Category Archives: How To

5 Data Privacy Mistakes to Avoid

Data Privacy Mistakes

Data privacy mistakes can set the stage for immense damage to one’s business. An insignificant error can cost you millions of dollars in fines and reparations. It can even put you smack in the middle of stressful lawsuits. And it can even blow up and seriously harm the reputation of your business!

Therefore, the pressure is very high for business owners to avoid these mistakes at all costs. To do that, you first need to know which data privacy mistakes to avoid. That is what we are going to talk about in this post today.

5 Most Common Data Privacy Mistakes and Potential Solutions

The dread of something terrible happening because of a single wrong move can be debilitating to your business. Free yourself from needless worrying by knowing what data privacy mistakes to avoid and planning appropriate contingencies.

Failure to Obtain Consent

Collecting personal data without explicit consent directly violates the General Data Protection Regulation. Every time you ask people for personal data, be sure to include a way for them to either give recorded consent or opt out.

Weak Data Security Practices

With so many advanced data security systems now available, there is no excuse to stick to practices that are way below par. At the very least, be sure to use a reliable encryption method, use updated software, secure your storage systems, and conduct regular security audits.

Data Privacy Mistakes – Ignoring Data Subject Rights

According to the GDPR, it is the right of users to access, correct, or delete data they have submitted for collection. You can honor this right by establishing procedures that let them request access, corrections, or deletion of their information.

Over-Retention of Data: A Risky Data Privacy Mistake

The longer you store collected data, the higher the risk of a data breach. A simple solution is to store data only as long as necessary. Once it is no longer needed, the data must be deleted from your system.

Inadequate Staff Training

Employees are often the weakest link in cybersecurity. This is largely due to the inadequate security training they receive, especially with data privacy. Regular training sessions on privacy laws, data security practices, and data privacy mistakes to avoid will equip your staff with better knowledge and skills to handle data for your business.

Final Thoughts on Data Privacy Mistakes

These are just the most common data privacy mistakes to avoid. To ensure that none of these errors are made, the best move is to hire an MSP to take care of your data security. Now, if, despite all your precautions, your organization still falls victim to a data breach, you must have a recovery strategy ready to roll out immediately. We can help you with this by providing a free Data Breach Response Plan Template for your peace of mind. Download this resource right here, tailor it to align with your cybersecurity needs, and you’ll be ready for the worst attacks.

Training Employees to Spot Social Engineering

spot social engineering

Social engineering is one of the newest methods hackers use to access sensitive information. Rather than attacking a system directly, this technique relies on human psychology to gain information. This method is brilliant when you think about it because it does not have to deal with going past ironclad network security. If hackers can manipulate even a single employee, they might hand over sensitive information on a silver platter, and the hackers can take control of the organization’s entire system. This is why its important for your employees to learn how to spot social engineering.

Companies must understand that if you can’t spot social engineering it can compromise business security. Reports show that over 90% of data breaches happen because of social engineering. Phishing scams account for 54% of these cases. The good news is that there is a way to prevent social engineering threats, and that is by training employees.

Popular Social Engineering Techniques

There is a lot to cover in training employees to spot social engineering. A logical start would be to discuss the most popular techniques so employees can recognize and avoid them.

Phishing is the most common method because it is easy to execute. It also yields positive results, at least for the hackers. This method entails sending emails that deceive victims into clicking a malicious link or divulging sensitive information without realizing it.

Pretexting is when a hacker gains the victim’s trust through a pretext or a created scenario, which is part of a larger, more convoluted social engineering attack plan. There is also the quid pro quo attack, where the hacker lures the victim into divulging information in exchange for something in return. Tailgating, or piggybacking, is a popular social engineering technique where the victim unknowingly gives the hacker access to a secure location.

Importance of Employee Training To Spot Social Engineering

These social engineering strategies would be much easier to execute if employees were untrained and unaware of the risks involved. The damage could be monumental, as the $100 million phishing scam on Google and Facebook illustrates. From 2013 to 2015, a team of hackers sent numerous phishing emails to specific employees of Google and Facebook, telling them to deposit money into fraudulent accounts. They could collect more than $100 million from this scheme.

Now, even if your business does not have that kind of revenue, you can still be a victim. These days, hackers are targeting small businesses on a massive scale. Every employee can also be a target, from customer service personnel to top executives, so you must conduct training across the board.

