Blog

Maintaining Cybersecurity During Covid-19

As schools and workplaces have been forced to move their activities online, there is a growing need for organizations to be extra vigilant about their cybersecurity and the integrity of their networks. In the United States, the FBI’s Internet Crime Complaint Service released a public service announcement, advising that bad actors may take advantage of the increased use of virtual work environments through the use of cyber-attacks. An example for educational institutions comes from the University of Lethbridge, which recently warned faculty and students about an increase in phishing scams.

Protecting your organization from phishing

An article from eSchool News highlights common signs of phishing attempts, which usually come in the form of emails or messages. Phishing attacks try to lure people into revealing sensitive data by disguising themselves as legitimate individuals or institutions. At the University of Lethbridge, phishing attacks came in the form of emails from what appeared to be supervisors or colleagues asking staff to buy gift cards.

Some common signs of phishing attempts include misspelled URLs, spelling and grammatical errors, requests for sensitive information, and unrecognizable senders or links.

The Canadian government’s Centre for Cyber Security has published a useful one-page handout on phishing campaigns and malware scams you can share with members of your business, school, or non-profit – it’s easy to read, and can be found here.

Other tips for cybersecurity safety

The FBI’s public service announcement profiles further items every organization should consider:

  • Restrict access to all remote meetings, virtual classrooms, or conference calls; always use unique passwords if possible. Do not share links to private meetings on any open web or social media pages.
  • Use multi-factor authentication for accessing any organizational resources. An analogous example is two-factor authentication for personal banking: a unique password, and the requirement that you input a code from a text only your bank can send to your personal smartphone.
  • Do not enable remote desktop access functions for your staff or members unless absolutely necessary.

Special tips for schools

An article in the IT security publication SC Magazine highlights special considerations for schools:

  • Minimize any private information contained within e-learning platforms.
  • Make sure staff and teachers are properly trained on privacy controls for any online platform you use.
  • Ensure that all students, parents, and teachers are trained about the dangers of online scams and phishing. Provide resources and advice for parents that help them monitor the online safety of students at home.

Taking the proper steps to maximize the security of online activities will help maintain the security and safety of your organization and its resources.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Part 3: Voting – Electronic Meetings for your Not-For-Profit Organization / School / Church

This is our 3rd post looking at Electronic Meetings for Not-For-Profits. In this blog, we’ll talk about some ideas for electronic voting. There’s alot of solutions out there – the focus here will be a curated list that could work specifically with the tools in-place at our non-profit clients, many of whom are using G Suite, WordPress or both.

Google Forms Voting Solutions

WordPress Plugins

  • YOP Poll plugin provides easy survey integration in your blog post/page and pll management from within your WordPress dashboard. Polls can include both single or multiple answers, and provides options on how to sort your poll information, what details to display, whether you want to view the total votes or the total voters, to set vote permissions or block voters, and a whole lot more.
  • WP-Polls is very customizable via templates and css styles. Many options are available that make this quite flexible.  It now supports multiple selection of answers.

Web Based Solutions

  • VoxVote – free and easy Mobile Voting tool for ANY speaker or teacher. Use VoxVote to interact live with your audience. Create questions, ask your audience to vote and discuss the live chart results. Now with question and answer messaging module – Allow your audience to ask questions. Full version available for all teachers and educational institutes.
  • Slido – Empower your audience to ask questions, vote in polls and be a part of the discussion by using a simple Q&A and polling tool…educational plan is available.
  • Polltab – claims to be the…” Fastest way to create real-time polls free!”, and takes it one step further by requiring that participants log in to their Google, Facebook, Reddit, or Twitch account before they can cast a vote.

 

Posted in: COVID 19, Education, Google Apps, Tech Tips for Business Owners

Leave a Comment (0) →

Part 2 – Electronic Meetings for your Not-For-Profit Organization / School / Church

In our last blog post, we discussed some of the technical and legal implications for organizations holding meetings electronically. You may wonder what video conferencing solutions look like for meetings, so let’s examine some of the most commonly used options, and some recent updates to them:

Google Meet

Google Meet can conduct live stream events that are view-only to guests in your organization. Full participants can start or stop a stream and record. Google Meets used for school or work can enable view-only live streaming for up to 100,000 people. There are no download or software configuration requirements, making access easy for organizations with large memberships. Till September 30 of this year, Google has enabled premium features – large meetings with up to 250 participants, live streaming, and recording – for all G Suite customers. A comprehensive guide to setting up a live streaming event for Google Meet can be found here.

YouTube Channels

Organizations with YouTube channels can easily set-up live streaming events. Private access can be enabled for live streams, but Google accounts are required, and limited to 50 users. Events can be made ‘unlisted’ to allow for unlimited viewers, but there is no immediate privacy protection. This could be partially mitigated if your organization has protected sections for users on your website, where you could provide a link to the stream. A guide to setting up live streams for YouTube channels can be found here.

