cybersecurity-manchester-ct-encompass-it-solutions-2019

Exposing the Dark Web & Keeping Your Business Protected

 

The dark web is a popular topic at the moment, especially with the rise in speculation amongst cybersecurity specialists about the future of the dark marketplaces. Nevertheless, it’s also important to remember that criminal activity isn’t limited to just the dark web; it’s an internet-wide problem. As the years continue, cybercrime analysts are expecting upticks in malicious activity on the open web too. But before we get into details, let’s take a quick topographical view of the internet.

 

What is the “Dark Web”?

Most of us think of the “surface” or “open” web when discussing the internet. This is the layer of the internet that is indexed by search engine browsers (i.e. Google, Firefox, Internet Explorer). However, this portion of the web accounts for only a microscopic amount of the activity online.

The next layer of activity happens on the huge level called the “deep web”, where databases of “secure” information like financial records, medical records, and government resources are accessible through client portals or gateways. It’s these accounts that are all too often breached, and there’s plenty of material to access, with the deep web existing as an estimated 40-500 times larger than the surface-level web we so commonly use.

The final section of the internet is called the “dark web”. These are the websites that are purposefully concealed from the rest of the internet, and are usually only accessible through particular web browsers like Tor. This is where most of the heavy-duty criminal activity happens, amongst a large underground economy consisting of illegal goods, compromised data, malicious software and cybercrime tools, as well as information for executing successful cyber attacks.

 

Why Can’t We Just Delete the Dark Web?

So why not just wipe out the dark web completely, you ask? Well, it’s important to realize there are legitimate reasons for using the dark web as well. For instance, citizens under oppressive regimes use the dark web to access information that is freely available to others, and journalists and whistleblowers are able to communicate privately with anonymous sources.

Even though the dark web isn’t the only spot for illegal, online trade, it’s valuable to understand how cybercriminals do what they do. Law enforcement uses this intelligence to successfully bring down the dark web markets and create a rippling effect of fear and mistrust. Unfortunately, cybercriminals are utilizing alternative methods to conduct business as a result. Many of them are mainstream communication paths like Jabber and Skype, along with forums dedicated to hacking and code repositories.

 

How to Plan for Cybercrime as a Business

Although it may be tempting for business owners to take it upon themselves to determine the extent of their information exposed and seek retribution, engaging in such activity can be more of a risk. It’s better to plan for data breaches using threat modeling, and leave the rest up to cybersecurity professionals.

Cybersecurity Threat Modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats. Typically, the process consists of:

 

1. Define your business assets – Critical business processes, high-value systems, intellectual property, etc.

2. Identify which systems hold the assets – Databases, servers, email, calendars, network, CRMs (Custom Relationship Management software), and more.

3. Create a security list for each system – Includes which security controls are currently used to protect those systems in step #2 (i.e. enterprise-grade firewalls, solid endpoint detection and response systems, or the best antivirus). List any known vulnerabilities that are present as well.

4. Identify any potential threats – Hacktivists, cybercriminals, the competition, disgruntled employees, customer theft, etc.

5. Prioritize the potential threats and take proactive action to lower the risks – Consider any past data breaches, as well as internal risk concerns, and attempt to foresee what the organizational impact of particular threats could be. How would you react to a breach with each potential threat? What would be the best way to mitigate these risks right now?

With a threat model in place, you can match the highest severity risks to appropriate tactics, techniques, and procedures. By establishing these threat profiles in your business, it helps CEOs to understand where their computer security is lacking and how the improvements need to be made. As a result, threats are mitigated with a stronger defense.

 

If you’re a business owner who is concerned about the state of your technology’s security and how your business would survive a devastating cyber attack, contact us at (860) 785-6233. Encompass IT Solutions provides in-depth Cybersecurity Risk Assessments that identify and mitigate cybersecurity threats for your computers and network infrastructure.

cybersecurity-training-for-businesses-connecticut

Connecticut’s Liberty Bank Customers Targeted in Phishing Attack

 

Liberty Bank, the third largest bank in Connecticut with 55 branch offices located throughout the central and southern parts of the state, sent out a fraud alert Monday morning.

A phishing email was successfully sent to their customers, stating that a bill of over $2,000 had been paid to a fictitious name and contained a link to supposedly log into the bank’s online portal to dispute the fund transaction. The link most likely redirected to a fake webpage that looked like the bank’s portal, but collected the customer’s banking credentials to be used for later.

