How Investing in Internal Documentation Saves Your Company Money

When budgets get tight, cutting unnecessary costs is a standard strategy to maintain a successful business. While the big expenses tend to get the most attention — finding cost-effective employee benefits, buying supplies in bulk, cutting out catering for staff meetings — sometimes it’s the smaller details that can have the most impact. 

Internal documentation is one of those minor details that are rarely at the top of anyone’s money-saving list, but it definitely deserves a spot. Internal documentation refers to any detailed information about your company’s processes and procedures that’s kept up to date and is available for employees to reference as needed. 

It’s a simple concept that’s easy to implement, yet many companies don’t make it a priority. Good internal documentation has the potential to save businesses tens of thousands of dollars each year, and it can directly increase profits by reducing turnover rates and improving every aspect of your business, from onboarding to customer service.

Investing in internal documentation increases company efficiency

Workers can easily spend up to 30% of the workday scouring company databases for basic information they need to do their jobs. If your company has 50 employees and they’re paid the U.S. average of $25.68 per hour, you’re losing $3,210 per day in employee effectiveness. 

If you’re wondering what this expensive time-wasting looks like in action, picture your top-performing employee — the one everyone goes to for help because they have accumulated years of company knowledge. Now imagine that person leaves your company. Without proper internal documentation, they’re walking away with priceless information that your other workers need. When your team is left without their go-to resource, they have to waste an enormous amount of time piecing together information to recreate that former employee’s knowledge base.

If your company’s documentation is nonexistent or lacking, it’s quite likely that a scene like this has played out within at least one of your departments. Imagine how much more your organization could achieve if those hours were put toward customer service, improving products, or training employees on new skills to stay competitive? Productivity and effectiveness would explode, and the results would speak for themselves in your company’s bottom line. 

Great internal documentation makes onboarding easier

Not only is searching for information costly in terms of time wasted, it can also cost you top talent. Work tends to be stressful in general, and insufficient internal documentation is an unnecessary obstacle that adds to that stress. If this issue isn’t addressed, you may find some of your best employees packing their bags to head to more organized pastures. 

If your organization’s lack of proper documentation is causing employee burnout and high turnover, your onboarding process is likely also suffering. New workers are bombarded with more details during onboarding than they can possibly digest in their first few days. It’s important to streamline this process to ensure your new talent feels supported and confident in their position.

Hiring and training new workers is a huge expense. You save your company big bucks by making the process faster and more effective with quality documentation. Set new employees up for success and reduce turnover by clearly documenting your company’s policies, processes, and job-specific information and storing it somewhere that’s easily accessible. 

Internal documentation supports collaborative work

Workplace collaboration is vital to a company’s success, especially in today’s market. The best ideas are rarely the sole effort of a single person. Combining the perspectives, skills, and experiences of a diverse group is the most effective way to develop a robust product or service that will delight your customers. 

Every step of that process, from ideation to implementation, requires employees to share information. When you have solid internal documentation in place, as well as a secure method to store and share it, this process is seamless. This speeds up the collaborative process, meaning your team always hits their deadlines with quality work in hand. 

This also makes your company look competent and professional from a client’s perspective. When your team completes projects in an organized and timely manner, clients will be impressed and feel confident choosing your company again and again for their needs. Alternatively, team collaboration that’s clumsy and behind schedule will send customers straight to one of your competitors, and you can bet they’ll readily share their bad experiences with others. 

The more information about your company, clients, products, and services you document, the more ammunition your employees will have to draw from when it’s time to collaborate on new projects. All employees will have the base knowledge they need to do their parts, whether that’s details on how to use certain software or information about the success or failure of past ideas. This facilitates better, more profitable products and projects that will increase your company’s profits. 

Accessible internal documentation improves work-from-home effectiveness

Working from home became a necessity in 2020. It opened the eyes of many executives to all the benefits that remote work can bring, from downsizing office space to having a wider pool of qualified job candidates. Employees also took a strong liking to the flexibility that remote work provides, so it looks like this trend is here to stay.

As with any major change in business models, remote work poses a few challenges. In-office employees struggle with finding the information they need, and this issue is amplified even more when workers are remote. At the start of the pandemic, the Harvard Business Review reported that work-from-home employees were surprised by how much more difficult it was to find the information they needed to do their work. 

This doesn’t have to be the case, though. Work-from-home effectiveness can be equal to that of on-site employees if internal documentation is a company priority. Business efficiency increases even more when you store that documentation in the cloud where all employees can easily access it and share files as needed internally or externally. 

Ready to whip your company’s documentation into shape? Onehub can keep it secure, organized, and easily accessible to employees. See for yourself with our free 14-day trial (no credit card required!). 

Regular Software Updates Keep Your Business Secure and Productive

Installing updates is one of the simplest ways to protect your company’s files and keep your business running smoothly. Devices and software that are up to date provide data protection, improved functionality, and helpful integrations. 

Why do companies issue software updates?

To improve security

A known vulnerability is a glitch or weakness in software or operating systems that hackers can exploit. When a software company identifies a vulnerability and finds a solution, they release a security patch to fix it. This patch comes in the form of a software update. 

