by Felicien | May 27, 2019 | Education
Multi-factor authentication is a polarizing topic in business and technical channels. While business users are often quite fussy when asked to establish a secondary method of accessing their secure accounts and data, technology professionals realize that this bare-minimum authentication may be all that stands between business systems and some very bad actors. Reconciling the technical challenges of implementing 2FA (two-factor authentication) or MFA (multi-factor authentication) may seem like a struggle IT teams aren’t winning — but the fight is still a crucial one. Here’s what you need to know about how MFA can potentially remove bad actors from the equation in your business.
What is Multi-Factor Authentication?
Business users (and ordinary humans in general) are notorious for creating passwords that are extremely easy to unravel. As machine learning systems become increasingly sophisticated, it’s not surprising that passwords no longer pose enough of a deterrent for a dedicated cybercriminal. A simple password is like the virtual handshake that allows an individual user to access their shared resources and business systems. Passwords are generally easy for business users: they can be quickly reset as long as you have access to a primary email account and you can theoretically use the same password in a variety of different places, which certainly makes it easier on your memory! Unfortunately, everything that makes passwords convenient for business users also makes it easier for hackers to infiltrate your systems. Multi-factor authentication includes a range of strategies that technology professionals can leverage to create an additional layer of security between bad actors and crucial business data.
Additional authentification options include:
SMS text-based messages to a stored mobile number
Biometrics, such as facial recognition or fingerprints
Hard and soft tokens
These systems can be configured to ask for an additional method of authentication only when the access attempt appears to be high-risk — such as requests that come from an unrecognized device or originated in a region that is known for presenting cybersecurity threats.
How Multi-Factor Authentication Helps Reduce Access for Cybercriminals
Cloud-based applications are considered by some to be key targets for an attack since the storage of information is not onsite behind a firewall, but “out there” where theoretically accounts could be more easily compromised. Implementing multi-factor authentication in this situation allows legitimate users to quickly access their accounts and information while adding that crucial layer of security. This is especially important when you have privileged access accounts — those users who have admin privileges or whose login allows them to tunnel deeper into your infrastructure. Creating a strong identity governance solution and implementing it across all corners of your business can help ensure that the individual accessing the information is vetted and verified before allowing them egress. While bad actors can hack a password, it would be much more difficult for them to copy a fingerprint or gain access to a randomly-generated number that was delivered to your personal mobile phone. While SIM hijacking does occur (when hackers access a specific phone remotely), a more robust form of two-factor authentication is helping businesses such as social media platforms reduce the potential of hacked accounts.
81% of Hacks Involved Stolen Passwords
Let that fact sink in for just a moment: according to Verizon’s recent Data Breach Investigations Report in 2017, 81% of breaches leveraged stolen or weak passwords to allow cybercriminals unauthorized access to business information. Creating the rules that will convince users to update them on a regular basis is a solid first step in reducing this threat, but it will not be nearly enough to stem the tide of destruction and loss caused by poor password hygiene. The Verizon report also showed that nearly 3/4 of breaches are financially motivated, while only a small percentage (21%) were related to cyberespionage.
With this type of additional data in hand, it is hoped that organizations will be able to pitch the value of multi-factor authentication to overcome any concerns by business users as well as the cost differential involved in implementing these advanced security measures. Without multi-factor authentication in place, your business is simply one weak or default password away from providing bad actors with easy access to your sensitive business information.
by Felicien | May 24, 2019 | Education
On Memorial Day we remember the veterans who made the ultimate sacrifice for our country. These brave men and women have dedicated their lives to honor the living and make our lives better.
Can’t see the video above? Click Here.
The History Of Memorial Day
Memorial day is the most solemn American holiday. Memorial Day was originally known as Decoration Day. After the Civil War in 1865, America needed a secular, patriotic ceremony to honor its military dead.
In May 1868, the commander-in-chief of the Union veterans’ group The Grand Army of the Republic, General John A. Logan issued a decree that May 30 should be a nationwide day of commemoration for the more than the 620,000 who were killed in the Civil War.
