Managed IT Service Explains Four Common Cybercriminal Phishing Emails

Dental practices, veterinary clinics, and small businesses must keep their guard up in the effort to maintain cybersecurity. Vulnerabilities can spell disaster. IT managed services are a burden that most small businesses are unable to shoulder alone. An outsourced managed IT solutions provider, such as Mobile Computer Services, Inc. of Wake Forest, is an affordable way to gain the cybersecurity every business needs to stay safe and functional in the “new normal” of accelerated cybercriminal activity.

Four types of phishing pose a critical threat to dental practices, veterinary clinics, and small businesses:

1. Spear phishing
2. Clone phishing
3. Whaling
4. Pop-up phishing

Spear phishing

The majority of phishing emails targets large groups of people. Spear phishing is a type of attack that is more personalized and individual in its approach and focus.

A spear-phishing email, as the name implies, targets a specific individual, business, or organization. Dental practices and veterinary clinics are prime examples of entities that this variety of phishing expedition would single out. The scammers who spear phish invest time to research their niche targets. This more sophisticated phishing is sometimes referred to as social engineering. The emails are configured to closely resemble legitimate sources.

In 2016, millions of Amazon customers received an email containing the same subject line message about an order status with an order code following directly after it. Upon opening the email, consumers found no message, only an attachment. Customers who opened the attachment put themselves or their companies at risk of installing ransomware on their computers or other devices.

Another example of spear phishing emails specifically involves small businesses, including dental practices and veterinary clinics.  The target, in this instance, might be a company employee. The email may seem to originate from higher up the management chain, and it requests access to sensitive company information. If the spear-phishing target responds, a data breach could ensue in which company or employee information is accessed and stolen.

Clone phishing

Another type of malicious phishing, clone phishing, is very difficult to detect. This phishing attack involves creating a version of an email that victims have already received. The email address is very close to the address of the original email, and the formatting of the body of the email resembles the original email, as well. The only difference is the attachment or link in the message has been changed. Unwary victims who click on the link or open the attachment will be taken to a fake website or open an infected attachment. This type of email phishing requires a keen eye and attention to detail to notice.

Whaling

Some phishing expeditions focus on the large catch, the whales. Whaling attacks target chief executive officers, chief operating officers, or other high-level executives in a business. The phisher’s aim is to con these powerful individuals into divulging sensitive corporate information. Any key decision-maker with sensitive information qualifies as a high-value target, including dentists and veterinarians, as well as other small business owners.

These attacks require a higher level of sophistication and much more research. The scheme usually relies on fraudulent emails that seem to originate from trusted colleagues within the company or from legitimate external agencies.

Pop-up phishing

Pop-up phishing utilizes pop-up ads to entice users into installing malware on their computers. The ads may seek to convince the recipient to purchase unnecessary antivirus protection. Scare tactics may be employed. The user might be warned that their computer has been infected with a virus and the only remedy is to install a particular antivirus software. Upon installation, the user discovers this software is non-functional. Sometimes the supposed remedy actually infects the computer with malware.

How can a dental practice, veterinary clinic, or small business protect against a phishing attack?

Small businesses can take simple, common sense, proactive steps to avoid being scammed by phishing expeditions. The application of several commonsense principles and a healthy dose of suspicion are a good combination when dealing with potential cybercrimes. Cybercriminals are smart. Their subtle machinations can hook the most astute business owner or employee. The following principles will help safeguard against falling for the scammer’s tricks.

• Delete suspicious emails.
• Do not click on suspicious links in emails.
• Do not send financial information through email.
• Avoid clicking on pop-up ads. Hackers can add fraudulent messages that pop up when the victim is visiting legitimate websites.
• Protect computers and other devices with strong, multi-layered security software.

Managed IT services are indispensable for cybersecurity in the twenty-first century. An outsourced IT support service is an affordable strategy to gain bullet-proof security and achieve peace of mind. For more information about IT solutions that work, contact Mobile Computer Services, Inc. of Wake Forest by phone at (919) 230-2900.

How to Spot COVID-19 Scam Emails

The COVID-19 pandemic has created subtle cybersecurity issues for small businesses. Mobile Computer Services, Inc. of Wake Forest provides cybersecurity advice on how to identify and avoid dangerous COVID-19 email phishing scams. The managed IT service providers build an email infrastructure that ensures a business can continue to utilize email as a safe and beneficial business tool.

A headline from The Wall Street Journal reads, “Don’t Click! Coronavirus Text and Phone Scams Are Designed to Trick You. Swindlers are taking advantage of the global health crisis, so watch out for email phishing, robocalls, and “smishing”—text-message scams sent to your phone.”

Billions of robocalls are annoying tens of millions of Americans. Unsuspecting and trusting individuals have shelled out vast sums of money to phone scammers and cybercriminals pretending to be government officials, health-care providers, IRS representatives, and more. As far as the robocalls, lawmakers find it all but impossible to make the calls stop. With the phishing (emails) and smishing (text messaging), commonsense strategies and IT managed email infrastructure security can address the cybersecurity issues. 

The Wall Street Journal article begins with an all too common scenario. “A text comes in on your phone. It’s from the IRS, and your economic relief check is ready, pending your acceptance. There’s a form to fill out. All you have to do is click the link.”

With this introduction, author Nicole Nguyen brilliantly sets the stage for a straightforward solution that works every time. She writes, “If you don’t have time to read this whole column, please—for the love of sweatpants—just read this: Don’t Click The Link.”

The solution is not magical, nor is it an industry trade secret. Success at thwarting scammers does require some basic commonsense, self-discipline, and understanding of how to recognize fishy emails phishing for personal information.

News coverage in the dominant media culture surrounding COVID-19 has fostered phishing attacks seeking to exploit fears in the general population about the highly contagious and sometimes fatal virus.

How does the phishing scam work? Cybercriminals send bogus emails claiming to originate from legitimate organizations with vital data regarding COVID-19.

The email might direct the recipient to open a file attachment to read the latest statistics. Clicking on the file or embedded link may download malicious software onto the recipient’s device. The malicious software or malware enables cyber scammers to gain access to a computer, record keystrokes, or harvest personal information and financial data. Identity theft could be one of the painful consequences of this scam.

