Author: danielle

New phishing scam targets Office 365 users

With more than 100 million monthly active subscribers, Office 365 has attracted the attention of hackers who’ve revamped an age-old trick. This time, they come up with a highly targeted, well-crafted spear-phishing scam that’s even more difficult to identify. Here’s everything you need to know.

What makes it different from other scams?

The new threat comes in the form of spear phishing, an old familiar method in which hackers send emails that purport to be from trusted sources and dupe you into disclosing sensitive information. In this particular attack, the email messages are admirably well-crafted, making them even harder to spot.

The emails are also rid of the usual telltale signs such as misspelled words, suspicious attachments, and dubious requests. You might have to recalibrate what you know about phishing scams, because this new threat ticks all the boxes that make it look legitimate.

How does it work?

The hackers behind the attack craft personalized messages, pretending to be from trusted sources, such as your colleagues or Microsoft itself, and send them to your inbox. The messages could contain a link or a PDF file that leads to a legitimate-looking landing page. Upon clicking the link, the user will be prompted to enter his or her credentials, which the hacker will use to launch attacks within the organization.

Once they gain control of your account, they might set up new forwarding rules to monitor your communication patterns, which will be useful for their future attacks. They might even use your account to send further phishing emails to your co-workers to collect more sensitive information.

As for the phishing emails with PDF attachments, there will be instructions to fill in username and password to view the document. And once you do, your account is no longer yours.

Another way they can get your credentials is by sending an invoice that requires you to log on to a web portal to view the file. Attackers can also use this technique to trick you into performing a certain action, such as forwarding sensitive information or paying an invoice.

What can you do to stay protected?

Your first line of defense is multi-factor authentication, whereby you use a password and another authentication method — like an SMS code — to secure your account. This function is already included in Office 365 and here’s a step-by-step guide on how to activate it.

The second line of defense is training yourself and your employees to spot common phishing techniques. In particular, verify the accuracy of the wording and the sensibility of the requests in the messages.

For good measure, your organization can also install an email-validation system which is designed to detect and prevent email spoofing, such as the Domain-based Message Authentication, Reporting and Conformance (DMARC).

Identifying phishing emails and planning and implementing a robust defense system are ways to protect you and your organization against the new Office 365 threat. For tips on how to spot this type of scam and how to plan thorough security practices, contact our experts today.

Published with permission from TechAdvisory.org. Source.

Apple released a new iPhone and so much more!

10 years after the first iPhone was announced, Apple’s keynote addresses are still global events. This year’s slate of fall releases included a lot more than incremental updates to the company’s flagship device. Regardless of whether your next Apple purchase is coming out of a personal or company budget, you’ll want to know what’s new.

iPhone X

Everyone suspected the new iPhone would have an edge-to-edge screen, but now it’s official. The 5.8-inch OLED screen covers the entire front side of the phone, except for a small notch along the top of the device.

The iPhone X, AKA the iPhone Ten, has no fingerprint scanner, which means users will need to unlock the device with either a passcode or a facial recognition scan. The top notch includes an updated 7-megapixel front-facing camera, call speaker and infrared sensors that power the iPhone’s new FaceID feature.

Apple’s newest smartphone includes some new high-tech hardware under the hood as well. The A11 Bionic chip can handle up to 600 billion operations per second, which allows the iPhone X to render high-resolution 3D experiences on top of real world images while in the camera mode.

iPhone 8/iPhone 8+

This model isn’t getting the same OLED screen as the iPhone X, but both versions of the iPhone 8 do come with their own improvements in screen resolution. Some of these are due to minor hardware upgrades and some utilize new software to adjust the colors on your screen based on your reading environment.

Both versions of the iPhone 8 also come with the brand new A11 Bionic processor, which Apple claims is 70% faster than the iPhone 7’s chip.

Apple Watch Series 3

The smartwatch market has had its ups and downs, but the most recent release from Apple is sure to disrupt the industry. The Series 3 Watch will include an integrated SIM card that allows wearers to send messages, receive calls, and stream media regardless of where their phone is at any given moment. Depending on what you use your phone for, you could potentially go without it for a full workday.

