by Felicien | Apr 8, 2019 | Education
Researching IT support companies can lead to confusion — and quite a headache! You may have started down the path of finding a technology partner due to internal frustrations or a lack of time to support basic technology needs, but your search can quickly expand due to the number of potential partners in the marketplace. Trying to determine exactly the level of support that you need and the associated costs may feel like an exercise in futility, but there are some basic tenets that will help you find the best IT support company for your needs. From reviewing the pricing models to service levels, here are the key considerations that will help you determine which partner is right for your business.
1. Does Your IT Support Company Offer Flexible, Scalable Contracts?
Technology solutions are rarely one-size-fits-all, and your IT services partner should recognize this and be able to provide you with customized recommendations that will meet your unique business needs. This could mean shorter contracts so you can evaluate the working relationship to support packages that provide you with scalable options that are designed to grow with your business. Your IT services partner should feel like they are on your side, making recommendations that will save you money while providing you with the support that your business desperately needs to grow.
2. Does Your IT Support Company Focus on Ongoing Education?
Technicians with industry certifications in various platforms should indicate to you as a client that your technology partner is placing an emphasis on ongoing education. The technology landscape changes dramatically in the course of several years. If your IT professionals are not maintaining their certifications or growing their body of knowledge, it can be challenging for them to provide your business with the support that you deserve. Key certifications to look for include Microsoft Silver or Gold Partner Certifications and CompTIA Certifications, to name a few. Your partner should be able to demonstrate that they value ongoing education by setting aside time for team members to attend training or continue their education.
3. Does Your IT Support Company Value Proactive Security and Account Management?
Proactive account management is crucial to your business success, as your IT services partner should be continually looking for ways to save you money and improve the efficiency of your operations. This should include a bi-annual or quarterly review of your business, that truly digs into the details and provides you with actionable recommendations. The right partner will be able to peek into the future and call out items that could become a problem in the future, so you can resolve them before they negatively impact your business operations. Active security measures are another valuable aspect of your partnership, as your IT services technicians are continually reviewing network activity to discover discrepancies so remediation of any problems can begin immediately.
4. What Are the Stated Response Times for Your IT Support Company?
There is no slick or easy answer that you should be looking for in terms of response times, as that can vary based on the needs of your business. Some businesses may find that getting a response within several hours is perfectly acceptable, while others need to get help desk support in a matter of minutes. What you are looking for is the best match for your business: an IT support company that is able to provide you with workable response times at an acceptable cost.
5. Is Your IT Support Company Aggressive About Cybersecurity?
Protecting your business assets is a mission-critical task for your IT support company, and they should treat it as such. You need to know that you will have access to cybersecurity professionals who are actively reviewing your account on a regular basis to ensure that all appropriate precautions are being taken to protect your digital assets. This includes everything from user training to backup and data recovery processes, all of which must be in line with your business needs.
Sometimes, it’s not a matter of finding the best IT support company — it’s a matter of finding the best fit for your business. You’ll want to consider everything from the support you want to receive from your account team to the quality of the training that technicians receive on an ongoing basis to find the best IT support company to meet your unique business needs.
by Felicien | Apr 5, 2019 | Education
There are never enough hours in a day, but how you spend the hours that you do have can make all the difference in the world. Just think: business leaders such as Steve Jobs and Bill Gates have exactly the same 24 hours available to them as you do! All good business leaders have to determine the best way to be productive, but this can be a challenging lesson to learn. Here’s a quick hack that will help you be more productive without adding to your stress level.
Just Say No!
Ask yourself this question multiple times each day: “Am I adding unique value to this conversation, or could someone else do (nearly) as well?”. You have to be honest with yourself, but when you rigorously apply this rule you might find that you can skip some meetings, delegate decisions and allow others to take the lead on smaller projects or tasks so you can focus on leveraging your core competencies. Getting rid of the smaller annoyances leaves you more time to focus on what’s truly important — moving your organization forward.
Effective Prioritization
Did you know that the word “priority” was never meant to be plural? That’s right, we talk about “priorities” all the time, but for more than 500 years it strictly meant the very first thing. When you think about it, it’s impossible to have multiple “first” things, there’s only one first. When everything is a priority, nothing’s a priority, but how can you make decisions about where to focus without freezing yourself or your team in a circle of indecision?
