Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works, Inc. Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

BYOD Management Part 1

Bring Your Own Device (BYOD) policies are here to stay. The flexibility, familiarity, and increased productivity that personal devices provide has forced companies to adapt to this workplace revolution in a hurry. Yet many companies are still struggling to strike the right balance between personal freedom and corporate responsibility. In part one of our two-part article, we'll detail a six-step plan for developing the strategy and policy necessary to manage BYOD effectively.

Gather Your Team

Don't go this alone. As you begin making a detailed plan for allowing the use of personal devices, get your employees involved, and keep in mind, the more the merrier. You want as much feedback, input, and honesty as you can handle. Taking the time to wade through everyone's concerns is the best way to get the full picture. You need to determine how much freedom your employees are expecting, what your IT department can handle, and any concerns your legal department might have so everyone has raised red flags before issues arise. Remember, there is no one-size-fits-all approach to creating a BYOD policy so you'll need to restructure your management style to fit the employees you have, the systems you use, and the regulatory requirements your company must meet. The goal is to create a strategy that doesn't compromise data security yet still satisfies your employees.

Think Long Term

The goal of your company is to grow, so when developing a BYOD policy, don't be reactive, be proactive. Ensure that, as you design your solutions, they can support a greater number of devices or users when needed. Make sure your policies won't need to be rewritten every time a new sub-contractor is hired, or a new technology emerges. Today your employees have cell phones and tablets, in a few years (or months) they might be keen on wearables or smart desks. Ideally, you want to be endpoint independent in your approach so you can quickly adapt to innovative new devices and emerging platforms.

Assess Risk and Assign Access

Now that you have an overview, it's time to decide the details of how you'll protect your sensitive data.

Start by deciding which devices are acceptable within your company. You'll accomplish this by weighing a combination of factors including what devices or apps your employees are already using (another great reason to check in with your staff before designing your policies), and which types can be easily monitored going forward. Create a list of acceptable devices and applications and be specific. A "choose your own device" model where employees select from a list of acceptable devices can help bridge the gap between secure options and personal preference.

Also, decide what sets of data you'll allow to be transmitted on BYOD devices. An effective way of doing this is by adopting the principle of least privilege. This principle restricts access so users can only use the exact data and software required to do their job. In addition, implement multi-factor authentication to make sure you’re putting as many barriers between hackers and your company data as possible.

If you feel you need assistance from top-level experts, contracting a Managed Service Provider (MSP) can also help. Using an MSP like Capstone Works simplifies the process by having dedicated IT experts who can quickly assess your situation and create customized BYOD policies for your business. Contact Capstone Works today to learn more about how we can help.

Continue reading

How Hackers Steal Your Data (Part 2 of 2)

In Part 1 How Hackers Steal Your Data of our data hacking article, we explored two of the most common methods cybercriminals are using to attempt to access your data. In Part 2, we’ll look at three slightly more sophisticated attacks that you should be aware of to properly steel yourself against data breach attempts.

Social Engineering

A catch-all term that can include phishing (discussed in Part 1 of this article), social engineering uses your real-world instincts against you to get you to divulge information you usually would be hesitant to reveal. Typically speaking, hackers use technological vulnerabilities to exploit holes in your cybersecurity, but in social engineering attacks, hackers lean on your personal weaknesses.

Some examples of this might be:

• A hacker calling and posing as a client who’s locked out of their account and needs you to give them access.
• A hacker calling or emailing pretending to be a local charity asking for financial information to make a donation.
• A hacker texting you posing as a friend, boss, or coworker that needs urgent help.

Relying on psychological manipulation, these few examples illustrate the importance of slowing down, staying skeptical, and carefully reviewing any “urgent” issues before taking action. Be wary of links or downloads even if they seem to be from a trusted source, set your email spam filters to the highest setting, and always be wary of anyone asking for credentials in a text, email, or phone call if you want to avoid being misled by this form of emotional manipulation.

Man-In-The-Middle Attacks

In a man-in-the-middle (MITM) attack, an adept hacker will use IP, ARP, or DNS spoofing to position themselves in the middle of a conversation between you and an application to intercept user traffic. After they’ve intercepted this traffic, the attacker will decrypt it using HTTP spoofing or SSL hijacking to avoid detection. This allows them to then monitor and control the session and steal account details, log-in credentials, banking info, etc. A MITM attack is hard to detect, but can be prevented with due diligence. Avoiding the use of free Wi-Fi hotspots, closing out secure connections when they are not in use, and steering clear of unsecured websites are key preventative measures you should be taking to avoid this scenario. If you’re also a web administrator, you’ll want to be preventative against these types of attacks on your site by making sure you’re using SSL/TLS to secure each page of your website and not just log-in pages.