Wireless charging

Apple is finally making it possible for their devices to charge wirelessly. New iPhones, Apple Watch and AirPods will allow you to juice up your battery simply by laying down your device on a charging mat.

Apple devices have always been especially well suited for business environments. They’re secure, reliable and compatible with almost any business-class software. If you need help with anything Apple-related — from mobile device management to Mac servers — give us a call today.

Published with permission from TechAdvisory.org. Source.

Is your business ready for hurricane season?

In late August 2017, Hurricane Harvey caused widespread power outages and floods across Texas and certain parts of Louisiana. Weeks later, Hurricane Irma hit the coast, affecting Florida, Georgia, and South Carolina businesses. Now, experts are saying there are more storms to come, which is why you need a good disaster recovery (DR) plan that has you prepared for the worst.

Pay attention to location
First and foremost, your backup site should be in a hurricane-free zone. Ideally, your offsite facility should be located at least 100 miles away from your main location. If this isn’t possible, make sure it is built to withstand wind speeds of 160 mph (as fast as Category 5 storms), and is supported by backup generators and uninterruptible power supplies.

You should also request an upper floor installation or, at the very least, keep critical IT equipment 18 inches off the ground to prevent water damage.

Determine recovery hierarchy
Certain parts of your IT are more mission-critical than others. Ask yourself which systems or data must be recovered in minutes, hours, or days to get your business back to running efficiently.

For example, you may find that recovering sensitive customer information and e-commerce systems take priority over recovering your email server. Whatever the case may be, prioritizing your systems ensures that the right ones are recovered quickly after a disaster.

Use image-based backups
Unlike fragile tape backups, image-based backups take “snapshots” of your systems, creating a copy of the OS, software, and data stored in it. From here, you can easily boot the virtual image on any device, allowing you to back up and restore critical business systems in seconds.

Take advantage of the cloud
The cloud allows you to host applications and store data in high-availability, geo-redundant servers. This means your backups can be accessed via the internet, allowing authorized users to access critical files from any device. Expert technicians will also watch over and secure your backups, allowing you to enjoy the benefits of enterprise-level backup facilities and IT support.

Back up your data frequently
Back up your data often, especially during disaster season. If your latest backups were created on the 15th of September and the next storm, Hurricane Jose, makes landfall on the 28th, you could lose nearly two weeks of data.

Get in the habit of replicating your files at the end of each day, which should be easy if you’ve opted for image-based backups.

Test your DR plan
After setting up your backups, check whether they are restoring your files accurately and on time. Your employees should be drilled on the recovery procedures and their responsibilities during and after disaster strikes. Your DR team should also be trained on how to failover to the backup site before the storm hits. Finally, providers, contractors, and customers need to be notified about how the hurricane will affect your operations.

As cell towers and internet connections may be affected during this time, make sure your company forums are online and have your employees register with the Red Cross Safe and Well website so you can check their statuses.

It’s nearly impossible to experience little-to-no disruptions during disasters like Harvey or Irma, but with the right support, you can minimize downtime. If you’re concerned about any natural disasters putting you out of business, call us today. We offer comprehensive business continuity services that every company must have.

Published with permission from TechAdvisory.org. Source.

5 Simple ways to cut your printing costs

It may not seem as though your printing infrastructure is costing your business a great deal. But if left unmanaged, you could end up with an overinflated IT budget dominated by equipment maintenance and hardware and supplies purchases. Here are some ways to avoid that.

Replace outdated printers

Outdated and cheap printers may be functional, but they are putting a huge dent in your IT budget.

Any piece of equipment that is seven years old (or older) requires frequent repairs and causes more trouble than it’s worth. Because old printers are no longer under warranty, fixing them is more costly and challenging. It’s also difficult to replace parts for old printers because manufacturers have stopped carrying them for models that have been phased out.

When you replace outdated equipment with newer, multi-functional printers, you’re investing in hardware that will pay for itself with increases in productivity and efficiency.