While it is unknown how many of Liberty Bank’s clients fell victim to the cybersecurity scam, this isn’t the bank’s first phishing scare.

Back in October of 2009, Liberty Bank’s Vice President, Jill Hitchman, stated that the FBI was investigating an automated phone-call phishing scam referencing the Connecticut-based bank. Hitchman reported that Liberty Bank customer information had not been compromised, and quickly implemented preventative measures, as well as made customers aware of the scam.

 

What Can We Learn?

With this local attack being so close to home, it only confirms the fact that email phishing scams are on the rise. Wombat Security’s “State of the Phish 2018 Report” found that phishing attempts have grown 65% in the last year, and 95% of all attacks on enterprise networks are the result of successful spear phishing, according to the SANS Institute.

Unfortunately, it only takes one wrong click to leak vital business data and online banking credentials that can either be sold on the dark web or used to process money transfers directly.

Thankfully, Liberty Bank quickly educated their clients on the malicious email and has procedures in place when phishing scams do happen. However, it’s important to ask yourself if you have the same protections in place as a small business? What if one of your employees had opened the email or what if it had a malicious email attachment? If not, we highly suggest Employee Cybersecurity Training that educates your employees on the difference between legitimate emails and targeted phishing attacks like this one.

 

Were You Affected by This Phishing Scam?

The bank is suggesting that the safest way for customers to log in to their online banking services is to go to the Liberty Bank website and use the login box in the upper right corner.

Customers who believe they may have fallen victim to the scam should call Liberty Bank immediately at 888-570-0773.

 

How to Protect Your Business

If you’re constantly being sent phishing emails like this one, or have employees that aren’t exactly discerning when it comes to emails, attachments, or websites, feel free to call us for a free quote on our affordable, online Employee Cybersecurity Training program at (860) 785-6233. We also provide in-depth Cybersecurity Risk Assessments for businesses to determine their IT infrastructure protection and security. Gain a peace-of-mind while navigating today’s treacherous cybersecurity landscape.

 

business-cybersecurity-protection-encompass-it-manchester-ct

Mobile Malware: The Forgotten Cybersecurity Gap

 

With the growing reliance on computers and technology, businesses establish Computer Use Policies to standardize cybersecurity measures and decrease the likelihood of data breaches. However, they tend to forget about other types of devices, such as smartphones and tablets.

Almost everyone has a smartphone, yet businesses have little to no cybersecurity standards on them.

Unfortunately, some business owners tend to forget that the smartphones in our hands are basically mini computers and haven’t stopped to consider the disadvantages of mobile use. With more and more employees relying on their tablets and cellphones to sneak in a few emails here or work remotely there, the risk of mobile malware only increases.

 

Mobile Malware Continues to Surge

According to Symantec’s 2018 Report, new mobile malware variants have increased 54% since 2017. Even though user error is a huge issue with mobile cybersecurity, there are ways to be proactive against hackers and malware.

 

Here are a few tips on how to combat mobile malware and keep your devices secure:

 

1. Get Antivirus and Malware Apps for Your Device.

Avira is a great option since it automatically scans other apps for malicious activity as you download them. Malwarebytes Security is another great option. You should definitely have both on your phone, if possible.

 

2. Run the Updates on Your Phone iOS or Android OS Versions.

Even though smartphones and computers are often thought of as two different types of technology, they are very similar when you take them apart. Both pieces of technology use an OS (operating system) and require updates that install new security patches of code to block cyber attacks. Updating to the latest operating system is good cybersecurity hygiene. However, Symantec’s 2018 study found that only 20% of Android users are running the newest version of the Android OS, and only 2.3% are on the latest minor release. Minor releases in any OS contain security patches which help plug the security holes that developers find over time. That’s why it’s essential to make sure you’re installing the newest updates whenever you can.

 

3. Only Download Apps from the Google Play Store or iTunes App Store.

These popular apps stores have specific regulations and tests that apps have to pass in order to be listed and distributed on the store. These tests usually include a malware test, but they don’t always pick up everything. However, it’s still better than downloading an app directly off a website or “software” store.

 

4. Choose Apps That Have High Ratings, Download Numbers, and are Trusted Companies.

It’s very rare that an application with tons of high ratings and download numbers have malware. Chrome, Gmail, Yelp… These are larger companies that maintain their app’s security to protect both their users and themselves.

