How to defend against WannaCry

May 24th, 2017

Both businesses and individuals across dozens of countries are scrambling to fix their computer systems after a ransomware, named WannaCry, caused major disruptions earlier this month. Like most ransomware, WannaCry encrypts files and demands a Bitcoin payment for their release. What’s worse, more WannaCry variants will likely be developed in the near future, according to security researchers. Fortunately, there are some common strategies you can use to mitigate the damage of the ransomware.

Update your software The first (and probably best) defense against WannaCry ransomware is to update your operating system. New research from Kaspersky shows that machines running Windows XP, 7 and outdated Windows 10 versions were affected by the ransomware. To check whether your systems are up to date, open your Windows search bar, look for Windows Update, click Check for Updates, and install any major updates.

Also, don’t forget to download the latest security patches for your business applications and security software.

Run security programs Many antivirus programs now have mechanisms for detecting and blocking WannaCry malware; so when you’ve fully updated your security software, run a full system scan.

Keep in mind that antivirus isn’t a foolproof security solution. Instead, run it alongside other security applications like intrusion prevention systems and firewalls.

Use data backup and recovery tools If WannaCry does infect your computers, only a solid data backup and recovery solution can save your business. Before ransomware strikes, periodically back up your files in both an external hard drive and a cloud-based backup service.

External hard drives will serve as your local backup solution for quick recovery times. However, we recommend keeping the external drive disconnected when it’s not being used and plugging it in only when you need to back up files at the end of the day. This is because when ransomware infects a computer, it will usually look to encrypt local backup drives as well.

Cloud-based backups, on the other hand, allow you to store files in remote data centers and access them from any internet-enabled device. When selecting a cloud services provider, make sure they provide the appropriate cloud protections to your files. For example, your backup vendor should provide reporting tools to keep track of any anomalies in your files. Document versioning features are also important. This allows you to recover older versions of a document in case the current version is encrypted.

After your local and cloud backups are set up, perform regular tests to ensure your disaster recovery plan works.

Stay informed Finally, it’s important to stay on guard at all times. WannaCry is just one of many ransomware strains affecting businesses today, and in order to stay safe you need to be constantly up to date on the latest cybersecurity- and business continuity-related news.

For more ransomware prevention tips and services, call us today. We’ll make sure hackers don’t hold your business hostage.

Published with permission from TechAdvisory.org. Source.

Topic business
May 23rd, 2017

Cybersecurity didn’t become more important in light of the WannaCry ransomware epidemic, it just became more visible to the average internet user. If like so many others, you’re auditing the security of business’s software, web browsers are a great place to start. Learn more about how your browser choice stacks up in your security comparison.

Microsoft Internet Explorer (IE)/Edge

Despite their nearly identical logos, Edge and IE are actually different browsers with vastly different security strategies. Microsoft’s legacy browser, IE, isn’t even fully supported anymore. The most recent version still gets occasional updates, but experts don’t expect that to last for long. If any website or services claims to require IE to run, consider that a possible red flag.

Windows 10’s default browser, Edge, is a different story. This browser uses a technology called virtualization to create safe spaces to open and test links before granting a website’s programming code full access to a computer and user. Edge is based on the same software as IE, and the majority of its security improvements come from scrapping the browser’s customizability. If you’re okay with a fairly inflexible browsing experience, Edge is a good option.

Apple Safari

Safari is to Macintosh computers what IE is to Windows machines. Safari comes pre-installed on OS X and it has a long history of battling malware. Its security programming has been bested a number of times, but usually in research settings. The commonly held belief is that Safari just doesn’t have enough users to make it a profitable target. Apple has a history of responding quickly to malware, but we don’t recommend leaving anything to chance.

Mozilla Firefox

One of the earlier third-party web browsers to gain popularity was Firefox. Unfortunately, it just can’t keep up with the competition. In just one example, all the data from browser plugins is stored in the same location, which means a compromised add-on could easily gain access to the data stored in a password manager.

One of the reasons that Firefox continues to stick around is its commitment to privacy. All the other browsers on this list profit from analyzing (and sometimes selling) your browsing habits, while Firefox has cornered the market on privacy. Security and privacy should never be confused, but if the latter is more important to you and you aren’t installing third-party plugins, Mozilla is an OK option.