Avoid purchasing unnecessary supplies

A poorly managed printer environment could result in a stockpile of cartridges, toners, and reams of paper. This happens when, for example, an employee uses a printer that’s about to run out of ink and makes an unnecessary request for a new ink or toner. This is more common than you may think, and definitely more expensive.

In the absence of a dedicated printer manager, you can avoid this situation by automating supply replacement. Assign a point person to proactively place orders when supplies are about to run out, so your company can avoid needless purchases.

Impose strict process workflows

Submitting expense reports, filing reimbursements, and other administrative tasks require a proper document workflow. Without a guideline, employees and administrative staff tend to print an unnecessary amount of documents.

Automate your company’s document-driven processes to reduce or prevent redundant print jobs that result in stacks of abandoned documents. Not only is it wasteful, it’s also a security and privacy concern.

Go paperless

Designing a document management solution that reduces paper consumption is the best way to save money. It may not be possible in every department, but those who can do their jobs without printing should be encouraged to do so by management. Printing lengthy email chains that can be discussed in a meeting is just one example of a wasteful practice that should be avoided.

Reduce IT support calls for printing issues

Calling your company’s IT guys to assist with problems like paper jams, printer Wi-Fi issues, and other concerns reduces employee frustration. You and your IT personnel could avoid dealing with these productivity killers by identifying the problem areas of your print environment. Then, you can work on solutions specific to your office, such as drafting a printing workflow, or getting help from document management experts who can recommend time- and budget-saving solutions.

Having a group of experts manage your IT workflow can make your day-to-day operations more efficient and help you save on printing costs. Our experts will gladly recommend best practices and tips on document management. Call us today.

Published with permission from TechAdvisory.org. Source.

OneNote: the hidden gem in Microsoft Office

Almost everyone loves PowerPoint, Excel and Word, but there’s another Office application that should be recognized as a must-have: OneNote. It’s an app for pulling together text, video, audio, and other visual resources to create shareable notebooks full of useful information. With this article, you can master OneNote in no time at all.

OneNote is a digital notebook

Despite the visual similarities, the thing that sets OneNote apart from Word is the way it stores and displays saved information. In OneNote, one window displays all your Notebooks, which can contain several pages and separate documents.

To create a Notebook, click File and then New. From there, you’ll be given the option to create a new Notebook, which can be saved locally to OneDrive or to SharePoint.

A Notebook will help you organize several types of information in one space, so let’s imagine we’ve named a SharePoint Notebook “New Product Ideas” and clicked Create New.

Next, you’ll be looking at a blank screen with “New Product Ideas” in the upper left-hand corner. To get the most out of OneNote, we need to start organizing our Notebook.

Separate your Notebook into Sections

Every Notebook is organized into Sections, similar to what dividers do in a physical notebook. For example, our New Product Ideas Notebook might be divided into Sections based on things like design, price and materials.

Sections are shown as color-coded tabs along the top of the screen, next to the name of your Notebook. You simply click the ‘+’ button to create a new section.

Start filling your Sections with useful Pages

Up until this point, OneNote seems like little more than a Word document with improved organization. But Pages in OneNote are built so that different types of media can be dropped into your pages with the click of a button.

So let’s say you’ve bookmarked a number of websites with reference images you want to add to your Design Section. Open up Design and select Add New Page on the right-hand side of the screen. Right-click it and name the page, and in our example this could be Ideas from online.

One way to insert the images from your bookmarked webpages is to save them to your computer and then drag each icon onto your OneNote Page where the image will automatically appear.

However, with Microsoft’s OneNote Web Clipper this can be done much more easily. After installing the browser extension, open it and select what you want to save from the web page with your cursor. The Web Clipper will ask which OneNote Page you want to save the selection to and it will automatically be added.

Start experimenting!

Now that you understand how to organize your information, you can experiment with linking Pages from different notebooks, adding category tags to Pages, and inserting online videos into your notes.