COVID-19 has impacted millions of lives worldwide. The long-term impact is impossible to predict. Effective steps are available to protect against COVID-related scams and mitigate the risk.

Spotting a coronavirus phishing email

Coronavirus-themed phishing emails appear in various forms, including the ones listed below.

1. CDC alerts

Cybercriminals are creating emails that appear to originate from the U.S. Centers for Disease Control. The email may claim to link to a list of local coronavirus cases. The recipient is urged to immediately read the cases and glean safety hazards to avoid. Warning: Avoid clicking on the links! Granted, the emails may look official. Stay safe. Visit the CDC website directly for COVID-19 information.

2. Emails giving advice on health issues

In these emails, scammers send offers of medical advice to help guard against COVID-19. The emails may purport to come from medical experts in Wuhan, China, the COVID-19 epicenter. The advice promises, “This little measure can save you!” Another scam strategy is “Use the link below to download Safety Measures.” Here is a simple, flawless cybersecurity safety measure: do not click on the link.

3. Workplace policy emails

This form of phishing scam deserves extra attention. Employees’ workplace email accounts are information-rich targets for cybercriminals. A sophisticated phishing email might open with the casual greeting, “All, Due to the pandemic outbreak of COVID-19, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” Clicking on the fake company policy will download malicious software onto the device. The eventual legal and financial impact could destroy the company.

How to avoid scammers and phony ads

Scammers post ads claiming to offer COVID-19 remedies and use language that creates a sense of urgency. “Buy now, limited supply” is a prime example.

Responding to the ads could have several negative consequences.

• Malware could be downloaded onto the device when a malicious link is clicked. 
• The product is purchased but turns out to be worthless.
• Personal information such as name, address, and credit card number has been shared with a stranger who may use the information for identity theft or sell or trade the information to another cybercriminal who may use the information to cause mayhem in some person’s life.

A simple solution is to avoid any ads seeking to capitalize on the COVID-19 pandemic.

Tips to spot and avoid phishing emails

Follow these tips to spot and avoid pandemic-themed phishing emails.

• Be very cautious of online requests for personal information.

A pandemic-themed email requesting personal information such as a Social Security number or login information is a phishing scam. Legitimate government agencies do not request information of such a personal nature. Do not provide personal data to such an email.

• Verify the link or email address.

Hover the mouse button over the URL to inspect where the link leads. Sometimes, the website address is obviously fake. Scammers have become more sophisticated and will create links closely resembling a valid address. Take action if the ad is a scam and delete the email.

• Keep an eye out for spelling and grammatical mistakes.

As mentioned above, phishers have perfected their messaging either by hard work or through artificial intelligence and grammar tools.

• A generic greeting is a giveaway.

Phishing emails are unlikely to use the target’s name. Greetings like “Dear sir or madam” signal an email is not legitimate.

• Avoid pushy emails insisting on fast action and little research.

The heightened sense of urgency or demand for instant action is to drive readers to respond in fear and click on a link to provide personal information. The simple, failsafe solution is to delete the message right now!

To learn more about IT managed solutions and email cybersecurity, visit the Mobile Computer Services, Inc. of Wake Forest website at www.ncmobilecomputerservices.com/locations/wake-forest. Contact the office by phone at (919) 230-2900.

IT Management Company Explains How a VPN Protects Internet Activity

A virtual private network or VPN provides a secure internet connection and grants anonymity to a user’s web traffic. A VPN functions to establish a secure connection between a user’s device and a remote location by creating a tunnel from the device in use to the network of the VPN service provider. The internet traffic routes through this tunnel to the VPN server. From the server, the traffic flows to the desired website or internet service. The origin of the traffic is hidden by making it appear to originate from the network of the VPN service provider. All traffic is encrypted, thus veiling the actual IP address. Only the service provider is privy to the activity.

Most service providers allow users to choose the server location to which the VPN tunnel is connected. Traffic routes from the country of the server chosen for the connection to the user’s VPN.

Safe connection in public networks

When connecting to a Wi-Fi network, it is never possible to know if the connection is safe. The VPN encrypts the data in the connection, making web traffic interception by a hacker significantly harder. Joining unsafe networks becomes much less risky. Leisure and business travelers find the encryption feature to be of use since traveling often requires connecting to unsafe networks. Many countries engage in strict internet censorship and surveillance, and a particular internet destination might be blocked or illegal.

IP address hidden by VPN

Accurate web tracking requires many factors, and the IP address is only one way to trace a device. Concealing the IP address complicates the process of connecting web traffic to a specific individual. The user is not entirely unable to be traced on the internet, but tracking is more difficult.

Hiding the IP address prohibits the user’s internet service provider from seeing what a user is doing on the internet. The service provider cannot store personal or company data, sell it to advertisers, or relinquish it to authorities. A measure of anonymity is important because many governments do not respect internet privacy.

Virtual location changed to another country

With a VPN, a user is able to change the virtual location so that web traffic goes through another country. VPNs are useful to bypass limitations in countries where access to the internet and some internet services is more highly restricted. The same feature also enables accessing geo-blocked material, such as videos. Websites can detect VPNs and block such traffic if so desired.

The downsides of a VPN

VPN may slow the internet connection to some degree. The user may not notice any fluctuation or the speed may plummet. The use of a VPN can also decrease battery life on mobile devices and laptops.

Another downside is related to the VPN service provider. All web traffic goes through the service provider when a VPN is in use. Since the VPN service provider is in control of all the web traffic data, users must trust the VPN service provider to handle their data properly.

Free VPN services

If the desire is to access geo-blocked material or to reduce lag for gaming, then a free VPN service may be sufficient. If the VPN service is free, do not be surprised to discover that important personal data is being sold to third parties. Many free VPN providers are scams intended to spy on user data. Free VPNs may also run slower than paid options. If privacy is a priority, connect with a paid VPN.

Some VPN service providers also log user activity. Users should know if activity logs are being kept of their activity and for what purpose. The solution is to use a VPN service provider that can be trusted.