Best Ways to Train Employees to Spot Social Engineering

There are several methods of training your employees to spot social engineering. Traditional classroom workshops, either personal or online, are excellent for an in-depth training session. A one-time seminar is hardly enough, though, and that is why we also recommend regular refreshers.

Unannounced phishing simulations are effective in evaluating employees based on how much they have learned. It would surprise you how so many people do well in theory but still won’t be able to tell the real deal when it is staring at them from the inbox. Being bitten once in a simulated attack will teach your employees to be more vigilant.

Final Thoughts

Organizations can achieve a high level of protection against social engineering if everyone is sufficiently aware of the risks and knows what to do in case an attack goes through. Besides the various training methods, you will implement, we strongly advise you to download our infographic, “The Top 10 Steps to Take If You Think You Have Been Hacked.” Print it out and post it on every department’s bulletin board. Be sure all your employees also get their own copy.

For more information about social engineering and how to avoid becoming a victim, call us. We can get you up to speed on the latest preventive measures and keep your company safe from the prying eyes of cybercriminals.

Top 8 Phishing Scam Tactics and How to Identify Them

Phishing Scam Tactics

Phishing has been a common hacking method for over two decades now. You would think that everyone would already know how it works and how to avoid becoming a victim, right? Sadly, that is not the case for these Phishing Scam Tactics. There are more victims now than ever. In 2022, there were more than 300,000 victims in the US alone, with damages amounting to over $52 million!

The thing is that phishing scams have evolved over the years. Hackers are now more adept at hoodwinking unsuspecting victims, and they also have easy access to modern technology that helps elevate their phishing tactics.

Top 8 Phishing Scam Tactics

To protect your data and your business, you must build awareness of these scams at all levels of your organization. Here are the top 8 indicators of phishing scam tactics and what to do when you encounter them.

Spoofed Emails

Upon getting an email from a trusted source, many people would open the email without a second thought. Hackers know this and use it for their Phishing Scam Tactics. They make the email look like it came from a reputable source by indicating a trusted sender name, although the email address is not correct. Before opening an email, check that the sender and the address are the same.

Sense of Urgency

Receiving a message that threatens to close your account or bring you legal action can easily cause you to freak out. Because of your panic, you could rashly click on the links as instructed in the email. Of course you would…you don’t want to be sued or go to jail! Stay calm when you receive such emails. Verify the information before taking action.

Malicious Links as a Phishing Scam Tactics

Malicious links are among the oldest phishing methods, but they are still very effective. Sometimes, these links appeal to a person’s natural curiosity, and at other times, they come with the promise of a reward. Either way, it led the unwitting victim to click the link or open the attachment. Again, always check before clicking.

Password Requests

Have you ever received an email from your bank or credit card provider asking for your password or other sensitive data about your account? Never! Legitimate companies do not ask for these kinds of data from clients. In case you get such a request, this is a phishing scam tactics so make sure to block and ignore it. They are almost certainly hackers trying to get into your account.

Misspellings and Poor Grammar

Although many hackers have sharpened their grammar skills by now, many phishing emails are still easily identifiable by wrongly spelled words and typographical errors. Yes, they make you cringe, but these emails can wreak serious havoc on your business. Therefore, you must not even reply or make grammatical corrections.

Personalized Content

It sounds like a legit email if they address you by the correct name and position, right? Hackers are very resourceful. They can get their hands on publicly known information with little effort. They can also access so much more if you engage in their attempts. So before you take any action, make sure to verify the source of the message.

Fake URLs are used in Phishing Scam Tactics

Using fake website URLs is another phishing scam tactic with a very high success rate. Hackers send out emails that look like they came from a trusted source, like a service provider, containing a link to what looks like the actual page of the provider, and they will ask you to log in. Of course, thinking that you are at a legit site, you enter your login details, unknowingly giving them full access to your account.

Unexpected Emails

If you suddenly receive an email out of nowhere that raises an alarm, be immediately wary because this is likely to be a scam. Do nothing they are asking you to do. Don’t even reply. Verify the source of the email to see if it is legit.

