Blog

June 27th, 2017

When we write about how antivirus software isn’t enough to keep you safe from malware, it’s not just scare tactics. There are so many ways hackers can break into your system that antivirus solutions will never catch. For a real-world example, look no further than the router exploit kit recently leaked from the CIA.

The Wikileaks CIA documents

For several months, the notorious website famous for leaking government data has been rolling out information it obtained from the Central Intelligence Agency. The documents detail top-secret surveillance projects from 2013 to 2016 and mainly cover cyber espionage.

In the most recent release, documents describe government-sponsored methods and programs used to exploit home, office, and public wireless routers for both tracking internet browsing habits and remotely accessing files stored on devices that connect to compromised networks.

Is my router one of them?

According to the documents, 25 models of wireless routers from 10 different manufacturers were being exploited by the CIA. They weren’t off-brand budget devices either; the list includes devices from some of the biggest names in wireless networking:
  • Netgear
  • Linksys
  • Belkin
  • D-Link
  • Asus
Those brands account for over a third of wireless routers on the market, which means there’s a good chance you’re at risk.

After WannaCry used a previous CIA leak to fuel its global spread, you need to worry about more than just being a target of government espionage too. Over the past few years, almost all of these leaks have quickly made their way into criminal hands.

Patching vulnerabilities

Fixing security gaps in hardware is tricky business, especially when they’re mainly used to monitor rather than corrupt. In most cases, there will be no visual cues or performance problems to indicate your hardware has been infected. As such, you should plan on regularly updating the software on your hardware devices whenever possible.

Accessing your router's software interface isn’t a user-friendly experience for non-IT folks. Usually, to access it, you need to visit the manufacturer’s website and log in with the administrator username and password. If these are still set to the default “admin” and “password” make sure to change them.

Once logged in, navigate through the settings menus until you find the Firmware Update page. Follow the instructions and confirm that the firmware has been properly installed.

The CIA’s router leaks were vague, so we’re not even sure how recent they are. We are fairly certain, however, that all of the manufacturers have since patched the vulnerabilities. Regardless, updating your router’s firmware will protect from a number of cyber security risks. If you’re unable to finish the task on your own, one of our technicians can fix it, as well as any other firmware vulnerabilities, in a matter hours. All you need to do is call!

Published with permission from TechAdvisory.org. Source.

Topic Security
June 23rd, 2017

As machine learning, digital storage, and analytics software get more advanced, data is becoming more valuable than ever. Even businesses that don’t rely on data to operate are starting to find ways to get more value out of their information. Microsoft’s newest platform is an excellent example of that -- and it’s free!

What is Power BI?

Released in the spring of 2016, Power BI is Microsoft’s business analytics platform. Regardless of whether or not data is stored within a Microsoft platform, connecting Power BI to a database allows you to create detailed graphs, charts, maps, and more. For example, if you upload sales records, dragging and dropping two columns is all it takes to map out where your product sees the most demand.

Recently, Microsoft announced a brand new feature for business owners who want to get more value out of their software subscriptions. The Office 365 adoption content pack collects information about how your employees use Microsoft productivity software, and feeds it directly into Power BI’s analytics. There are four types of insights you can work with:

Adoption

These metrics give you visibility into how much each O365 platform is being used. You may be paying for OneDrive accounts for the entire organization, only for Power BI to reveal that less than a quarter of your team is using it. Compare enabled users and active users to get a clearer picture of your investments.

Communication

You can also see exactly how employees are using communication solutions. If nearly everyone on the team is accessing Skype for Business from a mobile data connection, it might be time to reduce your investments in cellular-based minutes.

Collaboration

Microsoft has several collaboration platforms, and without proper guidance, employees are likely to use the easiest one rather than the best one. Power BI shows you how much time users spend time in their own Word, PowerPoint, and SharePoint documents compared to the time they spend in documents from colleagues. This shows you which platforms encourage the most collaboration and which ones are struggling.

Activation

- The activation insights give you under-the-hood visibility into which versions of O365 users are running, and what devices they use to access them. That may seem like trivial information, but it can have huge impacts on cyber security.

Power BI comes in three different plans: Desktop, Pro, and Premium. Best of all, both the Desktop plan and the Office 365 adoption content pack are totally free. If you like what you see, consider enlisting us to set up and optimize either a Pro or Premium Power BI deployment -- we’re only a phone call away!

Published with permission from TechAdvisory.org. Source.

Topic business
June 21st, 2017

Power outages caused by utility failure, accidents, and natural disasters such as storms, flooding, or earthquakes are inevitable. There’s very little you can do to prevent any of these from happening, but you can avoid the consequences to your business by using an Uninterruptible Power Supply (UPS).

What is an uninterruptible power supply?

An uninterruptible power supply is an essential piece of hardware that protects both your computer and your data. It provides a backup power source in case of main power failures caused by electrical current problems such as blackouts, brownouts, and power spikes.

