The fact that email is so accessible, free and fast, makes it a very convenient tool for us. It also makes it a very convenient tool to use to spam your inbox. Buy simply purchasing a list of email addresses, professional spammers can bombard their victims with as many messages as they please. We have our ways of preventing these attacks but, of course, they have a host of automated tools to help them expand their volume and slip past filters. They are sneaky but there are things that you can do to proactively keep spam out of your inbox for good.

Here are five strategies for blocking spam:

1. Train your spam filter

Most email platforms include some form of spam detection. Messages that seem fraudulent or unimportant will be red-flagged by your provider and sent to the spam folder. The best thing about these filters is that you can train them to fit your inbox. This means that with the click of a button, you can decide if the spam detector made a mistake or missed a spam email. You can configure its settings and actions to improve its performance.

For example, let’s take a look at Gmail. Every time you open an email, a Report Spam button that looks like an exclamation point appears at the top of the email. If you find a message that is obviously spam that slipped through the spam filters, click this red button and your spam will filter messages like this to its memory bank so that you no longer get them. On the other hand, if you check your Spam folder and find that a useful email was placed there, open it and click the not spam button at the top of the page.

2. Employ alternative email addresses

One way to avoid spam is to create an alternative email address that is separate from your personal or business email address. When we order a product, often times the company that we ordered it from takes the liberty of spamming our inboxes with irrelevant content that has nothing to do with our purchase. This can also include receiving unwanted marketing updates or sharing your contact information with an advertiser. By creating a secondary email address you can keep all spam from entering your important inbox of your main email address. This alternative address can be used for traveling purposes, online shopping and more. Gmail, Yahoo, Outlook, or Mail.com offer free email address setups so you can make one with ease of mind and wallet.

However, it’s important to note some details when creating a new account. Gmail addresses ignore dots in email addresses, so an email sent to “[email protected]” and an email sent to “[email protected]” will both arrive at the same inbox. The same can be said for email addresses that contain plus signs. So messages addressed to “[email protected]” and “[email protected]” will both land in the same inbox. Good news though, this is actually helpful! Why? It means you can enter the variation on your current email address whenever you sign up for or buy something and then create a Gmail filter to put anything sent to that address in its own folder, separate from the main Primary tab.

Instructions: To create a filter in the web interface, click the Options button on the top right, followed by Settings and then Filters and blocked addresses. Click Create a new filter, enter your tweaked address in the To field, and then decide what you want to do with these types of emails.

3. Download third-party extensions

The internet truly offers a fix for everything. If you are finding that a lot of spam slips through your email provider’s spam filter, try adding a third-party app to supplement it. This type of service stops messages as they travel between an email server (the cloud where messages are stored) and your inbox.

Free is always a plus so try Mailwasher. Plug in your email login details and Mailwasher applies a series of filters to identify unwanted messages. With this, if you like, you can review the stopped emails online before they show up in your inbox.

There is also the free SpamCop service. This is like a mini police station. It allows you to report bad actors to internet service providers (ISPs) so they can block these messages at the source. This not only helps your inbox stay clean but helps others as well because you will be shutting down certain spam altogether.

4. Protect your email address

You should aim to keep your primary address as secret as you can. Do not display it on public pages such as social media platforms or a personal website. You should have a whole separate email address for this. This is the first place bots and spammers will look.

If you don’t want to keep track of too many email addresses but you have to have your email address available, try writing it out longhand. For example, try “John Smith at Google’s email service” whenever you need to display it on the web. This will make sense to a human but a bot will not be able to process and collect it.

In addition to this, there are some email marketers that will use a tracking pixel, or something similar, to decipher the difference between email addresses that are actually used and ones that are not. They send messages to a variety of addresses and as soon as a human opens one of them, the spammer will receive a confirmation that the address is in use. In order to avoid this, just don’t open spam. You most likely know what spam looks like at this point so just trash it or filter it out right away.

Spam is inevitable if the right tactics are not implemented to block it. Here at NVIT Solutions, we understand the ins and outs of email solutions and we are here to help. Give us a call to start blocking spam today!

When thinking about securing your business from cyber threats, the mind quickly turns to phishing, hacks, and viruses, but there are many security threats in and around the office that can expose your business to a host of threats and cybersecurity issues. In conjunction with a solid cybersecurity solution provided by your MSP, be sure you and your employees follow these office tips to protect your physical workspace from system comprises, unauthorized breaches and data loss.

Unlocked devices

Mobile phones, laptops, desktops, tablets, and even printers/multi-function devices should all be locked and password protected when unattended, as any of these (and any other) network-connected devices can be comprised, allowing for unauthorized access into your system or unauthorized removal of data from it. Even though most devices lock/power down after idling for some period of time, create an office culture where locking devices becomes second nature for all employees.