Zoom

Zoom has exploded in popularity, but one important consideration is it only allows 100 max. users – even at the Pro level. They have addressed practically all recent security concerns, and have been enforcing meeting passwords and waiting room features since April 5. A guide to getting started on Zoom for Windows and Mac can be found here.

Skype

Skype has a free conference call site that is extremely easy to use. Video conference calls from this site can be accessed by up to 50 people, and there are no sign-ups or downloads required – though meeting creators will need a Microsoft account to launch the meetings. You can generate a unique link to a video call in one click and invite people even if they do not have Skype. The site for launching these meetings can be found here.

Webex

Webex is a enterprise-level video conferencing solution from Cisco. Webex meetings can be easily integrated into Outlook, Google Drive, and Gmail apps. In response to Covid-19, Webex’s free personal accounts are offering unlimited usage (no time restrictions) and support for up to 100 participants, among other features – details can be found here. Additionally, Webex is providing free 90-day licenses to businesses who are not pre-existing customers. Of the five video conferencing solutions provided here, Webex likely has the most robust security and privacy features.

Our next  post will look at online voting solutions.

 

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Electronic Meetings for your Not-For-Profit Organization / School / Church

Amidst the Covid-19 pandemic, an important consideration for not-for-profit (NFP) organizations is how to hold board and members’ meetings. While physical distancing recommendations are in place, NFPs might decide to hold meetings electronically. The prospect of holding meetings electronically may seem straightforward, but there are technical and legal issues NFPs must consider. Carters, an Orangeville law firm that specializes in NFPs, has published a 9 page bulletin outlining key considerations.

For board meetings:

• In Ontario, the Corporations Act and Not-For-Profit Corporations Act, 2010 permit board meetings to be held via teleconference or other electronic means, if all directors involved can converse with each other.

• NFPs should examine if their by-laws require board meetings to be scheduled; while physical distancing measures are in place, this may necessitate electronic meetings.

For members’ meetings:

• All NFPs must hold annual general meetings. If meetings are held electronically, compliance with legal requirements surrounding the logistics and timing of meetings is vital, for ensuring decision making processes are valid. Details regarding logistics – i.e., when, where, and how meetings are to be held – can be found in incorporating legislation, by-laws, and governance policies. In Ontario, members’ meetings may be held electronically unless prohibited under by-laws.

• Technical considerations: meeting platforms must allow all participants to effectively communicate with each other. Other important considerations include how voting is conducted, and ensuring the platform has adequate options for privacy and security. In an upcoming post, we’ll discuss a curated list of voting solutions that we’ve looked with consideration to our existing clients’ platforms.

• Absentee voting may be possible, but NFPs would need to examine if it is permitted under their incorporating legislation, by-laws, and governance policies. Proxy voting is allowed in Ontario if permitted under organizational by-laws.

• If it is not possible for NFPs to hold AGMs electronically, they may be able to postpone them, but must consider provincial and federal requirements on when meetings must be held.

If you have questions on electronic meeting platforms, Fossie’s expertise in IT management may be useful to your organization!

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Zoom Security Issues Addressed – and a new easy to use alternative from Skype

  • There have been recent conerns about Zoom security, or, rather, the lack of it. Kudos to the company for rapidly mitigating them – Zoom has pretty well addressed all current security concerns posted. Passwords and waiting rooms for meetings will be turned on by default very soon (effective April 5th), even for the free tiers. This is to prevent zoombombing…the trend of disrupting meetings or sharing questionable content.
  • From video conferencing stalwart Skype comes news of a video call that doesn’t require you to sign up for an account to join the call. One  difference from Zoom is that the host doesn’t have to sign up for the service, or install anything. Skye states that “…Meet Now in Skype allows you to easily set up a collaboration space and invite both Skype contacts and friends or family who are not on Skype…” More details can be found here. 
  • And from eSchool News, here’s some tips on “How to be a successful virtual teacher.”

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

How to use ZOOM – some tutorials created / curated by Teacher Harry Blyleven….

In a post on the TICS (Technology in Christian Education)  mail list, teacher Harry Blyleven has provided some Zoom tutorials that he has made and curated:

Posted in: COVID 19, Education, Remote Computing

Leave a Comment (0) →

Some things that can help students during the COVID-19 outbreak

eSchool News has published a great list of resources to assist you in keeping students engaged during this time of school closures. Resources include:

  • Krisp, an interesting tool that limits background noise while audio or video calls. Unlimited usage for for free for the next six months
  • Epic! , the leading digital library for kids 12 and under, offers free Remote Student Access for families.
  • Children’s author, Mo Willems (Don’t Let the Pigeon Drive the Bus) is offering live stories and live sessions online. Via the Kennedy Center, they are hosting a daily lunchtime doodle session where he invites kids to draw along with him. 
  •  Adventure2Learning is offering free access to its digital learning content and resources to students and families.