 

5. Pay Attention to Those Permissions.

If a PDF viewing app is asking for permission to access your microphone/phone calls, it might be good uninstall it. The application could contain malicious software created to “spy” or record data to use for blackmail. Mobile users also face privacy risks from “grayware” or “bloatware” apps that aren’t malicious, but can be troublesome. These apps devour CPU usage, storage, and RAM on your phone.

 

6. Delete Any Accounts and Apps that You Don’t Use.

Not only does this help keep your phone tidy, but it saves space and reduces the likelihood of stolen data. Your forgotten accounts and apps that you don’t update or use can become cybersecurity vulnerabilities. If you use similar passwords for your accounts, it would only take one gaming app to leak the password and be used on all of your other financial accounts.

 

7. Listen to Your Instincts.

Immediately delete apps that ask for personal information, such as social security numbers or bank account information. If the application is glitchy or won’t provide the functionality you downloaded it for, delete it. Be wary of apps that immediately take you to a fishy, specific URL in your internet browsing app.

 

When was the last time you considered the cybersecurity of your smartphone or mobile device? If you need help locking down your cybersecurity or creating a new Computer Use Policy that includes mobile devices, feel free to call Encompass IT Solutions at (860) 785-6233 for a Cybersecurity Risk Assessment for businesses.

employee-cybersecurity-training-manchester-ct-encompass-it-solutions

Why Your Employees are Your Top Cybersecurity Vulnerability

 

#1: Undereducated in Cybersecurity/Human Error

Even though employees are the greatest asset for any business, undereducated workers can exist as a company’s top cybersecurity vulnerability.

With the widening gap of tech-savvy and tech-illiterate workers, it’s difficult to assess every employee’s understanding of cybersecurity. Employees who are comfortable with Microsoft Office and Google are often thought of as “tech savvy”, but they are usually unaware of the cyber attack tactics hackers use today.

One of the most devastating cyber attacks is spreading ransomware via a computer worm. This attack can easily be introduced by a loyal employee by one wrong click in an email or to a website with malicious software. Worms can infect every device on your entire network, including phones, tablets, computers, and servers. Side effects include encryption, lock you out from everything on your hard drive and rendering your computer system unusable. The scary thing is ransomware and worms can even infect your data backups, depending on how it’s setup.

Since a disaster is just one click away, it makes it even more important to train employees on topics like phishing emails, malicious websites, and company Computer Use Policies. Communication and training are often the best forms of cybercrime prevention.

After all, a system is only secure as its weakest link.

 

#2: Questionable Ethics

When money gets tight and the bills begin to stack up, people can become desperate. Think about how often people get their credit card stolen at a restaurant. A trusted waiter at a restaurant can easily collect credit card information and use it fraudulently– It’s the same thing with employees are your business.

Your employees often have access to databases, CRMs, billing, email accounts, or servers, and it’d be very easy for them to export data to a USB flash drive to sell or exploit later. Businesses that handle PII (Personal Identification Information), like social security numbers or birth dates, know this all too well. Medical records and social security numbers fetch a pretty penny on the dark web, the digital version of the black market.

However, it’s not just credit card information or bank records that a desperate employee can exploit. Sharing company trade secrets and intellectual property outlined in an NDA can also be detrimental to a business.

 

#3: Disgruntled Employees or Ex-Employees

It’s surprisingly popular. An employee will leave a company for whatever reason, and decide to delete vital company records for whatever reason. We’ve witnessed many companies that had to deal with data loss due to this scenario, and some business owners have taken the ex-employee to court over it.

Unfortunately, many business owners don’t give a second thought to how much information they share with their employees and provide individual user login accounts with separate passwords to track their online activity. Universal passwords entrusted to a disgruntled employee can easily be remembered or written down for off-site use when it’s harder to prove who did what and when.

 

Education is the Best Defense

If you’re concerned about your employees and how educated they are in the ways of hackers and cybersecurity, feel free to contact us at 860-785-6233 to learn about our in-depth Cybersecurity Employee Training program and Cybersecurity Risk Assessments to see how you’d fend against a malicious cyber attack.

cybersecurity-it-support-businesses-law-firms-manchester-ct-encompass-it-solutions

3 Reasons Why Hackers Target Law Firms

A lot of law practices think they are immune to cyber attacks and data breaches because they’re so small, compared to huge corporations that have more data to hack. However, the truth is that your Connecticut or Massachusetts law firm is at risk just as much as Target, Sony, or Walmart.