Multitasking is a Myth
Your brain can truly only handle one task at a time. When you’re jumping back and forth between several tasks, your brain takes a minute to adjust each time you make that leap. This mental price is time taken out of your day that could otherwise be spent on a single productive task, allowing your brain to work at peak performance. Even if you’re only wasting 60 seconds between each task, that can easily add up to more than an hour each day. This performance disruption reduces your focus and makes your delivery less consistent.
If you can’t help with a particular project, or don’t need to be involved in a decision, don’t be afraid to step away and let others handle it. You need to be able to trust that your team can take care of the rest. There’s no need to add what is essentially busywork to your day when you can harness the power of your mind to create value in your little corner of the universe.
by Felicien | Apr 5, 2019 | Education
The attack dubbed “PhishPoint” is a recent cyber-attack scheme being used by foreign hackers. It demonstrates the craftiness and the extent that cybercriminals will go to in order to harvest your Microsoft Office 365 credentials. It uses several familiar aspects of Office 365 to lull potential victims into an assumption that everything is above board. But it’s not. Here’s what you need to know about PhishPoint and how to protect your organization.
How Did The PhishPoint Attack Get Into Office 365?
The PhishPoint hackers use Microsoft SharePoint files to host their phishing links. Typically hackers use emails to host malicious links. Now, these crafty hackers have figured out how to bypass Office 365’s built-in security to leverage their attacks. This shows that there’s a critical flaw in Office 365 in this respect.
How Does The PhishPoint Attack Work?
You can recognize a PhishPoint malicious email by its use of “URGENT” or “ACTION REQUIRED” to urge you to respond. But beware, this email contains a link to a SharePoint Online-based document that you don’t want to click.
Here’s how it works:
The link will direct you to SharePoint. It will look legitimate and could trick you or your users unless you know what to watch for it.
At this point, you’ll be shown a OneDrive prompt –The SharePoint file will impersonate a request to access a OneDrive file with an “Access Document” hyperlink. This is actually a malicious URL, as shown below.
Then you’ll see a Microsoft Office 365 logon screen – Don’t enter your information even though it’s very authentic-looking login page. if you do, the hackers can access your user credentials!
What Else Should We Watch For?
Several things stand out here, and you should watch for them:
1. The email is unsolicited and has a generic subject of “<person> has sent you a OneDrive for Business file.”
2. Opening the document requires you to take a number of steps.
3. The URL for the logon page isn’t on the office365.com domain.
Why Didn’t Microsoft Stop This Scam?
Unfortunately, Microsoft didn’t see this coming. They continually scan emails for suspicious links and attachments, but even they were fooled. They didn’t think that a link to their own SharePoint Online would be malicious.
Another problem is that Microsoft link-scanning only goes one level down. It scans links in the email body but doesn’t scan files that are hosted on their services like SharePoint. If they did, they would have to scan for malicious links within shared documents.
And there’s another problem…they couldn’t blacklist the malicious URL unless they did this for the full URL for the SharePoint file. In this case, the hackers could just make a new URL in an uploaded file that contained content similar to SharePoint.
Since Microsoft isn’t scanning files hosted on SharePoint, hackers can easily use the platform to con their users and steal their credentials.
This scam exemplifies the risk associated with cloud-based applications. Using context and services that users are familiar with, cybercriminals can take advantage of a lowered level of alertness, and gain access to corporate resources online – all without the user or organization ever knowing it.
What Is Microsoft Doing To Prevent Scams Like PhishPoint?
Microsoft has been working behind the scenes to stop foreign attackers. Court documents that were unsealed on March 27, 2019 show that they’ve been waging a secret battle against a group of Iranian government-sponsored hackers.
Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.
What Can We Do To Prevent Being Affected By PhishPoint?
It’s important that you share this message with all of your users:
Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending an invite via email to open a SharePoint document.
The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!
This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don’t be tricked!
Whenever you’re submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.