IoT Attacks

The wave of the future, The Internet of Things (IoT) is a term used to describe the increasing array of interconnected devices that interact with each other across your network. The more devices become “smart” and connect and share information, however, the more entry points hackers have to gain access to your systems. It might seem far-fetched, but hackers can actually install viruses or hack into your wireless routers, printers, and any new device you introduce that may connect to your network regularly. If you are investing in IoT devices to stay current, only buy them from reputable vendors with track records for reliable security. Many businesses are also guilty of sticking with the factory preset passwords that come out-of-the-box with new devices. These factory passwords are often not strong enough, are easily found in product manuals, or have been made public on databases stored in the dark web. So, make sure you create a unique set of new credentials for each IoT device as soon as you introduce them to your network.

Although using the preventative measures detailed for these five types of attacks can dramatically decrease your chances of data theft, there are endless ways that cybercriminals can target you. Therefore, the true key to making sure you avoid a data breach is to have a plan. This is where an MSP like Capstone Works can help. By assisting you with formulating a comprehensive, structured approach to cybersecurity, we can streamline the time-consuming tasks of learning about new threats, keeping your systems up-to-date, and educating your team. Contact Capstone Works today to put your cybersecurity plan in motion.

Continue reading

How Hackers Steal Your Data (Part 1 of 2)

securityIt’s no secret that your data is a hot commodity. Each day sophisticated cybercriminals attempt to make money by stealing your private information to pose as you, blackmail you, or simply sell your information to someone who will. If you want to stay in business, you’ll need to be able to thwart these attempts. But to do so, you must understand the increasingly advanced methods hackers use. In this two-part article, we’ll examine the techniques hackers are currently employing to gain access to your sensitive data.

Cracking Passwords

The fact that hackers might simply guess your passwords probably seems painfully obvious, but the hard truth is that many companies still lack proper password management. If your password is a series of common words, a dictionary attack can use algorithms to cycle through a word database and quickly discover your chosen phrase.

Simply adding some numbers won’t be enough, either, as hackers can up the ante with a brute force attack which allows them, with some additional computing power, to cycle through alpha-numeric combinations until they strike gold.

And if they are very determined and well equipped, a hacker can also use a rainbow table attack. When passwords are attempted, they are “hashed” to avoid sending the actual plaintext password over the communication line. In this type of attack, pre-computed tables are used to recover these hashes and reverse them to reduce guessing time and discover complex passwords.

To prevent these, you’ll need to create unique passwords that are more than ten characters long and have a mix of numbers, lowercase and uppercase letters, and symbols for each account. One popular trick for this is to think of a phrase and codify it. For example, “Cousin Greg lives in Seattle” becomes “C0u$iNGr3gLiV3SinS3ATtLE”.

Additionally, you should use multi-factor authentication whenever possible so that your password isn’t the only thing standing between an attacker and access to your accounts.

Phishing Schemes

One of the most common methods of data hacking, phishing scams are so effective, they’ve produced many high-profile data breaches including the hacking of Clinton campaign chairman John Podesta, who unknowingly gave up his Gmail password, and Snapchat, where an employee gave up payroll information that led to widespread identity theft.

In a phishing scheme, disguised e-mails are used to lure the recipient into a trap. Posing as a trusted source, such as someone you do business with, your bank, or your email provider, hackers trick you into providing them information directly, clicking a link that leads you to a fake site, or downloading an attachment that then allows them access to your system. One of the oldest tricks in the book, phishing is an evergreen technique that is continually being re-invented in order to become harder to spot.

The best way prevent being hooked in by a phishing scam is to study the way they are being used and stay vigilant. Make sure to check the spelling of URLs in email links and watch out for URL redirects. Keep your browsers up-to-date to ensure you have the most recent security patches and install anti-phishing toolbars on your browser that can run checks on sites you visit and compare them to a database of known phishing sites. And, of course, never give out personal information over email.

These are two of the most popular ways attackers attempt to gain access to your system but stay tuned for Part 2 of this article as we dive into three more sophisticated methods cyber attackers are currently using. Concerned you’re not as safe as you thought? Contact Capstone Works immediately. Our cybersecurity professionals have the expertise to make sure you’re one step ahead of the latest tricks, scams, and hacks that could threaten your business.

Continue reading

Is It Time To Upgrade The Operating System On Your Office Devices?

Are you using Windows 7, older versions of Outlook for email, or Windows Server version 2011 and below? If so, it’s time beproactiveto learn about Microsoft’s End of Life Support. You do not want to find yourself in need of tech support for an unsupported product. That’s why being prepared is critical. What products are nearing the end of their support life cycle and what can you do to help your business stay on top of these changes?

