Pennyrile Technologies

Creating passwords is inevitable since we need to create an account with every app and website we access online. All the websites require you to have an account to use their services. Since you create different accounts on different websites, it can take time to remember all of them and it’s impossible for you to access a website without the login credentials. To avoid such situations, you can use the help of password managers. Password managers can be apps, desktop programs, or online vaults. A password manager is important as it helps keep your passwords safe, in an encrypted vault. And it’s not just passwords that are kept safe in password managers; there are some situations where you can store your banking details, documents, and personal IDs. Data stored in these vaults is typically sensitive information that you would not share with anyone. Password managers help to keep the passwords safe in their encrypted vaults where only you can gain access. The only thing you have to remember is the password for your password manager. It is called the master password. If you unlock your password manager with the master password, you can gain access to all the other saved passwords. Each password has military-grade encryption, which is visible only to the user and the people with whom they share different information. The best thing about password managers is that you do not have to memorize all your passwords, like in the old days. The other function of a password manager is to generate secure passwords for its users. Sometimes you create so many accounts on different websites that you need help to come up with a new password. When this happens, you can your password manager’s help and generate a new and strong password. How Do Password Managers Work? Password managers use a military-grade level coding system to store data so only the authorized users can open it. There are various types of password managers that you can use differently. The functioning of a password manager depends on the type you are using. They promise both security and convenience. There is only one requirement to using them – you should remember the one master password to unlock the vault. Password managers work in such a way that they help generate unique passwords for different accounts as well. Though its primary function is to manage and keep your passwords safe, it is also the best way to generate secure passwords for your new accounts quickly and securely. During the early Internet days, it was much easier to remember our passwords because of the limited number of online accounts. However, as time has passed and the use of websites and the Internet has increased, so has our need to remember even more passwords. Password managers are now necessary because of the number of the sheer number of accounts we use daily. It is easy to understand how a password manager works. All you have to do is install the software and enable it on your browser, and every time you create an account or share personal information, the manager extension will ask you for permission to save them. If you want to avoid forgetting your password, just save it in your password manager. Create a master password for the password manager to have access to all the saved passwords. When you sign in to a site, you can use the master password. There is no need for you to try and remember all the other saved passwords. Ensure that you create a long and strong master password so that it remains secure. Many of the password managers will allow you to activate two-factor authentication for even more security. The Zero Knowledge Security Model While companies develop password managers to help secure your passwords and information, some people might be suspicious about the companies’ access to said passwords and information. To ensure your information is safe, they all use a security model called Zero Knowledge. This model ensures the company that developed your password manager does not have access to your passwords. They cannot unlock your password manager and pry on your passwords. There are also significantly fewer chances of getting hacked by cybercriminals as the hacker would have to go through the encrypted user data, the extension’s password, and the security key. These are the three layers of defense against hackers used in a password manager. So even if the company gets hacked, your data will not be compromised. Using a password manager is the best way to ensure your data is protected at all costs. Advanced Encryption Standard Most companies use AES encryption to develop their password manager software. The same encryption is used in other things like firewalls and VPNs. The commonly-used version is the 256-Bit AES, which is a military-grade level coding system that encrypts and decrypts data. It is accessible only to parties that have authorization to the password manager. 256-Bit is the encryption key, a random string of 1s and 0s. There are more than two combinations of this key in most password managers. It gets harder for hackers to intrude into our password managers when there are more 256-Bit key combinations. Some companies also use a less-secure AES 128-Bit, but you can usually find these password managers for free. They do not come with frequent updates, unlike the AES 256-bit password managers. What Are The Different Types Of Password Managers? Password managers help protect your online accounts from getting hacked by generating strong and unique passwords. After you create your passwords, you can save them in the password manager for future use. Once you unlock the password manager using the master password, you don’t need to use other passwords for your other accounts. Different password managers have different features, but their primary job is protecting your passwords. If you are looking to use a password manager, you will need to know the different types to understand which one to choose. There are many factors