Decoration Day was a day where he said American should lay flowers and decorate the graves of the war dead “whose bodies now lie in almost every city, village and hamlet churchyard in the land.” The federal government began creating national military cemeteries for the Union war dead. Monuments to fallen soldiers were erected and dedicated. Ceremonies were held to decorate soldiers’ graves.
For more than 50 years, the day was only to honor those killed in the Civil War. Finally, after World War I, Memorial Day included honoring those who died in all American wars. And Memorial Day wasn’t officially recognized nationwide until the 1970s, while America was deeply embroiled in the Vietnam War. In 1971, Memorial Day became a national holiday by an act of Congress.
Today
Today we celebrate Memorial Day on the last Monday in May. Many Americans observe Memorial Day by visiting cemeteries or memorials, holding family gatherings and participating in parades. Unofficially, it marks the beginning of the summer season.
Although many of us will be enjoying a long weekend, the opening of the local pool, barbeques and some fun at the beach, it’s a day for honoring military personnel who died in the service of their country, particularly those who died in battle or as a result of wounds sustained in battle.
Today as we enjoy paid leave and ice cream, perhaps a little reflection is in order.
How Best To Remember The Meaning of Memorial Day?
Never forget our fallen soldiers. They have shown us a path to patriotism. We should honor them by our actions. Listen closely to their plea: “Honor us by sacrificing today for a better tomorrow.”
Our office will be closed on Monday for Memorial Day.
We hope that on this day you will make an effort to set aside a quiet moment to honor those who made the ultimate sacrifice.
by Felicien | May 24, 2019 | Education
If you’ve heard the terms “NextGen Malware and Antivirus Protection”, you might think they were made up by a marketer who had a few too many lattes — but this type of security truly takes it up a notch from more familiar offerings. Today’s cybercriminals are becoming increasingly savvy and are finding ways to short-circuit or completely bypass traditional protective measures. These well-organized criminals understand white hat security procedures. They are tracking the activity of your key business leaders online or on social media. They are developing malware and viruses that can mutate to avoid detection. And make no mistake: these hackers can bring your business to a halt in a matter of hours by limiting access to your important business data or trashing crucial systems. Here’s what you need to know about the next generation of tools that cybersecurity professionals are developing to combat this escalating threat to America’s businesses.
Cyberthreats Were Created to Evade Your Current Security Systems
What are these dangerous and slippery lines of code? They’re developed specifically to circumvent or defeat your security processes and procedures and are becoming extremely effective at doing their job. Traditional antiviruses are often blocked before they are able to cause a great deal of mischief, but this new generation of threats requires some next-level tools for protection. Ilan Sredni of Palindrome Consulting shares: “Advanced threat protection has changed its nature. Using artificial intelligence tools that can understand any type of malware will be the standard and the only way to stay ahead, if not current, with the threats”. Early on, threat actors figured out ways to leverage the most basic of business software, such as Microsoft Excel and Word, in order to deliver their nefarious payloads. Software engineers and security professionals grew savvy to these tactics — causing a new wave of threats to come to the forefront. As the threats continue to evolve, cybersecurity professionals will need to remain diligent if they want to protect their organizations. As endpoints become more amorphous, cyber attacks increasingly take advantage of the slipperiness of maintaining security on mobile phones, WiFi locations and other potentially risky endpoints.
What Makes Antivirus Protection “NextGen”?
While it’s difficult to tie down a single definition for “NextGen” in terms of antivirus protection, this term is often used to describe strategies and products that provide a more comprehensive and scalable approach to preventing this type of attack. This system-centric approach often leverages machine learning to improve protection capabilities, uses cloud-based computing to scan for threats and unusual actions, immediately begins resolution without requiring direct input and provides a more comprehensive set of data that can be analyzed to determine the duration and extent of a breach or hack. These forensics are particularly important as organizations seek to shore up any holes in their security grid to prevent other attacks in the future. Traditional antivirus protection is proactive to some extent, in that it is continually scanning for known signatures and performing heuristic analysis. The next generation of malware is quite crafty in the way it interacts with your systems.