Google Chrome

Chrome is used by almost two-thirds of all internet users, and for good reason. Like Edge, Chrome also uses virtualization to create a quarantined space between the internet and your computer. Additionally, Google issues routine security updates to its browser more frequently than any of the others on this list. There is near unanimous consent among experts that Chrome is the safest of all web browsers.

Privacy however, is a whole other ball game. Pretty much every action you take using the Chrome browser is tracked, stored and analyzed. That’s not to say that your email isn’t encrypted or your saved passwords aren’t safe, it just means you have much less control over your internet identity.

Being aware of how your web browser stacks up against its competitors is only a fraction of the battle. WannaCry spread to uninfected systems through a gap in the Windows security framework, and most other ransomware infections prey on human error. What your business needs is a comprehensive security audit. For more information, call us today.

Published with permission from TechAdvisory.org. Source.

Topic Web & Cloud
May 20th, 2017

With so much technology moving to the cloud, onsite servers aren’t getting as much attention as they used to. Optimizing this critical piece of business technology is no small task, but there are a few simple things you can do to ensure the success of your in-house servers.

Mount your servers properly

Small businesses are usually forced to prioritize the here and now over long-term planning. Not for lack of caring, it’s just a fact of working on tight budgets and with small teams. This is especially evident when it comes to server planning. When your business first sets up shop, it’s tempting to plug in a server right next to your workstations -- but doing so puts your hardware in harm’s way.

Mounting servers in a rack protects them from the accidents commonly associated with highly trafficked areas: spills, crumbs and tripping hazards. Server racks keep your most essential hardware safe by organizing everything in a space that is more accessible for cleaning and management but less exposed to the day-to-day wear and tear of your office.

Server planning is all about leaving room for the future. When choosing your rack mount, make sure to leave room for the hardware you will need to expand in the future. Unless office space is a serious concern, it’s better to have a half-empty server rack than to be forced to tear the whole thing down and redesign it the moment you need to expand.

Keep servers separate from the main area

Depending on what type of servers you are running, they can create quite a bit of noise. This coupled with the fact that they are comprised of valuable hardware means that you should do everything in your power to keep your servers physically separate from your working space. If you don’t have room for a server room, consider investing a little extra in a secure rack mount with built-in sound reduction.

Never skimp on cooling

Even when your business first opens its doors, server cooling is a crucial consideration. These computers are designed to work at peak capacity and need optimal conditions to do so efficiently. Even if your equipment seems to be performing just fine, too much heat can drastically reduce its lifespan.

Make sure that your cooling solution operates outside the confines of your building’s infrastructure. If the central air gets shut off at night, or if your office experiences power outages, you need a cooling solution that switches over to backup power with your servers.

Keep wiring neatly arranged

For anyone without hands-on experience with server hardware, the number of wires going into and out of your setup is shocking. Getting the whole mess organized isn’t just about cleanliness, it also affects the performance of your current setup and the viability of installing future upgrades. Any time you are installing, removing, or rearranging your server cables, check that everything is neatly labeled and safely grouped together.

Managing any type of hardware comes with dozens of important considerations, and that goes doubly so for servers. The best way to guarantee your IT investments are getting the care they require is by partnering with a managed IT services provider. To learn more about our services, give us a call today.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
May 19th, 2017

One of the most common ways hackers infiltrate networks is by using phishing scams -- fraudulent emails to trick unwitting users into giving away login credentials or downloading malware. Although this is the oldest trick in a hacker’s arsenal, it’s still an incredibly effective attack method. To blunt the potency of these scams, Google released an anti-phishing feature for Gmail apps on Android devices. Read on below to find out how it works.

Phishing warnings The new Gmail app feature uses Google’s Safe Browsing technology to examine billions of URL links per day and identify websites impersonating legitimate ones, like an online store, bank, or social media. It will then check whether these websites are embedded with malware or have elements of a phishing attack (e.g., asking for login credentials, private information, etc.).

If it has reasonable evidence to think that the website is indeed malicious, Gmail will display a warning prompt: “The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal, or other sensitive information.”

Keep in mind that Gmail may come up with false positives, and for this reason, Google does not completely block access to using a link but advises that you take extra caution if you choose to proceed.

