Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works, Inc. Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How Hackers Steal Your Data (Part 1 of 2)

securityIt’s no secret that your data is a hot commodity. Each day sophisticated cybercriminals attempt to make money by stealing your private information to pose as you, blackmail you, or simply sell your information to someone who will. If you want to stay in business, you’ll need to be able to thwart these attempts. But to do so, you must understand the increasingly advanced methods hackers use. In this two-part article, we’ll examine the techniques hackers are currently employing to gain access to your sensitive data.

Cracking Passwords

The fact that hackers might simply guess your passwords probably seems painfully obvious, but the hard truth is that many companies still lack proper password management. If your password is a series of common words, a dictionary attack can use algorithms to cycle through a word database and quickly discover your chosen phrase.

Simply adding some numbers won’t be enough, either, as hackers can up the ante with a brute force attack which allows them, with some additional computing power, to cycle through alpha-numeric combinations until they strike gold.

And if they are very determined and well equipped, a hacker can also use a rainbow table attack. When passwords are attempted, they are “hashed” to avoid sending the actual plaintext password over the communication line. In this type of attack, pre-computed tables are used to recover these hashes and reverse them to reduce guessing time and discover complex passwords.

To prevent these, you’ll need to create unique passwords that are more than ten characters long and have a mix of numbers, lowercase and uppercase letters, and symbols for each account. One popular trick for this is to think of a phrase and codify it. For example, “Cousin Greg lives in Seattle” becomes “C0u$iNGr3gLiV3SinS3ATtLE”.

Additionally, you should use multi-factor authentication whenever possible so that your password isn’t the only thing standing between an attacker and access to your accounts.

Phishing Schemes

One of the most common methods of data hacking, phishing scams are so effective, they’ve produced many high-profile data breaches including the hacking of Clinton campaign chairman John Podesta, who unknowingly gave up his Gmail password, and Snapchat, where an employee gave up payroll information that led to widespread identity theft.

In a phishing scheme, disguised e-mails are used to lure the recipient into a trap. Posing as a trusted source, such as someone you do business with, your bank, or your email provider, hackers trick you into providing them information directly, clicking a link that leads you to a fake site, or downloading an attachment that then allows them access to your system. One of the oldest tricks in the book, phishing is an evergreen technique that is continually being re-invented in order to become harder to spot.

The best way prevent being hooked in by a phishing scam is to study the way they are being used and stay vigilant. Make sure to check the spelling of URLs in email links and watch out for URL redirects. Keep your browsers up-to-date to ensure you have the most recent security patches and install anti-phishing toolbars on your browser that can run checks on sites you visit and compare them to a database of known phishing sites. And, of course, never give out personal information over email.

These are two of the most popular ways attackers attempt to gain access to your system but stay tuned for Part 2 of this article as we dive into three more sophisticated methods cyber attackers are currently using. Concerned you’re not as safe as you thought? Contact Capstone Works immediately. Our cybersecurity professionals have the expertise to make sure you’re one step ahead of the latest tricks, scams, and hacks that could threaten your business.

Continue reading

Is It Time To Upgrade The Operating System On Your Office Devices?

Are you using Windows 7, older versions of Outlook for email, or Windows Server version 2011 and below? If so, it’s time beproactiveto learn about Microsoft’s End of Life Support. You do not want to find yourself in need of tech support for an unsupported product. That’s why being prepared is critical. What products are nearing the end of their support life cycle and what can you do to help your business stay on top of these changes?

First, it is important to know when products are being phased out. Microsoft has specific product life cycles. According to their website, support for Windows 7 ends on January 14, 2020. That gives users less than one year to prepare. Windows 7 launched on October 22, 2009, at which time Microsoft committed to ten years of product support. As this time period expires, it is important to note that this lack of support can leave you vulnerable if you do not upgrade your Operating System. For example, those automatic updates that many users get in the habit of ignoring often include critical security patches that you will no longer receive. If you’re using Windows 7, it is time to upgrade. 

Now that you are thinking about upgrading your Operating System, how do you get started? The process can certainly sound overwhelming. You may have questions or, alternatively, you may be unsure as to what questions you should be asking. It’s time to contact a trusted Managed Service Provider like Capstone Works to help you navigate this process.

What else do you need to know to keep your IT updated? Microsoft has been moving toward a subscription-based model, pushing clients and companies to move toward Office 365 subscriptions instead of the old model of buying a disc, loading Microsoft Office onto your device, and having a perpetual license for the product. Users who have a perpetual license, such as those on Office 2016, will need to upgrade by 2020 in order to use their product in conjunction with the suite of Office 365 products, like SharePoint and Exchange. These end dates are important to keep track of in order to keep all of your products working together. When you connect Office 365 products with “legacy” versions of Microsoft tools, you do not benefit from the full range of the current product capabilities and certain aspects may not work properly. Therefore, it is important to have a trusted Managed Service Provider on your side to help you keep everything working together, make timely upgrades, and keep track of product lifecycle end dates.