First, it is important to know when products are being phased out. Microsoft has specific product life cycles. According to their website, support for Windows 7 ends on January 14, 2020. That gives users less than one year to prepare. Windows 7 launched on October 22, 2009, at which time Microsoft committed to ten years of product support. As this time period expires, it is important to note that this lack of support can leave you vulnerable if you do not upgrade your Operating System. For example, those automatic updates that many users get in the habit of ignoring often include critical security patches that you will no longer receive. If you’re using Windows 7, it is time to upgrade. 

Now that you are thinking about upgrading your Operating System, how do you get started? The process can certainly sound overwhelming. You may have questions or, alternatively, you may be unsure as to what questions you should be asking. It’s time to contact a trusted Managed Service Provider like Capstone Works to help you navigate this process.

What else do you need to know to keep your IT updated? Microsoft has been moving toward a subscription-based model, pushing clients and companies to move toward Office 365 subscriptions instead of the old model of buying a disc, loading Microsoft Office onto your device, and having a perpetual license for the product. Users who have a perpetual license, such as those on Office 2016, will need to upgrade by 2020 in order to use their product in conjunction with the suite of Office 365 products, like SharePoint and Exchange. These end dates are important to keep track of in order to keep all of your products working together. When you connect Office 365 products with “legacy” versions of Microsoft tools, you do not benefit from the full range of the current product capabilities and certain aspects may not work properly. Therefore, it is important to have a trusted Managed Service Provider on your side to help you keep everything working together, make timely upgrades, and keep track of product lifecycle end dates.

How else can Capstone Works help? We can guide you as you choose the right IT products and software solutions for your office. For example, we can go over the pros and cons of moving to Office 365 now, staying with a perpetual license model, or waiting until the End of Life deadline to make any changes. With all the other aspects of running a business taking up time, it can be a challenge for business decision-makers to navigate the many options available. We are here to take IT off your plate and help you ensure you are making the best, most informed decisions possible in a timely manner. With a partner like Capstone Works on your side, you will not be caught off guard when a product nears the end of its support life cycle, and you will be able to make proactive, informed business IT decisions.

Contact Capstone Works today and be prepared for any changes technology companies throw your way!

Continue reading

Preventing Data Breaches on Data Privacy Day

b2ap3 medium network securityThe start of 2019 comes with promises of many new technologies that you, as a business decision-maker, can use to help grow your business. Though these new avenues can open many doors for your business, these advancements are also creating new vulnerabilities and avenues for hackers, thieves, and phishers to take advantage of. Luckily, Data Privacy Day is right around the corner.

The day is celebrated on the 28th of January each year and is intended to educate users on data privacy to promote a safer, more secure, and more private internet for citizens all over the world. It’s also a good day for people to review their social media privacy settings, update old passwords, and take a look at the state of your digital data security. 

The purpose and goals of Data Privacy Day are of particular importance to businesses. Each year, millions of businesses face attacks to their security as a result of totally preventable vulnerabilities within their IT infrastructure. While not all attacks turn into breaches, that doesn’t mean they’re not cause for concern. 

So, what can you do to protect yourself this Data Privacy Day? Depending on your business, a good place to start is to increase your password security. This can be done by requiring more complex passwords from your employees, requiring they change them up regularly, and by instating two-factor authentication, which provides additional security to confirm the person logging into your network is legitimate.

If you haven’t already, setting up firewalls and using encryption to secure your network is also a great idea to keep out hackers. Additionally, limiting privileges to certain parts of your network only to those for whom access is necessary. This limits the potential that certain information will fall into the wrong hands.

Finally, having back-ups, either of your entire environment, or simply of vital data, is one of the best ways to prevent attacks that corrupt, steal, or try to ransom your data.

Whatever your needs, Capstone Works takes the initiatives of Data Privacy Day to heart. We will work with you to craft a customized security plan that will prevent attacks from happening and keep your business’ data safe and secure.

Not only have we made it our mission to stay updated on all the latest possible threats to your industry, but we also work to educate our clients on these matters, and make sure they’re able to make informed decisions about how to protect their businesses.

After an audit of your current security infrastructure, we can determine where your vulnerabilities lie and prevent them from being used against you. Whether you need as simple a fix as a software patch, or a more substantial overhaul of your internal security procedures, like making sure users are forced to use secure passwords, servers run on secure protocols, etc., Capstone Works has you covered.

Start your New Year off right. Data Privacy Day is a great time to give your business’ security measures an update, so don’t pass by without a second thought. Contact Capstone Works today and rest assured that 2019 will be a great year for your business.

Continue reading

Latest News & Events

Capstone Works, Inc. is proud to announce the launch of our new website at http://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works, Inc. can do for your business.

Call Us Today
Call us today
(512) 343-8891 x2

715 Discovery Blvd
Suite 101

Cedar Park, Texas 78613