by Felicien | Jan 10, 2019 | Education
The importance of fully securing Microsoft Office 365 cannot be overstated. Recent statistics show that a hacker attack occurs every 39 seconds. Government agencies and retail, technology and healthcare industries are among the most popular targets, but the truth is that cybercriminals are more than willing to hack into any vulnerable business to obtain valuable customer information and company data.
Thankfully, Microsoft offers an array of tips and tools to help businesses and individuals keep Microsoft Office 365 fully secure. There are also some practical steps a company can take to maintain a high level of security at all times. Following is a comprehensive overview of steps any business can take to fully secure Microsoft Office 365 in 2019.
Use Multi-Factor Authentication
Microsoft highly recommends setting up multi-factor authentication, and it’s not hard to see why as it is perhaps one of the most natural yet most effective ways to protect a Microsoft Office 365 account from hacks. With multi-factor authentication in place, employees will be required to not only type in a password but also acknowledge a text message on their phone to access the company account. Using multi-factor authentication ensures that valuable company data is not compromised if an employee uses an easy-to-guess password and/or leaves the company password written in a visible location. While it is crucial for employees to understand the importance of using strong passwords, a compromised password on its own would not enable a malicious third party to access your data as one would need an employee’s phone as well to gain entrance into the Office account.
Use Administrative Accounts with Care
An administrative account provides managers and executives with additional options, privileges and security features to keep Microsoft Office 365 safe from unauthorized access. However, it is crucial for administrative accounts to be used with care or they can cause more harm than good. Following are some steps every business should take to protect admin accounts from breaches:
Set up regular accounts for each admin user. Admin users should utilize their regular account for non-administrative tasks and reserve the admin account for functions that cannot be completed with a periodic report.
Have admin users close all unrelated browser sessions and apps before logging onto an admin account
Instruct admin users to record out of the admin account after each session.
Provide clear guidelines regarding which data can be viewed and downloaded using an administrative account.
Use a Cloud Access Security Broker (CASB) to monitor admin user actions. A CASB can detect high-risk activities involving sensitive data and identify unauthorized admin account access attempts.
Immediately shut down admin accounts for administrative users who leave the company.
Secure OneDrive
OneDrive has much to offer any business. It enables users to synchronize data across various devices as well as share files with other users. Unfortunately, OneDrive can also provide hackers with easy access to company files. It is not uncommon for employees to download files from a secure OneDrive account only to save the data on an unsecured cloud account or personal device. To prevent this scenario, companies should clearly mark files that should not be downloaded from the OneDrive account. It is also essential for the IT department to:
Know what data is being uploaded to and downloaded from OneDrive
Be aware of which users have access to information
Know which files or folders have shared links
Be able to see which devices are being used to access the company’s OneDrive account and pinpoint the geographical location of the devices in question
Protect Email Communications
Every company should use all the tools that Microsoft Office 365 provides to protect the company from email-based threats. The Office 365 Security & Compliance Center enables admin users to block certain types of file attachments that are commonly used for malware or ransomware. It also allows managers to enable Advanced Threat Protection to check email attachments for malware. This protection extends to files in OneDrive, SharePoint and Microsoft Teams, protecting employees who use cloud-based software from breaches.
Furthermore, Office 365 Security & Compliance Center can be used to create an Advanced Threat Protection plan that will stop email phishing attacks
The Office 365 admin center enables IT, professionals, to set up pop-up warnings for employees who are about to download an email attachment. The warning, which clearly states that employees should not open certain types of files from users they do not know as the files may contain malware, can prevent devastating consequences should an employee click on an attachment without thinking. This handy tool also makes it possible for companies to choose which types of files activate a pop-up warning, thus creating an efficient work environment for employees who can freely access safe files without automatically opening ones that could potentially be harmful.
The Office 365 admin center also has tools that can enable companies to disable auto-forwarding for emails. Many hackers who gain access to one company account use this account to automatically forward emails in an attempt to gain access to other user accounts. The emails can be forwarded without the compromised account user being aware of what is going on, making it impossible for him or her to put a stop to the forwarded emails. By disabling auto-forwarding, companies can limit the damage caused should a malicious third party compromise an Office 365 account.
It’s also wise to enable Office Message Encryption. The program is included with Microsoft Office 365 and can be enabled in Outlook for PC. The encrypted email message program allows users to send encrypted emails both inside and outside the organization and it works not only with Outlook but also common email platforms such as Gmail and Yahoo Mail.