There are many reasons it’s essential to stay on top of updates, but digital security is one of the most important. Cybercrimes are steadily increasing, and businesses are a favorite target for hackers. Companies store sensitive data ranging from customers’ credit card numbers to intellectual property, and this data is incredibly valuable. Hackers can encrypt this data and demand a ransom for the decryption key, use a known vulnerability to take your business offline, or conduct any number of other malicious schemes. 

To add or remove features

Software updates are also issued to add new features, remove outdated features, and improve functionality. These updates can enhance the user experience and offer your company better tools for productivity and efficiency.

To offer new integrations

Updates can also be issued to make the software more compatible with popular programs. For example, Onehub recently updated its file-sharing and cloud storage platform to integrate DocuSign. This allows Onehub users to get electronic signatures from clients quickly and easily. 

What are the risks of not installing updates promptly?

It’s important to install software updates as soon as possible. We’re all guilty of hitting the “install update later” button when we’re in the middle of something, but consistently putting off updates can have significant consequences.

Data breaches

The biggest risk of not staying on top of software updates is a cybersecurity attack. Updates act as a data safeguard, ensuring a malicious individual can’t easily steal sensitive business information or hold your data for ransom. 

Once software has a known vulnerability, it becomes a favorite target for hackers because they already know exactly how to exploit it. There’s no time-consuming guesswork involved. Even after a software company releases a security patch, hackers will still target these programs. They know that many people, especially employees, don’t bother to update their computers or software. 

A good digital security plan can help employees understand the importance of data safeguards such as regular software updates.

Lower productivity

Not installing software updates also means your company is missing out on great new features that could dramatically improve collaboration, productivity, or efficiency. This risk is often overlooked since you’re unlikely to know what you’re missing out on. But competition among businesses is tight, and if your competitors are benefitting from faster, better tools, your business could fall behind. 

Unusable software

Installing updates ensures that your software stays compatible with your operating system and the other programs it interacts with. If you’re behind on updates, you may find that some or all of the features of your software stop functioning. 

Lost time

The longer you put off computer updates, the more updates you’ll need to install. If you stay on top of updates, you most likely won’t have to wait very long for a single one to install. But if they’ve been piling up for months, it may take ages to complete all the updates. During that time, you’re essentially out of commission work-wise. 

This is especially frustrating if your software has stopped working and you need it updated ASAP so you can meet an important deadline. You resign yourself to restarting your computer, anticipating a brief, single update, and instead, you have three months’ work of updates being installed in succession. It’s an easy situation to avoid; simply make software updates a regular part of your work routine.

Ensuring your business software stays updated company-wide

Choose cloud-based software

Cloud-based software such as Onehub doesn’t require users to install updates. Every time you log in, you’re accessing the most up-to-date version of your cloud software. This makes it extremely efficient and more secure since there’s never any delay in installing vital security patches. 

Allow automatic updates

Many devices and software have an option to install updates automatically. Allowing automatic updates means you don’t have to worry about remembering to check for or install updates. If you choose to do manual updates, it’s helpful to pencil them into your work schedule so you don’t forget.

Create a digital security plan

The best way to ensure software and devices are being regularly updated company-wide is to create a digital security plan. The plan should cover common cybersecurity threats and effective data safeguards such as regular updates, strong passwords, and two-factor authentication. Make sure employees know they are responsible for keeping their work devices updated, as well as any personal devices that they use for work.

Onehub can keep your company’s data secure while providing first-class business tools for collaboration and productivity. Try Onehub for free for 14 days!

Improve Business File Organization and Collaboration With Document Control

What is document control?

Document control is a standardized system of file management within a business. Document control sets protocols for the lifecycle and use of documents, from creation to deletion and everything in between. With proper management, employees will always have access to accurate and up-to-date information at any point in a document’s lifecycle. 

Document management is important for most companies, especially for highly regulated industries such as healthcare or industries such as engineering or architecture where precision is of the utmost importance. Document control helps businesses stay compliant with legal requirements and reduces errors.

Even companies that aren’t operating in heavily regulated or precise industries can reap the benefits of document management such as quick file searches, up-to-date information, and improved collaboration. While standards for document control apply to both physical and digital files, we’ll focus on digital files in this article since this is the predominant method of corporate document storage today. 

The risks of poor document management

Employees waste time searching for files

The larger a company is, the more complex the task of document control becomes. An enterprise-level organization can generate thousands of new files each day, which quickly turns to chaos without organizational parameters. 

On average, employees spend nearly two hours each day searching for files due to ineffective file management. When employees finally give up searching for the document they need, they often resort to recreating the file from scratch. The time employees spend searching for documents or duplicating work is a huge waste of company resources. 

Higher chance of errors

Working from an outdated iteration of a file is easy to do when there’s no standard for version control. Without proper document control, your company risks making costly mistakes. For instance, if an architect developed blueprints based on an older version of a file with inaccurate measurements, it could cost the company millions and even endanger lives. When accuracy is essential, you don’t want to leave anything to chance. Employees should be able to immediately identify the most up-to-date version of a file so they can complete their work with total confidence. 

Ineffective workflows and collaboration

In addition to wasting employee time, poor document control also inhibits collaboration. Without consistent rules governing approvals and revisions, document collaboration can get messy. Document control ensures that when a file is approved, everyone working on it knows. When revisions are made, efficient document control makes it easy to identify versions and what changes have been made. 