If you’re worried about a Notebook becoming overly complicated, don’t worry. Above the Pages pane is a search bar that you can use to find keywords from Notebook titles, Section titles and Pages content.

You could spend an entire year learning the ins and outs of every Microsoft Office application, but a faster way would be to let us help you cut through the clutter with practical recommendations and assistance. Call us today!

Published with permission from TechAdvisory.org. Source.

Critical Windows security updates from Microsoft

Earlier this month, Microsoft released a patch that includes several security enhancements and addresses 48 vulnerabilities for all supported versions of Windows. If you’re not in the habit of installing security patches when they come out, now’s a good time to start. Let’s take a look at August’s updates and the issues they address.

Windows Search

Microsoft discovered a flaw that hackers could remotely exploit to take full control over an affected computer. The hacker could then install programs, view, change or delete data, and create new accounts with full user rights. The August security updates address the vulnerability by fixing how your computer’s memory interacts with Windows Search objects.

Windows Hyper-V

Another critical vulnerability is tied to Windows Hyper-V, a virtualization program. This flaw can be exploited when a server fails to properly verify an authenticated user from a virtual desktop.

For example, cyber criminals could exploit the vulnerability by running a malicious application on a guest operating system and cause the server to malfunction. The latest patch plugs the hole by correcting how Hyper-V validates guest operating system user input.

Microsoft Edge

Microsoft security specialists revealed that the Edge browser is exposed to a remote memory-corruption vulnerability. Hackers can exploit this by luring an unsuspecting user to open a fake website that contains malicious programs. The new security update addresses the issue by modifying how Microsoft Edge handles objects in memory.

These are just a few examples of the critical vulnerabilities addressed in the August updates. In total, Microsoft patched 48 vulnerabilities in six of its main product categories, including Windows, Internet Explorer, Edge, SharePoint, Adobe Flash Player, and SQL Server. If you’re interested in all the security updates, check out Microsoft’s official Security Update Guide.

As a Windows user, you’re probably used to seeing pop-up messages that implore you to install a new Windows update. Take heed: These patches and updates cost you nothing and can be installed in a matter of minutes. All you need to do is give your consent with a couple of mouse clicks, so there really is no excuse for not updating.

It’s important to update to the latest Windows version to ensure your computer and data are safe from security threats. If you have any questions about Windows updates or need help scheduling them, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

New Locky ransomware: what you need to know

In 2016, the Locky ransomware infected millions of users with a Microsoft Word file. It was eventually contained, and cyber security firms have since created protections to detect and block previous Locky variants. However, a similar malware is currently spreading worldwide and has so far infected tens of thousands of computers.

Quick facts

According to a threat intelligence report, the email-based ransomware attacks started on August 9 and were detected through 62,000 phishing emails in 133 countries in just three days. It also revealed that 11,625 IP addresses were used to carry out the attacks, with the IP range owners consisting mostly of internet service providers and telecom companies.

How it works

The malicious email contains an attachment named “E 2017-08-09 (580).vbs” and just one line of text. Like the original Locky authors, attackers responsible for the new variant deploy social engineering tactics to scam recipients into opening the attached .doc, zip, pdf, .jpg or tiff file, which installs the ransomware into their systems.

When an unsuspecting user downloads the file, the macros run a file that provides the encryption Trojan with an entry point into the system. The Trojan then encrypts the infected computer’s files.

Once encryption is completed, the user receives instructions to download the Tor browser so they can access the “dark web” for details on how to pay the ransom. To retrieve their encrypted files, users will be asked to pay from 0.5-1 Bitcoin.

What you need to do

This ransomware variant builds on the strengths of previous Trojans. In fact, the original Locky strain made it easy for cyber criminals to develop a formidable ransomware that could evade existing cyber security solutions. This is why adopting a “deny all” security stance, whereby all files are considered unsafe until proven otherwise, is the best way to avoid infection.