Provide Employee Training
An astonishing 95% of all breaches happen due to human error. Busy employees who are unfamiliar with IT guidelines can make deadly mistakes that will cost companies millions of dollars to rectify. Alternatively, many employees who are familiar with IT security procedures may disregard them because they are time-consuming to comply with or because they do not understand the importance of these guidelines in the first place. It is imperative for every single company to provide its workers with comprehensive, ongoing security training to keep systems secure at all times.
What type of training do employees need to fully secure Microsoft Office 365? Following are some important points that should be emphasized:
Never use personal devices for work-related tasks. It is all too easy for company employees to merge work-related and personal matters. Important company files may be downloaded onto an unsecured personal laptop, which is then unknowingly breached. A personal smartphone containing valuable business data may be stolen, compromising the company by exposing vital data. Additionally, employees should never email company files to their own personal email account. Many employees do this to work on holidays or on the weekends; however, this move exposes company data to hackers who may be able to access a personal Gmail or Yahoo email account with a weak or easy to guess password.
Work devices should never be used for personal matters such as checking a personal email account or social media site. It is all too easy for employees to compromise a company’s entire network by downloading a malicious attachment from a personal email account or social media site.
Employees should be taught the right way to communicate with colleagues and superiors. Internal communications should be secure and follow proper protocol to prevent important data from falling into the wrong hands. Employees should also be taught how to spot fake communications ostensibly from management but actually sent by a hacker attempting to access company data.
Knowing how to back up important data is yet another aspect of employee security training. Data should be backed up regularly yet in a secure manner so that unauthorized third parties cannot access files as they are being copied to or from a cloud server.
Companies should also create a plan for handling a malware, ransomware, DDoS or any other type of cyberattack. Even the best Microsoft Office 365 security guidelines cannot guarantee that an attack will never occur. Employees should know how to recognize the signs of an attack and what to do to limit the damage.
New employees will need industry-specific training on how to handle important data. Healthcare companies, for example, will need to ensure that all employees are aware of current HIPAA guidelines regarding patient data privacy. Government entities will need to train employees to handle sensitive or classified information by existing laws and regulations.
Cybercriminals are always on the job, looking for new ways to access company data from Microsoft Office 365 and then misuse this data by offering it for sale on the dark web or demanding a ransom in exchange for returning company files. Given this fact, it is important for businesses to have a plan in place to keep their Microsoft Office 365 accounts secure at all times. The tips mentioned above are an ideal starting point; at the same time, companies will need to customize their approach to Office security to ensure their files remain safe from unauthorized access. It’s also wise to re-examine security guidelines from time to time to ensure that they are still are effective and efficient as they are meant to be.
by Felicien | Jan 10, 2019 | Education
Making an Ultimate Technology Plan for the New Year
Times are changing. Apparently, this is the case considering we’re about to head into 2019. How is your current technology holding up at your company? If you feel like there are certain things that you need to change up to stay competitive, it might be time to confront this challenge head-on with an ultimate technology plan.
You may not be familiar with how to implement one, but once you learn the basics, which we are going to show you here today, it’s a smooth process that will have you on the road to an overall improvement in every aspect of your offices’ technological needs.
Let’s get started with how to create a technology plan for your company or small business so that when you head into the new year, you’ll be thoroughly prepared to be on the cutting edge tech-wise.
Step #1: Look Over Your Existing Technology
When you look around your small business or office setting, what do you see? Do you see old computers, old printers, and another dinosaur related tech that you aren’t even using anymore? Part of your plan should be to clear out old and outdated tech stuff that you probably aren’t using anymore.
Now is the time to recycle all of that and remove it for good from your workspace. It’s like a breath of fresh air when you clean out old technology this way. The beginning of the new year is the perfect time to do this. You’ll be pleasantly surprised at how much this can help to improve the overall attitude of an office or another work setting.
Step #2: Create an Ideal Budget
Mention the word budget and it always feels a little bit “heavy.” What can you afford? What can you really really afford? Sometimes what you need and what you can afford are two different things.
Create an ideal budget in mind that fits in with your revenue plan. You don’t want to overspend, but you do want to achieve your ultimate technology plan with the right budget in mind. Do the best you can with this.
It may require some research to figure out how to afford the technology items you need, but with the right focus, you should be able to obtain great technology that fits into your set budget.