It’s important to take cybersecurity measures to keep your law practice data safe, otherwise, you risk losing your valuable business data to a hacker and destroying your business reputation or client confidentiality in the process. Chances are that your office will be targeted if you don’t take preventative actions.

 

Here are three reasons why law firms are at the top of a hacker’s hit list:

 

Legal Practices Have Tons of Sensitive Data

Law firms have copious amounts of sensitive data ripe for the picking. Huge surprise! From employment contracts to medical files, attorneys and their paralegals work with sensitive information on a daily basis, which attracts hackers to the business.

According to the John Sweeney, President of LogicForce, “Law firms are the subject of targeted attacks for one simple reason. Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

The typical law firm has employee records with social security numbers, financial records like credit card numbers, and some even have health records on file that fetch a handsome price. Hackers take this information and sell it on the black market, which makes it a lucrative source of revenue for cybercriminals.

 

Law Firms Have Limited Cybersecurity Knowledge

While large corporations have the funds and personnel available to enact strict security protocol and regulations, the small and medium-sized law practices don’t. Instead, attorneys rely on their staff’s limited knowledge of cybersecurity to protect their data.

According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses last year, up from the previous year’s 53%. Given the attention directed towards the recent high-profile hacks, like Target and Equifax, you probably wouldn’t have guessed how vulnerable small businesses really are.

 

Law Offices Are Vulnerable to Phishing Attacks

Hackers are pretty methodical and don’t like to take unnecessary risks. Law firms are often targeted by pinpoint phishing tactics, where a hacker attempts to steal credentials by posing as someone with authority in your firm. They might steal the identity of your IT technician or a vendor in order to obtain credentials for internal access or specific documents. Another way they target firms is by sending an email impersonating someone you trust and asking you to download/open an email attachment that gives them access to your data. Worse yet, this type of activity makes it extremely difficult to trace the cybercriminals, making it a safer way to hack computers.

 

Even though law firms are prime real estate for hackers, it actually doesn’t take that much to proactively secure your computers, servers, and network. Proactive monitoring, updated antivirus, data breach response plans, updating operating systems, employee training, data encryption, email spam filtering, enterprise-grade firewalls, and two-factor authentication are just a few ways to dramatically decrease the potential of a hack affecting your law practice.

If you don’t have an IT firm to help you with all of these services and lock down your law firm’s IT security, give us a call at (860) 785-6233 to learn how we can help.

managed-it-services-manchester-ct-cybersecurity-encompass-it-solutions

10 Benefits of Managed IT Services for Law Firms

All law firms rely on computers and other technology in order to maintain effective day-to-day business operations. Unfortunately, most law practices cannot afford to have a designated in-house IT department to take care of immediate issues that arise, answer support questions for employees, and perform general maintenance on the hardware and software that keeps operations running smoothly. Managed IT services solves these issues by keeping costs low and technology running smoothly.

When a problem arises, an attorney will typically reach out to a technical support company, local IT guy, or IT firm.

 

What Are “Managed IT Services”?

There are two ways most IT firms provide service: the “Break-Fix” route OR the “Managed IT Service” route:

1) The “Break-Fix” route is when something is broken, a technician arrives on-site to fix it. They track their time and materials during the repair process. Often, a close business relationship between the two parties is never established — the technician may not be familiar with all of the intricacies and scope of the law firm’s IT needs, resulting in misguided support, data security compliance failures, and even more billable time to resolve it. All the while the legal practice is suffering a loss in productivity, as the staff members affected by the outage experience downtime and cannot perform their jobs as effectively without their working equipment.

This issue is a side-effect of even the most proficient technician under the “Break-Fix” model. Depending on the employee’s role in the law practice, this downtime could lead to missed opportunities, lower productivity, and necessary overtime in order to meet deadlines – all of which cost the attorney money. A seemingly simple IT outage can add up to be a large, unexpected expense very quickly.

 

2) The “Managed IT Service” route is when an IT firm manages basically all aspects of your current IT setup, including computers, servers, network, antivirus, backup solutions, firewalls, etc.

 

Some very simple tried and true best practices include:

  • Regular maintenance prolongs the usability and performance of computer systems.
  • Security patches and software updates protect the network from many threats and issues.
  • Remote technical support can reduce support costs by eliminating transportation for most issues.
  • Proactive monitoring and early detection can pinpoint issues for resolution before they cause downtime.
  • Thorough documentation and network maps give technicians a precise overview of a law firm’s IT needs even the event of special cases and intricacies and streamline support visits.
  • Reporting and tracking can segregate troublesome devices for replacement.

