Blog

April 26th, 2017

Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Just this month, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug.

The attack On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Published with permission from TechAdvisory.org. Source.

Topic Office
April 24th, 2017

Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades -- and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com -- which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
April 20th, 2017

2017April20Business_AThere was a time when mobile phones were used exclusively for calling and texting. Now, they can do so much more. Regardless of your level of tolerance or skill for managing documents in such a small gadget, mobile devices allow you to send and receive email, download and upload media files, store data, and even close business deals. As mobile devices became indispensable in everyone’s personal and professional life, the security risks have also increased -- and backing up became more critical than ever.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Published with permission from TechAdvisory.org. Source.

Topic business
April 18th, 2017

2017April18Hardware_AFor decades, one of the most foundational principles of cyber security has remained the same: Always update and patch your software. But for most people, hardware is exempt from this process. They think of hardware as nothing more than a vessel for software to occupy -- and that’s totally incorrect. Read on to learn more about this oft-neglected aspect of IT security.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Published with permission from TechAdvisory.org. Source.

Topic Hardware
April 11th, 2017

2017April11Office_AIn case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public.

What’s the damage?

Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers -- all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function.

After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function.

Recent updates

To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease.

Microsoft’s final word

Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site.

In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground.

Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services.

If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now for advice.

Published with permission from TechAdvisory.org. Source.

Topic Office
April 10th, 2017

170px-01Does your business have a social media policy? If so, when was the last time you updated it? If you're taking too long to answer these questions, that isn’t a good sign. Because you should be conducting regular reviews, at least annually. You'd enjoy innumerable benefits, and deter your employees from obsessing over Snapchat filters in the process.

Avoid legal trouble Do you remember Chipotle’s social media debacle in 2015? It lost a lawsuit for firing an employee that posted negative content on social media because it turned out that Chipotle’s social media policy violated federal labor laws. That’s why you should work with your legal team to keep your policies up to date: so they comply with the Federal Trade Commission and the National Labor Relations Board.

Protect company information Social media policies can actually help safeguard sensitive data from hackers and cyber attacks, especially in a bring-your-own-device (BYOD) working environment. Employees must know the proprietary company information that must never be shared, as well as understand that confidential information -- such as marketing tactics, non-public financials, and future product launches -- are to be communicated only ‘internally.’ A good example is General Motor’s social media policy, which clearly spells out what can and can't be disclosed to the public.

Define which kinds of social media activities are and aren't allowed Although posting offensive or insensitive material on a company-branded social media page being is an obvious no-no, it still happens. For the people handling your company’s social media, what precautionary mechanisms are in place to avoid a public relations disaster? Are there rules for different platforms? Beyond that, however, is a lot of gray area when it comes to if and how employees will be held accountable for what they post on their personal profiles. When social media policies clearly outline how employees should behave online and the punishments that come with violating that agreement, you can deter rogue employee posts and avoid a viral fiasco.

Effective social media policies need to be fluid and responsive to the fast-paced modern business environment. Taking the time out to perform yearly social media policy reviews will save your employees a lot of confusion while helping your company steer clear of potential PR and legal nightmares. If you have further questions, don’t hesitate to send us an email or give us a call!

Published with permission from TechAdvisory.org. Source.

Topic Social Media
April 6th, 2017

2017April6Security_AWikileaks, the website that anonymously publishes leaked information, recently released a number of documents alleging widespread surveillance by the US government. The released documents claim that the vast majority of these efforts took place via smartphones, messaging apps and...TVs? Let’s see just how worrisome they really are.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:
  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide
Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering -- and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug -- which was patched in an OS update years ago.

But what about iOS -- surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Published with permission from TechAdvisory.org. Source.

Topic Security
April 4th, 2017

2017April4Business_AInstalling software that immediately boosts employee efficiency is any small- or medium-sized business owner’s dream. With Office 365’s newest dashboard -- that’s exactly what you’re getting. And best of all, it’s directly integrated with your existing productivity suite. Read on to learn more.

What is MyAnalytics?

Microsoft’s newest productivity offering is all about applying machine learning technology to your employees’ Office 365 data. By utilizing extremely powerful computing processes to analyze huge blocks of information, MyAnalytics can uncover trends and correlations that may be too complex for human discovery.

Every day, Office 365 users create several thousand new data points across Microsoft’s productivity suite, and there’s a lot of potential to rearrange meetings, project goals, and employee tasks to increase efficiency.

The most obvious improvement is with Outlook calendar. MyAnalytics tracks how long you’re spending with each person in your office as well as the time you’re investing in specific projects. After sufficient information has been gathered, your Office 365 dashboard will begin coaching you on how to organize meetings and project goals based on your habits and past successes.

How can it improve your office?

Have you ever worked on a huge project that required multiple contributors? Did you all meet regularly to update each other on progress? Users who add contacts -- from both inside the company and out -- and projects to MyAnalytics get reminders to stay in touch with co-workers most vital to project completion.

Every metric tracked by MyAnalytics can be shared with your team to make sure everyone is on the same page. So MyAnalytics is more than just a motivational tool, because sharing these metrics allows your team to identify bottlenecks and trends to smooth the workflow process.