Step #3: Plot Out What You Need
Figure out everything you need tech-wise and the cost for each item. Put all of it into your plan so that you can visualize having the full scope of your new tech at your disposal.
Don’t leave anything out to figure out later. Make this ultimate technology plan as detailed as possible so that you know exactly what you will end up with to ultimately suit your needs.
Step #4: Implement a Realistic Timeline (3-6 Months)
Most of the time you are going to want to get your new technology purchased over a few months. If you can afford it all at once, fantastic. If not, it’s okay to set up a realistic timeline to obtain everything you are going to need to have updated gear that works for you.
Many companies look for a timeline that extends around 3-6 months. If you need it to be shorter or longer, according to your individual company’s needs, that’s fine too. It all goes back to your budget and what you can afford to do at any one time. Or over a few months if need be. Your finance department will be able to assist you with this part of the technology plan.
Step #5: Write Your Plan Out in Detail
Your plan is known as your “technology vision statement.” Sounds pretty fancy, right? This is going to help you achieve your mission to be updated entirely going into the new year with your brand new technology in place.
You’ll be amazed at how much fresh tech will energize your team. Don’t underestimate the power of renewed vigor and the new year is the right time to have your technology planning accomplished. Set out and do it right so that you are ahead of the game in your industry.
It just makes everything you need to get done go a lot smoother for you and your team. After all the last thing you want as a cutting edge company is to look like you are lagging behind tech-wise. Your clients will pick up on your overall image and tech that isn’t up-to-date looks like an eyesore.
by Felicien | Jan 10, 2019 | Education
Smartphone technology and the internet have made it possible for us to share ideas—and do business—with people all over the world. Learning to use the powerful tools we have at our fingertips more effectively is one of the most significant challenges of our time. Today’s consumers aren’t just looking for products—they are seeking mutually beneficial long-term connections. No matter what your business is, you can increase your sales by using photos to share information about your products, your company, and most importantly, yourself.
The success of Instagram and Snapchat demonstrate that photos are one of the most preferred methods of sharing information and making human connections. People want to feel personally connected to those they do business with, and social media is a great way to introduce your staff to the world. The right photos can reveal their personalities as well as showcase their talents and abilities in a way that words alone just can’t. You don’t have to be an award-winning professional photographer to create amazing photos, either. The following eight tips can help you transform your iPhone camera into the window through which the world can view your company.
How to Get to the Camera Quickly and Never Miss a Shot
The perfect shot never lasts very long. That’s why there’s more than one way to get to your iPhone camera. The fastest, easiest way is to just swipe left after waking the phone. If you are already in another screen, swipe up to get to the control center where the camera icon is located. If you don’t have a camera icon in your control center, you can add it in three easy steps by going to settings, choosing “customize controls”, then choosing “add camera”.
How to Snap a Photo
You can snap a photo by pressing the home button (aka shutter button) while in the camera app. However, trying to hold the phone still while maneuvering your hands towards a button located near the bottom of the screen can be difficult. Luckily, once you have the perfect shot lined up, you can also use either of your volume buttons located on the side of your iPhone to snap the photo. Being able to use whichever method is easiest to access can mean the difference between a good shot and a great one.
Object Placement, Composition, and Symmetry
Your iPhone camera comes equipped with a grid to help you line up your shots more accurately. The grid is also a useful tool for creating more balanced compositions because it breaks the available space into separate parts. To utilize the grid, go to camera settings, find “grid”, and enable it by swiping the radio button to the right until it turns green.
HDR—High Dynamic Range
The right lighting is often difficult to achieve, but the HDR setting on your iPhone camera can help. This setting allows to you reduce distortion of light and dark in photos taken where there are high-contrast light sources. It also helps reveal more details in both light and dark areas. HDR uses a process of shooting several frames in rapid succession, then merging them together to achieve the best effect. In camera settings, the HDR option will be near the bottom. Make sure the “Keep Normal Photo” option is switched on, so your camera will save both versions of your photo.
Automatic Focus and Exposure
Once you have the shot you want, it’s time to lock your focus. To do that, just tap and hold the focus box. When the yellow AF/AE circle slider appears, press it to lock the focus. If you want to adjust the exposure, drag the yellow exposure slider to the right side of the focus box. You will then be able to slide it upwards to increase exposure, and downwards to decrease it.
