Posts

The Bad Guys Are Listening… Preventing Desktop Phone Hacks

Many offices have IP phones, but unknown to most users is that hackers can actually listen to everything that’s going on in the room – whether or not you are on a phone call.

Hackers from a remote location have been able to exploit some IP phones’ vulnerable software and firmware to gain access – even phones sitting behind a firewall.

Here’s some of the mischief hackers do when they ‘tap’ your IP phone:

  • Listen in on your phone conversations and identify who you’re calling.
  • With access to the phone’s microphone, hackers can feed the conversation into a speech-to-text engine and post the transcript to social media.
  • Since the microphone never shuts off, hackers can listen to everything the phone hears, such as conversations in a company’s board room.

IP phones are basically computers and manufacturers periodically issue software and firmware updates to plug security holes. The trouble is that smaller businesses – and many larger ones – are still lax about keeping their systems updated with the latest patches.

The most effective way to stop hackers from taking control of your IP phones – or any other computer – is to keep the software and firmware current with the latest patches from your phone manufacturer.

Ignoring these patches – or waiting too long to implement them – could leave your business exposed to hackers bent on doing it serious harm.

Concerned about possible IP phone vulnerabilities at your location? We have security and communication solutions that can protect your business. Contact TCI today: (703) 321-3030 or info@tcicomm.com.

 

Securing Your Business Requires Asking Service Providers the Right Questions

Secure communications can protect your business from the damage and destruction of a data breach. And it’s not just a priority for banks and healthcare providers – any business has daily office emails and phone calls that can contain confidential customer and corporate information.

Your communications system must be able to protect the data shared within your business and beyond. Here are 5 questions you should ask your provider to ensure you’re getting the best security:

1. What infrastructure is your system hosted on?

A strong cloud communications provider will be leveraging a best-in-class infrastructure to ensure the highest level of security. This saves you time and resources that can be focused on performance and innovation rather than management and maintenance. A secure communications software system, like TCI Host, can do all this, plus integrate with the programs you already use.

2. Can your communications software handle mobile securely?

Working on the go is a growing norm, meaning mobility is even more important for a communications system. However, a mobile system doesn’t always mean it’s secure. Ensure you can connect and work away from the office – without sacrificing in-office functionality and security.

3. Is your communications software certified HIPAA-Compliant?

Certified HIPAA and SOC 2 compliant software guarantees that your data is encrypted in transit and at rest with anti-virus protection and security protocols that adhere to the most stringent data compliance standards.

4. How do you monitor your system?

Your cloud communications provider should have a Network Operations Center, a location that continually monitors a telecommunications network – all day, every day. Do they support it in-house or outsource? What tools and analytics are they leveraging to stay ahead? Top providers are predictive and proactive, not reactive.

5. How do I get informed of any issues?

If issues do occur with your communications system, you need to know about them quickly. How do they alert you when problems arise? Is there a public site where you can stay up to date about any issues and their solutions?

Whether you’re in healthcare, finance, education or just interested in an additional level of security, look for a communications system that keeps your customer and sensitive data secure. And make sure you can connect to client information from anywhere, while ensuring your client’s privacy needs are met.

Looking for a communications system that’s built for security? Contact us today at (703) 321-3030 or info@tcicomm.com.

 

The Challenge of Remote Work & Maintaining Financial & HIPAA Compliance

With millions of people working from home in response to the pandemic, many businesses have embraced remote work as the “new normal.” This arrangement looks like it may permanently change how many leaders approach how they work, manage employees and structure their organizations.

But some things will not change…

Enforcement of regulations such as the Gramm-Leach-Bliley Act (GLBA), which deals with the security of consumers’ personal financial information, and the Health and Insurance Portability and Accountability Act (HIPAA), which deals with the security of patient records, does not stop just because people have shifted to working from home.

No matter where your people work…

Businesses that rely extensively on distributed workers cannot use just any cloud-based solution without incurring risk. So it is critical to verify that your technology supports customer teams working from home with the same levels of compliance as when they worked in the corporate office.

This is especially important when recording interactions and transactions, including any internal consultations that take place when a financial or healthcare professional is seeking clarification or guidance from a colleague. This also extends to those organizations whose teams continue to handle payments over the phone.

Whether your business is in the financial, healthcare or retail sector, TCI offers secure, reliable cloud communication services. We’re ready to assist your business maintain regulatory compliance no matter where your people work. Contact us today at (703) 321-3030 or info@tcicomm.com.

 

5 Ways to Safeguard your Business from Cyber Threats

One thing that has been fueled by the pandemic is the increasing frequency and greater scope of IT cyber attacks. And still, many businesses remain ill-prepared. Over one-third of small business owners recently surveyed admit they were at risk of falling victim, and a third said they were not confident that their business would recover if attacked. Only half believed they were well prepared.