How else can Capstone Works help? We can guide you as you choose the right IT products and software solutions for your office. For example, we can go over the pros and cons of moving to Office 365 now, staying with a perpetual license model, or waiting until the End of Life deadline to make any changes. With all the other aspects of running a business taking up time, it can be a challenge for business decision-makers to navigate the many options available. We are here to take IT off your plate and help you ensure you are making the best, most informed decisions possible in a timely manner. With a partner like Capstone Works on your side, you will not be caught off guard when a product nears the end of its support life cycle, and you will be able to make proactive, informed business IT decisions.

Contact Capstone Works today and be prepared for any changes technology companies throw your way!

Continue reading

Preventing Data Breaches on Data Privacy Day

b2ap3 medium network securityThe start of 2019 comes with promises of many new technologies that you, as a business decision-maker, can use to help grow your business. Though these new avenues can open many doors for your business, these advancements are also creating new vulnerabilities and avenues for hackers, thieves, and phishers to take advantage of. Luckily, Data Privacy Day is right around the corner.

The day is celebrated on the 28th of January each year and is intended to educate users on data privacy to promote a safer, more secure, and more private internet for citizens all over the world. It’s also a good day for people to review their social media privacy settings, update old passwords, and take a look at the state of your digital data security. 

The purpose and goals of Data Privacy Day are of particular importance to businesses. Each year, millions of businesses face attacks to their security as a result of totally preventable vulnerabilities within their IT infrastructure. While not all attacks turn into breaches, that doesn’t mean they’re not cause for concern. 

So, what can you do to protect yourself this Data Privacy Day? Depending on your business, a good place to start is to increase your password security. This can be done by requiring more complex passwords from your employees, requiring they change them up regularly, and by instating two-factor authentication, which provides additional security to confirm the person logging into your network is legitimate.

If you haven’t already, setting up firewalls and using encryption to secure your network is also a great idea to keep out hackers. Additionally, limiting privileges to certain parts of your network only to those for whom access is necessary. This limits the potential that certain information will fall into the wrong hands.

Finally, having back-ups, either of your entire environment, or simply of vital data, is one of the best ways to prevent attacks that corrupt, steal, or try to ransom your data.

Whatever your needs, Capstone Works takes the initiatives of Data Privacy Day to heart. We will work with you to craft a customized security plan that will prevent attacks from happening and keep your business’ data safe and secure.

Not only have we made it our mission to stay updated on all the latest possible threats to your industry, but we also work to educate our clients on these matters, and make sure they’re able to make informed decisions about how to protect their businesses.

After an audit of your current security infrastructure, we can determine where your vulnerabilities lie and prevent them from being used against you. Whether you need as simple a fix as a software patch, or a more substantial overhaul of your internal security procedures, like making sure users are forced to use secure passwords, servers run on secure protocols, etc., Capstone Works has you covered.

Start your New Year off right. Data Privacy Day is a great time to give your business’ security measures an update, so don’t pass by without a second thought. Contact Capstone Works today and rest assured that 2019 will be a great year for your business.

Continue reading

Does Your Workplace have a Bring Your Own Device (BYOD) Policy?

tabletWe are in the business of making sure you are prepared for whatever today’s ever-changing technology environment will throw your way. One of the biggest current trends is Bring Your Own Device, or BYOD. BYOD is exactly what it sounds like — your employees using their own devices in the work-place. With the holidays coming up, and employees receiving new devices, much of your workforce will be equipped to handle a BYOD policy. As this practice becomes more common, it is time to craft an official policy to help protect your business from the risks.

A Bring Your Own Device Policy outlines the rules around employees using their own laptops, tablets, and smartphones for work, whether that means in-office work, or work from home. Today, much of the workforce accesses work files remotely on personal devices. If you do not yet have a BYOD poli-cy, it is time to build one.

Why do you need to set a policy?

There are particular risks and benefits that arise when employees use their own devices. To be sure you enjoy the benefits and decrease the risks, you need a policy that helps employees understand how best to utilize their personal devices in the workplace. You need a formalized document that sets rules and protections in place so that employees have the tools to use their own devices without put-ting your network at risk.