The tech giant also reported this update is available only for Android users and will eventually reach other devices; so if you have an iOS, be extremely careful when interacting with any links in your Gmail accounts.

Safety for Gmail and Google Docs In other news, a widespread phishing attack affected thousands of Gmail and Google Doc users earlier this month. The attack uses a spoofed email from a known contact attempting to share a ‘document.’ If opened, the fraudulent link redirects victims into an innocent-looking Google page that asks for account permissions. If users grant access, a worm collects your contact list and proceeds to attack other users. Fortunately, Google quickly responded to the scam, removed the fake pages, and updated anti-phishing detection to account for similar threats.

Security training While Safe Browsing features are extremely helpful for Android Gmail users, they shouldn’t be a total substitute for good security awareness. Remember, phishing exploits human trust, so make sure to train your employees to have a healthy skepticism of every unsolicited link or file and download security updates whenever possible.

For more information and advice on security training or Android-related news, give us a call today. We’ll make sure your business is completely up to date with shifting mobile security trends and issues.

Published with permission from TechAdvisory.org. Source.

Topic android
May 18th, 2017

Virtualization is a great way to save money and increase the efficiency of your existing IT hardware, but how exactly do you implement a virtualization solution? There are several vendors that provide software solutions, but there’s one almost everyone has already worked with: Microsoft. In its latest operating system release there are a few ways to virtualize your office.

A brief history of Windows Server

The Windows Server operating system has been around for decades. As an advanced option for onsite servers, this operating system grants access to high-level access management settings, DNS customizations, and network configuration management. In fact, it’s such a complicated solution that Microsoft offers certification courses for each version of the operating system.

The most recent iteration of this operating system is Windows Server 2016 (WS16). Released on October 12th, 2016, Microsoft’s latest server software included countless improvements to its networking and user management features. Where it really shines however, is in the ways it handles virtualized computing.

Virtualization in Windows Server 2016

As with just about anything in the virtualization world, containers dominate the WS16 conversation. Containers use software to aggregate the bare minimum requirements that one application needs to run -- hardware, software and operating system -- and deliver that package across a network to computers that lack one or more of those requirements. For example, if you want to run a Mac application that requires a huge amount of processing power on a bare-bones Windows workstation, you can create a container with the necessary components on your server and let the workstation access it remotely.

WS16 users have access to two types of container deployments: Hyper-V and Windows Server containers. To the average business owner, the differences between these two options is minute, but what is important is Microsoft’s commitment to compatibility. If virtualization is important to you, choosing WS16 is a great way to ensure that you’ll be ready for whatever develops among the disparate providers.

Another great virtualization feature in WS16 is software-defined storage (SDS). It’s a complicated solution, but it essentially allows you to create hard drive partitions outside of the confines of hardware limitations. You can create a single drive by pooling storage space from three different servers, or you can create several separate drives for virtualized workstations to access.

Obviously, managing a server is no easy task -- regardless of whether or not you implement a virtualized infrastructure. That complexity comes with some compatibility issues; if your business relies on old software, it may not have been updated to run with WS16. For everything from creating a transition plan to managing your virtualized framework, give us a call today.

Published with permission from TechAdvisory.org. Source.

May 13th, 2017

Microsoft has commercially released new products and upgrades that will secure company information. The threat intelligence and data governance features are designed for businesses that adhere to strict regulatory guidelines and need an extra layer of protection against cyberattacks. Here’s a detailed look at what these additions can do for your business.

Threat Intelligence Threat Intelligence for Office 365 gathers data from Microsoft security databases, Office clients, email, and other recorded security incidents to detect various cyberattacks. This feature gives users in-depth knowledge about prevalent malware strains and real-time breach information to analyze the severity of certain attacks.

What’s more, Threat Intelligence comes with customizable threat alert notifications and easy-to-use remediation options for dealing with suspicious content.

Advanced Threat Protection (ATP) upgrades In addition to Threat Intelligence, Office 365’s ATP service now has a revamped reporting dashboard that displays security insights across a company. This includes a security summary of what types of malware and spam were sent to your organization, and which ones were blocked. According to Microsoft, these reports will help you assess the effectiveness of your current security infrastructure.