Here are some other things that you and your users should do:
Be wary of any email subject line that contains an imminent threat like “URGENT” or “ACTION REQUIRED.”
Always suspect URLs in the body of an email. It’s best not to click them. Most legitimate businesses no longer send links in emails.
Carefully review any logon page. Check to make sure that the URL is actually hosted by the service that you want to use.
If an odd-looking email shows up in your inbox from someone in your organization and you question its authenticity, contact the person by phone to see if they sent the email.
Use Multi-Factor Authentication for all of your software platforms and online accounts.
You should also sign up your users for Security Awareness Training. When you do, they’ll have a better chance of spotting the telltale signs of a cyber threat.
by Felicien | Apr 4, 2019 | Education
It’s difficult to scan through any news site and not see mention of yet another cybersecurity breach at an organization, and the devastation that can be caused to that business and the community are significant. Maintaining a robust cybersecurity presence is no different than budgeting for the cost of electricity to keep the lights on or the cost of basic internet — it’s something you simply have to consider. If your organization isn’t keeping cybersecurity top of mind, here are some suggestions for sharing the scale of the potential risk with your decision makers.
All Hail the IoT
We have been hearing a great deal about IoT (Internet of Things) in recent years, but the market may leave people wondering when the actuality will live up to the hype. Experts predict that 2019 will be the year that hackers truly take a shot at connected devices, looking for new and creative ways to infiltrate your networks and data centers. Nothing is sacred, as everything from wearables to connected toys and smart speakers are all potential attack vectors for the next generation of savvy hackers. This type of vulnerability is mostly preventable, as long as you’re actively managing endpoints and connectivity within your organization.
Malicious Mobile
As it turns out, your organization has more to lose from malicious mobile apps than thousands of hours of productivity (although that’s a problem, too!). Mobile attacks are becoming more evident with Symantec recently sharing that more than 24,000 mobile apps are blocked on a daily basis by their software. If your corporate mobile phones are connected to your network in any way and are infected, it could lead attackers directly into your data structures and other applications. It’s crucial that you protect all devices that can possibly connect to your network, or you risk a massive breach. A prime example is the recent hack of popular app My Fitness Pal, which could potentially be integrated into HR to track steps for corporate wellness programs. UnderArmor reported that this particular hack affected more than 150 million users of the app.
Costs of Ransomware
Ransomware is a significant cost for organizations — and it is growing every year. In 2017, the costs of damage to organizations from ransomware expanded to $5 billion — a number which increased a dramatic 15 times the 2015 expenses. Organizations regularly lose access to their records, but are often able to quickly return their business to full operations if they had previously invested in robust backup and disaster recovery solutions. An inability to regain operations within a few days can lead to long-term and drastic damage to the reputation and operations of an organization.
Machine Learning Gone Bad
There are many wonderful applications of machine learning, some of which exist in cybersecurity as engineers “train” systems to identify the hallmarks of an attack to trigger an action or notification. Unfortunately, hackers are also finding that there are opportunities within machine learning and artificial intelligence worlds, creating adversarial machine learning (ML) that will counter the work that these smart programs are meant to accomplish. Today’s hackers are starting to see how information technology professionals are utilizing ML as a defense, and creating countermeasures that will actually allow the cybercriminals egress into sensitive systems.
Carefully Watch Emails
In 2017, experts at Symantec found that the most significant attack vector for business was one that people use hundreds of times a day: emails. Phishing emails are becoming more targeted, as cybercriminals look for specific information about particular individuals on social media or in the news and then leverage that knowledge to create a customized attack. These so-called spear phishing emails often go after individuals at an organization who have access to sensitive data or financial power, such as an individual in the accounting or bookkeeping department. With today’s distributed workforce, it’s not unusual for traveling employees to need an advance on funds or find themselves in some sort of financial bind. Hackers are using this proclivity to create felonious requests — which can become untraceable once the transaction has been completed. Organizations combat these problems by creating an ongoing education program for staff members, especially those in sensitive positions.