Location matters

The physical location of the VPN service provider is an essential piece of information to know. The laws of the host country prevail in matters of privacy. These laws can require the VPN providers to relinquish data to authorities upon request, thus potentially eliminating any privacy gained with the use of a VPN. Some VPN service providers issue a warrant canary to inform their users of any request to provide data to the authorities.

Conclusion

The VPN is a useful tool in the IT management toolbox that further enhances security and privacy. VPN is not a panacea. The technology and its applications have limitations. Consulting with a managed IT solutions provider can yield a strategy that meets the growing and changing needs of small businesses, such as dental practices and veterinary clinics.

For more detailed information about a VPN and its application in a specific setting, visit the Mobile Computer Services website at www.ncmobilecomputerservices.com/locations/wake-forest. Contact the office by phone at (919) 230-2900.

Wake Forest IT Management Company Provides Web Hosting Services

IT management and cybersecurity require a comprehensive strategy and constant attention.  Threats are ever-present, and hackers are adapting and adjusting to perfect their cyber mischief. Mobile Computer Services, Inc. of Wake Forest is available as a resource for website hosting and cybersecurity solutions, along with full-service managed IT solutions. The services include network services, business continuity planning, IT consulting, cybersecurity, on-demand services, office moves, VoIP, email protection, and HaaS (Hardware as a Service).

Key features of the web hosting service include:

• Optimized cybersecurity strategies to thwart lurking cyberattacks
• Password and device safety
• Domain-based business-class email instead of a free service like Yahoo or Gmail

Web hosting services without comprehensive cybersecurity strategies leave a business vulnerable and can result in a cyber disaster, which may cost tens of thousands of dollars to repair. A hacked website can devastate a business, whether large or small. Nearly 60% of malware attacks are aimed at small businesses. Losing customer trust, website files, or search engine rankings is the last thing a busy small business owner needs to worry about.

Most cyberattacks are carried out by automated bots that crawl the web looking for vulnerable sites without considering the size or popularity of a business. No website is immune to a hacker attack. A bot can attempt to hack any website at any time, so security features are essential for every site.

Websites hosted by Mobile Computer Services, Inc. have access to a variety of security features already. Before considering a security upgrade, make sure to take care of the basics listed below.

Choose strong passwords and usernames

The easier a password is to guess, the more susceptible it is to being hacked. Components of a strong password include:

• Contains at least ten characters
• Uses both uppercase and lowercase letters
• Includes symbols such as asterisks, parentheses, and numbers
• Does not use common words like “password”
• Is not tied to known information about the user, like a last name or date of birth

Avoid common usernames like “Admin,” “Administrator,” or the name of the business. Instead, choose something personally meaningful but not obvious to a stranger.

Prevent brute force attacks

Coming up with strong passwords can be a challenge, which is why brute force protection is so important. Brute force attacks take place when a hacker or bot attempts to guess the correct username/password combination for a website’s admin dashboard. Automated software accelerates the process tremendously, up to several thousand attempts a second. Inquire about an MCS-hosted website with security features that can block these login attempts.

Use two-factor authentication to access the company website

Secure authentication provides an extra layer of security to a website login. After entering the website username and password, a code is sent to the user’s cell phone. The user will then have to input that code in order to access the dashboard.

Instead of just requiring a user to know the password, it requires a phone in their possession. Even if hackers or bots can identify a username and password, they will not be able to access the website without also having the user’s phone.

Two-factor authentication is incredibly effective. Google found that sending a code to a phone number blocks 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.

Use domain-based business-class emails instead of a free email service

Using domain-based business-class emails impacts brand value and cybersecurity.A business cannot distinguish itself as a business brand with an email ID like companyname@gmail.com. Anything less than a domain-based email looks unprofessional and fails to make a positive first impression with colleagues and customers.

Without the professionalism and credibility that a domain-based email lends to a business, customer trust is compromised. Most spammers and frauds also use a free email service.

Using a free email service like Gmail or Yahoo makes it easier for hackers and scammers to steal or compromise a company’s identity. Anybody can create an email ID on any free mail platform. By creating a mail ID with a business name with slight variations such as company-name@gmail.com, frauds can irreparably harm a business.

A business that uses a free email service instead of a domain-based business-class email has not positioned itself as well as it could. Using a free email service for a business is like having a well-known business at a great location (company domain name) with a well-developed infrastructure (company website) but using a nearby telephone booth (free email) for communication needs. When a business uses a free email service, it cannot be regarded as a reliable business by customers, competitors, or Google.

The benefits of having a domain-based business-class email include:

• Offers instant recognition and branding
• Promotes the business brand
• Conveys trustworthiness and integrity
• Communicates size and organization
• Looks more professional and earns credibility

Free email service providers offer nominal security and privacy features which expose critical business data to serious risk. Having emails on a private domain makes communication and confidential data more secure because many additional security measures can be utilized.

A domain-based business-class email is like a direct line specially installed to serve business communication needs while distinguishing the business as trustworthy, reliable, and professional.

Conclusion

Mobile Computer Services, Inc. offers these basic recommendations as a starting point for improving business IT management and cybersecurity. The web hosting resources complement the menu of services that the IT management company offers customers.

For more information about web hosting services, visit Mobile Computer Services, Inc. of Wake Forest on the web at www.ncmobilecomputerservices.com/locations/wake-forest. Contact the office by phone at (919) 230-2900.

Telehealth and HIPAA Compliance in the COVID-19 Crisis and Beyond

A prophetic vision for the future of teledentistry was cast over twenty years ago. “Teledentistry is a rapidly forming subset of telehealth, a field that already has a considerable impact on the healthcare industry. Recent advances have created new opportunities for teledentistry, and changes in diverse technologies have created new tools for the practitioner. Technologies currently available are beginning to change the dynamics of dental care delivery. As teledentistry evolves, it will offer new opportunities to improve the level of patient care and reshape current business models.”

While advances have been made in the area of telehealth in general, stringent HIPAA regulations have slowed or halted the technology’s advancement until the advent of COVID-19. In anticipation of a massive pandemic that would cause patients to flood the health care system, HIPAA relaxed some of the more restrictive regulations that made little sense in the age of VoIP, Zoom, cybersecurity, and the VPN.