How Onehub supports document control

Implementing document control protocols can streamline your file management and make your business more efficient and profitable. Onehub’s robust business software can help you create an effective system to govern your business files and document worfklow.

Document creation

Document control standards for new files may govern things like where certain types of documents are stored, file naming conventions, document formatting, and access levels. 

Onehub facilitates fast and easy document creation with its Microsoft Office Online and Google Drive integrations. Users can create new documents directly in the Onehub platform, so they don’t have to switch between multiple applications to get the job done. 

Document approval

Document control improves workflows by standardizing the approval process. Each type of document should have a designated person in charge of approvals, and it should be clear to all involved parties when a file has been approved. Onehub makes this simple with one-click approvals and automatic notifications. 

Document revision

Documents can spend a lot of time in the revision process, so it’s important to have a set of standards to control this phase. The biggest hurdles in the revision stage are identifying the most current version of a document, ensuring that updates are synced, and viewing what changes have been made. 

With Onehub’s automatic file versioning, it’s always clear whether you’re looking at the first iteration of a document or the third. Our automated file syncing means that changes are synced across devices in real-time so employees are on the same page no matter where they access the file from. Users can view or restore all changes within a file, and it’s easy to identify who made those changes. These features make document control simple and team collaboration seamless. 

Document access

Companies often handle sensitive information about employees, customers, or finances that could cause a lot of trouble in the wrong hands. For your company’s digital security, assign every file an appropriate level of access. 

As a general rule, provide employees with the lowest level of access possible. You don’t want to inhibit their productivity with parameters that are too restrictive, but you need to ensure that confidential business information is protected. 

Onehub provides administrators with granular control over roles and permissions to make it quick and easy to customize individual access at the file or folder level. You can grant, modify, or revoke an employee or client’s access to a document with one click. You can also use the “preview as” feature to ensure you’ve set the correct permission level for a file. 

To see all the ways Onehub can support your company’s document control procedures, sign up today for our free 14-day trial

How to Create an Effective Digital Security Plan for Your Business

Both large and small businesses should be concerned about digital security. Hackers look to large companies for expensive ransomware attacks and focus on small businesses for identity theft. No matter the method or reason behind the attack, your business’s fate will likely include financial losses, a damaged reputation, and business disruption. 

A digital security plan is your company’s best defense against cybercrime. Implementing cybersecurity best practices makes your business a less appealing target to hackers. There will always be businesses that have yet to overhaul their digital security measures, making them much more tempting targets.

We’ve put together tips to help you create an effective digital security strategy that will protect your employees, customers, and assets. 

Understand common digital security risks  

Privilege abuse 

It’s important to have a plan for privileged access management (PAM) to control access to sensitive company data and limit the risk of security breaches. Privileged accounts are an appealing target for hackers because gaining entry at the highest level of access gives them the biggest advantages. 

As part of your digital security plan, define protocols for PAM. For example, many companies require privileged accounts to be secured with two-factor authentication, or that all work-issued devices be granted the least amount of access possible. 

Abuse of privileged accounts is one of the leading causes of corporate data breaches, so it’s important to implement a system that ensures only leadership and departments such as IT have high-level access to company data.

Weak passwords

Many people get frustrated typing in long, complicated passwords or simply can’t remember them, so they default to weak passwords. Weak passwords like the ever-popular “123456” can be cracked within milliseconds. It takes zero effort, so hackers are always looking for these weak spots to quickly gain access to confidential information. Enforce strong passwords on all employee accounts.  

Phishing attacks  

Phishing attacks have been around for a long time, and they’re still as effective as ever. Over 90% of targeted attacks use spear phishing, a type of phishing email where the hacker spoofs a known individual’s email address. 

Employees should be trained to identify phishing emails and understand the risks involved with clicking a malicious link or opening a compromised attachment. Some more sophisticated phishing emails don’t include attachments or dangerous links. Instead, they focus on winning over the recipient’s trust by posing as a colleague or authority figure within the organization. These are particularly insidious cybersecurity threats because they can be hard to spot. 

Public Wi-Fi 

Workers are using public Wi-Fi more than ever now that remote and hybrid work is becoming the norm. This poses a significant risk to your company’s digital security because these connections are not secure. Hackers commonly use the “man in the middle” attack to steal data from people using unprotected public Wi-Fi.

Secure your network

Install a network firewall

A firewall is a must for corporate networks. It monitors incoming and outgoing traffic and uses a defined set of security protocols to identify suspicious activity (e.g., malware or ransomware) and block it from accessing the network. It also protects ports that hackers commonly use to access your network and steal data. 

Use a VPN

A VPN, or virtual private network, creates an encrypted internet connection that protects your online activities from prying eyes. It’s especially useful for workers who use public Wi-Fi when traveling or working remotely. A VPN can protect against “the man in the middle” attack, one of the most common attacks used against vulnerable public networks.

Update router firmware

All of your company’s sensitive information passes through your router, and outdated router firmware makes your network a tasty target for hackers. Always stay on top of firmware updates to fix bugs and patch known security issues. 

Backup your data

Modern companies run on digital data, and losing this information can bring your business to a screeching halt or even shut it down permanently. 

