Microsoft’s protection plan for Windows 10

By EDITOR 

Microsoft has created new security features for Windows 10 users. This update is a response to the global outbreak of ransomware attacks such as WannaCry and Petya. While this patch shouldn’t be a substitute for antivirus software and data backups, Microsoft does think its new features can help people defend against current and future threats. Find out how.

Controlled folders
With Microsoft’s new Controlled folders access feature, you can list certain documents and folders as “protected.” Only whitelisted apps can access and edit these folders, while any attempted changes by malicious apps are simply blocked by Windows Defender.

In theory, this should slow down a ransomware’s ability to encrypt critical information. Some reports suggest that other threats like malicious file macros and viruses can be prevented by this feature.

So far, only Windows Insider users have access to controlled folders. But if you’ve already signed up, you can access the feature by going to Windows Defender Security Center and then enabling Controlled folder access. From here, you can choose which folders will be protected and what apps are allowed to access them. To save you time, common Microsoft applications are trusted automatically, but you can remove them from your whitelist whenever you want.

Application Guard
Apart from folder protection, Microsoft also made security enhancements for web browsers. The Windows Defender Application Guard is designed to prevent intrusions, using Microsoft’s Hyper-V virtual machine technology to detect and isolate compromised applications from the rest of your system. So if someone accidentally downloads a virus from their web browser, Application Guard will contain the threat before it infiltrates the rest of your company’s devices, apps, data, and network.

Device Guard
In a similar vein, the Device Guard feature, which is also found in the Windows Defender Security Center, minimizes computer exposure to malware by using advanced threat detection policies to make sure only approved code is running throughout the system. This is meant to add an extra layer of defense in between your firewall and antivirus software.

As mentioned, Windows Insider users can get early access to these security features, but if you want to make sure that these security features are as strong as they can be, we suggest you wait for their public release around September for the Fall Creators update.

Want to stay on top of the latest technologies that can help you beat ransomware, viruses, and other nasty cyberattacks? Contact us today for any security updates and advice.

 

Posted in Uncategorized | Leave a comment

Malware targeting MacOS steals bank logins

By EDITOR 

Although ransomware has stolen the limelight recently, there’s another type of cyberattack targeting your bank account. Thanks to some horrifying ingenuity, being infected by OSX.Dok can result in victims directly handing their bank account information to hackers. Take a minute to find out how it works so you can avoid making a costly mistake.

OSX.Dok isn’t new, but it has been improved

Originally, this Mac-based malware looked very different. When OSX.Dok was first reported several months ago, it could infect only older versions of the Apple operating system. Besides being relegated to OS X, it didn’t do much more than simply spy on the internet history of its victims. More recently, however, OSX.Dok was updated to target the newer macOS and to steal banking information.

How does it work?

Like so many malware programs today, this particular threat is distributed via phishing emails. Because the end goal is to acquire private financial information, these emails pretend to have pressing information about taxes or bank statements stored in attachments that actually contain malicious software.

Once any of these attachments are opened, OSX.Dok secretly broadcasts information about the computer and its location to the malware’s authors. Based on that information, hackers can redirect victims that visit banking websites to copycat URLs tailored to their language and location. Almost everything on the copycat sites looks exactly the same, but when you submit your user ID and password, they go straight to hackers.

Worst of all, the latest version of this malware seems to be incredibly advanced. It actively changes the way it hides itself and even modifies system settings to keep the computer from checking for operating system and security updates.

What can I do?

Security experts are still working on a way to combat OSX.Dok, but believe that it will remain a problem for some time to come. For now there are a few things you can do:

Never open attachments from people you don’t know personally, and even then be wary of anything you weren’t expecting.
Pay attention to little details. For example, copyright dates at the bottom of fake banking sites only went to 2013.
Look closely at the lock to the left of URLs in your address bar. Fake websites may have security certificates with names slightly different from those of the sites they mimic.

The best way to stay ahead of threats like OSX.Dok is by partnering with a capable IT provider. That way you can be sure that you have all the latest software and hardware to keep you safe. Even if something managed to slip through, regular audits are sure to find infections sooner than an overburdened in-house team would. Call us today to find out how we can protect you!

Posted in Uncategorized | Leave a comment

Beware: Nyetya is worse than WannaCry

By EDITOR 

The cyber community hasn’t fully recovered from the WannaCry ransomware attacks, which struck businesses and organizations in May. Now, a Petya ransomware variant named Nyetya is poised to join its ranks as one of the worst cyber attacks in history. Like WannaCry, its attackers exploited unpatched Microsoft vulnerabilities and demanded a $300 ransom in Bitcoins. But there are key differences between the two that are worth taking a look.