 

IT firms adopt the above managed IT service methods in order to provide much higher quality service for their customers. The relationship is much more of a partnership and although it creates a higher expectation for the IT firm to provide stellar service, these methods also enable them to do so. As a result, they are more focused on eliminating downtime, committing to best practices with a consulting role, and being proactive instead of reactive to detect and resolve issues before they cause downtime.

 

What is Downtime Currently Costing Your Law Firm?

Use these two formulas below for estimating the cost of your current downtime:

Productivity Loss Formula
P = (Number of users affected) x (% of Productivity Loss) x (Average salary per hour) x (Duration of downtime)

Revenue Loss Formula
R = (Number of users affected) x (% of Revenue Loss) x (Average profit per employee per hour) x (Duration)

Overall Loss Due to Downtime
P + R = $$$

 

 

10 Benefits of Managed IT Services for Law Firms

 

1) Think of Managed IT Services as Outsourcing Your Internal IT Department.

It’s not uncommon for law offices to treat their network and computers much like a household appliance; when it breaks, you pay someone to fix it. Some law offices hire internal computer technicians just to keep up with problems. Managed IT is the sensible middle ground; your trusted IT provider isn’t on payroll, but they are dedicated to making sure everyone is up and running. There are plenty of benefits to this alone that can greatly increase your legal practice’s productivity and expenses.

Many small and medium-sized law firms can’t afford to staff an internal IT department to keep up with the day-to-day maintenance, issues, and technical support, let alone with managing new implementations, upgrades, and expansion.

Your Managed IT provider takes the time to get to know and document your entire IT infrastructure, your specific needs, requirements, and overall goals that your technology is driving you towards. Instead of just fixing case-by-case issues, Managed IT providers such as Encompass IT partner with law offices in order to take over all aspects of technology, from infrastructure to vendor management, maintenance to upgrades, and consulting for solutions to continue to increase productivity so that your legal practice can focus on generating revenue and growing.

In other words, you get all of the benefits of having an in-house IT department without the costs of staffing one or more dedicated employees. You get full access to professional support, goal-oriented solutions, and downtime-preventing maintenance.

 

2) Early Issue Detection Leads to Fewer Problems That Actually Affect the End-User.

Often, day-to-day computer issues start out as barely noticeable. Much like that tiny rattle in your car, overtime they can go from being a no-big-deal status to an overnight-in-the-shop ordeal. Managed IT providers run reporting and monitoring tools that detect issues and report back whenever a potential problem is discovered. That way, it can be fixed before it causes frustration and downtime for your employee.

Many issues can be detected early and prevented before they escalate, including:

– Hard Drive Failure Warnings
– Hard Drive Fragmentation and Disk Space Warnings
– Malware, Spyware, and Rootkit Detection
– Antivirus Updates and Issues
– Outdated Windows Updates and Service Packs
– Windows Update Failures
– Windows Licensing issues
– Duplicate Network Addresses
– Unexpected Changes in System Hardware
– CPU and Memory Issues
– Event and Error Logging

 

3) Remote Technical Support Reduces Overall IT Expenses with Shorter Response Times.

Many workstation issues can be solved remotely without the need for an on-site visit. When that’s the case, utilizing remote access reduces the expenses of the IT provider which are then passed on to you. This also grants faster response times since the technician doesn’t need to physically drive to your legal practice

Not all issues can be solved remotely, such as hardware issues where the PC needs a component replaced or isn’t booting, but the majority of day-to-day issues that take up your employees’ valuable time, such as errors, application issues, and support questions don’t require an on-site visit and can be resolved quickly if remote access is readily available.

Remote access is secure, and usually included in the Managed IT provider’s monitoring and maintenance toolset, making it a simple, cost effective, no-brainer addition to any small business’s IT package.

 

4) With a Trusted Managed IT Consultant, Your Law Firm Won’t Need to Rely on Vendor Support.

When technology fails, your first inclination is to contact the vendor to try to get as much free support as possible (or at least agreed to in your warranty). This usually includes long, pointless phone calls where you or your employees get cycled around a call center. More often than not the issue doesn’t get fixed on the first call and you are back to square one. Managed IT providers can not only handle specific hardware and software support, but handle managing your IT vendors for you.