Here are other tips to avoid infection:

  • Don’t open unsolicited attachments in suspicious emails. Alert your IT staff, and most importantly disallow macros in Microsoft Office unless they’ve been verified by your IT team.
  • Performing regular backups guarantees you never have to pay cyber criminals a ransom. If all other security measures fail, you can always rely on your backups, which protect your business not just from cyber crime-related disasters, but also from natural and other unforeseen system failures.
  • Train your staff to identify online scams like phishing. This and other similar ransomware strains take advantage of users’ lack of cyber security training.
  • Update your operating systems as soon as updates become available to reduce, or eliminate, the chances of your system’s vulnerabilities being exploited.

Even with a trained staff and the latest protections installed, your IT infrastructure may still have unidentified security holes. Cyber security experts can better evaluate your entire infrastructure and recommend the necessary patches for your business’s specific threats. To secure your systems, get in touch with our experts now.

Published with permission from TechAdvisory.org. Source.

Spyware has been infecting Macs for years

While Macs have a reputation for being more secure than Windows PCs, they are far from immune. Over the past decade, a piece of malware designed to spy on its victims’ computers has remained unnoticed until quite recently. What’s worse is that security experts are still unsure about how the malware gets into Mac computers. Here’s everything we know so far.

Fruitfly spyware
The spyware, known as Fruitfly, was first discovered in January 2017, but Synack chief security expert, Patrick Wardle, discovered a more cunning variant last month.

Along with being able to track the victims’ names and locations, the spyware reportedly gives the hacker control over webcams, mice, microphones, keyboards, and notifies hackers any time the computer is in use. This enables hackers to take non-consensual photos, capture screenshots, track keystrokes, and record audio.

What’s surprising is this type of spyware is not built for financial gain or designed to steal government secrets. It’s used to spy on regular people. According to experts, the hacker developed the spyware for voyeuristic reasons. Collecting private data from users also suggests that hackers planned to set up more targeted social engineering scams.

So far, there have been only 400 confirmed Fruitfly infections, but considering how it has remained hidden for nearly decade, that number could be much larger.

While experts are still not sure who created the malware and how it is delivered, it’s best to follow security best practices like avoiding pop-up ads, banners and suspicious file attachments, using extreme caution when downloading free software, and update applications frequently.

Users should also install anti-malware software with spyware detection capabilities and perform full system scans as often as possible. New security patches have been released to detect and block Fruitfly variants, so you should keep your security software up to date at all times, too.

Surge in Mac Malware
Windows PCs are targeted more frequently, but a recent threat intelligence report by McAfee found that the Mac malware incidents have grown by 53% over the first quarter of 2017.

Hackers will likely uncover new vulnerabilities in the future, which means Mac users can no longer afford to think that their device doesn’t need strong security software and support from managed services providers.

If you’re worried about the security of your Mac, talk to us today. We offer comprehensive solutions that can defend against the new Fruitfly strain and a host of other cyberattacks.

Published with permission from TechAdvisory.org. Source.

How Amazon AppStream 2.0 can help businesses

Today’s workforce is no longer confined to office walls. People work from home, while they’re commuting to and from work, and even on vacation. This is made possible thanks to remote access solutions, and Amazon’s powerful web features. Here’s what you need to know about this powerful application streaming service.

What is it?

Initially released in 2013, Amazon AppStream was created as a platform for remote access to digital resources to help businesses streamline the costly process of managing apps on-premises. Simply put, it streams desktop apps to users across various devices via a browser.

Today, Amazon AppStream 2.0 has been updated with major improvements thanks to user feedback. Now, you can stream desktop applications from Amazon Web Services to any device running a web browser compatible with HTML 5.

What can you do with Amazon AppStream 2.0?

You can run desktop applications on any device, including Windows, Linux, Macs, and Chromebooks. Amazon AppStream 2.0 features multiple streaming options, including the General Purpose, Compute Optimized, and Memory Optimized.

Everything is fully managed by Amazon and all your applications and data will be kept on Amazon Web Services. This means you can expect robust security like network firewalls, web application firewalls, secure streaming gateway, encryption in transit across all services, and the ability to isolate your applications for secure delivery.