Your backups should be encrypted and stored across multiple devices and facilities. This means that if one server fails or is destroyed in a natural disaster, your data is still safe and easily recoverable. 

To automate this process and make it easier, you can use providers such as Onehub to protect your data. We give our customers complete peace of mind by using bank-level encryption to protect data in transit and at rest. We store data with multiple redundancies and regularly perform integrity checks to ensure everything is secure. 

Share files securely

Many employees carry over their file-sharing habits from their personal life into the workplace by sharing files by email. Any file shared by email is vulnerable to hackers. There is less risk involved with sharing personal files as they don’t generally contain sensitive information, but that is not the case with business files. Any data being shared by employees should be encrypted and transferred via a secure network connection. 

Onehub takes file-sharing security a step further and offers password protection for shared files as well as expiration date options. You can also give direct file access to non-Onehub users via secure links.

Restrict administrative privileges

Prevent privilege abuse by restricting employee and contractor digital access to necessary areas only. Controlling user privileges means you can restrict access to sensitive information and limit or prohibit certain activities, such as installing software. 

For the most impactful control of admin privileges, look for a file-sharing and cloud storage provider that offers granular control over users’ roles and permissions. Onehub allows you to invite users, grant or revoke access, and modify roles from one location. You can invite users on multiple levels, from Workspace to folder to file, and you can control whether a user is able to print, download, or modify a document. 

Detailed control over access to your company’s data means you don’t have to worry about employees or clients abusing privileges or unintentionally causing a digital security incident. 

Use two-factor authentication 

A username and password combination is by far the most common method of account authentication. Unfortunately, 83% of Americans use weak passwords, so this method can easily be compromised. 

Two-factor authentication is a much more secure method. It requires a password and a secondary piece of information such as a login code sent to a cell phone, a thumbprint, or a security token. This provides a serious upgrade to your digital security because it renders stolen passwords useless. 

On all employee accounts, from email to cloud storage, be sure to enforce two-factor authentication if it’s available. Onehub offers this for our Advanced, Data Room, and Unlimited plans, along with many other powerful security features

Train employees on digital security

Employees can be your main line of defense against digital security threats, or they can be ground zero for a cybersecurity disaster. The only thing separating the two is training. Train your employees to identify digital security risks and follow best practices to protect business data.

They should understand the difference between a secure password and a weak one, be able to spot potentially malicious emails and files, and know which contacts to notify if something goes wrong.

Consult a digital security expert 

The tips above will get you off to a great start on your company’s digital security plan. However, to make sure it’s as comprehensive and effective as possible, consider hiring a digital security consultant. They can discuss the level of security your business needs based on the amount and type of data you have and help you identify the best software and protocols for your company. 

Level up your digital security, cloud storage, and file sharing with Onehub’s free 14-day trial

Protect Your Business Data by Including Cybersecurity in the Onboarding Process

The biggest threat to a company’s data security is its employees. In a 2018 information security report, cybersecurity expert Imran Ahmad explained that “no matter how much an organization spends on technology, the single most important point of vulnerability in an organization remains its employees.” 

Your employees interact with your company’s files, data, and intellectual property on a daily basis. This means they have ample opportunities to wreak havoc on your digital security, either through ignorance or malice. Regardless of intent, an employee-caused data breach can destroy your company’s finances and reputation. 

The best way to protect your business files and other data is to train employees on proper cybersecurity practices from day one. Everyone in your company should know the basics of IT security, from how to safely transfer business files to identifying and reporting digital security threats.

What to include in cybersecurity onboarding

Train employees to identify threats

Everyone has gaps in their knowledge, so don’t assume your new employees know how to spot a cybersecurity threat. Focus on training all new employees to identify and properly handle some of the most common ones. 

Spear phishing emails

Hackers have many tricks up their sleeves, but they have one particular favorite. Spear phishing accounts for 91% of all targeted attacks

Spear phishing is a tactic that involves sending a fraudulent email that appears to be from a trusted source. The email may contain an attachment with malware or a virus, or it may include a request for confidential information. 

If you received an email that appeared to be from your boss saying she needed a confidential file emailed to her right away, would you do it? People tend to obey authority figures, and many employees wouldn’t think twice about following those instructions. 

An employee with proper cybersecurity training would know that emailing files is never a safe practice and would instead share the link from inside a secure file-sharing platform such as Onehub. This way, the shared file would go to the real person and not the spoofed email address. 

Other ways to identify a spear phishing email:

  1. Check the sender’s email address. It’s easy for hackers to spoof the “from” name, but it’s more difficult to spoof the actual email address. Instead, they may create a fake address that resembles the true one but isn’t exact.
  1. If the hacker has spoofed the email address and the sender name, evaluate the syntax of the email. Is this how the sender normally writes? If, for example, your boss always addresses you as “Mark” in emails and this one says “Marcus,” that should set off alarm bells.
  1. Scan attachments for viruses and confirm links are accurate by hovering over them (without clicking!) to see the true URLs.
  1. Make a phone call. If you’re suspicious of the request, but everything appears to be in order, call the person the email is supposed to be from. If that’s not an option, contact your IT department. Never comply with a suspicious email request without confirmation, no matter how dire the person makes the situation sound. (In fact, urgency is another sign that the email may be fraudulent.)