Smaller UPS units can protect individual computers while larger models can power multiple devices or an entire office. Small businesses can opt for individual UPS units, which should be enough to back up critical computers and other devices that are key to business continuity.

Benefits of having UPS

It’s a known fact that power outages can damage or completely destroy electronic equipment, especially computers. Unexpected computer shutdown can cause great damage to your computer hardware and make you lose unsaved data. A UPS ensures you never experience such a scenario.

Here are other ways that a UPS benefits your systems:

  • Uninterrupted power flow during power surges

When you have UPS, the voltage that passes from the main electrical lines to your devices is consistently stabilized. This protects your computers from power surges, which happen when the voltage in other equipment suddenly rises.
  • Refined and filtered power supply

It normalizes power levels so that your computers are protected against dips and spikes caused by lightning or an abnormal power supply that usually comes from restored power after a blackout.
  • Instant power during brownouts

An uninterruptible power supply guarantees your operations’ continuity. In the event of short-term interruptions, it gives you enough time to switch to a larger, more stable power supply such as a generator. But unlike a generator, it provides instant power to your equipment at the exact moment the power goes out.

Does your business need a UPS?

If you’re purchasing new computers for your small business, a UPS is an invaluable add-on. Businesses that require constant power to function such as hospitals, banks, academic institutions, manufacturing companies, and any business for which storing and processing data are critical tasks can benefit from uninterrupted power.

Determining the type of UPS for your business as well as installing and maintaining it may require the expertise of professionals. We have experts who could provide you with information on properly operating a UPS, replacing its battery, identifying devices that should never be connected to it, and other safety tips. Call us today for advice.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
June 14th, 2017

By now, you’re probably familiar with popular Office 365 productivity features like Skype for Business, and real-time collaboration in Word, Excel, and PowerPoint. You might even remember a few time-saving keyboard shortcuts that will make your Office 365 experience a lot smoother. But even after all that, there’s still much to learn about Office 365. Here are some more tricks that can boost your productivity.

Declutter your inbox If you’re having trouble managing the overwhelming amount of emails in your inbox, then using Office 365’s “Clutter” feature can clear up some space. To enable this feature go to Settings > Options > Mail > Automatic processing > Clutter then select Separate items identified as Clutter. Once activated, you need to mark any unwanted messages as “clutter” to teach Office 365. After learning your email preferences, Office 365 will automatically move low-priority messages into your “Clutter” folder, helping you focus on more important emails.

Ignore group emails Are you copied on a long email thread you don’t want to be part of? If so, simply go to the message and find the Ignore setting. Doing this will automatically move future reply-alls to the trash so they never bother you again. Of course, if you ever changed your mind, you could un-ignore the message: Just find the email in your trash folder and click Stop ignoring.

Unsend emails In case you sent a message to the wrong recipient or attached the wrong file, Office 365 has a message recall function. To use this, open your sent message, click Actions, and select Recall this message. From here, you can either “Delete unread copies of this message” or “Delete unread copies and replace with a new message.” Bear in mind that this applies only to unread messages and for Outlook users within the same company domain.

Work offline Whenever you’re working outside the office or in an area with unstable internet, it’s a good idea to enable Offline Access. Found under the Settings menu, this feature allows you to continue working on documents offline and syncs any changes made when you have an internet connection. Offline access is also available in your SharePoint Online document libraries.

Use Outlook plugins Aside from sending and receiving emails, Outlook also has some awesome third-party plugins. Some of our favorite integrations include PayPal, which allows you to send money securely via email; and Uber, which lets you set up an Uber ride reminder for any calendar event. Find more of productivity-boosting plugins in the Office Store.

Tell Office applications what to do If you’re not a fan of sifting through menus and options, you can always take advantage of the Tell Me function in your Office 2016 apps. When you press Alt + Q, you bring up a search bar that allows you to look for the functions you need. Suppose you need to put a wall of text into columns on Word but can’t find where it is specifically. Just type ‘column’ and Microsoft will help you with the rest.

These tricks and features themselves will definitely increase productivity. And fortunately, there’s, there’s more coming. Microsoft continues to expand Office 365’s capabilities, and if you truly want to make the most out of the software, don’t be afraid to explore its newly released features.

For more Office 365 tips and updates, get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Topic Office
June 12th, 2017

Last October, Pinterest launched its first paid advertising service, “Promoted Pins,” which is geared toward large enterprises. Recently, a similar product named “DIY Promoted Pins” was released for small- and medium-sized businesses. This shows how popular social media has become in helping to establish an online presence for your business, and here are some tips to get you started.

Know your audience According to a study conducted by Ahalogy and AcuPOLL Precision Research, Inc., Pinterest is largely used by women, mostly “Millennial Moms.” If your typical customer demographic is predominantly male, your marketing efforts would probably be better spent elsewhere. But if your business caters to women between the ages 15-29, you should consider creating an online presence on Pinterest.