What’s the Difference Between Metamorphic and Polymorphic Malware?
According to Don Baham, President and CEO of Kraft Technology Group, “Polymorphic and metamorphic attributes of malware are harder to detect and prevent, and more dark web marketplaces are providing access to malware code. Together, this has resulted in a greater number of hard-to-detect malware variants attacking our enterprises”. Defining the difference between metamorphic and polymorphic malware starts with understanding the root of the terms: “Metamorphic viruses are considered to be more advanced threats then polymorphic malware because the internal code and signature patterns are changing with each with iteration, making metamorphic malware impossible to be detected with signature-based endpoint tools,” Sredni shares. Protecting against this type of malware requires reaching beyond a simple monitoring program and defining endpoint security solutions that will monitor for abnormal activity, analyze what rogue programs are attempting to do and either halt the activity or actively alert an admin. “Since this type of attack can happen rapidly, it’s crucial that your solution is able to report this newly learned behavior to other endpoints in the enterprise to help mitigate the spread of the malware,” notes Baham.
Protecting Against Next-Generation Threats
For information on protecting against this type of advanced threat, we turn to Keith Marchiano, Director of Operations for Kyocera Intelligence. “Your first step is to implement a password policy to have your end user passwords changed every 90 days. Having your server and network passwords changed as frequently is challenging. Second, implementing 2-factor authentication for anybody trying to log into your server or network is recommended. Third, implement a multi-layer plan for security- antivirus, malware/spyware/ransomware protection, and cloud DNS security to protect the network. Fourth, implement mandatory security training for all employees. Finally, have a disaster recovery/business continuity solution that will detect ransomware attacks and allow your network administrator to restore the network to the time prior to the attack. Taking this approach will improve your security and ensure if you are attacked, that you can restore without loss to your data or major damage to your company’s reputation. All of these steps can be implemented rather quickly without interruption to your business”.
Creating a holistic approach to security starts with a firm understanding of the threat landscape, something that you simply cannot gain overnight without assistance. Your business is depending on you to reduce the risk around malware and viruses — are your solutions and technology team ready to rise to the occasion?
by Felicien | May 23, 2019 | Education
What’s your favorite: red or blue? Sometimes there are no wrong answers to a question, and that may be the case when you consider the various infrastructure options of SD-WAN vs. MPLS. Can one be truly considered “better” than the other? It depends on the goals and requirements of your organization as well as the existing infrastructure that you are working with. Let’s unpack whether SD-WAN or MPLS is the winner when it comes to selecting a protocol for your network traffic. With the growth of SaaS platforms and cloud-based storage and computing, this question is looming large in the mind of IT leaders throughout the world.
Understanding SD-WAN: The Frisky Upstart
Wide Area Networking (WAN) has been around for decades, with a centralized bandwidth controller that is used to direct traffic within your organization. Policies and procedures are fed into traditional branch routers that then find the most efficient method for providing your application with the connectivity that you need. Expanding WAN can be expensive and configuration can be fiddly, which makes SD-WAN all the more attractive due to its flexibility for deployment. With SD-WAN (Software-Defined networking in a WAN), virtualization is leveraged to reduce the physical footprint and reduce the overall complexity of your networking practices. To keep it simple, you are much more likely to meet the expectations of your employees and customers with SD-WAN because you’re relying on a more flexible method of delivery for your business networking rules.