Spear phishing is the most popular type of attack because it’s so effective. Even a trained and diligent employee can fall victim to a spear-phishing scheme. However, it’s much more work to fool an employee that’s well-versed in the basics of data protection. Training employees can dramatically lower your risk of a spear-phishing incident.

Public Wi-Fi

The pandemic has massively shaken up the world of work, and more employees than ever are using public Wi-Fi as they work remotely. Unfortunately, this leaves your company’s data completely vulnerable to attack. 

The most common public Wi-Fi attack is called “man in the middle.” The employee thinks they’re directly connected to the public Wi-Fi, but they’re actually connected to a hacker. The hacker can see confidential information such as passwords and can even inject malicious data to infect the employee’s device. 

If employees must connect to free public Wi-Fi, find a trustworthy virtual private network (VPN) provider for your company. A VPN essentially turns a public network private by establishing a secure and encrypted connection. This means employees can work from wherever they need without worrying about exposing sensitive company information. 

Create a policy for personal devices

With so many people working remotely now, it’s vital to have onboarding guidance for how employees are allowed to use personal devices for work purposes. 

Keep device updated

Emphasize the importance of employees keeping their devices updated. Workers generally know to do this on their work-issued laptops, but they often forget that it’s necessary on their personal devices as well. 

Updates can be time consuming and frustrating, but they’re never issued without good cause. They often contain important patches to address recently discovered security issues. Employees who continually delay updates put their devices and your company’s data at risk. 

Password protect devices and never leave them unattended

It’s difficult to believe, but 52% of people don’t password-protect their cell phones. If employees are using their personal mobile devices for work purposes, they absolutely must lock them with a password. 

It’s also important to remind employees that they should never leave their phones, tablets, or laptops unattended in public places. If they’re working from a coffee shop and need to use the restroom, they need to pack up everything and take it with them. It feels like a huge inconvenience, but it’s much better than having the device stolen or compromised. 

Emphasize the importance of strong passwords

If you think creating strong passwords is common sense these days, allow us to introduce you to some of 2020’s top passwords: 123456, password, and 111111. The time it takes to hack passwords like these is counted in milliseconds

Passwords are one of the most common authentication methods for accounts. We use them so often that they’ve begun to feel like they’re no big deal, but they are crucial for data protection. We have an entire article dedicated to password best practices that you can use to supplement your cybersecurity onboarding. Onehub also allows you to enforce complex passwords for that extra peace of mind.

Use company-provided software 

Many people have a strong affinity for the software they use at home or used in a previous job. While it’s understandable to want to stick to what you know, it’s important that new employees know they can only use company-provided cloud storage platforms, file-sharing apps, and other types of business software. 

Companies vet the security practices of the third-party providers they’ve chosen. For example, Onehub’s cloud storage and file sharing software is protected by bank-level encryption, offers granular roles and permissions to fine-tune data access, enforces strong passwords, and offers two-factor authentication. Employers can’t verify the security protocols of every employee’s preferred software. This creates unnecessary risk to your business files and other data.

In addition to wanting to stick with what they know, employees may find alternate software solutions because the ones your company provides don’t meet all of their needs. You can better understand your staff’s technology needs by asking for their opinions and feedback. 

Your company can choose to find individual providers for each type of service employees want (e.g., collaboration tools, messaging, file sharing), or you can choose a more robust option that offers all of these features within one secure platform. 

Don’t stop at onboarding

Making cybersecurity a focus of your employee onboarding is the best way to ensure all of your employees have the same foundational knowledge about data protection. However, our technological landscape is dynamic. New digital threats are always emerging, as are new cybersecurity practices. To reach total data protection, information security training must become a regular event for all employees. 

Onehub offers a diverse platform that includes cloud storage, secure file sharing, collaboration tools, and messaging — all with bank-level encryption and cybersecurity best practices. Protect your business data today with a free 14-day trial.

You’ve Secured Your Computer, but What About Your Business Printer?

You know all about the cybersecurity threats associated with your computer and know the importance of secure cloud storage for your business, but did you know your company printers are equally vulnerable? Business printers are an often overlooked security risk that can cause major business disruptions, financial losses, and data breaches. 

In 2020, cybersecurity experts from CyberNews hacked 28,000 business printers. Fortunately for those companies, it wasn’t a malicious attack. These ethical hackers were trying to raise awareness about printer security issues, and they only used their access to print a helpful guide called “How to Secure Your Printer.” 

Printers are a tempting target for hackers because they’re connected to the internet, store important information, and are rarely thought of as a security risk. Even a company that’s diligent about protecting work computers from viruses and hackers probably hasn’t given much consideration to securing the printers. (After all, it’s just a printer, right?) With no defense in sight, it’s an easy point of entry. Hackers can quickly gain control of your printer and then infiltrate your corporate network.  

How can a printer be hacked? 

The CyberNews team used specialized search engines to locate IP addresses with open ports. A port is essentially a communication channel that a computer or program uses to connect and transfer information. An open port is one that’s “listening” for connections and, if unsecured, can be used by hackers to gain access to the printer or computer.  