Have you ever opened an email that looked normal but contained malware inside? You might want to check out DMARC, the email authentication protocol that helps keep your inbox risk-free. We’ve all heard about super hackers gaining access to corporate networks and stealing valuable data. And, of course, we’re all aware of online heists that take place with the help of ransomware. These kinds of tactics have become infamous, and we’ve learned to overcome them. After all, we pay massive amounts for cybersecurity, so the chances of hackers penetrating our systems should be nil. Cyber-attacks are a prominent element in the industry, which is why we’ve learned the tell-tale signs of one. Or at least, that’s what our software is here for. But what if criminals were to use something so simple and seemingly innocent that it slips right past our radars? What if they use a simple, generic-looking email to trick us? Well, that’s where DMARC comes into play. DMARC Explained If we’re talking about full forms, DMARC stands for domain-based message authentication, reporting, and conformance. Overall, it is an authentication protocol that protects you from spam, spoof, and phishing-related emails. As you can tell by the lengthy name, the first part of the protocol involves domain authentication. This authentication process figures out and confirms where an incoming email came from. The protocol then checks the source’s background and verifies its reliability. The incoming mail is simply rejected if the protocol can’t recognize the source. DMARC is a useful tool that protects your business and employees from email-related attacks. It provides an extra layer of security that can even prevent scams. It works by allowing companies or entities to set their own policy that determines whether or not a certain mail will go through or be ignored by the server if it fails authentication. With DMARC, you can set your own email authentication process. By setting a custom standard of protocols, you can effectively filter out authentic emails from those which are spam or suspicious. What’s more, you can even set a particular course of action that will take place in case the incoming email does not match the standard you have set. For example, you can set the verification process so that only emails from a particular server are allowed into your network. Anything else will automatically be deemed unsafe by the network and thrown in the trash. Well, that’s DMARC in a nutshell. However, if you really want to know the core details of DMARC, how it functions, and its uses, we’ll have to dive much deeper into that. Starting with why we need it in the first place. Why Do We Use DMARC? To understand how using DMARC can benefit you, you must understand how fishing and spoofing work. These are techniques used by scammers looking to dupe you and your company out of thousands and sometimes even millions of dollars. And the worst part is that these scammers target the one aspect that we would rarely suspect. Everyone is familiar with how malware and hacker attacks work. The most dangerous attacks are often made by penetrating your firewall, allowing attackers to gain unauthorized access to your company’s private network. From there, these hackers can steal important company data and leak that information for a price. All without a single trace. But today, we won’t be talking about complicated hacker attacks requiring massive skill. Instead, we’ll talk about simple, clever methods that even an amateur scammer can use to dupe you out of millions. Unlike hackers, who manipulate a company’s network, spoofing and phishing attacks often work by manipulating you or your employees via a harmless email. That’s why it’s even more shocking when such an attack occurs. The game isn’t about dealing with or bypassing your robust cybersecurity software but rather, tricking human beings into carrying out their dirty work. And nobody played the game better than Nigerian-born scammer Ramon Abbas, a.k.a; Hushpuppi. How Did Hushpuppi Scam Companies? If you work in an international conglomerate or an elite financial institution, you’re probably aware of how much money is exchanged daily. Corporations make massive transactions daily, often transferring and receiving millions in payments. Employees working in such companies typically follow the instructions of official company emails. If the mail tells them to make a certain payment to a certain account, it is the employee’s job to make the transaction. But what if someone figures out a way to impersonate your company and send you an official-looking email filled with fraudulent instructions? You might think you’ll detect its deceitful quality; however, that’s easier said than done. Employees must deal with massive workloads daily, leaving little time to double-check emails. Besides, it’s your natural instinct to trust any email from your company, so long as nothing seems off at first glance, you