Worse than WannaCry

Nyetya is deemed worse than WannaCry mainly because it spreads laterally, meaning it targets computers within networks and affects even systems that have been patched. Because it also spreads internally, it needs to infect only one device to affect several others within a single network.

Cyber researchers trace its origins to a tax accounting software called MEDoc, which infected 12,500 systems in Ukraine. Since the initial infections in June, it has spread to thousands of networks in 64 countries. And although it hasn’t spread as fast as WannaCry, it might have a wider reach soon because it uses three attack pathways to infect a system. It hasn’t made as much money as WannaCry, which is why cyber researchers are concluding that the attacks are not economically motivated.

Don’t pay the ransom

Cyber security firms and researchers strongly recommend affected businesses to avoid paying the ransom. According to them, paying the ransom would be a waste since the infected user won’t be able to receive a decryption key to unlock their files or systems. This is because the email provider has blocked the email address on the ransomware message.

Although it operates like a ransomware — locking hard drives and files and demands a $300 ransom in Bitcoin — it functions more as a wiperware that aims to permanently wipe out data and/or destroy systems. So far, it has affected big-name multinationals in various industries, including Merck, Mondelez International, and AP Moller-Maersk, among others.

Perform backups and update outdated security patches

The only way businesses can be protected is by performing backups and staying on top of patch updates.

It’s safe to say that in case of a Nyetya attack, there’s no chance of getting back your data. In such a scenario, you would have only your backup files — whether on an external storage or in the cloud — to fall back on. But backing up is not enough; you should also ensure that your backups are working, which you can do by testing them regularly. Given the nature of Nyetya, you should also make sure that your backups are stored off-site and disconnected from your network.

Like its predecessor, Nyetya exploited vulnerabilities in unpatched Microsoft-run computers. As a business owner, make it a part of your cyber security routine to update your systems with the latest security patches, or risk having your files or systems permanently corrupted.

As a business owner whose operations’ lifeline depends on critical files, your backups are your insurance. If your systems’ network security needs another layer of protection, get in touch with us today.

Posted in Uncategorized | Leave a comment

Have you used these 6 Gmail tips yet?

By EDITOR 

Time is of the essence, especially for small- or medium-sized businesses. To keep up with your competitors, spending most of your day rummaging through your inbox won’t help. Use these Gmail tips and tricks and spend less time in front of the monitor and more time enhancing your bottom line.

Undo Send
We’ve all had an email or two we wish we could take back. Gmail has a neat feature that gives you a short period of time to recall a mistakenly sent message. After activating Undo Send, quickly retrieve the email and it’s as if nothing ever happened.

Canned Responses
Dubbed as ‘email for the truly lazy,’ Canned Responses is a Gmail Labs feature that allows you to save time and reuse an email that you designate as a Canned Response. Working like an email template, it saves copious amounts of time since you won’t have to retype the same responses over and over again. It comes in handy for businesses that send plenty of routine emails.

Send large attachments with Google Drive
With Gmail, users can easily send attachments reaching 25 MB. But say you have a huge zip file for a photo shoot that the clients want to review — you’re going to need more space. If you use Google Drive with your Google account, you can send larger files on Gmail. Copy the large file to your Google Drive, then click Composein Gmail and type your message. When you’re ready to attach the large file, click the Google Drive icon (next to the Attachment icon that looks like a paper clip). Insert the files you want to attach and send your message.

Turn on Priority Inbox
As hinted in the name, Priority Inbox will organize your messages by their importance. You’ll be able to divide your inbox into five sections, where the messages will be displayed in the following order: 1. important and unread messages, 2. starred messages, 3. [customizable section], 4. [customizable section], 5. everything else. To enable it, go to Settings > Inbox > Inbox Type and choose Priority Inbox.

Back up your messages
If you ever need to back up or migrate your Gmail messages, Gmvault can help. It is an open source solution that can back up your entire Gmail directory or just a handful of messages. The email data is then available whenever you need to restore or recreate your Gmail folders. You can also use it to migrate messages from one account to another.

Gmail Labs
To get the latest Gmail features, you should sign up for Gmail Labs. This is where Google tests up-and-coming features before making them part of Gmail. Access Gmail Labs by heading over to Settings.

Spending the right amount of time with emails while managing other crucial business areas is a balancing act many business owners find difficult. If you have questions or need further assistance regarding Gmail or IT in general, feel free to contact us.

Posted in Uncategorized | Leave a comment

Comparing Office 2016 and Office 365

By EDITOR 

Pairing your business with the right productivity-enhancing tool is a challenge. Fortunately, you can choose between two popular options: Office 2016 and Office 365. But which is right for you? Here are three main differences that may help you decide.

