deliberately or not. There are countless tools that employees and departments may start implementing innocently without thinking they need to involve your IT provider. Many managers and employees are now selecting their own IT services independently, without checking with an IT expert. From file sharing solutions like Dropbox, to free project management platforms, employees are constantly finding new ways to efficiently collaborate and share information from wherever they happen to be. They no longer need to be in the office to check on the status of a project, or access a sensitive document. Employees are looking for ways to hit and exceed their goals, and they are not necessarily thinking about cybersecurity or the risks they are taking.

As a decision-maker, you must always balance risk and reward. The cost of increased employee productivity may be security, and that may not be a cost you want to cover. They are likely to choose programs for ease of use and convenience, without noticing a lack of important security features like two-factor authorization or encryption. Shadow IT may also lead to mounting costs as different teams pay individually for software that would have a lower group or business rate.

What can you do to protect your business in this climate? You certainly don’t want to discourage employees from building better processes and working when they feel inspired. Yet there are many ways in which Shadow IT puts your business at risk and creates cost inefficiencies. Don’t feel overwhelmed. Contact Capstone Works today. We can work with you to assess Shadow IT usage, then build and implement a new Shadow IT strategy. If we find your team members using unsecured tools, our experts can recommend alternatives. Don’t wait to get started! We will bring your Shadow IT into the light.

When was the last time your business underwent a Network Assessment? As a business decision-maker, there are many moving parts to keep track of, and IT monitoring can easily fall through the cracks until something breaks. This approach can lead to unexpected expenses and business downtime. With a Network Assessment, you can anticipate and plan for potential IT snags, and resolve issues before they become major problems.

First, it is important to understand what a Network Assessment is and what it can mean for your business. This service assesses your IT infrastructure, including processes, security, and performance to identify problems and solutions. It is your first step toward improving IT efficiency and data security.

Now that you understand what a Network Assessment is and why it would benefit your company, it is time to find the right IT provider to manage the process. Partner with Capstone Works and get your Network Assessment scheduled. We’ll help you to:

• Understand network vulnerabilities
• Identify bandwidth bottlenecks
• Increase IT performance and efficiency
• Shore up your cybersecurity defenses

When do you want to have a Network Assessment performed? A Network Assessment is especially critical if you are planning any major IT roll-outs, like a transition to cloud storage solutions, changing to VoIP phones, or if any of your infrastructure is nearing end-of-support or end-of-life. This service can also help shed light on any ongoing issues you have been experiencing, like slow performance speeds.

In the event that issues are identified during the Network Assessment, it is time to determine which actions you should take with the data you have obtained. This is where many business owners and decision-makers may begin to feel overwhelmed. How do you make the best decisions without comprehensive IT expertise? Many small-to-medium sized companies have limited or even no IT staff, or team members who are spread too thin. That’s why Capstone Works is here for you as you navigate these concerns. You do not have to deal with these issues alone. We understand that discovering IT problems can feel overwhelming. At Capstone Works, we believe your IT should be an asset to your business, not a headache. Not only will we perform a full Network Assessment, but we will also work with you to build a plan of action that has you feeling confident. Even if it sounds overwhelming, being proactive can make a big difference, and identifying IT issues is actually the first step to creating an IT infrastructure that works better for your business.

Ready to learn more about our Network Assessment services? Contact Capstone Works today. With our trusted, vetted IT experts on your side, your Network Assessment will provide you with both an understanding of your current IT infrastructure issues and a solution-oriented approach to identifying your next steps.

Ransomware attacks are a serious threat to any size business. For a small business, a ransomware attack can even result in the company going out of business. Last year, ransomware was found to be the most prevalent form of malware connected to company data breaches; cybersecurity provider Malwarebytes cited a staggering 90 percent increase in detected ransomware attacks. Being vigilant and armed with a ransomware plan is not just another best practice, it’s necessary to company survival.

There are two types of ransomware to look out for: encryptors and lockers. Encryption ransomware programs take your files hostage, converting them into a code that will require decrypting. Locker ransomware takes entire networks and devices hostage, sometimes even preventing a computer from booting up. Both types of ransomware tend to have a time limit associated with them. If the ransom is not paid within the time frame, the hackers threaten further sabotage. You do not want to find yourself pitted against criminals like these without a trusted IT partner by your side.

Systems can be infected in several ways. One common method is through phishing attacks, which are communications that pose as content from trusted sources like banks, governments, or popular businesses. These attacks ask users to click on an attachment or a link that then invades the network. Other tactics include pop-up ads and exploiting browser vulnerabilities. There is even a new trend of demanding a ransom without actually infecting the network or device! This method is executed by hackers sending multiple emails threatening users that there is a destructive malware infection on their computer waiting to be activated unless the ransom is paid. At Capstone Works, it is our job to make sure we stay on top of the common tactics so that your network is always protected.