See the full list of resources.

Posted in: COVID 19, Education, Remote Computing

Leave a Comment (0) →

Only backups can stop the Ransomware ‘cancer’ – Bitdefender

A leading anti-malware vendor has stated that only by backing up files will ransomware attacks eventually stop. Bitdefender’s senior e-threat analyst Bogdan Botezatu, in an interview with PCR, says that until the easy rewards of ransomware are made more difficult you can expect these attacks to flourish: “…There’s no cure, it’s prevalent, and it destroys organisations.”

What to do? There are only a few methods we know of to protect yourself:

  1. Stop the ransomware encryption before it can happen. Run a specific ransomware protection utility or install anti-virus / malware / trojan protection that specifically states it can protect against ransomware. We’re fans of FoolishIT’s CryptoPrevent tool – it’s free, is constantly updated, does not consume memory or CPU resources, and has well over a million downloads to date.
  2. Backup your files. This is the simplest protection – and is very effective. With known good backups, you can simply restore files over top those that have become encrypted and held hostage.

If we all do our part to deny the ransomware attackers their easy revenue stream, these ransomware attacks will, as Bogdan states, “… will eventually move away from attacking computers”.

Posted in: Malware, Tech Tips for Business Owners

Leave a Comment (0) →

The Panama Papers, security and your website

The recent Panama Papers data breach seems to have more than a few political leaders trying to explain their offshore investments, or in some cases, forced to resign because of the exposure’s embarrassment. While I am not at all suggesting that you have anything to fear from such exposures, the manner in which the law firm Mossack Fonseca was hacked might have you sit up and take notice.

According to WordPress security vendor Wordfence, the attack was enabled via an outdated plug-in (Revolution Slider) that is very popular with WordPress-run websites. Our own website, plus that of some organisations (and more than a few schools) that we know of use WordPress as the basis of their sites. And why not? A W3Tech report states that 57% of websites that use a content management system (CMS) are using WordPress, and that near 25% of all web sites use WordPress. It’s popular, fairly easy to use (especially for updating portions of your website), and has a huge eco-system of 3rd party plug-ins and themes that add all kinds of flexibility and panache to your site.

Problem is, in that adding all of these goodies to a WordPress site brings in a level of diligence that some might tend to neglect, simply because of the frequency of updates. So far this this year of 2016 there have been 7 WordPress releases and near 24 releases in 2015! Each time there is a new WP release, before you might install the new WordPress version, you should check your plug-ins to see that their current release is supported within the newest release of WordPress. If not, perhaps it is wise to wait for your plug-ins to catch up in compatibility to the current WordPress before installing the latest WordPress version. I get confused just trying to put this into words!

Does it matter? It might, even if you do not have confidential data within the depths of your website. It could be a ransom-based malware, or matter of inconvenience when your website content is replaced or encrypted on a WordPress site that you run. We rescued a site a that was hacked and had its content re-written to show support for a radical political group. In the Mossack Fonseca case, the attack exposed key usernames and passwords that allowed entry into their email system and other areas.

What can be done to secure your WordPress-based site? Here’s a few pointers:

  • ​Use a security plug-in to secure your site. We like Wordfence. There is a free version, but the premium paid version is not expensive. It will also tell you when there are updates ready – for your WordPress installation and for your plug-ins as well. This is worth the price alone.
  • De-activate the plug-ins you are not using regularly. That plug-in that imported your users or graphics files was great at setup, but does it need to stay active?
  • Frequently check your plug-ins for updates. Check compatibility with the latest version of WordPress before you patch them.
  • Do not set your WordPress site to update automatically – this can break your site if your plug-ins are not compatible.
  • Have a backup in place for your WordPress site. Many hosting vendors that host WordPress sites provide for backups of WordPress databases at no charge. Popular plug-ins for WordPress backups that we have tested and like are Backup Buddy and Updraft Plus.
  • Use your (tested) backups to test plug-in compatibility with new versions. New release of WordPress breaks one plug-in? Roll it back using a recent backup.
  • Change the default administrator name for your WordPress logon.

There are a number of other great suggestions out there – do scour the WordPress site itself for its own recommendations for securing your site.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Support ending for Internet Explorer web browser versions

The IE web browser that you may be using could be out of date. One article’s source that we totaled up had approx. 24% of all Windows users on outdated versions of IE.  It may be time to consider using only IE 11.

Also…support for Windows 8 ended today (Jan 12, 2016).  If running that OS, you should upgrade to v8.1, or Windows 10. Windows 7 remains supported until 2020.

From ZDnet: …..”Microsoft officially drops support for most older versions of Internet Explorer today. That means no more security updates for tens or hundreds of millions of Windows users, many of whom will be blissfully unaware that they’re in danger.”

Read the full story here.

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 4 1234