(817) 439-3051

Monthly Archives: July 2018

Faceless Cybercriminals Aren’t the Only People Who Might Steal Your Business Data
Faceless Cybercriminals Aren’t the Only People Who Might Steal Your Business Data

Although most companies take measures to defend against external cyberattacks, threats from within are often overlooked. Find out how to defend your business against insider threats.


In June 2018, a disgruntled Tesla employee hacked one of the company’s systems and sent highly sensitive data to unknown third parties, according to an email sent by Tesla CEO Elon Musk. The employee was upset because he did not receive a promotion.

This is not an isolated case. Having someone on the inside perpetrate a data breach is more common than you might think. A 2017 McAfee study found that 22% of data breaches were intentionally caused by malicious insiders, including current and former employees, contractors, and third-party suppliers. Most often they stole customer data, employee information, and intellectual property.

Thus, it is important to protect your business data from malicious insider threats. To do so, it helps to know about the common elements in these types of attacks.

The Common Elements

Three elements are typically present in malicious attacks perpetrated by insiders:

  • Pressure. The insiders feel pressure to commit a crime, usually out of desperation or greed. For example, they might steal data or money because they need to pay off large medical bills or gambling debts.
  • Rationalization. The insiders use rationalization to convince themselves that their actions are acceptable rather than criminal. For example, they might rationalize that the company deserves the attack because of the way it treats employees or customers.
  • Opportunity. The criminals have the opportunity and ability to not only commit the crime but also conceal it. For instance, they might be able to access a database containing customer data because the database has weak internal controls.

These three elements are collectively known as the Fraud Triangle. Being aware of this triangle can help businesses defend against malicious insider threats. However, there is little companies can do to identify and alleviate employees’ personal pressures, such as having large medical bills or a gambling habit. Fortunately, insider attacks usually involve all three elements, so companies can concentrate on mitigating rationalizations and minimizing opportunities instead.

Mitigating Rationalizations

Malicious insiders often rationalize their actions by convincing themselves they are righting a wrong. For example, a disgruntled employee who feels he has been unfairly passed over for a promotion might believe that stealing data is the best way to right that wrong decision.

Letting employees express their frustrations and concerns through feedback forms and anonymous surveys can help mitigate insider threats spurred by disgruntlement. For this to work, though, you have to address their frustrations and concerns in an open and honest manner. Employees need to feel confident that they won’t be penalized for asking why they did not get a promotion or why they did not get a bonus or raise when others did.

You can also mitigate rationalization by regularly interacting with employees. For instance, you might hold company-sponsored events such as picnics or simply walk around the workplace, talking with employees. They will be less likely to attack the company out of spite or anger if you have a genuinely warm attitude toward them.

Minimizing Opportunities

Companies have the most control over addressing the opportunity element. To minimize the opportunities for insider attacks in your business, you might consider implementing the following measures:

  • Follow the principle of least privilege. In other words, limit employees’ access to company resources to the minimal level that will allow them to perform their job duties. In addition, the access should be in effect for the shortest duration necessary.
  • Conduct audits periodically to identify access rights that should be removed because they were inappropriately granted or still exist from previous job roles.
  • Use access control tools to regulate which employees, systems, and apps can view or use a company’s resources.
  • Monitor your company’s network, systems, and resources for unusual activities, such as a sizeable increase in the number of files being printed during off-hours, large spikes in network traffic, and frequent remote access of a system at odd times.
  • Create policies that let employees know you are monitoring the company’s network, systems, and resources for unusual activities.

If you are not sure whether your business is doing all it can to minimize the opportunities for insider attacks, contact us. We can assess your systems and make sure the necessary measures are in place.

4 Annoyances You Will No Longer Have to Endure in Microsoft Edge
4 Annoyances You Will No Longer Have to Endure in Microsoft Edge

Microsoft included a new version of its Edge web browser in the April 2018 Windows 10 Update. Learn about four new features that eliminate some minor annoyances that users often encountered in the past.


Microsoft introduced its Edge web browser in 2015 when it rolled out Windows 10. Since then, the company has been steadily improving the browser.

In the April 2018 Windows 10 Update, Microsoft included a new version of Edge. This browser has many new features, four of which eliminate some minor annoyances that users often encountered in the past. Here are the features and how to use them:

1. Mute a Web Page Instead of Your Computer

Some web pages have ads or podcasts that play automatically, which can be quite distracting if you are trying to concentrate on another part of the page. Instead of muting your speakers to get rid of unwanted audio content on a web page, you can now mute the sound just on the offending page.

To mute a web page, right-click its tab and select “Mute tab”. This option is grayed out until an audio file starts playing. If you want to hear an audio clip after you have muted it, right-click the tab again and select “Unmute tab”.

2. Print Without All the Clutter

Printing web pages that include a lot of ads and other clutter can waste ink and paper. Edge now has a “Clutter-free printing” feature that lets you print a web page’s content without these unwanted elements.