Think like a content marketer Users are looking for engaging content, which is why 59% of active Pinterest users go for Pins that lead to blog posts, articles, and even photos. The most popular topics on the platform are more visual (e.g., food, fashion, decor, etc.), so if you don't have highly visual content, then infographics, images from blog entries, and even photos of staff members also do the trick.

Look for inspiration Getting stuck in a creative rut happens to the best of us, so check out the boards that are saving your Pins to get some fresh insight. There's a good chance that people saving your Pins have related content that can help you gain insight into what your typical customer is interested in. Not only that, it also helps you identify trends and come up with new ideas for a marketing campaign.

Categorize your boards By creating and properly labeling multiple boards -- one for each of your products or services -- your users are able to engage not only with your general content but also with content they’re more interested in.

Determine posting frequency Excessive pinning might overwhelm or simply annoy your audience, but not pinning enough might cause followers to lose interest. Create a posting schedule and gauge audience reaction before making any changes to the frequency of Pins.

In order to surpass the stiff competition, you’ll need all the help you can get, and that includes social media marketing. If you have any questions about Pinterest and how it can help your business grow, don’t hesitate to give us a call.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
June 9th, 2017

When your employees seek your IT security staff’s help to fix their personal computer (PC) problems, it’s often perceived as a productive use of everyone’s time. After all, employees must have working computers and IT professionals are expected to resolve any technology issues. What doesn’t get acknowledged, however, is that instead of troubleshooting technical problems, your technology support staff could be spending their time on more productive tasks.

Cost of fixes

According to a survey of technology professionals, companies waste as much as $88,660 of their yearly IT budget as a result of having security staff spend an hour or more per work week fixing colleagues’ personal computers. The ‘wasted amount’ was based on an average hourly salary of IT staff multiplied by 52 weeks a year. Other than knowing how much time is wasted, what makes things worse is that IT security staff are among the highest paid employees in most companies.

The fixes have mostly to do with individual rather than department- or company-wide computer problems that don’t necessarily benefit the entire company. The resulting amount is especially staggering for small- and medium-sized businesses (SMBs) whose limited resources are better off spent on business intelligence tools and other network security upgrades.

Other costs

All those hours spent on fixing personal computers often means neglecting security improvements. The recent WannaCry ransomware attacks, which successfully infected 300,000 computers in 150 countries, demonstrate the dangers of failing to update operating system security patches on time. It should be a routine network security task that, if ignored, can leave your business helpless in the face of a cyber attack as formidable as WannaCry. It didn’t make much money, but had it been executed better, its effects would have been more devastating to businesses, regardless of size.

Profitable projects could also be set aside because of employees’ PC issues. For SMBs with one or two IT staff, this is especially detrimental to productivity and growth. They can easily increase their IT budgets, but if employees’ negligible computer issues keep occurring and systems keep crashing, hiring extra IT personnel won’t do much good.

What businesses should do

The key takeaway in all this is: Proactive IT management eliminates the expenditure required to fix problematic computers. Bolstering your entire IT infrastructure against disruptive crashes is the first step in avoiding the wasteful use of your staff’s time and your company’s money.

Even if your small business has the resources to hire extra staff, the general shortage of cyber security skills also poses a problem. Ultimately, the solution shouldn’t always have to be increasing manpower, but rather maximizing existing resources.

Having experts proactively maintain your IT eliminates the need to solve recurring small issues and lets your staff find a better use for technology resources. If you need non-disruptive technology, call us today for advice.

Published with permission from TechAdvisory.org. Source.

Topic Security
June 7th, 2017

The chances of your business being hit by a hurricane are slim. But this year, the odds are actually alarming -- the National Oceanic and Atmospheric Administration (NOAA) predicts up to four unusually active hurricanes. If you don’t want to fall victim to data loss and tarnish your business’s reputation in the process, read on.

The NOAA forecasts 11 to 17 tropical storms in the Atlantic, the Caribbean Sea, and the Gulf of Mexico. Hurricane season has officially begun and is expected to last until the end of November. The four allegedly active hurricanes are presumed to be Category 3, 4, or 5 on the Saffir-Simpson Hurricane Wind Scale (Category 1 is the weakest and 5 the strongest).

But don’t panic just yet; here are five steps you can take to protect your business during hurricane season.

1. Schedule a DR drill

Despite having a DR plan, many companies don’t test their plan, at least not as often as they should. So if you’re one of those companies, it’s crucial to conduct a DR drill now. A lot can change in the months or years since you have last tested your plan -- systems updates, infrastructure upgrades, employee turnover and more. By scheduling a drill, you’ll be able to make sure everyone knows their roles and that all critical systems are covered.