Dental practices are utilizing telehealth technology solutions to address patient concerns, but HIPAA compliance, patient confidentiality, and cybersecurity issues must be addressed. In light of the current COVID-19 situation, the American Dental Association has released video teleconferencing guidelines to protect patient privacy while at the same time providing a friendly and caring patient experience.

The ADA Addresses Telehealth and HIPAA Compliance Issues

Are dental practices legally vulnerable when using teleconferencing technology to see patients? The American Dental Association is offering recommendations for best practices to address the issue of HIPAA compliance as it relates to telehealth. “The Office for Civil Rights (OCR) may waive penalties for dentists who fail to fully comply with HIPAA requirements when communicating with patients via video-teleconferencing during the pandemic providing they act in good faith and do not use public-facing video communication applications.”

Dentists who use video-teleconferencing to see patients during the COVID-19 pandemic “will not be subject to penalties for HIPAA violations by the Office for Civil Rights (OCR) even if the communications do not fully comply with HIPAA requirements, provided the dentists act in good faith and do not use public-facing video communication applications. See COVID-19 Interim Coding and Billing Interim Guidance. State law restrictions may continue to apply.”

Some important observations from the ADA statement can be summed up as follows:

1. In good faith, make every effort to be HIPAA compliant. Intentionality has a bearing on the matter.
2. Mistakes will be made, but good faith mistakes may not be penalized during a crisis.
3. Public-facing applications are not acceptable under any circumstances. Dentists should exercise due diligence in discovering and implementing secure teleconferencing technology.

Outsourcing IT management, including telehealth technology, to a highly competent firm is a requisite for doing business in this new environment. Failure to manage IT cyber vulnerability is no excuse for HIPAA non-compliance or errors. Although some guidelines have been broadened, dentists should strive to stay clearly within the new boundaries. Seeking outsourced IT management for teledentistry activities constitutes legitimate effort on the part of the dentist to be HIPAA compliant.

The ADA Offers Guidance on Video Teleconferencing Cybersecurity

The ADA statement also provided specific guidance on using Zoom, which appears to be the most favored teleconferencing tool emerging from the COVID-19 shakeup. On April 4, OCR shared an update from the Cybersecurity and Infrastructure Security Agency (CISA) advising dentists to take these steps to improve video teleconferencing cybersecurity.

First, meeting privacy is to be ensured by either requiring a password for entry or controlling guest access from a waiting room. Second, when selecting vendors, dentists should consider security requirements.  For example, if end-to-end encryption is necessary, the dentist should ask if the vendor offers it. Failure to have this cybersecurity measure in place could be a reason to refuse the vendor or to terminate the vendor relationship until sufficient cybersecurity measures are in place. Third, dentists (and all healthcare providers who must be HIPAA compliant) should have video teleconferencing software that is up to date. The ADA statement advises dentists to review Understanding Patches and Software Updates.

OCR also shared an FBI warning concerning hijacking that may occur when using video-teleconferencing platforms. One such example is Zoombombing. The ADA statement communicated the FBI warning, which included five steps to help reduce teleconference hijacking threats.

1. Meetings or classrooms should not be made public. Zoom provides two options to make a meeting private. The host can either use a meeting password or use the waiting room feature to control the admittance of guests.
2. Do not share a link to a teleconference or classroom on a social media post that is unrestricted and publicly available. Provide the link directly to specific people.
3. Manage screen sharing options carefully. In Zoom, change screen sharing to “Host Only.”
4. Make sure the updated version of remote access/meeting applications is being used. In January 2020, Zoom updated its software and added passwords by default for meetings. The update also disabled the ability to randomly scan for meetings to join. This blocking feature reduces the likelihood of unwanted guests in a Zoom meeting.
5. An organization’s telework policy or guide must address requirements for physical and information security.

Conclusion

These recommendations should be reviewed carefully, fully understood, and taken seriously. Honest mistakes will not be ignored entirely; the consequences may only be less punitive. Blatant neglect and malfeasance will be held accountable. Embracing managed IT services that include VoIP, a teleconferencing application, a robust cybersecurity protocol, and other IT solutions and services makes sense for all healthcare providers, especially dentists.

For more information about HIPAA compliance, telehealth, and overcoming the IT challenges of the COVID-19 crisis, visit the Mobile Computer Services, Inc. of Wake Forest website at ncmobilecomputerservices.com/locations/wake-forest. To speak with an IT services professional in Wake Forest, call (919) 230-2900.

The Remote Workplace and Cybersecurity Concerns

The recent COVID-19 pandemic has created a temporary remote workforce that has swelled to unprecedented levels and may signal a larger and more permanent shift to remote work. Working from home reduces certain health risks associated with the coronavirus. However, working at home also creates cybersecurity risks and other IT management issues that must be resolved before any work is done remotely.

Defining Remote Work Helps Identify Risk

Remote work involves working away from the office. The worker may be entirely home-based. More frequently, time is shared between home and the office. Remote work may be temporary and only involve an occasional business trip. Remote work may also involve daily sales or service calls. For the cybersecurity provider, the challenges are many, depending on the circumstances.

The Cybersecurity Issues With Remote Work

Managing the cybersecurity of a blended or fully remote workforce is more challenging than managing the cybersecurity of on-site endpoints.

Three Risky Practices That May Endanger Business IT

1. Ignoring Basic Physical Security Practices in Public Places

Cybersecurity encompasses not just digital security but also physical security. Sensitive information can be stolen when an employee talks loudly on the phone while working in public places. They may unintentionally expose their screen to prying eyes at a nearby table or venue. Devices may be left unattended while taking care of personal matters.

1. Accessing Sensitive Data Through Unsafe Wi-Fi Networks

When remote workers connect to the home wireless network or access corporate accounts using unsecured public Wi-Fi, malicious actors in the vicinity can easily spy on the connection and harvest confidential information.

Data sent in an unencrypted form in plain text is easily intercepted by cybercriminals. Employees should never access any unknown Wi-Fi networks unless they are using a VPN connection.