Understanding MPLS: The Hardened Contender
Multiprotocol Label Switching (MPLS) has been driving the business of doing business for many years and is a stable system for carrying data in high-performing networks. While it’s traditionally been used in telecommunications, there are plenty of organizations using MPLS to direct internet traffic, too. Where MPLS really shines is in applications such as VoIP, video conferencing or virtual desktops due to the high packet availability and low loss of quality. Sound and video quality are exceptional, and the protocol is highly predictable in nature. There are some key disadvantages such as bandwidth cost and the potential that lower-rated applications or services could be slower or have slightly degraded quality due to de-prioritization by the “traffic cop”. This protocol was great in a time when there were fewer demands on overall bandwidth, but today’s hungry cloud-based applications can quickly eat through your monthly allotments.
Advantages and Disadvantages of MPLS and SD-WAN
Without a full understanding of the particular needs of your business, it would be difficult to pick a winner between these two contenders for Top Protocol. SD-WAN offers the global availability, scalability and control that you need at a more reasonable price point, while MPLS allows you to boost the priority for crucial traffic moving through your network. MPLS practically guarantees a higher level of quality for the most important traffic within your business, while SD-WAN offers an added layer of security that might be a big selling point for organizations in today’s climate of rampant cybercrime. SD-WAN is generally considered to be more cost-effective and scalable — even though it is slightly less reliable than MPLS implementations.
Which Is Better for Your Business?
There is no clear and true winner in this battle, but you might be interested to know that Gartner released a recent whitepaper entitled: SD-WAN is Killing MPLS, So Prepare to Replace It Now. That seems like a pretty strong statement, especially considering that the research firm also notes that MPLS still far outstrips SD-WAN in terms of usage. Hybrid and internet-only WANs are on the rise as infrastructure leaders continue to look for ways to boost network efficiency and speed while reducing the possibility of a devastating security event. SD-WAN allows for an additional measure of control when it comes to security, which may be one of the reasons that IT leaders are moving in this direction.
There are no perfect answers that will fit the needs of every organization, but SD-WAN comes out on top in terms of price and scalability, while MPLS edges out the competition when it comes to overall reliability and reduced packet loss. One thing is for sure: this conversation will continue!
by Felicien | May 23, 2019 | Education
Microsoft’s mobile email solution, Outlook Mobile, is a powerful alternative to your phone’s native mail client. We’re offering some tips and tricks for those accustomed to another mail client. Today’s tip is how to share files from online storage using Outlook Mobile.
Step One: Create Message
To share files using Outlook Mobile, you’ll be sharing them within emails. First things first, you need to create the message that you want to use to send the file. Either create a new message or reply to an existing email by clicking “reply”.
Step 2: Click the Paperclip
Just below the area where you’d type your message, you should see a paper clip symbol. Click this, and on iOS you’ll see three options: “Attach file”, “Use last photo taken”, and “choose photo from library”. The latter two options allow you to send photos on your device, but that’s not what we’re learning about today. Click the first option, “Attach file”.
Step 3a: Add the Services You Need
(Note: If the online storage service where your file is located is already connected, you can skip this step.)
When you click “Attach file”, a list of services pops up. If the service you’re using is listed as “Add…” (such as “Add Google Drive…”), click that button and follow the login prompts.
Step 3b: Find Your Service and Your File
Once you’ve connected the services you use, you’ll see them listed in the “Attach files” menu. Scroll to the service you need. Outlook Mobile suggests recent files that you might need. Select the one you need, or if you don’t see it, click “see all”. Find your file and click on it.
Step 4: Choose How to Send
You now need to choose how to send your file. If you send it as an attachment, you’re creating a copy of the file. Your recipient can use the file as he or she sees fit, but you won’t see any changes that he or she makes until the file is returned to you. In many cases, the better choice is clicking “Insert OneDrive for Business link”. Doing so sends a link to the online version of the file. Changes your recipients make save in the online file, eliminating the possibility of duplicate files.
Other Things You Can Do
Outlook Mobile offers you additional ways to collaborate. Click the camera button in your email draft to quickly take a snapshot, perhaps of the whiteboard in your meeting room. You can even mark up the photo using markup tools, available in the upper right corner of the photo interface.
Got additional questions about Outlook Mobile? Call us today! We’re here to help.