After searching for these open ports and confirming they were actual printers, CyberNews had a list of nearly 1 million vulnerable business printers. To keep the companies’ data private, they created a custom script that would only target the printer’s printing capabilities. An unscrupulous hacker could create a script that’s designed to do much worse.

In 2018, a hacker called TheHackerGiraffe also used an open port to hijack thousands of printers. TheHackerGiraffe forced them to print documents, though their chosen message was about subscribing to a YouTube channel called PewDiePie rather than a guide to securing printers. 

Despite these two “white hat” hackers revealing the extent to which business printers are vulnerable, not much has been done about it. In August 2020, TheHackerGiraffe tweeted, “About 2 years after the printer hacks, still not much has changed. The only way this will change is that if someone starts spam printing large amounts of unwanted ads or harmful content.”

What type of damage can be done with a hacked printer?

In an interview with The Verge confirming he or she was behind the PewDiePie printer hack, TheHackerGiraffe said, “People underestimate how easy a malicious hacker could have used a vulnerability like this to cause major havoc. Hackers could have stolen files, installed malware, caused physical damage to the printers and even used the printer as a foothold into the inner network.”

Let’s break down what each of those possibilities looks like.

Stealing files

Most modern business printers store copies of recently scanned or printed documents. Printing and scanning important documents are part of daily life in an office, so there’s likely to be a lot of sensitive data stored on your printer. These types of business files contain valuable information about your business and your employees. A hacker could easily exploit this data after gaining access to your printer.

Installing malware

Printers are rarely protected by antivirus or anti-malware programs. Hackers can install malware on them by pushing through an update that contains a virus or sending employees malicious (but legitimate looking) attachments from the printer. 

The goal here isn’t usually to simply infect the printer. The real targets are the devices connected to your printer and your corporate network. Once the hacker controls these, they have all the data they need to steal employee identities or intellectual property, launch ransomware attacks, and any number of other exploits.

Causing physical damage

Business printers are an expensive investment and are an integral part of a functioning office. If a hacker infiltrates your printer (or, even worse, a fleet of printers), they can “brick” it, rendering it useless. It’s a costly problem to fix and can wreak major havoc to your business operations. 

Accessing the inner network

A hijacked printer can serve as a path to connected devices and your computer network. This gives the hacker unrestricted access to your company’s confidential information (think: customer lists, credit card numbers, login credentials, employee social security numbers). They can also use this position to launch any number of attacks, from holding your business data ransom to taking down an entire network through a distributed denial of service (DDoS). 

How to protect your business printers

CyberNews created a detailed guide explaining how to protect your printer from hackers. We’ve broken down the main points below, and you can access the step-by-step guide here.

  1. Disable network printing.
  2. Secure printing ports 515, 721-731, and 9100. 
  3. Use a firewall to restrict access to network traffic.
  4. Update your printer firmware to the latest version. Firmware updates are often issued to patch security weaknesses, so it’s important to stay on top of them.
  5. Update your login credentials. Create a unique and complex password that’s at least 16 characters long.

Keep your business data secure

Technology is steadily becoming more complex and hackers more sophisticated. Protecting your business files and other data is an ongoing challenge, but it’s vital to your company’s success. After taking steps to secure your printers, be sure to evaluate the safety of your file storage and file-sharing methods. If they’re not up to snuff, we can help. Try Onehub’s secure cloud storage and file sharing free for 14 days

Is Shadow IT Putting Your Business Data at Risk?

What is shadow IT?

Shadow IT refers to your employees’ use of software, apps, email, browsers, or devices that aren’t part of your company’s approved technology plan. This tech is outside your IT team’s control and may violate security protocols. It creates a serious cybersecurity risk that could cost your company millions. It also means all the money spent on authorized devices, apps, and software is going to waste. 

What does shadow IT look like in action?

  • Employees sending work documents to their personal emails to use when working remotely
  • Departments deciding independently to adopt a new collaboration app they prefer 
  • Employees saving business data to personal cloud storage that doesn’t have enterprise-level security
  • Workers storing confidential business files in apps on their unsecured mobile devices
  • An IT team that becomes ineffective at controlling security risks because they have no idea what random tech employees are using

It’s chilling to realize your employees may be putting intellectual property and other sensitive data at risk. Though it’s a serious security threat, try to keep in mind that employees don’t do this with malicious intent; they’re simply trying to provide themselves with the tools they need to perform their jobs well.

To solve this problem, you must get a comprehensive look at the scope of your company’s shadow IT and understand why employees are choosing to use this unauthorized technology. 

How to eliminate the threat

Identify the scope of shadow IT within your organization

You can’t protect against unknown threats, so the first step is to shine a light on all the shadowy activity in your business. 

Tracking apps such as Microsoft 365 Cloud App Security can pinpoint what applications are running on your network. Shadow IT accounts for 50% of the tech used in most companies, so don’t be shocked if you see a figure close to that. 

Tracking apps can help you evaluate the security threat level associated with each shadow app so your IT team can take action if needed. These apps can also help you determine which employees are using the shadow tech so you can talk to them about the threats involved and, most importantly, find out why they’ve gone outside of recommended technology solutions.