USB Drives

USB drives pose a host of security issues. Unknown drives should never, ever be used, as they could easily contain hidden malware or spy software that could exfiltrate data or install ransomware on your network. However, those drives that you do use for normal business functions must be kept under lock and key, so they are not compromised with malware, misplaced or stolen. USB drives make it far too easy for curious eyes or unauthorized user to get a peek into sensitive or confidential business information and are unfortunately left behind in public places (airports, coffee shops, etc.). Make sure any and all USB drives used in your business are cataloged and their whereabouts known at all times—or perhaps look to cloud solutions for sharing/transporting data.

Paper Documents

What may be innocuous to your employees could be valuable to others who’d want to infiltrate your systems. At the end of the day, be sure that papers, reports, financial records, and any other proprietary data is off desk surfaces, locked away, or shredded (i.e., not in the trash). After they are no longer needed, shred any documents with financial records, proprietary data or confidential information. And of course, to minimize this issue, go digital wherever possible.

Passwords

It’s a common occurrence, even in the face of many strict cybersecurity policies, but many employees use notes or cheat sheets for the various usernames, logins, and passwords they require for day-to-day work. Nothing could defeat the purpose of a password more easily than this practice, and leaves the door wide open to anyone who accesses your office to gain entry into your network and systems. Discuss a software-based password management system with your MSP and seek out an option that will work best for your business in order to prevent this risky behavior.

Wallets and Keys

Just like easily-accessed passwords are a threat, wallets and keys that are left on desks during meetings, bathroom breaks, lunches, etc., can all leave your business exposed to unauthorized entry. Pay special attention to this if there are areas of your business under lock and key, or if ID/keycards are used, as these are typically kept in wallets. Misplaced keys and access IDs can quickly lead to tampered or duplicated methods of access, so if need be, offer lockers or secure places where employees can store their personal belongings while they work.

These are just a few security best practices to enact in your workplace, alongside an effective cybersecurity solution. If you’re thinking about protecting your business from cyber threats, let’s discuss a few options that could work best for you. Securing your office shouldn’t be that hard. It’s just another layer to protect your assets.

With the arsenal of tactics that hackers have today, we must fight back and protect our data with an arsenal of prevention tactics, including testing. Penetration testing is an important step towards safer applications and organizations. Penetration testing (A.K.A. pentesting, or security testing) is the process of testing your applications for vulnerabilities and put yourself in the hacker’s shoes. To do so, we start by answering a simple question: “What could a hacker do to harm my application, or organization, out in the real world?”

To ensure that a penetration test is effective, it must involve experts in all things IT. This includes a skilled hacker or a team of skilled hackers. Don’t worry though, it is the good kind of hackers, the ones that are on your team.

To start, we purposefully ensure that the hacker(s) don’t have access to any source code, and then try to gain access to your systems and applications. Penetration tests can be implemented IP address ranges, individual applications, or even as little information as a company name. The tests can vary depending on specific needs. The level of access you give an attacker depends on what you are trying to test. Here are some examples of penetration tests:

• To test if an application is well secured, a penetration tester could be given access to a version of a web application you haven’t actually started using yet. They will then be told to try and gain access or cause damage by any means possible. The penetration tester will then employ a variety of different attacks against various parts of the application in an attempt to break in. If they succeed, then we will try another or implement security measures.

• Hackers can even gain access by simply having your business address. The team of penetration testers will be given your company’s office address, and tell them to try and gain access to their systems. The team could employ a wide range of various techniques to try and break into the organization, ranging from social engineering to complex application specific attacks.  

The purpose of a penetration test is to identify key weaknesses in your systems and applications, to determine how to best allocate resources to improve the security of your application, or organization as a whole. This is the time to find weaknesses in your systems, rather than a bad hacker finding them. This is your chance to fully secure your organization. Nevada IT Solutions is here to help.

Why Are Penetration Tests Important?

• It’s a great way to educate your employees and security personnel on real experience in dealing with an intrusion. A penetration test should be carried out without informing staff, like a fire drill, to allow an organization to test whether its security policies are truly effective and studied. This test should be taken just as seriously as a fire drill.

• Penetration testing reports can be used to help train developers to make fewer mistakes. These tests highlight faults in the security systems, which is a very good thing. If developers can see how an outside attacker broke into an application or part of an application they helped develop, they will be more motivated to improve their security education and avoid making similar errors in the future.

• They provide feedback on the most at risk routes into your company or application. Penetration testers think as a real world attacker would. They think outside of the box, and will try to get into your system by any means possible, just like the actual situation would play out. This could reveal lots of major vulnerabilities your security or development team never considered.

• It can uncover aspects of security policy that are lacking. For example, many security policies give a lot of focus to preventing and detecting an attack on an organization’s systems but neglect the process of handling an actual attacker. You may uncover during a penetration test that whilst your organization detected attacks, the security personnel could not effectively remove the attacker from the system in an efficient way before they caused damage.

If your company has not carried out a penetration test, it is absolutely time to do so. Time is of the essence because hackers will carry out their attacks without warning. Are you prepared? Your first few penetration tests will probably deliver some shocking results, and highlight that your organization is much more vulnerable to attack than you ever predicted. Nevada IT Solutions is your partner in preventing future attacks through the use of penetration testing. Don’t be caught off guard. We will help you be prepared for anything.