wouldn’t stop questioning anything before instinctively following the instructions mentioned. What’s more, scammers will use email addresses that look similar to your company’s address, at least at first glance. So being aware of fraud is beyond your capabilities in most cases. Well, that’s what scammers like Hushpuppi would rely on during their spoofing attacks. All it took was one official-looking email, directing an employee to make a hefty transition to a particular account number, and voila, the heist was successful. And the worst part is the victim wouldn’t even realize that he was duped. Could DMARC Have Stopped Hushpuppi Scams? Throughout his entire career, the Nigerian scammer used business emails to dupe companies out of hundreds of millions. All this by using a simple bait and hook spoofing technique that fooled countless gullible employees from various companies. It raises the question, could Hushpuppi have scammed those companies if there was a proper DMARC structure in place? Probably not. Situations like these are precisely what DMARC authentication protocols are for. With DMARC, scammers won’t be facing busy, overworked employees who don’t have the instinct to suspect company mail. Instead, they will be facing a computerized protocol

Outsourced IT support is a growing industry. True to its name, outsourcing is the act of companies using external service providers to help with everything from infrastructure to application services, and business process that surrounds information technology, or IT, as it is commonly known all over. IT outsourcing is a booming business worldwide, and the staggering figures below are just the tip of the iceberg. As of 2019, IT outsourcing revenue generation was $92.5 billion annually. By 2025, the IT outsourcing industry is expected to hit $425.19 billion. Up to 66% of US companies, big and small, outsource IT support. The above statistics about information technology reveal that outsourcing is a vital part of the industry that has revolutionized our world. IT outsourcing providers – what are they? Third-party services that provide technical support from remote locations to onshore and offshore companies are known as IT outsourcing providers. Outsourcing companies are usually referred to as MSPs or managed service providers. Managed service providers are different from local technicians or developers that provide an instant fix to technical problems. Local IT technicians often work on an hourly basis – meaning your company can hire independent or freelancers without having a partnership with them. On the other hand, MSPs have a partnership with companies that use their services. IT outsourcing providers do not just fix broken connections. A managed service provider does everything from installing, supporting, monitoring, and implementing software and programs. MSPs also provide security of network computing and every technical requirement your company needs to do business. Some MSPs are located around the globe from the Americas, to South East Asia, Western Europe and other other continents are also available. Types of IT outsourcing Broadly classified, IT outsourcing is of two types: Co-managed IT outsourcing As the name implies, co-managed IT outsourcing is when you outsource only a part of your company’s requirements. Here, you have a dedicated in-house IT staff responsible for general computing, hardware, and software issues. The outsourced support takes care of the 24/7 cybersecurity monitoring that your in-house team does not have the expertise or the resource to execute. Outsourced experts can also help with an overworked IT department and increase the overall efficiency of your organization. In addition, supplemental or co-managed IT outsourcing can dramatically reduce the cost your company may be required to pump into the department. However, the overall responsibilities of the outsourced help depend on the package offered by the outsourcing services. Co-managed IT outsourcing packages are relatively cheaper than fully outsourced packages. Outsourcing a part of the technical help that can work with an in-house team is a fantastic way to make the best decisions that can transform your business goals. This type of outsourcing is a great choice if you run a large business, but co-managed IT outsourcing can be expensive for smaller organizations. Complete IT outsourcing Complete or full outsourced IT support is when your company does not have an in-house team for your technical and information technology needs. Instead, you outsource the help from a third-party service provider called the MSP. In this case, the managed service provider is responsible for troubleshooting, updates, and backups to monitoring. Networking computing and servers are also managed and stored by MSPs locally or on cloud apps and other off-site data centers. You can also partner with MSPs for special projects, strategic consulting, and vCIO services. Understandably, fully outsourcing IT support will cost more than supplemental or co-managed IT outsourcing. The advantages of complete/full IT outsourcing are many, as you have little to worry about the technical aspects of your business. However, narrowing down on the right MSPs that mirror your organization’s exact needs and goals at the right price can be tricky. Why outsource IT support? Some of the biggest names in business outsource IT, which promptly raises the question – of why. Why is everybody outsourcing