How they’re paid for
Office 2016 is a stand-alone suite, and regardless of the quantity purchased, is described by Microsoft as a “one-time purchase.” You pay a single, upfront cost, meaning the entire purchase price must be paid before receiving the license to legally run the software for life.

By contrast, Office 365 is a subscription service requiring monthly or annual payments. Office 365 allows users to run applications only if payments are made. If you stop, you will have 30 days to continue operating after the previous payment’s due date before the license expires.

How they’re serviced
Another aspect to consider is the service and support offerings. Microsoft provides monthly security updates for Office 2016 applications, and these updates fix non-security bugs. However, you don’t get upgrades for improved features and functionality. If you wish to run the latest edition, you’ll have to pay another upfront fee.

Office 365 users, on the other hand, get the same security patches as Office 2016 and also additional feature and functionality upgrades twice a year.

How they sync with the cloud
Microsoft announced a major change this April: As of October 13, 2020, Office 2016 applications acquired through an upfront purchase are required to be in the “Mainstream” support period (the first five years of the decade-long commitment) to obtain cloud connectivity. Office 365 subscriptions won’t experience this problem.

In order to achieve measurable results and enjoy business growth, it’s imperative that your business is working with the right Office solution. Give us a call and let our team of experts assess your needs and determine the better option.

Posted in Uncategorized | Leave a comment

Introducing Microsoft 365

By EDITOR 

Microsoft pays more attention to customer feedback than you might think. Many business owners who complained about having to purchase Office 365 and Windows 10 separately are finally getting what they wanted: Microsoft 365.

Microsoft 365 combines Office 365 and Windows 10 into one solution, which will be available in two plans: Microsoft 365 Business and Microsoft 365 Enterprise.

Microsoft 365 Business

Designed for small- to medium-sized companies, this bundle includes Office 365 Business Premium and selected features from Windows 10 and Enterprise Mobility + Security. Simply put, you’ll get cloud versions of Office applications, business class email, Windows 10, and cyber security controls, among many other user-friendly features.

The main difference between the new Microsoft 365 Business and the current Office 365 Business Premium is that the former includes Windows 10, plus a single console to manage settings, automatic Offices apps to Windows 10 PC deployment, and robust security applications like Windows Defender.

Microsoft 365 Business will be available on August 2nd, 2017 for $20 per user per month.

Microsoft 365 Enterprise

Capable of supporting up to 300 users, Microsoft 365 Enterprise is designed for medium-to-large businesses. It combines Office 365 Enterprise, Windows 10 Enterprise, and Microsoft’s Enterprise Mobility + Security features into one solution. You can expect all the features of Office 365 including cloud versions of Office applications, access across mobile devices, business-class email, document and email access controls, and Skype for Business.

The inclusion of Windows 10 Enterprise means you’ll get more advanced capabilities than from the basic version such as Credential Guard and Device Guard, extensive manageability and a broad range of options for application management and operating system deployment.

Last but not least, Enterprise Mobility + Security offers comprehensive identity-driven protection, mobile devices and applications management, risk-based conditional access to threat analysis, and single sign-on capabilities across devices to keep things secure.

Microsoft 365 Enterprise is now available with a pricing structure based on your subscription plan.

By choosing the right subscription model, you’ll be able to make the most out of Microsoft’s growing number of service offerings. If you’re looking to upgrade to Windows 10 and have any questions about the operating system, or are wondering which of the two plans to choose, give us a call today.

Posted in Uncategorized | Leave a comment

5 tips to keep the Cloud cost-efficient

By EDITOR 

As a business owner, it’s essential that you are aware of the hidden costs associated with the Cloud and what measures you can take to keep those costs down. They might be more than what you’d normally pay for at first, but it could add up and cost you two, or even three times more than its worth. Pay the right price for the services you receive, and not a penny more with these five tips:

No standalones
Cloud services come in various shapes and sizes, many of which are standalones that can contribute to rising costs. Opt for a service provider that offers a suite of products that all work together. They are often less expensive than a group of standalone products. Another benefit of working with a provider is that you receive a single point of contact to resolve your issues quickly and effectively.

Experience matters
If you have to integrate a standalone Cloud service into your system, make sure you hire an experienced integration consultant for the job since they will be able to finish the job quicker, thus making it cheaper. Integration mishaps can cause serious downtime which drains a lot of money.

Backups are important
Performing endless backups will definitely waste cloud storage space. That’s why it’s important to examine your Cloud storage data by asking the following questions:

  • How many versions of this data do you need to store for the long-term? The more versions you store, the more it costs.
  • What regulatory demands do you need to meet? Some data may need to be accessible for up to three years, whereas other data can be deleted after 30 days.
  • How quickly do you need to access your backup? If you can wait for a day or two, archive that data to a less expensive service or offline at your provider’s data center.