Don’t face the threat of ransomware attacks alone. These attacks can quickly escalate into extremely high-cost disasters. The price of a ransomware attack goes beyond the ransom you pay. For example, the Erie County Medical Center reported it recently spent an estimated $10 million on a $30,000 ransom. How did this happen? Responding to the attack can lead to additional high-cost consequences like staff overtime, lost revenue, emergency IT services, and staff training to prevent another mishap. These costs may be even higher if you are caught without a plan in place and a trusted IT partner like Capstone Works in your corner.

Prevention is your best strategy. Our goal is to work with you to recognize common tactics and train your employees so that we can decrease the likelihood that a ransomware attack will find its way into your network or device. We will monitor your network for suspicious activity, and help you back up your files so that you, and not the hackers, are in control – even if they infect your system. We can also help you manage and predict costs by building a ransomware plan as part of a comprehensive disaster recovery strategy.

Contact Capstone Works today. We will make sure you are ready for whatever hackers could throw your way.

The summer season has arrived! Warmer weather means families are spending time enjoying outdoor activities like hiking, bike rides, and beach days. With less time in the office comes more time on other devices, especially wearable technology like Apple Watches or FitBits. In other words, it is time to think about IoT security.

IoT stands for Internet of Things. Today, we are interconnected like never before, and more and more of our everyday devices are connecting to the internet and to each other. Consequently, more personal and business data is being shared. Your IT strategy must now encompass all the different ways through which you and your team are connecting to your business network.

You are probably wondering how an employee’s fitness tracker affects your cybersecurity strategy. Fitness trackers need to connect to another device like a computer or smartphone in order for the user to view all of the data they collect throughout the day, or input information like foods eaten or how many glasses of water they had. In this example, your employee might be connecting their fitness tracker to both their work and home computers. If their home computer is less secure, a hacker may be able to use the fitness tracker to also infiltrate your network. This is just one example. New IoT devices are now coming onto the market constantly. Soon, smart home assistants could be as common as smartphones. You may even make use of them in your office. With all of this innovation and change, it can be hard for your IT strategy to keep up.

IoT devices are known for being unsecured and lacking built-in security systems. They are also designed to be found and recognized by other devices, so if the default password has not been changed, it can be extremely easy for a hacker to find and access a device by exploiting a known default password. In order to secure your network in the face of increased connectivity, you need to put proactive policies in place, rather than depending on the device’s security systems. Hackers are sophisticated, and their favorite targets are those they expect to be unsecured. They assume that small-to-medium sized businesses are not investing in cybersecurity and will not keep up with the latest technology trends.

We’re here to prove the hackers wrong. With Capstone Works in your corner, you can be confident that we will keep you up-to-date on the latest cybersecurity best practices. We can also help you develop and implement policies that will help manage which personal devices your employees connect to your business network, and educate them around the security steps they need to take when doing so. Even seemingly small steps, like making sure they change their devices’ default password, can make a big difference.

Contact Capstone Works today. Partner with us to keep up with today’s latest technology trends and manage the risks so that hackers never catch you off guard.

Passwords today are like spare keys that have been given out to too many friends and neighbors. Common password content like birthdays, favorite sports teams, or names of children or pets are easily found on social media accounts.

Cybersecurity is vital to a successful business, especially as hackers try to exploit the companies they expect to be the least protected: small-to-medium sized businesses. Your accounts need an extra layer of protection so that your business network does not fall into the wrong hands. This is where multi-factor authentication comes in. Multi-factor authentication requires two or more pieces of evidence before a user is granted access to a protected account or device. We see this in practice all the time. For instance, at the ATM, the user must present both the correct debit card, and enter the right PIN. This is an example of two-factor authentication at work. The system works by requiring information the end user possesses, like a PIN or a password, with an object the intended user should have on hand.

Today’s businesses rely on cloud storage. The cloud is an incredible efficiency tool that empowers your workforce to access what they need when they need it. With that ease of access comes a risk that your information could be accessed by the wrong individuals, especially if you have not taken every precaution to secure it. When your sensitive business accounts and databases are secured only by passwords, you are putting yourself at risk, even when the passwords are complex and changed frequently. You need backup protection in the event that passwords are compromised.

There are many products that help you add this layer of protection to your network. Trying to sift through, select, and implement these products can be time consuming and confusing. At the same time, you know that an upfront investment of time and resources into cybersecurity can make all the difference when hackers strike. Multi-factor authentication creates more work for the hackers, and more opportunities for your defenses to protect your network. If someone is trying to invade an employee’s email account, guesses the password, but then needs to enter a randomly generated code that went to your employee’s phone or workplace computer, they may move on to invade a less protected network. Unlike a PIN, which suffers many of the same pitfalls of a password, these codes may only work for a limited period of time and have no personal connection to the user, meaning they cannot be guessed. This type of system gives you greater confidence that the people accessing your network are the ones meant to be there.

Setting up multi-factor authentication can have some unforeseen complexities, and is best handled by IT professionals who have the expertise and skillset to implement this useful protection for your business.

Capstone Works has the experience and cybersecurity expertise you need to ensure your network is as secure as possible. Contact us today to talk about your next steps.