1. Using Personal Devices for Onsite or Remote Work

Employees frequently transfer files between work and personal computers when working from their homes. This practice is a cause for worry. At the same time, some companies allow employees to use their personal devices at work. This “Bring Your Own Device” or BYOD policy is trending in popularity, but it is very risky.

Remote workers may not be updating their software. This neglect or oversight creates security gaps in the work environment. Employers and their managed IT company team must continuously stress the importance of applying software patches in a timely manner and for a good reason.

An employee may quit or be terminated but keep the confidential information stored on their device. IT management must have in place a strategy that controls endpoints. Otherwise, critical data or valuable trade secrets may be lost or stolen.

Teaching employees basic remote security measures is an IT management imperative. Periodically, remind employees not to expose company data while working remotely, whether at home or on the road.

Secure the Remote Workforce: Formalize a Remote Work Security Policy

Employers must ensure that their remote workforce is secure. This can be done by creating a security policy specifically designed for remote workers.

Essential Security Items That Should Be Included in a Remote Work Policy

1. Clearly define which positions are eligible for remote work.

Some job functions are too risky for remote environments except under the most controlled conditions. Establish clear guidelines for which positions are a good fit for remote fulfillment. Where appropriate, provide some explanation for why some jobs are excluded from the work-at-home option.

1. Specify the platforms and tools remote workers should be using.

Both on-site and remote staff should use the same approved tools, such as project management tools, cloud storage platforms, and communication/video conferencing tools.

1. Train employees on how to respond to the first signs of account compromise.

Every company should have mandatory cybersecurity training and a clear, understandable policy and procedure manual for both on-site and remote workers. The environments have their own complexities and need individual attention.

Indispensable Tools That Both Regular and Remote Workers Should Have Installed on Their Devices

1. Multi-Factor Authentication

This authentication provides a strong additional layer of security.

1. Password Manager

Besides multi-factor authentication, employees should also be using a password manager. With this tool in place, workers will not need to remember the different passwords for work-related accounts.

1. VPN

VPN connections are crucial when remote workers connect to unsecured networks, such as Wi-Fi hotspots. It is recommended that employees use the company’s VPN. The VPN routes the traffic through the internet from the business’ private network, ensuring even more security.

1. Firewall

A firewall prevents unauthorized access to and from a network. This tool strengthens the security of the employees’ devices. A firewall monitors network traffic, blocking unwanted traffic.

1. A Strong EDR Solution

The exact details of endpoints always need to be visible to system administrators. A complete endpoint detection and response (EDR) solution be deployed. It will allow the IT management team to remotely prevent next-gen malware, data leakage, respond quickly to threats, and automatically manage software deployment and patching.

Conclusion

Innovation and agility are needed to remain competitive when a crisis challenges future business success. Implemented properly, remote work is a safe and effective solution for the workforce and business. Yet, remote work comes with security risks that should be addressed and mitigated before employees work from outside the office. A seamless and multi-layered IT managed solution can protect against cyberattacks whether the workforce is on-site or remote.

For more information about managed IT solutions, contact Mobile Computer Services of Wake Forest at (919) 230-2900.

How Dental Practices Can Gain an Advantage Through Dental IT Services

Data or information is the heartbeat of business in a world driven by data. The dental office is a prime example of a data-dependent environment. How a dental practice manages its data directly influences office processes, team demeanor, the customer journey, and profitability. An excellent dental IT management solution will improve overall office process efficiencies, enhance and preserve team harmony, promote a positive and pleasant customer journey, and increase and protect profitability. A well-run dental practice gains a competitive advantage, but a dental practice cannot operate well without a solid managed IT service provider. The IT solution must also feature a 24/7 IT management support component.

Most dental practices are unable to maintain a dental office IT support expert. Even if an office were able to staff a full-time IT manager, it is unlikely that one person would be able to stay fully informed about the latest IT industry issues and advancements. Securing the services of a local IT management provider with a specialization in dental practice IT software, network, hardware, and cybersecurity is a superior solution.

Dental offices require managed IT services that provide HIPAA compliance, operational efficiency, software services, network services, hardware repair and maintenance, cybersecurity, VoIP, and many other dental specific needs essentials for modern dental practices. Imaging, accounting, patient processing, and the entire spectrum of dental office software applications fall under the umbrella of IT managed services.

Mobile Computer Services, Inc. of Raleigh offers a spectrum of IT services designed specifically for a dental practice. The team manages the IT needs of the dental office, so the dentist can focus on helping patients. Mobile Computer Services, Inc. provides managed IT services, network services, business continuity planning, IT consulting for dentists, IT security, on-demand services, office moves, VoIP, email protection, and hardware as a service.

Mobile Computer Services, Inc. has assisted many dental practices in the Raleigh area in the implementation of the necessary protocols to ensure HIPAA compliance. They ensure that communications systems, patient information collection, data transmission, and records storage and maintenance processes include the specific steps required for HIPAA compliance.  Don’t just take our word for it, see what MCS customers say here.

The priority of Mobile Computer Services, Inc. is the continuous, smooth, flawless operation of the dentist’s practice. 24/7 proactive monitoring and management of a practice’s IT systems are the key feature of the company’s service menu. Their managed IT services for dentists include designing and installing new systems or maintaining older systems that are already in place. Their wide range of services can be tailored to fit needs ranging from remote desktop support to in-person computer support at the dental practice.

Network Services

Skilled, qualified technicians deliver comprehensive care for the dental IT network. The competent team ensures no loss of critical information or productivity.

Business Continuity Planning

Technical issues occasionally emerge. Having the correct systems and backups in place eliminates worry and brings peace of mind to the conscientious dentist. With Mobile Computer Services, Inc., a dental practice has access to state-of-the-art back-up and data restoration systems. Active management of all relevant systems coupled with proactive steps to mitigate risks safeguards dental offices that have secured IT management services and support from Mobile Computer Services, Inc.

IT Consulting for Dentists

A professional consult brings expert insights into dental IT services. Consultants know the systems and hardware required to enable the dental practice to function at optimum performance.