Note that you should try to perform desktop walkthrough exercises, operational tests, and simulated recovery exercises on a regular basis.

2. Make sure your staff are prepared

All your staff should know what the evacuation procedures are as well as their responsibilities in the DR process. If not, coordinate with HR to make sure everyone in your company understands what the plan of action is for hurricane season. Staff with specific responsibilities need to get the documentation needed to effectively manage their roles in the event of a hurricane.

Set meetings with your DR team and schedule training for new team members. Your DR team should be able to quickly mobilize other employees to the DR site before bad weather hits. Don’t forget to touch base with any providers you are supposed to work with in case of an emergency, too.

3. Secure your backup site

In addition to a secondary location for data storage, your DR plan should also include another backup site so that you can continue your operations. In the event of a hurricane, dedicated space is imperative since your backup sites will likely be occupied with employees.

You should also consider the redundancy of utilities at your DR site, making sure you have enough power feed, fiber carriers, and anything else you’ll need to remain operational.

4. Check for amenities at your DR site

Whether your DR site is in the hurricane zone or in the nearest city, chances are hotels will be overbooked as people fight for a place to stay. This means your staff will likely be stuck onsite around the clock, so you need to make sure there is enough amenities to get them through this hectic period. Is there a place for employees to shower and sleep? Is there enough food and water to last them for at least a couple of days? These amenities will help your staff pull through as they restore your operations.

5. Update your DR plan’s appendix

Your DR plan should have an appendix with contact information, SLAs, and systems inventories information. More importantly, this information needs to be up-to-date; the last thing you need is calling your IT vendor when a server goes down only to reach the wrong number.

Go through all critical information in your DR plan and add any other information as needed. Vendors and shipper's contact information are a must as they will guarantee that you get hardware and power supplies backup without any hassles.

Unlike a fire drill which can be conducted on a yearly basis, your business continuity and disaster recovery plan needs to be tested regularly to meet your company’s changing needs. If you don’t already have a DR plan, or have any further questions, don’t hesitate to give us a call.

Published with permission from TechAdvisory.org. Source.

Topic business
June 2nd, 2017

Bluetooth technology helps simplify our daily lives -- it allows for hands free communication, a quick and easy way to share content with friends, family, colleagues, and more. In fact, 45 percent of Americans have Bluetooth enabled across multiple devices. This raises the question: Does using Bluetooth leave our doors opened to hacker attacks?

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?

Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?

The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:
  • Switching your Bluetooth to “non-discovery” mode
  • Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
  • Never accept pairing requests from unknown users
  • Require user approval for connection requests (configurable in your smartphone’s security features)
  • Avoid pairing devices for the first time in public areas
Bluesnarfing isn’t by any means the newest trick in a cybercriminal’s book, but that doesn’t mean it’s any less vicious. If you’d like to know more about how to keep your IT and your devices safe, give us a call and we’ll be happy to advise.
Published with permission from TechAdvisory.org. Source.

Topic Hardware
May 29th, 2017

For businesses, the security of sensitive data is critical. If this information is lost or stolen, it could lead to crippling financial losses, legal disputes, and more importantly, loss of customer trust. And while those of you with Microsoft Office 365 installed have some security and compliance tools, there are still some data protection best practices you need to consider. Here are seven of them:

Take advantage of policy alerts Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure mobile devices With the growing trend of using personal smartphones and tablets to access work email, calendar, contacts, and documents, securing mobile devices is now a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access rules, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use multi-factor authentication Because of the growing sophistication of today’s cyberattacks, a single password shouldn’t be the only safeguard for Office 365 accounts. To reduce account hijacking instances, you must enable Office 365 multi-factor authentication. This feature makes it more difficult for hackers to access your account since they not only have to guess user passwords but also provide a second authentication factor like a temporary SMS code.

Apply session timeouts Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to compromise sensitive data. But by applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from simply opening company workstations and accessing private information.

Avoid public calendar sharing Office 365 calendar sharing features allows employees to share and sync their schedules with their colleagues. However, publicly sharing this schedule is a bad idea. Enabling public calendar sharing helps attackers understand how your company works, determine who’s away, and identify your most vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash a slew of malware attacks to corrupt your data before your business can respond.

Employ role-based access controls Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt emails Encrypting classified information is your last line of defense to secure your data. Should hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate flexibly, you must be aware of the potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. And if you need help securing your Office 365, we can help with that too! Simply contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Office
May 25th, 2017

No one can escape the news of WannaCry. The IT industry has been covering this type of malware for years, but never has one campaign spread so far or infected so many computers. Read on to gain a greater understanding of what happened and how to prepare yourself for the inevitable copy cats.

Ransomware review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to protect yourself for what comes next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

  • Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.
  • Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”
  • Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.
Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, call us today.
Published with permission from TechAdvisory.org. Source.

Topic Security