Camera Modes
Burst mode allows you to take ten photos per second, ensuring that you get just the right one. To go into burst mode, simply hold down the shutter button for a half a second or longer. Portrait mode is perfect for close-up photos that focus on human subjects and don’t require depth of field. This mode also has several special lighting effects, including studio, contour and stage lighting that you can apply either during the shot or afterwards. While the digital simulation of a shallow depth of field may not yield the professional results that a DSLR (Digital single-lens reflex) camera can, the results can still be amazing.
Lighting Effects
The studio light effect enhances highlights. The contour effect creates a dramatic shadow effect. The stage light effect darkens the background. The stage light mono setting transforms a color photo into a black and white photo. To apply any of these special lighting effects afterwards, just press the edit button.
Live Photos
The Live Photos feature. Available on iPhone 6s and newer, creates shots that are part photo and part video. Like video, it can capture both movement and audio. To activate this feature, just tap the circles icon in the camera app. You can then apply different effects to your live photo shots, such as bounce, loop, or long exposure. To access them, just swipe up while you are in Live Photo. Loop plays, then repeats the video, using a dissolve transition. Bounce plays, then reverses, the video. Long Exposure combines all the frames into one blurred image, which is great for moving water shots.
These eight tips can help you take better photos with your iPhone camera. But don’t forget that your iPhone also has a front-facing video camera. While photos can capture beautiful moments, some of the best memories your customers will have of your business are the ones you create together. The video camera is excellent for either FaceTime or Skype, both of which provide almost all the benefits of speaking in person. You’ll be able to look into one another’s eyes, see one another’s emotional reactions, and transform puzzled expressions into “Oh!” moments.
Using photos on Snapchat or Instagram, you can introduce your friendly, highly competent staff as well as new products and services. Video capability provides a way to show your customers not just your finished products, but the processes that created them. Affordable prices, quality products, and superior customer service are all important elements of any successful business. However, all other things being equal, the ability to make and maintain genuine human connections is the one element that can guarantee not just short-term profits, but future returns.
by Felicien | Jan 10, 2019 | Education
If the frightening headlines about massive data breaches were not warning enough, upwards of 60 percent of all small and mid-sized businesses, reportedly shutter within six months of a systems hack.
The leading causes of nefarious systems incursions are reportedly caused by about 25 percent of valued employees repeating the same username and password across multiple platforms. But what remains even worse is that fact that as many as 95 percent of all small businesses lack adequate protocols to safeguard important company or customer information.
In the coming months and years, cyber threats are expected to continue to pose a grave danger to the health and well-being of small and mid-sized organizations. The question business leaders may want to ask themselves is . . . will you join the 60 percent of companies that did not recover from a data breach?
Strengthen Your Business Defenses
Many of the toppled 60 percent may wish they knew then what many know now. That is, the key to cybersecurity does not solely depend on having the best software protections. According to the National Cybersecurity and Communications Integration Center, and Department of Homeland Security, nefarious email remains a primary trap used by cybercriminals and DHS recommends the following safety procedures.
“Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.”
“Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.”
“Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you with their name and a call-back number. Just because they may have some of your information does not mean they are legitimate.”
As you can surmise, these cyber safety measures do not necessarily rely on the latest antivirus software or systems protections. Hackers continue to take advantage of human oversight and error to infiltrate organizations and pirate valuable personal data and intellectual property. Homeland Security also recommends that business leaders implement the following employee training and protocols to protect against data breaches via email.
Maintain Secure Passwords: Change passwords regularly and never share them or provide co-workers with access.
Verify Sources: Make certain that emails originate from people and companies within your network by contacting them directly for verification.
Nix Auto-Download: Never use automatic download options for email attachments.
Never Click On Links: Embedded links are a primary method used by hackers to trip up team members through ransomware and malicious viruses.
Strengthening a company’s defenses begins with employee training and awareness that data breaches are not reserved for significant organizations and Fortune 500 corporations. Hackers continue to troll for low hanging fruit and unsuspecting employees who make innocent mistakes.
Employee Cyber Security Training is Job One
Although ransomware attacks reportedly declined from 638 million in 2016 to 184 million in 2017, according to Statista, this method has been used to target a tremendous number of small and mid-sized outfits.