IT Security for Dentists

Document security and safety is a critical need for every dental practice. The legal complications of a data breach can be expensive to mediate, and full compliance with HIPAA is a non-negotiable for a dental practice. One of the functions of a dental IT management team is to mitigate the risk of a cyber-attack on a practice. Mobile Computer Services, Inc. can deploy a robust cybersecurity solution that safeguards data and protects dental practices against damage and security breaches.

On-Demand Services for Dental Practices

Peace of mind accompanies the knowledge that a support team is on call around the clock and available to repair malfunctioning technology and broken computers. Clients only pay for the support they need.

Office Moves

With the growth in the economy, some dentists are expanding at their current location or moving to a larger location. Flexible, customizable cabling solutions can be configured to accommodate expansion or a move. Competent assistance with the move or expansion means that the technology infrastructure will be in place on time and will be functional according to plan.

VoIP

Implementation of a VoIP system protects dental practice from becoming obsolete. The VoIP solutions from Mobile Computer Services, Inc. provide high-quality audio as well as conferencing capabilities. Dentists can reduce phone bills, improve communications with clients, and increase the productivity of staff with VoIP.

Email Protection

Email protection is an area often neglected by dental practices, yet it is one of the primary ways that customers interact with the office. Emails are a prime target of cyber-attacks. The cyber specialists at Mobile Computer Services, Inc. build an email infrastructure designed to ensure business continuity while remaining completely secure and infection-free.

Hardware as a Service for Dental Practices

The cost of new hardware can be staggering. Over time, operating systems and hardware components become outdated and need replacing. HaaS (hardware as a service) provides dental practice with the equipment, accessories, and support needed at an affordable price point.

For more information about the IT support specialist Raleigh dentists trust for cybersecurity. The team can be contacted by phone at (919) 230-2900.

IT Red Flags to Watch Out For and How a Managed IT Service Provider Can Help

As a business owner and the primary decision-maker for your company, you’re juggling a lot of balls. You’re responsible for driving the growth of your business, maintaining good relationships with clients and stepping in to get the job done when things slip through the cracks.

With so much going on, it’s easy to overlook IT issues that need to be addressed quickly and decisively. If you’re struggling to stay on top of things, your IT (computers, devices, internet, network, servers and more) is one thing that can easily be outsourced to amanaged IT service provider and, when done correctly, will offer peace of mind as well as delivering a service that is more robust and effective than you would be able to manage yourself.

IT red flags that you should be watching out for include:

1. Strange pop-ups that you don’t recognize and haven’t opted-in for - your managed IT service provider can immediately address any malware problem

These can happen at any time if your system has been infected. They could show on your screen if you’re trying to access a spreadsheet or document and prevent you from opening the file directly. Instead, you may have to click on a series of pop-ups that could take you to a malicious site. These pop-ups are an indication of malware in your system. 

2. An ad-ware ambush when your browser has been hijacked - your managed IT service provider can remove ad-ware that could do further damage to your system

These are pop-ups that show up on your browser when you don’t expect them while using the internet. Ahijacked browser will continue showing online ads and are dangerous as a single errant click could have you downloading additional malware to your computer, which has the potential to infect your whole IT network.

3. When you receive spam emails sent from your company’s official email address - get an encrypted email security service from your IT service provider

Email viruses are usually downloaded by a staff member, and the downloaded file then replicates across the network using email. Here, the victim'semail security is penetrated, and the viruses typically access the email contact list and send emails to all contacts.

4. Issues where software and hardware aren’t working properly - your managed IT service provider will provide all support needed to quickly fix any software and hardware problem

It’s normal to experience glitches every now and again, but if processes and programs that used to work properly are now continually failing, it’s a sign that malware has infected the computer(s) and/or the network. If the problem seems to be escalating, it may mean that the virus is spreading and infecting more and more files.

All this is a lot to keep on top of and it’s difficult to constantly monitor the health of your computer as well as everyone else’s in the office. Sometimes issues creep in slowly so you don’t immediately catch a machine that’s operating sub-optimally or a program that simply doesn’t work anymore. And, even if you do notice these red flags, it may already be too late.

The cost of a malware infection may be significant both in terms of time to resolve it as well as the financial cost of hiring an expert to get to the root of the issue. A managed IT service provider is, therefore, an excellent preventative solution as they actively manage your entire network, identifying and removing issues before they have a chance to damage the company’s system.

Mobile Computer Services in Wake Forest, NC is a managed IT company that offers its clients a flat-rate maintenance plan that proactively monitors your network, significantly reduces downtime and reduces expensive repair costs. Their IT services give local business owners access to a knowledgeable, experienced IT service, at a rate far lower than the cost of an in-house IT department. They have the expertise to prevent issues before they occur thanks to round-the-clock active monitoring and ongoing maintenance.

Managed IT Services Help Dental Practices Protect Against Cyber Attacks

According to a recent study, the average direct cost of a cyber-attack resulting in a security breach at a small business is approximately $38,000. Downtime ($23,000), lost business opportunities ($5,000), and the service providers the company will need to hire to deal with the cybersecurity breach are included in this figure. Small businesses pay an average of about $10,000 in professional services which include hiring an IT security and risk management team, auditors, lawyers, accountants, and public-relations consultants. The actual direct cost to a small business such as a dental practice may not be exactly $38,000. However, when adjusted for scale, the financial expense to recover from a security breach could be even more impactful.

These expenses are the visible costs of a cyber-attack. Other hidden but real costs are often overlooked, underestimated, or unaccounted for. An iceberg illustrates the relationship between the “above the surface” and the “below the surface” costs. It is the hidden 90% of the iceberg that has the greatest potential to sink ships.

Hidden Costs of a Cyber-Attack on a Dental Practice

Common perceptions of cyber-attacks are mostly shaped by what companies and businesses are required to report publicly. Instances of cybersecurity breaches of which the public is most aware involve payment data, personal health information (PHI), and the theft of personally identifiable information (PII). Other instances of security breaches rarely attract public attention. These cases include espionage, intellectual property (IP) theft, attacks on core operations, destruction of data, or attempts to disable critical infrastructure. With the prevalence and impact of cybersecurity breaches expanding, business owners and professionals such as dentists and orthodontists must be acutely aware not only of direct impact costs to their businesses but also the hidden costs associated with a cybersecurity breach.

