Website breaches can cost millions of dollars and thousands of hours to remediate. Joe Brown, Five Nines Director of Marketing Operations, knows firsthand. In his career, he has worked with businesses to remediate breaches where a small WordPress vulnerability was the culprit. If a couple of basic and relatively cheap steps were taken, the breach could’ve been prevented. Read more to see how you can improve your website security and performance before the new year!

Access Tips

Be mindful of who has access to the backend of your website and at what level. Think through the roles of your team and divvy up access from there. If your Marketing Specialist posts blogs, make them an author, if they post financial reports or change content on webpages, make them an editor. Admins can edit everything including users and credentials so you should be very selective when determining who should have that access. Another good rule of thumb is requiring two-factor authentications for all accessors. Joe suggests MiniOrange 2 Factor, which integrates directly with WordPress.  

Another access tip he has is to avoid using the default "domain.com/wp-login" WordPress domain for your login screen. This is one of the primary ways hackers attack WordPress sites. The WPS Hide Login plugin is how Five Nines avoids the threat of that basic login screen. In this case, if a hacker finds a user password, they will then need to find the login page which is now hidden.  

Lastly, CloudFlare is a paid filter for websites. It sits on top of the website and filters every single request your site gets. As a good practice, Joe does not allow users outside of the United States to access the website. This protects it from hackers originating from outside of the country that are hungry for your data. The unintended bonus of utilizing CloudFlare is that it drastically improves your site's performance and speed, especially on mobile devices.  

Maintenance Tips

Maintaining your website properly is the key to ensure no threats are originating from the inside. This involves many moving parts including plugins, a staging environment, and regular backups. If you are the webmaster (person accountable for the website) of your site, you need to prioritize these three things at a minimum.  

Plugins are one of the leading causes of breaches, broken websites, and information being leaked. At a minimum, plugins should be updated weekly. It's as simple as logging in, going to the Updates tab, and pushing “refresh." If there is an update, it takes one minute to put it in the staging area, test it, and push it live.  

The staging environment is a clone of your site where plugins can be tested in a safe environment before pushing it to production. Companies like Flywheel are a great resource to utilize when it comes to setting up staging areas.  

Lastly, backing up the contents of your site is imperative. If a plugin breaks or you need to make a change, you want the peace of mind to know that have the ability to revert to a previous version of your website.  

To hear further explanations of the concepts above, watch the recording of our Tuesday Tech Talk. 

Cybercrime is a real threat to all businesses, SMB's included. Statistics are only showing an increase in cyberattack methods, and successful attacks result in a significant loss of productivity and data. We want to show you why we stand by Cylance for Five Nines and our partners.

THE BASICS

Before diving into what Cylance is, it's important to understand what the software is protecting you from.

Malware: software that is intended to damage or disable computers and computer systems.

Ransomware: a type of malicious software designed to block access to a computer system until a sum of money is paid.

Since 2013, there has been a significant increase in malware and ransomware. In fact, since 2014 there have been over 120 million new malicious programs per year, and ransomware attacks have increased over 97% in the last two years. According to Symantec, 1 in 13 web requests lead to malware, up 3% from 2016. These statistics show that cybersecurity threats are at an all time high, which is why having the right tools in place to keep your organization protected is so important.

Want to jump straight to our free in-depth webinar about all things Cylance? Click here. 

WHAT IS CYLANCE

Cylance is a tool that prevents cyberattacks with artificial intelligence (AI). Artificial intelligence is the development of computer systems where systems are able to perform tasks that normally require human intelligence. Cylance is able to do this through machine learning, an application of AI that provides systems the ability to automatically learn and improve from experience without being explicitly programmed.

Cylance began in 2012, and has over 6,000 global customers, as well as over 10 million endpoints, and those numbers are growing each day. Cylance developed predictive endpoint threat prevention, which allows the software to predict, and then block cyber attacks on the endpoint in real time using pre-execution AI algorithms. They have an extremely high success rate at 99%+. Cylance also doesn't need a cloud connection to stop malware, as it can still do its' job without an internet connection, making it a one-of-a-kind product in the industry.

WHY COMPANIES CHOOSE CYLANCE

There are several reasons why Five Nines and other companies choose to utilize Cylance.

Effectiveness. Cylance is an extremely effective program with 99.7% effectiveness against all known malware.

Simplicity. Cylance is also very simple to manage, companies don't have to spend a lot of time managing it once it is set up within their environment, yet it increases ROI up to 250%.

Performance. Cylance only has a 1-2% impact to CPU, therefore user systems run faster, hardware lifespans are extended, and network bandwidth is reduced.

Cybercrime is a real threat, but protecting your business doesn't have to be guesswork. If Cylance is something that interests you, and you would like to see it in action while learning about how to apply it to your own business, our Power Hour might be a great resource for you. While the information above is a great overview, it may be more impactful to see exactly how Cylance works. 

Click below to access our free webinar, Cylance - Proactive Protection For Your Business, and tune in as one of our engineers provides in-depth information on Cylance while taking you through a series of demonstrations where you can see the software in action.

Studies show that employees who use their strengths every day are 8% more productive and 15% less likely to quit their jobs. Tune in to this Power Hour to find out how you can use Gallup Strengths to better understand your staff and boost productivity in the workplace. 