Although there are new cyber threats every day, here are five measures that can help protect your business from the threat of imminent attacks:

  1. Schedule Annual Risk Assessments – Before taking any steps to prevent cyber-attacks, you need to understand the threats that are out there and your organization’s vulnerabilities. Risk assessments need to be thorough and conducted at least once a year.
  2. Monitor Your IT and Phone Systems – Keep a close eye on all critical IT systems to mitigate imminent threats. Consider hiring a trusted partner to monitor your network traffic, phone systems, server environment, and data processes around the clock.
  3. Back Up and Encrypt Your Data – Team up with trusted Voice and IT experts to set up a reliable cloud-based backup infrastructure system. Encrypted and safely backed-up data can protect against a range of eavesdropping and ransomware attacks.
  4. Manage Admin Privileges – Ensure that employees have access only to the IT resources and data they need to complete their tasks. Limit IT privileges across the board, especially for installing new software and accessing or manipulating sensitive data. Restrict admin privileges to only a few individuals and immediately revoke privileges when people leave the organization.
  5. Train Your Team – Regardless of the cybersecurity measures you have in place, it’s crucial to ensure that your workforce is on board with security protocols. Schedule routine staff training sessions to establish cybersecurity awareness, responsibilities, and accountability across your business.

Defense is the Best Offense

It makes more sense to invest in preventive solutions now rather than scrambling to act after an attack. Keep in mind that a majority of businesses never recover from successful cyber attacks.

With all the dangers lurking out there, you can’t afford to take chances with your security posture. Contact TCI to discuss your Voice and IT security challenges: (703) 321-3030 or info@tcicomm.com.

 

Ransomware Attacks Scale Up As Hackers Go After Remote Workers

While the switch to home working has allowed many organizations and employees to remain productive, it has also brought additional risk as IT and security teams try to deal with overlapping personal and corporate networks.

Ransomware attacks soared during the first half of 2020, as cyber criminals looked to spread their file-encrypting malware as millions of people shifted to work from home.

According to an analysis of collected malicious activity published in Skybox Security’s 2020 Vulnerability and Threat Trends Report, ransomware has proliferated, with a 72% increase in new file-encrypting malware.

Security vulnerabilities in remote-desktop protocols – combined with the use of weak passwords by staff – have provided cyber attackers with easy access into many IT networks.

Home workers who have not been provided with clear cybersecurity training are even more vulnerable, and smart hackers know that IT teams are already bogged down trying to support remote working.

To protect against ransomware attacks during the pandemic – and beyond – it’s vital to close any vulnerabilities that could be exploited by hackers. This includes having a full view of all connected corporate IT assets so gaps can be identified and remediated.

Need help safeguarding your mobile workforce technology? Contact TCI today at (703) 321-3030 or info@tcicomm.com.

 

Did You Know TCI Provides Infrastructure as a Service… Managed Wi-Fi, Cabling, Security & More?

Infrastructure as a Service (IaaS) is a computing environment that is provisioned and managed by your provider. IaaS simplifies your life. You avoid the complexity of buying and managing your own infrastructure.

Rather than paying a big upfront capital expense, you pay an affordable monthly subscription that scales up and down based on what you need. TCI’s experienced experts can design, build and support all of your infrastructure needs…

  • Structured Cabling
  • LAN/WAN
  • Wi-Fi
  • Security

When it comes to financing, we’re flexible… You can own any aspect of your IT environment and subscribe to IaaS for other elements. When we manage the infrastructure, you get…

  • End-to end setup, implementation, and testing
  • Ongoing monitoring and support, including a 24×7 help desk
  • Upgrades included and new equipment as technology evolves

Talk to our certified network engineers. We offer the best in specialized expertise, project assistance, and development help. Contact TCI today: (703) 321-3030 or info@tcicomm.com.

 

We’re All Human… Why Your Employees are the Greatest Risk to Your IT Security

The greatest threat to the security of any organization is often traced to employees who inadvertently allow confidential data to be accessed and stolen. The latest estimates indicate that more than 90% of cyber attacks can be attributed to human error.

Social engineering attacks such as phishing and spoofing continue to grow in frequency and sophistication at alarming rates. With people’s interests publicly available on social media, hackers often use this information to manipulate an unsuspecting target into handing over or revealing sensitive data.

As attackers constantly employ new and innovative methods, companies are hard pressed to stop them. This is because even with excellent security tools and knowledgeable security teams in place, the weakest link is often a user within the company who has unknowingly fallen victim to an attacker.

The best security intervention is to raise the awareness of staff. 

When your employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering, they can apply this knowledge in their day-to-day job.

Even when you raise cyber security awareness among your employees, they can still make mistakes. We’re all human.

TCI offers expert assessments, mitigation recommendations and innovative IT security solutions to help you better protect your organization. Contact TCI today at (703) 321-3030 or info@tcicomm.com.

What to Know About Communications Security in the Age of Artificial Intelligence

Unified Communications enables your employees to communicate and collaborate more effectively through screen sharing, video meetings, mobile apps and more. But adding AI to the mix promises to send productivity through the roof, so it’s not surprising that over 40% of enterprises plan to incorporate AI into their UC systems by the end of 2019.