Increased insurance premiums

An area of expense that is indirect but associated with a cyber breach has to do with insurance premiums. Insurance premium increases are the extra costs an insured business incurs to purchase or renew cyber insurance policies after a cyber incident.

Factors influencing the premium amount include:

• Information concerning the circumstances surrounding the incident and unmitigated culpability
• Intentions to improve the security solution
• Anticipated litigation
• Assumptions regarding the policy holder’s level of cybersecurity maturity

Increased costs to borrow funds

Should there be a drop in credit rating following a cyber incident, the victimized business will face higher interest rates for borrowed capital, whether it is raising debt or renegotiating existing debt. This situation could directly impact plans and efforts to expand a dental practice to multiple locations. The practice is now perceived as a higher-risk borrower following a cybersecurity incident. The additional interest expense paid over time could be staggering. It is virtually impossible to calculate the lost profit resulting from the failure to scale to meet market demand due to the inability to obtain reasonable interest rates on investment capital.

Disruptions or destruction of business operations

This highly variable cost includes losses related to manipulation of or changes in normal business operations and expenses associated with rebuilding operational capabilities. Victims of a cyber-attack will need to repair facilities and equipment, build temporary infrastructure, redirect resources, or increase existing resources to replace systems that were disabled. In a dental practice, disruption in patient flow for any reason directly and immediately impacts cash flow.

Customer relationship losses

Quantifying the loss of clients or customers after a breach can be very difficult. Economists and marketing teams address this issue by assigning a value to each client or customer to quantify how much the business must invest to regain particular customers. Dental practices acquire loyal customers and build relationships that last a lifetime. Losing a patient certainly carries a monetary loss, but the relational expense could be even more painful.

Value of unrealized revenue from lost contracts

The fallout from a cyber-attack could impact present and future contracts for goods and services for any business, including dental practice. Projections are only estimates, but these estimates are grounded in real numbers and trends. Projecting future losses or unfulfilled gains could exponentially increase the cost of a cyber-attack. The value of lost contract revenue, such as Invisalign, braces, and retainers, includes revenue, income, and future opportunities that are lost when a contract is terminated following a cyber incident.

Devaluation of trade name

To accurately assess the financial impact on the value of a trade name, the pre-attack and post-attack value must be calculated. This cost could approach the value of the practice itself, especially if the brand has an identity that transcends the dentist’s name. If the victimized dental practice is ever put up for sale, the damaged brand or trade name could be an expensive liability.

Loss of intellectual property

The loss of intellectual property (IP) is an intangible cost associated with loss of exclusive control over trade secrets, copyrights, investment plans, and other proprietary or confidential information. The loss of IP can result in the loss of competitive advantage, revenue losses, and potentially irreparable economic damage to the dental practice. Just a few examples of IP includes patents, copyrights, designs, trademarks, and trade secrets. In larger, multi-dentist, multi-location, or even franchised locations, the loss of IP could dissolve a lifetime of effort and investment for all parties involved.

Damaged reputation

A cyber-attack inflicts more than stress and financial pain. It also damages a dental practice’s reputation. The long-term value of reputation and perception in the dental industry is all but impossible to tangibly calculate. What is the value of a good name and a solid reputation? It is priceless. Cyber-attacks wound deeper than dollars. To mitigate a negative impact on reputation, managing risks and vulnerability to cyber attackers must be a central focus in order to ensure a dental practice’s reputation remains intact.

The impacts of a cyber-attack can affect a business in various ways depending on the nature and severity of the attack. No business, not even a dental practice, is immune. Thankfully, outsourced IT managed services are a simple, affordable solution to protect dental practice against the painful effects of a successful cyber-attack.

To learn more about dental IT services, contact Mobile Computer Services, Inc., one of the most skilled managed IT service providers in Wake Forest. Staff can be reached by phone at (919) 230-2900.

8 Serious Threats Lurking in the Cybersphere

When cyber threats strike, they are costly for both large and small businesses. A recent study provided data indicating that the direct cost to a small business to remediate a cyber-attack is $38,000. For a large company, the direct costs are a whopping $825,000. These figures do not account for more tangential and tertiary or “hidden” costs which rocket recovery and enhanced prevention costs into the stratosphere.

“The study (Kaspersky Lab) found that malware attacks are the most prevalent type of cyberattack. Other common categories include phishing attacks and accidental data leaks by employees. Despite the potentially crippling financial impact of such attacks, many businesses aren’t making cybersecurity a top priority. Only 50% of the IT professionals surveyed list prevention of security breaches as one of their major concerns.”

Attacks are being launched incessantly. When they hit a target, the cost of repair and recovery is high. Yet, too many businesses are unprotected and vulnerable.

Cyber attackers target individuals, as well as businesses. Getting a virus, being hacked, losing critical data, having one’s identity stolen, or having a PC or device rendered useless can be extremely frightening, frustrating, and costly. The situation becomes more complicated when personal computers and devices are used in a small business. IT management solutions must address this co-mingling of business and personal devices.

Mobile Computer Services, Inc. of Wake Forest, an IT support specialist, is warning small business owners about some of the most dangerous malware threats lurking in the cybersphere.

WinRAR Bug is new and dangerous malware

WinRAR, a popular program, extracts compressed files. It has been around for years, and all this time, it has had a hidden vulnerability. Attackers can engineer compressed files so that they extract malware directly to the Windows operating system without warning. A host of malware is taking advantage of this newly revealed vulnerability. WinRAR owners should patch it right away. Since WinRAR does not patch automatically, the software must be updated manually to be safe.

Fake Asus updates weaponized with viruses

Asus recently made it known that its update software was breached at the source, and one of the latest critical security updates for their machines secretly contained malware. Malware was distributed to over 1 million people, but fortunately, it appears to have only been hunting for 600 specific targets. Asus owners who think their computer has been affected by the malware known as ShadowHammer should check their device on the Asus website.