When compared to the standard break-fix computer company, Managed IT firms deal with business-class vendors very often and often build relationships with vendors. This means things like warranty and support agreements can all be handled by your outsourced IT firm instead of by your employees, and support for specific hardware and software can be done right through your IT consultant instead of by multiple vendors. This gives you and your staff a single point of contact for all of your technical support needs.

On top of that, often Managed IT firms like Encompass IT Solutions deal with specific vendors and have access to special solutions and services that aren’t always offered to small law firms, such as bulk licensing and better support options.

 

5) The Break/Fix Practice Forces You to Pay When You Are Down & Already Losing Money.

IT issues can become expensive very quickly, especially when they aren’t taken care of promptly. Network and server outages can leave some or all of your employees stranded unable to do their jobs. You continue to pay them despite a huge hit to productivity and then you need to pay for the problem to get resolved.

The key element of a Managed IT Service is that you aren’t paying to have issues fixed; you are paying to have them prevented. With Managed IT, you pay to prevent downtime and maintain your expensive IT infrastructure. Regular maintenance plays a huge impact on stability, performance, security, and longevity of your network and the devices on it.

 

6) Flat-Rate IT Management is Easy to Budget and Reduces Hidden Costs & Promotes IT Expense Planning.

One major downfall of break-fix IT is the unexpected surprise costs that come when mission-critical technology fails and needs to be fixed. During downtime, you are already paying your employees despite a major loss of productivity, while also paying hourly fees for technical support to resolve the problem. Managed IT is based on a flat-rate payment model where you pay to prevent downtime, both greatly reducing downtime and minimizing unexpected costs.

When an expense varies greatly from month to month it can be difficult to
plan and budget accurately. With the flat-rate payment model you practically eliminate recovery costs since it is all covered under your agreement. Knowing that most issues are covered means you pay the same amount each month, and allows you to budget for new projects and expansion much easier.

Costs are also reduced because most maintenance tasks are standardized, proceduralized, and easily repeatable through automation.

 

7) You Get a Powerful Alignment of Your IT & Legal Practice Goals. Your Technology Works for You!

When your IT infrastructure works, it can greatly increase the productivity of your users, but what about goals specific to your law office? Your Managed IT provider serves the role of a consultant for your law firm’s development regarding how technology can drive your law firm forward. From new solutions to better internal practices, your goals can be achieved through professional management of your technology.

IT providers like Encompass IT can work with you, taking on the role of a CIO to help you establish long term implementations for your business through new solutions, security, training, and best practices that can improve your bottom line.

Your IT service provider should offer quarterly or bi-yearly reviews to provide consulting to ensure your IT solutions match your visions for your legal practice.

 

8) Law Firms That Manage & Outsource Their IT Properly Greatly Reduce Overall IT Expenses.

Simply put, when you take care of your IT, it breaks less. All of the benefits of managed IT services naturally leads to lower costs. Network and hardware integrity is constantly being monitored and proper maintenance is ensuring the health of your IT infrastructure, which eliminates surprise costs and faster-than-normal depreciation. Early detection contributes to fewer emergencies which result in fewer tech support calls.

You get access to knowledgeable, professional support without being nickeled and dimed for each call or issue. There aren’t hourly onsite charges either. Since your outsourced IT department is accountable for your uptime, issues and emergencies are typically covered under your clearly-defined agreement.

 

9) Your Law Office Can Take Advantage of Enterprise-Level Solutions for Small-Business Costs.

Running a law office doesn’t mean you need to suffer from the lowest-end solutions. Enterprise-level support and solutions can be made available to your organization to give you the cutting edge in communications or to help you sleep at night with bullet-proof backup and security. When partnering with a Managed IT provider, you can get access to technology solutions that are normally reserved for big corporate enterprises at costs geared towards your budget.

 

10) Managed IT Services Allow Law Firms to Free up Resources & Focus on Core Business Objectives.

Standard IT operations consist of many critical, yet repetitive technical tasks that take time and experience to perform. The traditional method had no place for many of these time-consuming critical tasks due to the hourly billing that most traditional IT providers charge. This means that these standard, day-to-day tasks, such as updating and running antivirus, applying and testing Windows security patches, and monitoring the health of data backup solutions, are the responsibility of the employee or not attended to at all.

Employees should perform the tasks they were paid to do, not general IT maintenance. Just as concerning, most of these critical tasks aren’t performed properly or at all, leading to additional issues, security breaches, and costly downtime.