Final Thoughts

If anyone in your organization receives any form of these phishing scam tactics, encourage them to speak out so others will be doubly vigilant. If someone thinks someone has already hacked them, it’s not necessarily too late. There are things you can do to minimize the damage. We have outlined the steps in an infographic called “The Top 10 Steps to Take If You Think You Have Been Hacked”. You can download it by clicking right here.

To learn more about protecting your business from phishing scams and improving your company’s cybersecurity, call us. We will be happy to set you up for a free consultation!

What Are My Mailbox Size Concerns with Office 365?

Businessman and his administrator doing a routine check on their organization's computers - checking their Office 365 mailbox size.

Be sure your admin is checking your organization’s mailbox sizes regularly.

Microsoft Office 365 offers a variety of features to its users, but one feature that is often overlooked until it becomes a problem is mailbox size. Whether you are running a small business or a personal email account, having the right-sized mailbox is critical to ensure that email messages are delivered on time and without any issues.

Many people start using Office 365 with a small mailbox and then realize their mailbox has become too full. At that point, it cannot be easy to find out how to increase your mailbox size in Office 365.

So, what are your mailbox size concerns? Here we explore and explain some of the common questions around Microsoft Office 365 mailbox size.

How Do You Check Mailbox Size in Office 365?

Office 365 only offers a limited amount of storage space. However, the default size varies according to the subscription pack you choose and the type of mailbox. While some default sizes are 50GB, others are 100GB.

As you can see, it is a limited space that sooner, might not be able to serve your needs anymore. And that’s why it is good for your admin to regularly check the mailbox size to avoid issues like the inability to send and receive messages.

However, the Office 365 Admin Center does not provide any tools to manage mailbox sizes, including your own. Office 365 natively uses Microsoft Exchange Online, which allows you to manage user mailbox sizes.

To get the usage report from the Microsoft 365 Admin center, here’s how to go about it:

  • Go to Microsoft 365 Admin Center
  • Click on the Reports tab, then Usage and select Report
  • Go to Exchange, and there you get the Mailbox Usage

So, the Mailbox Usage report you get from the Admin Center will indicate the consumed storage space. Luckily, you can still access the real user mailbox size, shared mailbox size, and resource mailbox usage report via the Exchange Admin Center (EAC) or Exchange Online via the Other Exchange Reports in the left pane.

And this is how to view the actual Mailbox size report:

  • Login to Microsoft 365 Manager Plus.
  • Click the Reports tab.
  • Traverse to Exchange Online, then the mailbox Reports in the left window.
  • Within the Size Reports group, tap on Mailbox Size report.
Can I Increase My Office 365 Mailbox Size?

Yes, you can. Any user can increase their mailbox size in these two ways:

  • You can allot it an Exchange Online Plan 2 license to augment the storage limit from 50GB to 100GB.
  • Allow Exchange Online Archiving. You will get an extra 50GB of space, and with the auto-expanding archiving, you can get even unlimited space, but it’s contingent on your Microsoft 365 license.

Growing your mailbox to your maximum share isn’t the only way to make your mailbox space. Also, Exchange Online lets you use retention policies to keep or do away with data automatically, depending on the criteria you select.

There are also backup and archiving tools available online to decrease the data stored in your cloud. These tools allow you to preserve data discoverability and hinder the mailbox from congestion.

How does Archiving Operate?

There are two ways to archive:

  • By creating an archiving policy. The policy operates by retention, where the old data is automatically archived or depending on the retention tags your company allocates data.
  • Sending the items yourself (manually).

The plan you choose will determine how much storage space you have per mailbox and the other features you will receive. Each plan also allows archiving mailboxes, which hold emails that are no longer in daily use but still needed for reference.

Archiving is charged based on storage size, so it is good to look at cheaper plans if you’re not expecting your employees to need more space.

Conclusion

Office 365 is a very capable email server. Users with larger mailbox sizes may want to take a moment to consider their storage options with Office 365. Smaller mailbox sizes may be more than sufficient for their needs.

You can do most things on it on Exchange, such as auto-responders, archiving, and other capabilities. And Microsoft has found workarounds to make it possible for even those with mailboxes over the threshold. As long as you’re willing to be cautious about some of the issues surrounding this solution, your organization can use Office 365 and have mailboxes upwards of 25 GB.

Well, are you stuck with any network issues? Feel free to get in touch! We at SystemsNet are a reliable source for your network issues.