Response time is another key metric your employees are probably only vaguely aware of. MyAnalytics calculates average email response times -- both from you and from contacts -- to identify what time of day you’re best at communicating, and how you can adapt your schedule to get more work done in the same amount of time.

Privacy concerns

One of the greatest things about MyAnalytics is that it doesn’t introduce any new privacy concerns for business owners. All the data it uses to create customized coaching and advice is publicly available to everyone at your business -- via calendar appointments, email content, and message timestamps. The only difference is that Microsoft is lending you the previously prohibitive computing power to sift through all of it.

Availability

This wonderful new tool comes free with any Enterprise E5 plan, but can also be added on to E1 and E3 Enterprise plans for just a few dollars per month.

Increasing employee productivity is never as clear cut as it is with MyAnalytics. Install a solution, follow its advice, and start brainstorming about what to do with all your extra time. We’ve got plenty of other great solutions for streamlining your business processes -- call us today to find out!

Published with permission from TechAdvisory.org. Source.

Topic Office
March 30th, 2017

2017March30Hardware_AThis month, Intel unveiled a revolutionary new type of hard drive that can work as either a storage or RAM unit, while offering faster performance than most hard drives in the market. Its performance and technical capabilities make it appealing for a wide range of applications, but is it worth the investment? Read on to find out.

Optane SSD Intel’s new standalone drive maximizes storage performance and can also serve as extra RAM for your servers. The Optane SSD DV P4800X has 375 GB of space, a data read latency of 10 microseconds, and data transfer rates (or throughput) of 2GB per second. With these specs, Intel claims users will experience faster boot times, quicker application load times, and 30% faster system performance.

All of this makes the Optane SSD perfect for hosting machine learning and analytics. Also, if your company is involved in high-performance computing, Intel’s new RAM/storage drive should be high on your company’s wish list.

Optane SSD, however, may not be the best for everyone. First of all, the latest storage drive is meant for servers. Another downside is that the 375-GB SSD is a hefty $1,520 -- almost as much as deploying your own in-house server would cost! In this case, you would probably get more value out of a conventional SSD.

SSD Consumer-level SSDs still provide fast software boot times, but will probably offer less storage space and throughput rates than the Optane SSD. This really isn’t much of a sacrifice, considering that plenty of users can afford and work with 128 GB of ‘normal’ SSD storage. In fact, a 128-GB SSD can go for as low as $50.

HDD Your other choice would be the standard hard disk drive (HDD). Though these storage devices are far more common and much less expensive than the previous two, HDDs are slow to boot, noisy, and susceptible to hardware damage and data loss. The only thing going for the traditional hard drive is its storage capacity. For $50 dollars, users can buy a 1-TB hard disk drive.

Although HDD may not be ideal in terms of speed, it’s a good choice for any business on a tight budget. Most people actually pair SSD with their standard HDD to get the best of both worlds. Operating systems and critical applications can be stored in SSD for faster boot times, while regular files can be stored in HDD.

Even with this crash course on hard drives and SSDs, you will still probably need a storage professional to help you pick the best device for your business. For all your storage drive queries, installment requirements, and IT maintenance needs, contact our IT consultants today.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
March 24th, 2017

170px_img_shutterstock_265131059Preceding its general availability, Microsoft has recently rolled out a major update for Microsoft Teams -- Window’s version of the cloud-based team collaboration tool, Slack. The latest bundle of features will kick things up a notch, allowing you to do more than IM your manager about your weekly meeting or ask your colleagues to remove the “view only” setting on Google Docs.

Smarter meetings The latest addition to Microsoft Teams is Scheduling Assistant, responsible for finding the ideal time to schedule a meeting. It takes into consideration the schedules of all members, and suggests the best possible time for all attendees. Needless to say, whereas Teams allowed users to schedule only intra-team meetings, Microsoft now supports one-on-one meetings. If you want to steer clear of Skype, read on.

Bots, bots, and more bots With the latest update, bots are now capable of tapping into conversations happening in a team as opposed to a separate chat. To activate team bots, simply type “@” and begin interacting with the bot from there. Microsoft is also working on adding a Bots tab to Teams. This allows you to keep track of all the bots that have been added to a certain team while allowing you to discover new tabs as well. Other bot-related improvements include:

  • New bot gallery - the gallery displays a complete list of all the available bots on Microsoft Teams. Alongside the gallery is where you can add bots to one of your teams.
  • Discover bots via search - simply click on the search bar at the top and select “Discover bots”. From there click on a bot to start chatting, or click “Add” to add it to a team.
  • Add a bot with an @mention - to add a bot to a channel, simply type “@” in your compose box, then select “Add a bot”
Public teams With public teams, anyone from your organization can join the team, unlike the private teams which are open only to specific members. Public teams will show up when a user is trying to join a new team, and you can also turn your existing private team into a public team (and vice-versa).

When it was launched in November 2016, Teams was a relatively minimal service. But in just four months, it’s become a lot more powerful and stable. Microsoft Teams has been available to Office 365 Business Essentials, Business Premium, and Enterprise E1, E3 and E5 users since March 14th. If you have any questions, don’t hesitate to give us a call!

Published with permission from TechAdvisory.org. Source.

Topic Office