A Managed IT provider can easily perform these repetitive maintenance tasks through automated tools and monitoring applications that report back any issues or missing updates. Through best practices and documented procedures, these routine tasks can be performed quickly and cost-effectively without needing to take an employee offline and tasks that require the workstation to be rebooted or need resources to run scans can be scheduled for after-hours.

With Managed IT services, your staff no longer `needs to focus on keeping their workstation up-to-date with Windows updates, run disk defrags or virus scans, or waste time on PC maintenance, effectively returning precious time to your organization and allowing employees to get more done during the course of the business day.

 

Are Managed IT Services Right for You?

If you’re tired of focusing on solving annoying technology issues, and not focusing on your law firm, call us at (860) 785-6233 to schedule a free Managed IT Services consultation with Encompass IT. We’ll provide an overview of your current technology and help you figure out if Managed IT Services would make sense for your law office.

managed-it-for-law-firms-cybersecurity-manchester-ct-computer-it-support-business

4 Technology Issues That Law Firms Trip Over

It’s already a handful to manage your legal practice without technology issues causing roadblocks in the day-to-day operations. When an issue with your office’s computers or servers does pop up, it produces a frustrating experience for both attorneys and employees alike.

Here are our top 4 common technology issues that we’ve seen small business trip over more than they should:

 

1) Data Leaks and Security Holes:

When considering the ever-increasing number of law firms handling valuable client data, many attorneys tend to slip into a false sense of security by assuming that they will be overlooked because of their small size. As a result, your law firm may have substandard or completely outdated security solutions and procedures that are simply not adequate to protect your client’s data. Leaving your law firm vulnerable can damage your reputation and, by extension, the business itself. It is a disaster waiting to happen, not to mention the downtime it will cost you. After all, if you were doing business with another attorney and their lax security allowed your credit card information or legal documents to be compromised, would you want to continue doing using them?

The truth is that small business is big business to hackers. In fact, the Small Business Committee states that “nearly 60% of small companies go out of business following a hack and 71% of all cyber assaults occur at businesses with under 100 employees”, which includes law firms.

Easy Fixes: Have the proper antivirus in place, update your operating system often, make sure your enterprise-grade firewall license is up-to-date, and follow PCI Compliance if you accept credit cards. There’s a lot more that goes into having the proper cybersecurity, so ask your IT firm to provide a full cybersecurity audit or an onsite vulnerability inspection for your law office.

 

2) No Backup

It’s incredible how many attorneys don’t think about their data and it’s storage. Stop and think about your law firm right now. If all of your data was deleted from your computers or servers 5 minutes ago, would you be able to start over?

According to Forbes, “more than 40% of businesses never reopen after a disaster, and for those that do, only 29% were still operating after two years. And guess what likely becomes of those that lost their information technology for nine days or more after a disaster? Bankruptcy within a year.”

While data loss can easily be avoided with the right solutions, too many law firms either find it an unnecessary expense or simply aren’t as diligent with their backup as they need to be. The best solutions are those that take incremental snapshots of the data every few minutes and store the data off-site, preferably in a secure cloud environment.

Also, an unmanaged, unmonitored backup is about as good as having no backup solution at all. If it’s not being maintained or tested, you have no idea if it’s even doing its job. Here at Encompass IT, we’ve met with many an attorney who 100% believes that their backup is working, only to find out upon inspection, that it’s not backing up to the right place or was never set up properly at the start.

Easy Fixes: Get a properly managed cloud backup solution, with quality checks and disaster simulation exercises. If you’re positive that your backup solution is working, have your trusted IT professionals check to make sure it’s set up and working correctly.

 

3) Inadequate Hardware and Software:

Most law firms believe that it only makes sense to delay buying new hardware and software until they absolutely need it. However, this risky strategy will most likely end up costing you more in the long run. Why? Well, as computers and servers age, not only is it harder to repair old hardware, but the components become harder to find and go up in price, following the simple economic laws of supply and demand.

From a cybersecurity standpoint, it also becomes extremely dangerous to neglect updating software/operating systems, since developers patch up vulnerabilities and glitches.

Also, it may become drastically more difficult to move data from an ancient version of an application or database that is several iterations behind, even if the software developers provide tools and instructions.

Easy Fixes: Replace computers every 3-5 years and replace your server every 4-6 years. Update your operating system and software applications as often as you can.