Still, even as AI transforms communications, it also raises new security concerns. Let’s take a deeper dive to understand how AI enhances UC and what you need to do to maintain a secure communications environment.

Artificial Intelligence – Emphasizing the Unified In UC

If you thought unified communications was great for efficiency and collaboration, just wait until you see how AI enhances it…

  • Improved collaboration – Integration of AI chatbots into UC apps opens new doors for collaboration by gathering status updates from team members and even alerting members via an app, email, SMS or push notification. When chatbots keep everyone and everything connected, your teams can more easily troubleshoot together, keep track of each other’s progress on projects and share ideas and information.
  • Easier access and use of data – AI virtual assistants improve access to documents and other information, automatically gathering and distributing data to your team’s devices — whether it be a PDF or a video. If questions on a prior discussion arise during a meeting, the assistant retrieves pertinent emails, messages or documents. Attendees stay focused and engaged in the conversation, with all information at their fingertips.
  • Increased productivity – Chatbots field straightforward calls and online chats with your customers, allowing your customer service team to focus on more complex calls and issues. In meetings, attendees concentrate on the content and discussion rather than on the communications tools. The AI assistant even initiates the conference automatically.
  • Better efficiencies – Wouldn’t it be great to have someone else send meeting notes, assign action items and schedule follow-up calls? The AI assistant handles all of it, allowing human attendees to spend their time on more complex and higher value activities. AI also simplifies scheduling by identifying times that work for everyone.

How To Mitigate AI Security Issues…

While the benefits of AI and UC are many, the security of your communications system will also require more attention. AI technology accesses vast amounts of data on products, processes and customers. If an attack occurs, all of that data becomes vulnerable.

  • New standards and protocols will emerge as AI plays a bigger role in communications systems, so you’ll need to remain vigilant to stay compliant with the latest requirements. You’ll also have an obligation to protect the data gathered about your customers.
  • In addition, there are likely to be security challenges with BYOD, as your employees’ AI-enhanced personal devices enter the workplace. Some organizations are already disabling voice assistants such as Siri in the workplace. But, as employees bring newer devices like the Amazon Echo to the office, organizations will need to assess emerging AI technologies for security threats and establish clear guidelines in a formal security policy.
  • A positive note here is that AI actually enhances data and communications security. It will scan for potential threats and alert IT and security teams when vulnerabilities or possible attacks occur. Security professionals can respond far more quickly with the help of these technologies.

As AI and UC blend, you’ll gain an extremely powerful set of communications and team collaboration tools – productivity will skyrocket and data will be more accessible than ever before. But this architecture must have a stable base, with security as a main priority.

Let’s talk about how your business can reap the benefits of AI and UC, while safeguarding your business from risk. Contact us today at (703) 321-3030 or info@tcicomm.com.

 

Desktop Phone Hacks Happen… Here’s How to Protect Your Business

Many offices have IP phones, but unknown to most users is that hackers can actually listen to everything that’s going on in the room – whether or not you are on a phone call.

Hackers from a remote location have been able to exploit some IP phones’ vulnerable software and firmware to gain access – even phones sitting behind a firewall.

Here’s some of the mischief hackers can do when they ‘tap’ your IP phone:

  • Listen in on your phone conversations and identify who you’re calling.
  • With access to the phone’s microphone, hackers can feed the conversation into a speech-to-text engine and post the transcript to social media.
  • Since the microphone never shuts off, hackers can listen to everything the phone hears, such as conversations in a company’s board room.

IP phones are basically computers and manufacturers periodically issue software and firmware updates to plug security holes. The trouble is that smaller businesses – and many larger ones – are still lax about keeping their systems updated with the latest patches.

The most effective way to stop hackers from taking control of your IP phones – or any other computer – is to keep the software and firmware current with the latest patches from your phone manufacturer.

Ignoring these patches – or waiting too long to implement them – could leave your business exposed to hackers bent on doing it serious harm.

Concerned about possible IP phone vulnerabilities at your location? Reach out to TCI today… We have communication solutions that can protect your business. Contact us today: (703) 321-3030 or info@tcicomm.com.

When Was Your Last Pen Test?

If your response was, “What the heck is a Pen Test?” – your network is probably already harboring dangerous malware.

A penetration test, also known as a pen test, is an authorized simulated attack on a computer system performed to evaluate the security of the system.

The test is performed to identify weaknesses – including the potential for unauthorized parties to gain access to the system’s features and data – as well as strengths, enabling a full risk assessment to be completed.

The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain the goal.

A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient, and which defenses (if any) the test defeated.

It’s always best to arrange testing with a neutral third-party who IS NOT responsible for the management and support of your network.

TCI offers comprehensive penetration testing and we recommend getting yours at least once a year. To schedule your pen test, contact TCI today at (703) 321-3030 or info@tcicomm.com.