ATP also has a new capability called “Safe Links” which defends against potentially malicious links in emails and embedded in Excel, Word, and PowerPoint files. If suspicious links are discovered, the user will be redirected to a warning page to avoid an infection.

Advanced Data Governance The newly released Advanced Data Governance feature is also a much needed enhancement for highly-regulated companies. It classifies files based on user interaction, age, and type, and recommends general data retention and deletion policy recommendations. If, for example, your business has retained credit card data for longer than necessary, Advanced Data Governance will alert you of the possible data governance risks.

Data loss prevention enhancements Last but not least, the Office 365 Security & Compliance Center is also receiving data loss prevention upgrades. With it, you can easily access and customize app permissions and control device and content security policies. So if someone in your company attempts to leak sensitive customer information, Office 365 will notify your administrators immediately.

Although all these features are available only for Office 365 Enterprise E5 subscribers, security- and compliance-conscious companies definitely need these upgrades. Get the right Office 365 subscription by contacting us today.

Published with permission from TechAdvisory.org. Source.

Topic Office
May 12th, 2017

Updates to the Windows operating system have a controversial reputation. On the one hand, Microsoft issues them frequently to combat cybersecurity risks and introduce new features. On the other hand, the update frequency and requirements leave some users feeling like it's impossible to keep up. The most recent announcement from Microsoft is working to address these inconsistencies.

Windows 10 updates in 2017

In the summer of 2016, Microsoft announced that Windows would receive two large-scale feature updates in 2017. The first of these was released in April and is referred to as the Creators Update. Although many of the new features are far too advanced for the average user, the Creators Update included huge boosts to data security, user administration, and mobile device management integrations.

The next big update is due in September, and is rumored to come with several consumer-level features such as the People integration that was originally slated for the Creators Update. People would allow you to pin contact icons to your start bar to consolidate shared cloud storage, messaging platforms and calendars for individuals in one convenient location.

The future of Windows OS updates

From 2017 onward, Microsoft has committed to sticking to this “predictable twice-per-year” schedule. Along with more reliable releases, the Windows team is also committing to a more reliable support lifecycle. As long as you are running a version of Windows 10 that has been released sometime within the last 18 months, you can be sure that Microsoft engineers are keeping it current and secure.

This is great news for businesses that struggle to keep their servers and workstations updated. Out-of-date operating systems are one of the biggest risks to data security for small businesses, and promising this level of reliability makes it much easier for IT teams to plan ahead.

As trivial as it may seem, keeping all your software and hardware updated is a huge benefit of outsourced IT management. From productivity improvements to security patches, most businesses are missing out on vital features in a number of their services and platforms. To ensure that every solution you’ve invested in is working at its peak, call us today.

Published with permission from TechAdvisory.org. Source.

Topic Windows
May 11th, 2017

As the technology that recognizes and thwarts malware becomes more advanced, hackers are finding it much easier to trick overly trusting humans to do their dirty work for them. Known as social engineering, it’s a dangerous trend that is becoming increasingly prevalent. Read on to educate yourself on how to avoid the most recent scam and those that came before it.

Broadly defined, “phishing” is any form of fraud in which an attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

These messages prey on users who click links, images and buttons without thoroughly investigating where they lead to. Sometimes the scam is as simple as an image with a government emblem on it that links to a website containing malware. Just hovering your mouse over the image would be enough to see through it. But some phishing schemes are far more difficult to recognize.

The Google Defender scam

Recently, an email spread to millions of Gmail accounts that almost perfectly imitated a message from Google. The text read:

“Our security system detected several unexpected sign-in attempts on your account. To improve your account safety use our new official application “Google Defender”.

Below that was a button to “Install Google Defender”. What made this scheme so hard to detect is that the button actually links to a totally legitimate site...within Google’s own framework. When third-party app developers create Gmail integrations, Google directs users to an in-house security page that essentially says, “By clicking this you are giving Google Defender access to your entire inbox. Are you sure you want to do this?”

Even to wary users, the original message looks like it came from Google. And the link took them to a legitimate Google security page -- anyone could have fallen for it. The Gmail team immediately began assuring users that they were aware of the scam and working on eradicating it and any potential copycats.

There’s no happy ending to this story. Although vendors and cybersecurity experts were able to respond to the crisis on the same day it was released, millions of accounts were still affected. The best way to prepare your business is with thorough employee training and disaster recovery plans that are prepared to respond to a breach. To find out how we can protect your business, call today.