Understand why employees prefer using shadow IT 

Now that you have a clear understanding of all the errant technology your employees are using, it’s time to identify why they prefer this over the sanctioned options. You can do this by comparing the features of the shadow IT to the software and other tech in your company’s official technology plan. You can also conduct a survey asking employees what they like about the unauthorized programs and what they dislike about the company-approved technology. 

Common reasons employees ditch authorized technology in favor of shadow IT

  1. The user interface is outdated or difficult to use
  2. It lacks the tools and features they need 
  3. It’s painfully slow
  4. There’s no mobile option

Moving forward with a better technology solution

After evaluating the various shadow software and gathering firsthand information from employees, you may find that one or more of the shadow IT options is a better fit for your business. There’s no reason to hold on to antiquated technology that no one wants to use. If the shadow tech has the features your team wants, provides the level of security your business needs, and fits the budget, go for it! 

If none of the currently used shadow IT is appropriate for your business, it’s time to look for better options. Compile a list of the features your team wants most and the security protocols that are non-negotiable. 

Ideally, you want to find a solution that fits as many needed features as possible into one service. If employees have to navigate half a dozen apps to complete a task, they’re going to continue circumventing your company’s software solutions in favor of a more convenient option. 

What security measures do you need to keep your business data secure?

Encryption

Encryption is a process that makes your data useless to unauthorized users. If a hacker manages to get their hands on an important file, they won’t be able to read the information. Look for a business software provider that offers 256-bit encryption (i.e., the same encryption the U.S. government trusts to protect top secret files). 

Also, keep in mind that your business data needs to be encrypted when in transit (sharing a file) and at rest (in storage). Only 9.4% of cloud service providers encrypt data at rest, which means they aren’t providing secure data storage. 

Hackers are well aware of this vulnerability and will exploit it whenever they can. Just ask Equifax; they learned this lesson the hard way in 2017 when attackers stole the unencrypted stored data of over 145 million people. 

Two-factor authentication

Two-factor authentication is a user authentication method that requires a password and an additional step such as a code sent to a mobile device or an ID card. It’s a much safer method of authenticating a user than password-only logins. 

Most of us are guilty of reusing passwords, and it creates a huge security risk. If an employee is reusing a work password — or, even worse, a work password and work email— any data breach in a secondary site will jeopardize the work account. It’s essentially putting the keys to the castle right in the hacker’s hands. 

Two-factor authentication dramatically reduces this security threat. If an unauthorized user gets hold of an employee’s login credentials, it won’t matter. The second level of authentication isn’t available to them, so they can’t access the account. 

Precise roles and user permissions

Software that allows you to customize the way each employee, client, or vendor can interact with your business files is an essential security feature. Granular roles and permissions let you decide what information a user sees and how they interact with it. 

When evaluating various providers, get a clear idea of the amount of control and customization their roles and user permissions allow. You should easily be able to do things such as add or remove permissions at any time, “view as” each role to ensure it provides the level of access you expected, and dictate whether users are allowed to edit, print, or download documents. 

Strong password enforcement

Two-factor authentication is the best way to authenticate accounts securely, but that doesn’t mean it’s ok to use a simple password. Technology advances rapidly, as do the tricks available to hackers. Ensure your employees’ accounts are as secure as possible by enforcing strong passwords. 

The anatomy of a strong password:

  • No sequential numbers
  • No personal information such as name or date of birth
  • At least 12 characters long
  • No common substitutions such as a dollar sign to replace an “s”
  • Use a mix of uppercase and lowercase letters, numbers, and symbols

What software features do most employees want?

Easy file sharing

Employees need to be able to securely share business files with colleagues, vendors, and clients. For the most convenience and flexibility, your employees should have various file-sharing options such as secure direct links for people who don’t have account access, password-protecting files, and setting expiration dates for access.

Communication tools

Good communication is the foundation of a good business. A technology solution that enables fast, easy communication across teams is a valuable asset that boosts productivity and employee engagement. Set your team up for success with features such as leaving comments on specific files or folders, sending messages within the platform, and assigning tasks. 

File syncing and version control

Automatic file syncing and version control make collaboration a breeze. 

Ever been stuck trying to figure out which version of a project file is the most recent? How about working hard on a document and then realizing it doesn’t reflect the team’s recent additions? At best, those issues are extremely frustrating. At worst, they derail important projects and could lose your company money.

Secure data storage providers such as Onehub make sure this never happens to you or your employees. Files are automatically synced across devices, so an employee can go from their laptop to their phone and still have the correct file information at hand. 

Software integrations

Microsoft Office Online and Google Docs are two standard options for creating and editing files. You can save your employees a ton of time by selecting a software provider integrated with both. That means employees can preview, create, and edit documents without having to leave the platform. If you consider the number of files an employee works with daily, you can see how that time savings add up. 

DocuSign is another great integration to look for. If your company regularly needs clients to sign non-disclosure agreements, contracts, or other important documents, this is a valuable feature to consider. Not only is it faster and easier for your employees, but your clients will also appreciate not having to print, sign, scan, and email the files back. 

The best way to prevent the security threats that come with shadow IT is to provide employees with a robust software option. Onehub provides all the security features your company needs and all the tools your employees want. For the best of both worlds, sign up today for our free 14-day trial

Data Encryption: Learn the Basics to Protect Your Business Files

What exactly is data encryption?