 

4) Insufficient IT Support:

Think about how many staff members you currently have as an IT resource in your law firm. More than likely, your average employee or paralegal isn’t equipped to troubleshoot company-wide email outages or properly service the technology equipment in your office. Your current in-house resources probably aren’t enough to provide your computers and servers the care they need to drive your law firm onward. So what do you do?

Instead of hiring an in-house IT guy and starting your own IT department, there may be a better, more cost-effective solution; a managed IT service provider. A solid MSP will ensure that your infrastructure and software solutions are optimized for your specific law office, as well as maintain security and backup solutions. They will also be there to answer any employee questions or troubleshoot those computer issues that crop up and devour your time.

If you don’t currently have an MSP to assist you with these four common technology issues that trip up many law firms, the Encompass IT team can be that MSP for you.

Give us a call at 860-785-6233 for a free IT inspection of your current IT setup and see if a Managed Service IT Provider (MSP) makes sense for you.

cybersecurity-manchester-ct-computer-it-support-business

10 Cybersecurity Threats Every CEO Must Thwart

It’s all over the news channels; data breaches and hackers wreaking havoc. Cybersecurity threats are everywhere, and it doesn’t help that there are multiple kinds of threats designed to attack in various ways. Businesses need to stay aware of the shifting cybersecurity landscape.

 

Here’s a quick overview of the different types of malware and threats that every business should know about, and the sort of damage they can cause:

 

1) Viruses

This threat is actually a computer program that is designed to infect other programs in order to spread. Side effects include altering your data in some way, either by stealing it, corrupting it, or completely deleting it, all usually without you noticing.

 

2) Spyware

This cybersecurity threat provides a hacker with an inside peek into a victim’s systems. It would allow them to design a specific attack that is more likely to succeed, based on the behaviors and habits of a user.

 

3) Computer Worm

As computer worms inch their way through your network, they infect as many of your devices as possible, including phones, tablets, computers, and servers. Encouraged by the amount connections the typical PC has to the outside, they try to spread its malware payload to as large a radius as possible. Side effects include usability of your systems, as they copy themselves until your disk space and bandwidth are at capacity.

 

4) Rootkit

When accidentally installed, a rootkit provides administrator access to a computer or network, which allows them to install more malicious programs or change vital settings on the computer to render it useless.

 

5) Trojan Horse

Named after the wooden horse of ancient Greece, this type of threat contains malicious bits of code that are disguised as a legitimate computer program. Once inside your device, side effects include the introduction of a keylogger to capture typed passwords on your computer or manipulation of a webcam.

 

6) Keylogger

These are malicious programs that record the keystrokes a user creates on their keyboard. They are extremely useful for hackers who are trying to gather login credentials for their target’s accounts, such as bank accounts or email accounts.

 

7) Phishing

This method of attack is used to gather credentials from their targets, in which the malicious user tricks the victim by impersonation. Most often, this is demonstrated by email scams that have links to malicious websites with sign-in forms that offer appear legit. A phisher might take a direct approach and pose as a trustworthy person through email correspondence, asking for passwords or providing unsafe website links.

 

8) Botnet

This threat is comprised of a web of interconnected computers that are infected and controlled by the malware distributor. Often called “zombie computers”, these computers are then used to further other attacks.

 

9) DDoS (Distributed Denial of Service)

These attacks are often the most damaging, as botnets and other types of malware are combined and assault a system with a large amount of traffic until it is rendered unusable, or temporarily disabled. While the system is trying to keep up with the amount of traffic, the hacker can steal any data they please.

 

10) Exploit

This threat takes advantage of a particular, unpatched vulnerability in a system. By regularly updating your system, you can cut down on the amount of these attacks, but vigilance is the best way to stay ahead.

 

And More…

This is by no means a comprehensive list of every single cybersecurity threat out there, but it reinforces the fact that businesses need to pay attention to their technology. Since we rely so heavily on technology to run our businesses, it makes it all the more important to know that you’re protected and can easily recover from the disasters these malicious programs can cause.

 

If you think that you’ve been infected by one or more of these 10 cybersecurity threats, definitely alert your IT firm and make sure you have the proper protections in place.

 

Here at Encompass IT Solutions in Manchester, CT, we provide enterprise-grade antivirus and remote monitoring services to protect your business. If you’re concerned about your cybersecurity and the potential threats that could ruin your hard work, look into our Cybersecurity Risk Assessments or Employee Cybersecurity Training. If you have any questions, feel free to give us a call at (860) 785-6233.