The common attitude among cybercriminals is that decision-makers will ultimately weigh the cost of paying the ransom against potential profit losses and do the math. Hackers understand that poorly defended organizations are likely to negotiate and pay up. That’s why valued employees must remain vigilant and be a sort of human firewall if you will.
Proactive industry leaders are tasked with training employees and also determining which team members could be considered at risk. An IT support team can utilize training videos, create a cybersecurity policy and implement it by working with groups and individuals. But once the hands-on work has been completed, it’s imperative that companies conduct ongoing cybersecurity evaluations. These are logical methods to consider.
Identify team members who could be best targeted by hackers.
Deploy unscheduled mock cyber attacks.
Create and release convincing but harmless mock ransomware links via email.
Require employees to complete cybersecurity training modules.
Require advanced training for those who are tripped up by mock cyber attack drills.
We may be living in a golden age of technology, but our everyday fallibility remains the threshold that cybercriminals use to break into our business systems and rob our valued customers and us of critical data. One of the primary ways to avoid joining the 60 percent who are out of business is to make team members aware of cyber dangers and provide them with the skills to combat cybercriminals.
by Felicien | Jan 9, 2019 | Education
Is someone out there pretending to represent your business to make money? Don’t laugh. It happens. Business identity theft is a growing concern for many companies across the US. According to a recent study by Dun & Bradstreet, business identity theft, also called commercial or corporate identity theft, was up 46 percent in 2017.
The CEO, Mary Ellen Seale, of The National Cybersecurity Society (NCSS) said, “Small business identity theft – stealing a business’s identity to commit fraud, is big business for identity thieves.” However, too few businesses, especially smaller businesses, are aware of the issue. In 2018, the NCSS published “Business Identity Theft in the US” to help publicize the problem, and to provide guidance on how companies can help protect themselves.
Which Types of Businesses Are Targeted by Business Identity Theft?
Corporate identity theft is not just a problem for large corporations or companies operating in a particular industry. It is a crime which can affect any-sized business from tiny Mom and Pop shops on Main St. USA to multinational companies who are involved in any commerce:
Small companies are usually the initial victims of identity theft since these companies tend to have more lax security in place and are less likely to realize their information is at risk. However, that doesn’t mean that larger companies are immune from having a criminal steal their identity. Plenty of larger businesses have their identities stolen each year.
Corporate identity thieves use the name and legitimate business information of customers of large vendors’ customers to trick them into fulfilling orders. Busy vendors who fail to put into place procedures to verify whether an order is genuine can end up losing millions of dollars a year to these scams.
Criminals masquerading as a legitimate business deceive financial institutions to open credit card accounts, establish lines of credit, send or receive wire transfers, and secure loans.
The list of victims of corporate identity theft even extends to the US government when criminals use stolen company credentials to claim tax refundable tax credits or to exploit other government benefits for corporations.
How Do Thieves Steal a Corporation’s Identity?
Criminals who steal the identities of businesses have a wide range of methods ranging from very simplistic to highly sophisticated. Many lower level identity thieves focus on email phishing scams which target employees of the company in an attempt to gain confidential information such as database passwords or HR records. Other simple scams use spoofed email accounts of company executives to trick vendors and clients of a company into believing they are communicating with someone from the company. Slightly more advanced scams can include setting up an unsecured WiFi network in near a company in hopes that employees will use it to conduct business and then stealing the data.
More sophisticated scams can include dozens of people, building fake websites, using shelf companies, social engineering and even renting office space at the same location as the targeted company. The goal of these higher level scams is typically to create a plausible “Proof of Right” which the thieves can then use to secure fraudulent loans, masquerade as the company in a business deal, or even sell company assets.
How Can You Protect Your Company From Identity Theft?
While there is no way to protect your company completely from identity theft, you can make it harder for cybercriminals by maintaining proper data protection procedures.
Train your staff. Teach your staff how to recognize phishing scams and how to verify when an email is from a legitimate source. Establish procedures on how to handle data correctly, and have a data loss prevention plan in place including a ‘clean desk’ policy.
Secure your network. Add additional security to your networks and ensure that everyone is using secured servers. Avoid using a ‘master account’ which allows access to your entire network to limit data breaches. Require two-factor authentication.
Monitor your financial information. Check your company’s credit report regularly to ensure that there aren’t any unexpected changes such as credit applications or new accounts.
Consider hiring a company to help prevent corporate identity theft. An outside security company is one of the best ways to protect your corporate identity from scammers.