Given that human error is the biggest flaw that hackers exploit, developing a policy and educating your employees as to BYOD best practices is critical to the health of the modern business. But first, do you even want to permit this practice? When making this decision, it’s important to know the benefits you can expect.

What are the benefits of BYOD?

Employee morale
Team members get to work on the devices with which they are most confident and familiar. For example, instead of being a Mac user at home who has to adjust to a PC at the office, or vice versa. Em-power them to work when they feel most efficient and creative, rather than having to wait to get to their office desktop device. Additionally, they may enjoy access to business software in their down-time that they would not have bought themselves, like Adobe Creative Cloud, and come to view it as another perk of the job.

Newer technology
Your employees may opt to upgrade their devices more frequently than the company does.

Reduced costs
When your employees use their existing smartphone rather than a work-provided device, you can en-joy a cost-savings. Similarly, instead of buying a laptop when you onboard a new employee, you may only need to purchase supplemental software like Photoshop and antivirus solutions.

Convenience
Save your team the annoyance of switching between personal and work phones, or accidentally leaving an important document on their workplace desktop and being unable to retrieve it when they want to continue the project over the weekend.

While you can see there are many benefits of allowing your team to work on their own devices, there are many risks and complications that can arise if this practice is not implemented with a policy in place.

Your employees are not all going to be IT professionals, and that means that BYOD policies leave more room for user error and security risks than if every worker is using devices selected and maintained by your IT department. You will need to set specific security policies, and look at providing a secure net-work for your employees to access from home, rather than accessing unsecured WiFi networks. When you implement a BYOD policy, you necessarily give up a level of control; and when an employee leaves, that device goes with them. If you do not have a set policy, there is a risk they could be taking potentially sensitive information with them, like company passwords. That doesn’t mean you shouldn’t implement BYOD at your company, only that you need IT experts in your corner to help you do it. That’s what Capstone Works is here for. Contact us with any of your BYOD questions and we can help you determine your next steps. We help you anticipate the pitfalls of empowering employees to bring their own devices into the workplace so that you can avoid them, and enjoy the benefits instead.

We have outlined some of the general productivity, cost and convenience considerations. We can also help you assess the costs and benefits of a BYOD policy for your unique business, and create a strategy for you. Ultimately, BYOD is becoming a more and more common business practice, but is it right for your company? We can answer that together. Contact Capstone Works today!

Continue reading

Celebrate National Cyber Security Awareness Month

firewallDo you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT provider. October is National Cyber Security Awareness Month, the perfect time to address the hidden risk of Shadow IT. If you aren’t dealing with your Shadow IT problem, your business is not as secure as you think it is!

There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed. In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are more tech savvy, and that makes it is less likely that every piece of IT in use has gone through a thorough vetting process or a risk assessment.

Shadow IT also includes personal devices. There is a growing tendency for team members to get work done at home using their own laptops, iPads, or desktop devices. Personal devices are notorious for lax cybersecurity practices. When employees sign onto the business network using their own devices, there is a major risk that they will bring a virus into that business network.

At this point, it is difficult to imagine an organization that is not implementing Shadow IT, whether deliberately or not. There are countless tools that employees and departments may start implementing innocently without thinking they need to involve your IT provider. Many managers and employees are now selecting their own IT services independently, without checking with an IT expert. From file sharing solutions like Dropbox, to free project management platforms, employees are constantly finding new ways to efficiently collaborate and share information from wherever they happen to be. They no longer need to be in the office to check on the status of a project, or access a sensitive document. Employees are looking for ways to hit and exceed their goals, and they are not necessarily thinking about cybersecurity or the risks they are taking.

As a decision-maker, you must always balance risk and reward. The cost of increased employee productivity may be security, and that may not be a cost you want to cover. They are likely to choose programs for ease of use and convenience, without noticing a lack of important security features like two-factor authorization or encryption. Shadow IT may also lead to mounting costs as different teams pay individually for software that would have a lower group or business rate.

What can you do to protect your business in this climate? You certainly don’t want to discourage employees from building better processes and working when they feel inspired. Yet there are many ways in which Shadow IT puts your business at risk and creates cost inefficiencies. Don’t feel overwhelmed. Contact Capstone Works today. We can work with you to assess Shadow IT usage, then build and implement a new Shadow IT strategy. If we find your team members using unsecured tools, our experts can recommend alternatives. Don’t wait to get started! We will bring your Shadow IT into the light.

Continue reading

Latest News & Events

Capstone Works, Inc. is proud to announce the launch of our new website at http://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works, Inc. can do for your business.

Call Us Today
Call us today
(512) 343-8891 x2

715 Discovery Blvd
Suite 101

Cedar Park, Texas 78613