information technology support from different parts of the globe? Below are the top reasons why: Cutting costs A primary reason for many companies outsourcing IT support is to cut costs, according to a Deloitte survey. Up to 70% of companies that outsource support for information technology cite the drastic reduction in the overall cost. Outsourcing is dramatically cheaper than having an in-house team because they come from countries with low labor costs. The country rounding the list of the top destination for IT outsourcing are India, followed closely by the United States and China. Other countries that provide IT outsourcing include Malaysia, Brazil, and Indonesia. Flexibility Up to 40% of companies that outsource cite flexibility in running their business. With IT experts working round the clock and providing real-time remote support, every technical issue is taken care of almost instantly. As the company scales in size and revenue, restructuring is inevitable. While the top players in the company are engaged with new and tougher responsibilities, outsourcing support takes care of the old liabilities, so there is no disruption in the workflow. Speed to market Another reason why IT outsourcing is common among companies is speed to market. As much as 20% of companies consider that outsourcing helps them to establish their brand/company’s presence in the industry quickly. Since the competition in any type of business is cutthroat, outsourcing is a fantastic way to generate an idea, develop it, and take it to the market before the competitors. Access to tools More than 15% of companies also rely on outsourcing because it gives instant access to tools and processes. When a team of IT professionals is on hand to provide everything from technical support, security, software development, and technical issues, it is a resource very few businesses will not use. Other reasons why companies turn to outsource IT support include agility and scalability. What is the cost of outsourcing IT support? The average cost of outsourcing IT support generally ranges from $80 to $150 per month. However, the cost of outsourcing IT support depends on several factors, including: The service package pricing type: Per month

If you’re not using VoIP yet, then you’re behind the times. The pandemic taught companies that they need to reach as many operational areas as possible from anywhere. If your building is evacuated, how are you going to answer the landline phone? Having Sarah who is working from home call a customer from her personal number can come back to bite you should she leave the company. Cloud-based phone systems are now becoming the norm for a lot of reasons. But this doesn’t mean they’re always set up right. Have you had trouble with your VoIP service? Does your company directory have only two options because you can’t figure out how to set up more? VoIP also needs to have bandwidth resources, and if it doesn’t, calls can drop in a heartbeat. One bad experience is all a potential customer needs to cause them to lose trust in you. Here are a few best practices to improve your VoIP business phone system. Use Quality of Service settings on your router or firewall What is quality of service? In networking terms, QoS enables organizations to adjust their overall network traffic by prioritizing specific high-performance applications and services. Common high priority traffic includes VoIP, video conferencing, streaming media, internet protocol television (IPTV), and video-on-demand. By setting the quality of service settings on your router to prioritize your VoIP service, you are ensuring that your VoIP traffic is given the highest priority when passing through the router. Have a backup Internet Connection Internet outages happen. By having a backup Internet connection, you can ensure that your VoIP service will fail-over to your backup connection during an outage and you don’t experience any downtime for your phone service. Even if you don’t use VoIP, having a backup Internet connection is recommended these days. It’s likely that most everything (if not everything) your company uses to function and accomplish your work is connected through the Internet. By having a redundant connection, you’ll keep productivity up and costly downtime to a minimum. Give your Team Time and Training to Learn the System This sounds obvious, but many times we expect employees to know all of the ins and outs of new technologies in a short amount of time. By giving them proper training, including hands-on training and how-to materials covering their new phones and auto-attendants, we can help expedite this process. Make sure your VoIP provider will be providing some kind of training before closing any deal. We’ve found hands-on training to be the best and with a little bit of time, most employees will be pros at the new system and love all of the new features. Use a Local Provider for VoIP Use a local provider for your VoIP deployment. This way you can have a local resource to call for support or come on-site for troubleshooting if needed. We like to think you won’t have any issues with your VoIP service, but things happen, and having someone local to rely on can be extremely beneficial. Faster response times and being able to have someone come on-site to troubleshoot issues can be invaluable.   Looking to move to VoIP? Contact us today to arrange a free consultation and see how your business would benefit from moving to VoIP.