How is an organization to survive when you consider all of these various threats, and the massive scale of the risk that is experienced on a daily basis? According to a recent report by Cisco, one of the key problems with an organization’s cybersecurity is having a variety of vendors providing support to the business. When you consolidate your operations with a single technology managed services provider, you’re more likely to incorporate a comprehensive approach to cybersecurity — a crucial step for the longevity of your business.
by Felicien | Apr 3, 2019 | Education
No matter your profession, reusing passwords is a horrible idea. It’s dangerous and insecure. Reusing passwords is especially problematic for those working in fields like law, ones that require confidentiality in one form or another.
Many people already know that reusing passwords is unsafe, but they do it anyway. One recent survey conducted by Lastline revealed that nearly half (around 45%) of information security professionals polled admit to reusing passwords. These people get paid to work in information security, and yet they don’t follow some of the most basic protocols for keeping information safe.
If anyone should understand the dangers here, it would be information security professionals. You’re likely not an information security pro, though, so let’s look in greater detail at why reusing passwords is so bad.
A Broken System
First, cut yourself a little slack. The internet password system is inherently broken. Most people have well over a hundred digital accounts. These range from the seemingly trivial (paying a utility bill, “store insider” loyalty programs, and the like) to the vitally important (banking, proprietary business accounts, and so on). Each one requires a username and a password. To make things worse, many sites require a mix of characters (capital and lowercase letters, at least one number, and at least one symbol). Some sites won’t accept all the special characters, and various sites won’t even agree about which special characters are acceptable!
Cheating Ensues
Most people can’t easily memorize one hundred or so unique sets of site plus username plus password, so they cheat. Either they write all their passwords down in a notebook or they reuse the same password across multiple sites. Even worse, they may do both!
The Frequency of Reusing Passwords
How widespread is reusing passwords, really? A massive study from researchers at Virginia Tech found that the problem is quite severe. They analyzed 61.5 million passwords spread out over 28.8 million users and found that over half (52%) reused passwords wholesale. That doesn’t even account for people reusing the same basic word or phrase and just switching out a few characters or adding a new one to the end.
The Problem with Password Reuse
Here’s the problem with password reuse: credentials have a habit of being stolen. Companies frequently experience hacks where customer data is exposed. You may not consider it such a big deal if hackers got ahold of your username and password for Bargains ’R’ Us. You don’t shop there often and you don’t have any credit card info stored on their website. Is it really a big deal?
On its own, it’s likely not a very big deal. But if you reused the same username and password for, say, your bank or your credit card, it’s suddenly a very big deal!
The same goes for the sticky-note users out there. If you’ve ever written down your “go-to” password on a sticky note or in a notebook, consider who all has had access to that information. Family? Friends? Coworkers? The cleaning crew or service technicians? How easy would it be for someone to snag a quick picture of your password list? If you reuse your passwords, this problem escalates quickly.
One more problem worth noting is messaging or emailing passwords. Many of us have had the experience of texting, emailing, or messaging a password to a spouse or significant other. Those communications aren’t always secure, though, and often they stick around for a while. If someone gained access to your email, would they also gain access to sensitive passwords?
The Ubiquity of Data Breaches
Data breaches are happening all over the place, and some of them are huge. Yahoo had every single one of its 3 billion accounts breached. If you had a Yahoo account at the time of the breach, even an old dead one you never check, hackers may now have your sign-in info. If you used your go-to password on that account, then every other account you’re using that password for is now at risk. This is a big deal.
Solutions to the Password Problem
Passwords are a mess, and not reusing passwords is difficult. Here are some solutions that can help you clean up the mess and reduce frustration.
Enable Two-Factor Authentication Wherever Possible
Many websites offer two-factor authentication (2FA), which is much more secure. With 2FA, a one-time code is sent in a text message or email after logging in with username and password. Enable 2FA wherever possible.
Use a Password Manager
Password managers solve the problem of memorizing hundreds of unique passwords. They store all your passwords in an encrypted vault that you secure with one strong master password. We recommend using a good password manager. Doing so makes strong password security easy.
Conclusion
Understanding the danger behind reusing passwords is an important first step in securing your digital life. For help securing your workplace against digital threats, enlist the help of professionals like us. Contact us today to learn how we can help keep your systems secure.