Unfortunately, this feature does not work on all web pages yet. On the web pages where it is available, you will find the “Clutter-free printing” option on the menu inside the “Print” box. You might have to scroll down to see it. By default, it is set to “Off”, as Figure 1 shows. To enable this feature, simply select “On” from the drop-down list.

The “Clutter-free printing” feature works when using Windows 10’s”Microsoft Print to PDF” tool and other PDF-creation software (e.g., Adobe Acrobat). Thus, you can create clutter-free PDF files.

3. Get Rid of Annoying Prompts to Save a Site’s Password

Security experts generally do not recommend letting your web browser save your online account passwords. Hackers could potentially learn those passwords if they physically or remotely gain access to your computer.

In the past, if you refused to let Edge save a website’s password, you would get the box asking “Would you like to save your password for …” every time you logged in to that site. This annoyance has been removed in the new version of Edge. The browser now offers the “Never” option in the “Would you like to save your password for …” box. Once you choose this option for a site, Edge will no longer display the save-password box when you log in to that site.

4. Access What You Need While in Full-Screen Mode

Edge’s full-screen mode lets you view a web page without the browser’s ribbon at the top and Windows 10’s notification bar at the bottom, allowing you a more immersive web experience. But this experience used to come with an inconvenience. If you wanted to access the ribbon to print or bookmark the web page or if you wanted to see the clock or adjust the speakers’ volume in the notification bar, you had to first exit the full-screen mode.

This inconvenience has been eliminated in the new version of Edge. When you are in full-screen mode, you can now access Edge’s ribbon by simply moving your mouse pointer to the top edge of the screen. Similarly, you can access Windows 10’s notification bar by moving your mouse pointer to the very bottom of the screen.

How to Easily Reset a Forgotten Password in Windows 10
How to Easily Reset a Forgotten Password in Windows 10

You can now reset a forgotten password right from your computer’s login screen, no matter whether you have a Microsoft or local account. Here is what you need to do.


To log in to Windows 10, you can use a Microsoft account or a local account. If you have a Microsoft account, your credentials are stored in the cloud. If you use a local account, your credentials are stored in your computer. Thanks to recent enhancements in Windows 10, you can now reset a forgotten password from your computer’s login screen, no matter which type of account you use.

What to Do If You Have a Microsoft Account Password

In the Windows 10 Fall Creators Update, Microsoft rolled out a new feature that lets you reset a forgotten Microsoft account password from the login screen on your computer. Previously, you had to access Microsoft’s password reset web page on another device to reset a forgotten password.

Here is how you can reset your Microsoft account password if you have forgotten it:

  1. Choose the “I forgot my password” option under the password entry box on your computer’s login screen.
  2. Enter your Microsoft account email address, type in the characters you see in the CAPTCHA box, and click “Next”.
  3. Select either the phone number or secondary email address that you associated with your Microsoft account when you created it.
  4. Enter the hidden part of the phone number or email address you selected in step 3.
  5. Click the “Send code” button to receive a security code from Microsoft.
  6. Type in the security code you receive and choose “Next”.
  7. Enter a new password and click “Next”.
  8. Click “Next” again.

You can now use your new password to log in to Windows 10.

What to Do If You Have a Local Account Password

In the Windows 10 April 2018 Update, Microsoft introduced a way for you to reset a local account password from your computer’s login screen. Prior to this update, you had to create a password reset disk or use some other workaround, none of which were easy fixes. Now all you have to do is correctly answer three security questions that you set up in advance.

Here is how to set up the security questions:

  1. Open the Start menu by clicking the Windows button.
  2. Click the gear icon, which is located in the lower left corner of the Start menu.
  3. Choose “Accounts”.
  4. Select “Sign-in options”.
  5. Choose the “Update your security questions” option.
  6. Enter your account password and click “OK”.
  7. In the boxes that appear, select three security questions and enter your answers.
  8. Click “Finish”.

When choosing your security questions and answers, it is important to select questions whose answers are not easily gleaned from social media sites, web searches, or public records. These resources might provide cybercriminals with the information needed to answer your security questions. For example, hackers might be able to ascertain the answer to the question “What’s the name of the city where you were born?” from your Facebook page or public records. One way to avoid this problem is to provide incorrect or nonsensical answers to the security questions.

After you set up your security questions, it is easy to get into your local account if you forget the password. Follow these steps:

  1. When you enter an incorrect password on the login screen, Windows 10 will display the message “Your password is incorrect. Try again.” Click the “OK” button under this message.
  2. Select the “Reset password” option that now appears under the password entry box.
  3. You will be presented with the three security questions you chose. Enter the answer for each question and click the arrow button.
  4. Enter a new password, confirm the new password by entering it again, and click the arrow button.

You can now use your new password to log in to your local account.

Not Sure If You Have the Necessary Update?

To use these password reset methods, you must have the appropriate update installed on your computer. If you are using a local account, the Windows 10 April 2018 Update is required. If you are using a Microsoft account, you need at least the Windows 10 Fall Creators Update, which was released in November 2017, on your machine. We can let you know which updates have been installed on your computer if you are uncertain.