IoT attacks hit 32.7 million

IoT devices are rising in popularity. However, their controls are relatively easy to attack and abuse. Many have no built-in firewalls, and they may also lack the ability to change default usernames and passwords. Since 2017, this vulnerability has led to a 217.5% increase in attacks against IoT devices. In general, these attacks are engineered to generate swarms of remote-controlled ‘bots’ that can implement targeted DDoS attacks that bring down portions of the internet. Those having or planning to obtain an IoT device should ensure its security.

New Android malware can drain bank accounts

A new type of banking malware was discovered on Android devices very recently. This malware, known as Gustuff, can automatically break into banking and cryptocurrency apps installed on a phone and steal funds. This application spreads by texting the contacts on a victim’s phone. Do not click on the links in unusual text messages! If there is concern that there may be an infection, research Android Antivirus Apps.

NVIDIA patches its graphics management software

Many gaming computers have an NVIDIA graphics card. It has recently been discovered that the management software controlling these graphics cards is vulnerable to a bug that would allow users to arbitrarily execute code within a victim’s computer. So far, no exploit has yet appeared for this vulnerability. To be on the safe side, patch the graphics card drivers as soon as possible.

SMBs: Easy targets for ransomware

Statistics show that 43% of cyber-attacks target small businesses.  Lacking the money and time to secure their computers, these companies make easy targets. Small businesses need to be on guard.

Facebook stored passwords in plain text

Hundreds of millions of passwords were stored by Facebook in plain text. If an attack had ever breached that part of Facebook, hackers would have been able to steal accounts. Facebook users may want to consider changing their password.

New vulnerability in TP-Link smart home routers

Owners of the TP-Link SR20 Router might consider replacing it because developers at Google recently announced that this brand of router is affected by a vulnerability. Attackers can take control of the router if they join the same network. Google revealed this vulnerability to the public 90 days after telling the manufacturer since the manufacturer apparently did not immediately issue a fix. The recommendation is to replace the router unless TP-Link has released a fix.

To protect a business from cyberattacks, entrepreneurs can consult with Mobile Computer Services, Inc. of Wake Forest, one of the leading managed IT service providers. For more information about IT service management that provides solutions encompassing all facets of data management and cyber protection, contact Mobile Computer Services of Wake Forest at (919) 230-2900.

The Most Compelling Argument for Outsourcing IT Management Services: ROI

Managed IT Company Explains How Outsourcing IT Management Can Increase ROI

Small business owners understand the complexity of effectively and profitably running a business. One strand of that complexity is managing the data-intensive environment, so an IT management solution is indispensable. Hardware, software, network services, data protection and recovery, cybersecurity, a business continuity plan in case of a catastrophic systems failure, IT consulting, email protection, and more are just as much a part of doing business as an accounting solution is. An IT solution is an inescapable necessity, but it can be an expensive one. The bottom line of any business is ROI. How does IT management affect a company’s ROI?

Business owners must view an outsourced IT management solution as an opportunity to increase ROI. In-house IT management can be very costly to a small business with costs ranging from a higher salary for an IT manager to an added labor burden. IT outsourcing services are the best solution for small companies in Wake Forest that cannot justify dedicating an employee to manage IT.

IT management is larger than merely protecting emails, blocking cyber intruders, and restoring data. An outsourced managed IT solution can grow a company and increase ROI.

A managed IT solution can directly increase ROI immediately and long term

When IT is managed effectively, there is a powerful impact on employees, customers, vendors, and investors. Disruptions in technology impede productivity, frustrate employees and managers, and increase labor costs. Customers who have a negative experience with a business due to technology glitches may find another supplier or service provider. They may also tell friends about the bad experience. Vendors will be less likely to do business with companies that waste their time through mismanaged IT. Investors are not attracted to companies with cracks in their IT foundation.

In contrast, satisfied customers give repeat business and positive referrals, vendors are more prone to negotiate favorable terms, and investors are attracted to a company with a well-managed IT solution.

A managed IT solution fuels profits

IT management and managed IT services are not the same thing. A managed IT solution involves the outsourcing of the needed IT services to an external IT provider. The difference is subtle but profound once a business owner or entrepreneur embraces the difference in concepts and begins to make applications to their business.

How do managed IT services fuel profits?

Controls capital costs

While cost-cutting is not the only reason to outsource IT, it is certainly a major factor. Outsourcing IT solutions convert fixed costs into variable costs, releasing capital for investment elsewhere in a business.

Harnesses the power of fractional resources

This fractional resource strategy allows fledgling businesses to access services only as they need them while avoiding large expenditures in the early stages of the business.

Increases efficiency

Companies that do everything in-house have much higher research, development, marketing, and distribution expenses. These expenses must be passed on to customers. The cost structure and economy of scale from outsourcing IT can level the playing field and actually give a smaller business a significant competitive advantage over larger competitors. Competitive advantage should translate into greater ROI.

Frees up labor and talent for core competencies and new projects

Small businesses can focus on what they do best and what is most profitable.

Accelerates scalability

As a company grows its marketing footprint, takes on new projects, and adds employees, IT needs to expand very quickly, even overnight in the case of new acquisitions. With simply a phone call, the IT managing team enlarges to match the growth, both actual and projected. Employee acquisition, training costs, skill inefficiencies, and spoilage are avoided. This dynamic responsiveness positively influences potential ROI.

Reduces risk

Every business investment carries a certain amount of risk. Markets, competition, government regulations, financial conditions, and technologies all change very quickly. Technology is evolving at a lightning pace. Keeping up is not enough in the world of data management and cybersecurity. Outsourcing IT services providers assume and manage risks, and they generally are much better at deciding how to mitigate risk in their areas of expertise. Efficiencies in risk mitigation convey great value in terms of ROI. For a business owner, peace of mind is priceless.

Ultimately, the best choice will depend on the needs of the business. The computer support and services professionals at Mobile Computer Services, Inc. in Wake Forest, NC specialize in helping businesses make the move from managing IT internally, to having an externally managed solution offering hands-on support and round the clock monitoring.

For more information, contact Mobile Computer Services, Inc. in Wake Forest by phone at (919) 230-2900 or visit the website at www.ncmobilecomputerservices.com/locations/wake-forest.