Need Assistance? Call us at (512) 814-8044, or submit a ticket

The Internet and computer networks are getting more complex. Small and medium-sized businesses can leverage the expertise of professionals by using a managed security service provider like Tech Prognosis.

Why Your Organization Needs An Internet Use Policy

Employee Avatars working on a policy checklist.With computers and Internet access being such an integral part of every business, and the Internet filled with everything from gambling to x-rated websites, it is critical that every business has an Internet Use Policy in place.

This policy can help prevent your employees from accidentally or intentionally causing harm to your company or your company’s reputation. While you don’t want to give your employees the idea that they are living in George Orwell’s 1984, you want them to have a clear understanding of practices that are and are not appropriate during work hours. It is necessary for companies and organizations to create an Internet policy that everyone can live with.

Why Have An Internet Use Policy?

The purpose of a business is to make money, and for non-profit organizations, it is to fulfill the mission. In order to accomplish this, the company or organization has to have productive employees. The Internet can be a time drain and often prevent employees from being as productive as they should be.

With such a wide range of information available on the Internet, it is necessary to clarify the company’s expectations of its employees regarding Internet access. With a strong policy in place, the employee, as well as the employer, will find Internet use less confusing and frustrating. (more…)

Share

Comments Off on Why Your Organization Needs An Internet Use Policy

Basic Computer Security Practices for Non-Profits

Some Basic Computer Security Practices To Keep Your Non-Profit Data and Employees Safe

Malware Prevention

There are all sorts of danger lurking on the Internet, whether it’s through a bogus email attachment, a link that was accidentally clicked, or a visit to an infected website. There are dangers within the organization as well. These are commonly referred to as “Insider Threats”.

Here are some computer security practices you can implement to protect the data and employees of your non-profit organization.

  • Regularly scan computers for spyware

Spyware or adware hidden in software programs may affect the performance of  the organization’s computers and give attackers access to sensitive data.
Make sure you use a legitimate anti-spyware program to scan computers and remove any of these files. Many anti-virus products have incorporated spyware detection.

  • Keep software up to date

Install software patches so that attackers cannot take advantage of known problems or vulnerabilities.
Many operating systems offer automatic updates. If this option is available, you should turn it on.

If updates and patching is too tedious for you and your organization, you can outsource the task to a service provider. You can see details of what patch management covers here. (more…)

Share

Comments Off on Basic Computer Security Practices for Non-Profits

Six Risk-Based Questions for Nonprofits With In-House Computer Experts

Image of admin for Nonprofits

Nonprofits and other small and medium sized organizations must ask these six questions before their In-House Computer Expert Quits to avoid disaster.

Here’s an important question most nonprofits don’t think about: what would happen if the in-house IT guru suddenly quit? Most nonprofit leaders think it would only be a temporary inconvenience when, in fact, the opposite is usually true. Want to know how much you are at risk?

If you are the Executive Director, President, or leader of a nonprofit organization, ask yourself the following questions:

  1. Does your nonprofit organization have a written network documentation about its computer network?
    What software licenses do you own? What are the critical administrator passwords to your systems and devices? How is your computer network structured?  What hardware do you own and when do your equipment warranties expire?  Are there cloud vendors for email, online storage, etc. that you don’t’ currently have?
    Do you allow a single IT person to keep this information under their full control over your network and nonprofit organization?  If they suddenly left for any reason, this could lead to huge consequences for your nonprofit organization.

(more…)

Share

Comments Off on Six Risk-Based Questions for Nonprofits With In-House Computer Experts

Credential Management Vulnerabilities Exposed By Breaches

Credential Management BreachThe recent breach of OneLogin is once again shining the spotlight on the safety and sanity of entrusting sensitive data to cloud-based credential management services. OneLogin provides single sign-on for cloud-based applications.

What Is A Credential Management Service?

Credential management services that offer Single Sign-On or SSO are great, but as we are beginning to find out, it could also be a single point of entry to a treasure trove of sensitive data for cyber criminals.

How Does A Credential Management Service Work?

The way credential management services work is that after a user of these Identity and credential management services sign into their account, the service takes care of remembering and supplying the customer’s usernames and passwords for all of their other applications. It pretty much attempts to save the user the pain and stress of trying to remember numerous passwords, security questions and other hoops people normally have to jump through just to access some online services.

What Is The Problem With Credential Management Services?

While a lot of these services promise secure access to, and a simplified Identity and Access Management (IAM), the recent spate of multiple breaches of LastPass and now OneLogin makes us wonder just how efficient and  secure these credential management services really are. And here is why: a single compromise exposes the credentials of all users, especially if that data theft includes the ability to decrypt encrypted data [thanks to Mark Maunder of Wordfence for that emphasis].

A breach that allows intruders to decrypt customer data could be extremely damaging for affected customers.

The vulnerabilities in credential management services like LastPass were so bad that Tavis Ormandy, a security researcher at Google’s Project Zero wondered if people were “really using this lastpass thing” because he took a quick look and could see “a bunch of obvious critical problems”. (more…)

Share

Comments Off on Credential Management Vulnerabilities Exposed By Breaches

How Nonprofits And Associations Can Prevent Ransomware Like WannaCry

Ransomware Prevention

On Friday May 11, 2017, the world learned just how vulnerable computer networks can be when not fully protected as it experienced a well-coordinated ransomware attack, known as WannaCrypt, or WannaCry.

Note: Ransomware encrypts files and makes them unusable unless payment (ransom) is made within a specified time. Malware and ransomware like WannaCry prey on weaknesses in network security systems due to out-of-date firewalls, operating systems and antivirus programs.

Are You at Risk?

That worldwide attack caused Britain’s National Health Services to cancel surgeries, shut down at least 40 major organizations across more than 99 countries, including a wide array of Russian and Chinese private and public institutions.
By the time the dust settled, this large world-wide cyber-attack, described by Europol as unprecedented in scale, infected more than 230,000 computers in over 150 countries.

Unlike previous ransomware, this attack did not spread by phishing emails, but used a leaked hacking tool or exploit called EternalBlue that was developed by the U.S. National Security Agency (NSA) to spread. The target of the ransomware were computer networks which had not installed recent software security updates (also commonly known as patching). (more…)

Share

Comments Off on How Nonprofits And Associations Can Prevent Ransomware Like WannaCry
Close Menu
Share
Share