WHAT YOU'LL LEARN:

• Relevant statistics on Strength utilization 
• Building a team with Strengths
• Book recommendations
• How to build your Strengths professionally

Presenter: 

Marshall Ford: Training & Development Manager at Five Nines, & Certified Gallup Strengths Coach

Sit back, grab some popcorn, and watch this FREE Five Nines Power Hour Webinar: Using A Strengths-Based Approach To Boost Workplace Culture.

When reporting a tech issue, the better the communication, the more effective the problem-solving. We want to provide you with what IT professionals look for when addressing a new request so that you can effectively report your future technology issues or questions.

Here's what your engineer will want to know:

WHAT STOPPED WORKING?

This may seem like an obvious question, but it's always important to ensure the engineer knows exactly what isn't working that should be. This helps maintain a strong focus on the request at hand so that the issue can be solved efficiently. An engineer will want to know exactly what went wrong or what isn't working from your perspective. Knowing exactly what stopped working and when the issue started will  help an IT team determine the overall end goal when troubleshooting. So, if something stops working, pay attention to the why and the when.

Related: Troubleshooting Tips - Don't Let Frustration Win 

WHAT'S THE OVERALL IMPACT?

Another important detail to relay is whether or not the issue is impacting just your device or multiple users within your organization. Not only does this let your engineer know the impact, but also whether or not it's a user specific issue vs. a larger one. Knowing the overall impact will help streamline the problem-solving process.

Your engineer might ask something along the lines of, "When was the last time this worked correctly?" This will determine whether or not this is a recurring issue, which will help lead to the root cause more quickly. Finding the answer to that question will help determine whether or not the problem was caused by an internal process changing, a user getting a new device, and much more.

DOES THIS PREVENT YOU FROM WORKING TODAY?

Defining whether or not the ticket request is something that prevents a user from working helps to determine the urgency of the issue. Depending on the urgency, your engineer might want to connect into your computer right away so that you can show them the issue. Having a user directly show an engineer what led to the issue/what the issue looks like is one of the most important parts of troubleshooting and effectively reporting a tech issue. If for some reason that is not an option, taking screenshots and writing down error codes is always helpful as well.

Effectively reporting a tech issue to an IT engineer can potentially save hours of time when trying to troubleshoot a request. Pay attention to the issue at hand, have a willingness to answer questions, and help your IT team determine the urgency of the situation. Most of the time, clear communication will lead to a simple and straightforward ticket request process.

Having an understanding of the basic functions of your network will be helpful when reporting a future tech issue. Click below to download the Five Nines Power Hour: Building An Optimal Network, a webinar that will teach you all about network basics, network design (the good and the bad), as well as troubleshooting and monitoring.

Building an efficient IT team can make the difference between your workplace technology becoming an asset or a liability. In this webinar, we will discuss how to make your IT an asset by going over how to utilize the right tools, processes, and people to keep your technology running smoothly. 

WHAT YOU'LL LEARN ABOUT:

• IT Responsibilities 
• Technology Standards
• IT Service Requests 
• IT Security
• Budgeting for IT
• IT Training and Knowledge 

 Sit back, grab some popcorn, and watch this FREE Five Nines Power Hour Webinar: What It Looks Like When IT Becomes An Asset. 

We'd like to throw a quick statistic your way. According to the security awareness training platform KnowBe4, 91% of successful data breaches start with a Spear Phishing Attack.  Why is this significant? This number proves that end-users are the vulnerability when it comes to IT security.

Now that we have gotten your attention, we'd like to provide you with a breakdown about what phishing really is, how it works, and how you can avoid being a target and the weakest security link.

WHAT IS PHISHING?

Phishing is when hacker sends an email to a user in hopes that the individual clicks on a link or opens an attachment within the email. Once the link is clicked or attachment opened, the hacker gains access to personal information of that user on that device. Afterwards, they can gain access to the network, and once they gain access to the network they can do the same thing to any computer that's connected to that network. All with just one click.

HOW IS IT DONE?

First Step. You can receive a phishing email despite the antivirus software or extra protection your organization has in place, so you can never be too careful. Hackers can get their hands on thousands of emails by using scripts on large search engines. Then, by conducting a little research through your organization's website or social media platforms, hackers can get an idea of what kind of antivirus software is used within your company. They can then customize an attack to you before sending a flawless, undetected email.

Second Step. Whoever wants to steal your information will reverse the traffic on your network back outside of your organization. To do this, they connect their hidden network directly to yours, making it difficult for your IT security software to recognize and stop.

Third Step. It's important for hackers to make the phishing email seem as real as possible, so that users mindlessly click on the email. This email doesn't have to necessarily come from a stranger. It could be in the form of a friend, spouse, a supervisor, or even a brand.

Once a user clicks, hackers have the power.

PHISHING PREVENTION

Prevention is all about constantly being on the defense. It's important to educate and train all end-users throughout your organization, and it's all about working to make sure your IT environment is properly secured in all aspects.

According to the 2017 Cisco Security Report, 57% of cyber-attacks derive from user behavior, an example being the act of clicking on malicious links within emails. Information is the core of every business and is something that needs to be protected. Company data is too significant to compromise over a phishing email that can be prevented. 

Don't be the next big fish a hacker catches. Watch our FREE webinar that will give you all of the information you need to avoid falling victim to a phishing attack.