Email Security Best Practices Rising incidents of email scams, phishing attempts, ransomware, and compromised accounts have made it more important than ever to protect your email against ongoing and newly emerging threats. Almost every business relies on email to some degree. From communication with employees and clients to marketing and billing, email is one of the most important tools businesses use and has also become a prime target for cyber-criminals. So how do we keep our email communications safe from these threats? We will go over (4) email security best practices that will help strengthen your defenses against malicious actors looking to take advantage of your business. Password Specifics Having a good password is one of the best defenses against unauthorized usage. By implementing strong password guidelines and policies, it will help set a standard in your business and prevent accounts from being compromised by brute force attacks and other means. Some general password guidelines include: • Create strong passwords. The NIST has recently updated their password guidelines with new recommendations. • Don’t reuse passwords across accounts. • Don’t share passwords with other employees. • Don’t write down passwords. Use password managers instead. Multi-factor Authentication Another way to secure your email is to have Multi-Factor Authentication enabled. Multi-Factor Authentication, or MFA, is a technology that requires the user to verify their identity with their password in other ways. For example, a user that signs in with their password would also be instructed to put in a number they received via text or an authenticator app on their phone or PC. MFA is a great way to secure your email. Even if a malicious actor has your email password, it will require them to have the number only you would have access to. Some examples of these MFA tools include the Microsoft Authenticator App, Google Authenticator App, Duo Security, and Authy. There are many different authenticators available and ultimately, the decision is up to the individual or IT department. Spam Filtering / Gateway Defense Every business should be utilizing spam filtering or perimeter/gateway defense. An email gateway will act as your first line of defense against threats and stops most before they ever reach your inbox. They scan incoming and outgoing emails for threats including viruses, phishing attempts, and spoofing. Other advantages of email scanning include stopping spam before it reaches your employees inboxes. This helps save your employees time from being wasted going through hundreds of spam emails and allowing them to focus on other tasks at work. Some gateway defenses will also provide a 24×7 emergency inbox to users when the normal email environment is unavailable. If your business hasn’t experienced an email outage yet (looking at you Microsoft 365), it’s only a matter of time before you do. End-User Training Unfortunately end users are one of the weakest links when it comes to email security. But with proper training, you can teach your employees how to spot, avoid, and report real-world attacks from phishing attempts to impersonation and other social engineering attacks. Security-awareness training should include courses that end-users can understand and are not boring or hard to get through. Some courses can be overly time-consuming and poorly conceived making it harder for the end user to properly digest the material. Interactive materials can help with this. Phishing simulation training should also be conducted. By sending out realistic phishing emails to employees, you can gauge their awareness of attacks and what to do with the emails when they receive them. This helps identify users that may need additional training and works well with the security-awareness training on teaching employees how to identify, avoid, and report email threats. Email Security Best Practices Conclusion As a business, it’s imperative that you keep your employees, customers, and data safe from security threats. By creating and implementing a standard set of email security best practices for employees, you can protect your company from cyber-criminals and external threats. If you need help implementing these, please contact us to schedule a risk-free assessment.

On August 13, 2019 section 889 of the National Defense Authorization Act (NDAA) went into effect. This section prohibits the usage of certain video surveillance, telecommunications services, equipment and components manufactured by specific vendors in federal buildings as well as federally-contracted developments. Federal agencies are also prohibited from doing business with contractors that use surveillance technology from the blacklisted products. The legislation was passed to combat national security and intellectual property threats that face the United States. The NDAA ban also extends to other manufacturers in cases in which the video surveillance cameras or systems from the specified vendors are offered under another manufacturer’s brand name typical of OEM relationships. Banned Camera Brands Camera brands that were specifically banned by the NDAA include: Hangzhou Hikvision Digital Technology Company Dahua Technology Huawei Technologies Company Hytera Communications Corporation ZTE Corporation The ban also includes any brands that function under or as part of these companies, including affiliates. NDAA Compliant Cameras In order to be NDAA compliant, the manufacturer cannot use a chipset or component made by any of the banned brands. Many manufacturers and distributors are not clear on the exact components and chips inside the cameras which can make it difficult to tell if a particular security camera is NDAA compliant. You will want to ensure your supplier is upfront with you about the components and manufacturer. However, one example of an NDAA compliant brand is Axis Communications. Their entire product portfolio is considered NDAA compliant. They help achieve this by using an in-house developed ARTPEC chip and not rely on outside manufacturers for components. It should also be noted that some companies manufacture separate lines of NDAA compliant cameras specific for the US market. An example of these would be the Honeywell 30 Series and 60 Series security cameras. NDAA Compliant Video Surveillance Installation If you are looking for NDAA compliant video surveillance, Pennyrile Technologies can assist. While some of our catalog products may not be NDAA compliant, we have a growing list of fully compliant security products ready to be installed on any government property or business that would prefer to use NDAA compliant security cameras. Call us at (931) 771-1149 to go over your needs and schedule a site survey for a quote. We routinely install cameras for big box stores and retail, restaurants, warehouses, hotels, manufacturers, and more in Western Kentucky & Tennessee.