You’ll always have access to the latest version of your applications and minimize the risk of compromising confidential data if your device gets lost or stolen, as data is stored on Amazon’s cloud infrastructure.

What other benefits are there?

Apart from mobile access to documents and applications, you’ll appreciate the simple user interface that allows you to upload files to a session, access and edit them, and download them when you’re done.

What’s more, Amazon AppStream 2.0 uses NICE DCV for high-performance streaming. This ensures secure and fast access to applications since NICE DCV automatically adjusts to network conditions.

Amazon AppStream 2.0 also supports delivery of high performance graphics applications from Amazon Web Services. This allows you to stream powerful graphics applications to a web browser on any desktop.

Last but not least, this remote access solution lets you scale up or down as needed and pay only for the streaming instances you use, and a small monthly fee per authorized user. There’s no upfront capital or premises infrastructure maintenance costs.

If your business mainly consists of a remote workforce or is planning to adopt remote work policies, Amazon AppStream 2.0 is one solid option. For other tips on how small- and- medium-sized businesses can leverage technology to improve efficiency and lower costs, give us a call and we’ll be happy to advise.

Published with permission from TechAdvisory.org. Source.

What to do with your dinosaur PC?

When smartphones first outsold PCs in 2010, people no longer have to put up with slow and bulky computers to do business. This comes as no surprise why many stashed their aged PCs away. But there are ways to breathe new life into your ancient laptop and computer, so if you haven’t trashed them, it’s time to plug them in.

You might have to do some light upgrades like install more RAM and a bigger hard drive, depending on how old your PC is, but it’ll be worth it. Once you’ve done that, explore these options:

Try a lighter OS

While you might be tempted to install a new Windows or macOS on your old computer, they won’t work optimally without a fast processor. However, Linux-based operating systems, which come in a variety of options called “distros”, will make your computer feel brand new without exhausting its hardware.

Popular distros options like Ubuntu, elementary OS, and PinguyOS, can be easily installed, have similar interfaces as Windows, and come with a ton of software packages. The best part is they only require a minimum of 4GB of RAM, which means you won’t have to invest much at all.

Make a NAS server

Network-attached storage (NAS) is a server for your home or small business network that allows you to store files that need to be shared with all the PCs on the network. If your old PC has at least 8GB of RAM, you can use it to make your own NAS instead of purchasing one.

Simply download FreeNAS, a software accessible from any OS (Windows, MacOS, Linux) that enables you to make a shared backup of your computers. FreeNAS features access permissions and also lets you stream media to mobile OSes, like iOS and Android.

However, if you prefer turning your PC into a private cloud for remote access and data backup, Tonido is a great alternative. Compatible with Mac, Windows, and Linux, it turns your PC into a storage website so you can access files from anywhere on any device.

Tonido offers up to 2GB of file syncing across computers. There’s even Tonido apps for iOS and Android for mobile access.

Secure your online privacy

Wouldn’t it be great if you could turn your old computer into a dedicated privacy PC so you won’t have to worry about compromising privacy while browsing the web? With The Amnesic Incognito Live System (TAILS), you can.

This Linux-based software routes all your internet traffic and requests through TOR Project, a software that makes it extremely difficult for someone to track you online. All of TAILS’ integrated applications like web browser, Office suite, IM client, and email software, are pre-configured for robust security and privacy protection.

Take your media up a notch

If you’re looking for a way to listen to your music, podcasts, or watch videos on other PCs, or mobile devices, a server software like Kodi can help.

What it does is bring all your digital media together into one user-friendly package so you can use your old PC as an audio and video hosting platform. From there, you can play files on other devices via the internet. There are remote control apps for iOS or Android users and even an app for Kodi playback on the Amazon Fire TV.

Kodi works on any device running Windows, Mac OS, Linux, and even rooted Android and jailbroken iOS devices.

We’re always on the lookout for ways to help our clients make the most out of their technology investments. If you’d like to know more about how to utilize other hardware to your business’s advantage, give us a call.

Published with permission from TechAdvisory.org. Source.