Published with permission from TechAdvisory.org. Source.

Topic Security
May 9th, 2017

To truly make an impression on consumers, small- and medium-sized businesses are pulling out all the stops. Standing out from your competitors could increase your chances of earning revenue. Many SMBs are now turning to social media and content marketing strategies to gain a competitive edge. Stay one step ahead of the rest with these tips:

Come up with and implement a media crisis management plan It’s normal for businesses to go through a crisis or two. Avoid embarrassing public relations nightmares by having a social media crisis management plan in place and ready for implementation.

Create buyer personas Social media data is a great tool to gather information about your potential customers, and in doing so, create buyer personas. Buyer personas are comprised of generalized characters that help build an ideal picture of your business in the market. Key demographic information includes age, location, and even reasons for buying and product-related concerns.

Track the impact of your content marketing When it comes to content marketing efforts like blogging and social media, it’s essential to have a system to measure results. You can measure how these efforts impact your brand awareness by using metrics such as social media reach, brand mentions, media mentions, and branded searches.

Integrate user-generated content on social media Businesses can utilize social media as a way to interact with consumers. This includes sharing some of their content on your own channels. Not only are user-generated content more cost-efficient, they also shorten the customer’s path to purchase.

Use Hootsuite to manage Twitter chats A Twitter Chat happens when you use Twitter to talk about a common interest with others during a preset time. It's like an online chatroom where you add to the discussion by tweeting. Efficiently managing tweets and responses is integral. Fortunately, applications like Hootsuite simplifies the whole process. It easily monitors, searches, and saves Twitter Chats onto the Hootsuite dashboard for future reference.

Create better live broadcasts Livestreaming on social media platforms such as Facebook, Periscope, and Instagram is quickly gaining popularity. Before starting a livestream for your business, take time out to practice and prepare an outline before you roll the cameras. Don’t forget to promote it prior to the broadcast, and make sure you come up with a short and catchy video description.

All small- and medium-sized businesses are fighting for the same thing: the consumer’s attention. Business owners can’t afford to just blend into the background; if you don’t make a good, lasting impression, you might lose out on an opportunity to make money. And if you’re relying on social media and content marketing strategies to help you, make sure you are doing it right. If you have further questions, feel free to contact us!

Published with permission from TechAdvisory.org. Source.

Topic Social Media
May 6th, 2017

Good things come to those who wait, and this is especially true for small- and medium-sized businesses that plan on creating an eCommerce website. According to Vistaprint's study on 1,800 consumers, 42 percent of respondents are “very unlikely” to buy from unprofessional or ugly websites. Go through your site and ensure everything is in order. These key indicators might help:

A variety of clean photos Always take photos under professional lighting to really get the best images of your products. When customers are browsing, it’s normal for them to want to see as much detail as possible, so try to include as many photos, from as many angles your prospects might want.

Clear descriptions The last thing you want to do is to confuse your customers. That’s why it’s important to include all of your products’ technical information and dimensions before creating simple and straightforward product descriptions.

Establish policies Returns and refunds are an inevitable part of online shopping. In fact, a large percentage of online shoppers make purchase decisions based solely on how streamlined the returns policy is. Make sure to establish clear policies for returning and refunding items that are easy to find for customers.

About page Customers unfamiliar with your brand need a story they can relate to on your website. In your About Us page, include information on who you are and what you do that sets you apart from the competition. Whatever you write, make it accessible from any page on your site.

Navigation Fix broken links, make navigation straightforward, and remove outdated pages. You can’t sell 404 pages to customers, and if your site doesn’t make it easy to find what they’re looking for, game over.

Design Not everyone is a web design expert, luckily you can always hire one. If your budget is tight, there are DIY site builders specifically geared toward small businesses. Or with a relatively low monthly expenditure, you can hire a managed website provider.

With more revenue originating online, small- and medium-sized-business owners can’t afford to overlook the importance of creating a fully functional eCommerce website. Prior to going live, it’s essential to go through your entire site and resolve any mistakes before consumers see them. For further information on completing eCommerce websites, feel free to call us today!

Published with permission from TechAdvisory.org. Source.

Topic business