Data encryption is a complex facet of data security that consists of high-level mathematics and cryptography. Encryption protects data such as business files by making the information unreadable to unauthorized users. An algorithm processes the regular data (plaintext) into an encrypted format (ciphertext) that requires a key to access. If a hacker intercepts encrypted data, it’s useless without the decryption key.

Fully understanding data encryption would require a stack of reference texts and countless hours of study. Luckily, a deep understanding isn’t necessary to make informed decisions about protecting your business data.

If we told you right now that Onehub uses 256-bit encryption to protect your data both in transit and at rest, would you know if that’s good? If your answer is no, that’s okay. We’re going to cover common questions and terms that will give you sufficient working knowledge of data encryption for your business. 

Do I really need to encrypt business files? 

Yes, urgently. 

In a report to Congress, the Congressional Research Service stated, “[Strong encryption] is important because the world has become more connected, and attackers have become more persistent and pervasive. It is difficult to overemphasize the extent to which Internet-connected systems are under attack.” 

The average cost of a data breach for a U.S. company is nearly $4 million. On top of that, customers are wary about continuing to do business with a company that exposed their personal information. 

Avoid this nightmare scenario with sensible cybersecurity protocols. Encrypting your company’s data should be standard practice because it renders any stolen data useless. 

Why can’t I just password protect files?

Some people rely on password-protected files or password-protected folders to keep their information safe, but this is a woefully inadequate security measure. 

Passwords are easy to crack. In 2020, nearly all of the most commonly used passwords could be cracked in under one second. (Not surprising considering the most common password was “123456”.) Hackers can even avoid this half-second inconvenience if they’ve acquired your passwords from a data breach. They simply log in, collect all the juicy information they can find, and then sell it for easy money.

To give you a real-world comparison, password-protecting a file is like the lock on your child’s diary, and data encryption is Fort Knox. If you encrypt your data, no one is getting access unless you want them to.   

How does encryption work?

A cryptosystem, a complex series of algorithms, controls data encryption. The system uses encryption and decryption algorithms to switch up the characters contained within the data. The encryption algorithm is responsible for substituting plaintext characters to turn the data into unreadable ciphertext. The decryption algorithm reverses this process, changing the protected information back into readable plaintext.

To give you a visual of how the process works, imagine you need to send a box full of diamonds to a very lucky friend. Obviously, the diamonds are valuable, and many people would love to get their hands on them. You decide to secure the box with a padlock. Before sending the locked box to your friend, you send them the padlock key. Once you use the padlock to secure the box, the only person who can open it is your friend who has the key. 

That is encryption and decryption in a nutshell, though it does leave out one crucial aspect. A padlocked box can be broken into by brute force, whereas encrypted data is impenetrable without the key.

What’s the difference between 128-, 192- and 256-bit encryption?

The number in front of “bit” represents the numeric length of the key used to encrypt data. The difference between them is simply the number of bits in the encryption key. The more bits, the more time it will take a hacker to crack the ciphertext.

128-bit and 192-bit encryption are both considered relatively safe to use right now, but they are becoming increasingly less secure as technology advances. 256-bit encryption is one of the most secure data encryption methods available today. Banks use this encryption method to protect sensitive financial information, and the U.S. government trusts 256-bit encryption to protect top secret information

Can encrypted data be cracked?

In theory, yes. It’s a math problem, and it can be solved, but the security of data encryption lies in its mathematical complexity. While it’s technically possible to crack encrypted data by brute force, the amount of time it would take is astonishing. 

For a hacker to crack 256-bit encryption without the key, it would take approximately 27 trillion trillion trillion trillion trillion years (aka vigintillion years). For context, our universe is less than 15 billion years old.  It’s more likely that the universe would end before the encryption was ever broken (Scrambox).

What does it mean to encrypt data in transit and at rest?

When you share a file via the internet, that data is in transit. The thousands of business files saved to your local or cloud server are at rest. Files are vulnerable in both states, though at-rest data is overlooked in many security plans.

According to a study by McAfee, 81.8% of cloud storage providers encrypt in-transit data; however, only 9.4% encrypt data at rest. Hackers know this, so instead of trying to crack encrypted in-transit data, they look for unprotected data at rest.

Equifax’s 2017 data breach is a prime example of why encrypting both is essential. The personal information of over 143 million customers was breached because the company did not encrypt its stored data. 

Ex-CEO Richard Smith confirmed that the stolen data was stored in plaintext. He went on to say, “There are varying levels of security techniques that the team deploys in different environments around the business” (Wired). 

Is it just us, or is that statement meaningless? 

Generalized statements like Smith’s should be a red flag to anyone evaluating data security or cloud storage providers. If they can’t plainly state their security strategies, strike them off your list and continue your search. Companies with solid security and encryption protocols will be happy to share the methods they use to keep your business data safe. 

Safeguard your business data today

Protecting your business files should be a top priority in 2021. The internet can be a scary place for data, and there’s too much at risk to leave valuable company information unprotected. Encrypted files give you the peace-of-mind you want for your most sensitive data.

Onehub takes data security seriously. Our 256-bit encryption protects data both in transit and at rest, so our clients’ business information is as secure as top secret government files. Sign up today for our free 14-day trial, and rest easy knowing we’ve got you covered.