Select the Best Backup Solution for Your Business’s Laptops
Select the Best Backup Solution for Your Business’s Laptops

Although challenging, backing up laptop data is important. Here are some options to keep in mind when you are determining the best way to back up the data in your company’s laptops.


Backing up laptops can be challenging for companies because they often are not connected to the network when network backups are performed. However, it is important to back up laptop data. There are many ways to do so. They often fall into four main categories: manual backups, company-developed backup solutions, on-premises commercial backup solutions, and cloud backup services.

Manual Backups

One backup strategy is to require laptop users to manually perform backups. To back up data, laptop users can:

  • Use a local backup utility and write the backups to a thumb drive or DVD
  • Use an external backup drive
  • Log in and back up to a server on the company network
  • Log in and back up to the company’s private cloud

This type of backup is convenient for laptop users because they can perform a backup when it is convenient for them. However, users might not perform backups regularly. Plus, using thumb drives, DVDs, and external backup drives can be risky if users do not encrypt and physically secure their backups. Not encrypting and securing backups can lead to data breaches. It can even lead to fines if a company needs to meet certain privacy regulations, such as the US Health Insurance Portability and Accountability Act (HIPAA) and the EU General Data Protection Regulation (GDPR).

Company-Developed Backup Solutions

Another backup strategy is to have someone build a custom solution that automatically performs laptop backups. These solutions often use technologies and utilities already present on computers and networks. For example, an in-house IT administrator or an IT service provider might develop a backup solution that uses two batch files. The first batch file could schedule a local backup utility to run each day on the laptops. The second batch file could then use a file-copying utility to copy the backup files to a network server whenever the users log in.

With custom laptop backup solutions, you can control what gets backed up, when it is backed up, how it is backed up (encrypted or not), and where to store the backup files. Plus, they usually do not cost much since they usually use built-in technologies and utilities. However, it takes time and a lot of know-how to build a custom solution. Plus, when users connect their laptops to the network, the laptops’ performance can slow down because copying backup files increases the network load. Slow laptops can hurt users’ productivity.

On-Premises Commercial Backup Solutions

If you want to back up laptop and desktop computers with the same solution, you might consider using on-premises commercial backup software. Some of these software solutions require the installation of agents on the computers so they can be backed up by a server-based tool. There are also agentless versions. Instead of using agents, the laptop and desktop computers log in to the server containing the backup tool.

Like custom backup solutions, agent-based and agentless backup software lets you control what gets backed up, when it is backed up, how it is backed up, and where to store the backup files. Plus, commercial backup solutions often feature deduplication (the elimination of redundant data in backups), compression, and incremental backups to minimize network load and storage space.

With commercial backup software, you do not have to build the solution, but there are some other disadvantages. With agent-based backup software, you need to install and update agents, which can be time-consuming. Further, agents can be hacked. Agentless backup software can also introduce security risks because a privileged account or password needs to be used to log in to the server containing the backup tool. No matter whether the commercial backup software uses agents or not, it requires an upfront investment.

Cloud Backup Services

You can use a cloud backup service to back up just your laptops or back up laptop and desktop computers. Some cloud backup service providers require agents to be installed on the computers being backed up, whereas others do not. The backup service provider is responsible for installing and updating any agents, saving you time and hassle.

With a cloud backup service, you can control what gets backed up and when it gets backed up. You cannot control where the backups are stored, though, as they are stored in the service provider’s cloud. Although the backups are usually encrypted, you also have little control over the measures being taken to secure your encrypted data when it is in the cloud.

Like on-premises commercial backup software, cloud backup services offer deduplication, compression, and incremental backups. These features minimize storage space as well as bandwidth during backup operations. Laptop users can usually postpone a backup if it is scheduled to occur at an inconvenient time. However, if they need to access a backup file stored in the cloud but the Internet connection is down, there is little they can do except wait.

A cloud backup service does not require an upfront investment. You pay a service provider fee. A common approach is to charge a monthly fee based on the number of computers being backed up.

What to Consider When Determining the Best Backup Strategy

There are many considerations you need to keep in mind when determining the best strategy for backing up your laptops. For example, you need to:

  • Make sure the backup solution is business grade. Some on-premises and cloud backup solutions are consumer grade and not a good fit for businesses.
  • Make sure you consider how much data loss is acceptable if a laptop is lost or stolen and what is an acceptable time for users to wait to recover their data from a backup. Backing up data more frequently will reduce the amount of lost data and allow users to resume business faster. However, performing more backups requires more storage and higher costs.
  • Make sure the solution allows for the secure storage of backup files.
  • Make sure the backup files will be available if a disaster strikes (e.g., cyberattack, tornado)
  • Make sure you consider any new backup strategies. Backup strategies are continually changing to meet companies’ needs. For example, hybrid solutions that store backups onsite and in the cloud are becoming more popular.

Choosing the best backup strategy for your laptops is important but not easy. We can help you navigate through the many options.