Remove users
Many Cloud service providers charge by the number of users in your system. By neglecting to manage the list of users, you could end up paying for people who no longer work for you. Implement processes that remove users when they are terminated and consider scheduling a regular audit. Ideally, this should be once every six months to a year, to ensure that your Cloud user list is up-to-date.

Monitor proactively
Ask your Cloud provider whether they can proactively monitor your account to notify you of potential issues before they cause problems. This is especially important if you have a pay-as-you-go license that charges based on resource and storage usage.

Utilizing the right technology resources is vital to your business’s success, and so is knowing how to prevent them from racking up a staggering monthly bill. If you wish to enjoy all the benefits Cloud computing can provide your business without breaking the bank, give us a call and we’ll be happy to help.

Posted in Uncategorized | Leave a comment

Important Office 365 Upgrade

By EDITOR 

If you wished Microsoft would streamline its Office 365 ProPlus update schedule, your prayers have been answered. The cloud solution, which includes the Enterprise E3 and E5 plans, will be updated twice a year, rather than three times a year. Here’s everything you need to know about the new ProPlus update schedule.

Why the new schedule?

Feedback has almost always been Microsoft’s impetus to make changes of any kind, and this is no exception. The software giant wanted to simplify the update process and improve coordination between Office 365 and Windows, and the new schedule should handle both of those aims.

This is particularly helpful for those using Secure Productive Enterprise (SPE). SPE was bundled with Windows 10 and Office 365 ProPlus, meaning subscribers had to deal with two separate upgrades prior to the new schedule. Moving forward, things will be simplified as a single update twice a year will suffice.

What else changed?

Microsoft is extending support for ProPlus from 12 months per update to 18 months. This means you can technically update once or twice a year, which we’ll discuss in more detail below.

They’ve also changed the following terminology used in their updates:

  • Current Channel → Monthly Channel
  • First Release for Deferred Channel → Semi-annual Channel (Pilot)
  • Deferred Channel → Semi-annual Channel (Broad)

The Semi-annual Channel (Pilot) and Semi-annual Channel (Broad) describe the twice-a-year feature updates and how they will be deployed: the former to be used as deployment testing and the latter for actual deployment to an organization’s users.

When will the first ProPlus upgrade be released under the new schedule?

The first Pilot channel will be available on September 12, 2017, the same day as that month’s Patch Tuesday. The first Broad channel will be available four months later on January 9, 2018, also on a Patch Tuesday.

The second release will bring a new Pilot on March 13, 2018 and a new Broad on July 10, 2018.

Can you skip a ProPlus features upgrade?

While you can in fact choose only to upgrade once a year, you will eventually have to conduct a second upgrade to get the most up-to-date support. Microsoft is giving you two months of overlap in the next update to do this.

So, say your firm deploys the Broad channel in January 2018, but skips the July 2018 upgrade, you would have to upgrade within the two-month span between January 2019 and March 2019 to be eligible for the latest support.

What happened to the ProPlus upgrade for June 2017?

Microsoft released new Deferred Channel and First Release for Deferred Channel upgrades on June 13, 2017. You will have three months to conduct enterprise pilots and validate applications with this upgrade before the final Deferred Channel release on September 12, 2017. The last Deferred Channel will be supported until July 10, 2018.

Changes to the support life cycle of Office 365 ProPlus will ultimately save you time and reduce the hassles of conducting upgrades. That said, it might take some time getting used to the new schedule and nomenclature, so if you have any questions about Office 365 or the new schedule, just give us a call.

Posted in Uncategorized | Leave a comment

Google ridding MR from search results

By EDITOR 

Modern-day cyber criminals utilize every resource possible to launch attacks, one of which has been publicly available until now. Google had just overhauled its personal information policy, especially for the healthcare industry, resulting in the removal of private medical records from its search results.

If an individual’s medical records were leaked, that could be both emotionally and financially damaging. For example, hackers that use ransomware to extort money from hospitals can gain access to private medical data and hold it for ransom. Whether the ransom is paid or not, they could still release it online, where Google’s search engine would pick it up.

Traditionally, Google had a hands-off policy to search results and rely on its algorithm to do the work instead. In the past, this policy was heavily scrutinized for releasing fake news and other forms of false information. All of this changed when Google combed through the search results and removed private medical information.

Before making potentially sensitive information available on search results, Google now assesses their level of sensitivity using this series of questions:

  • Is it a government-issued identification number?
  • Is it confidential, or is it publicly available information?
  • Can it be used for common financial transactions?
  • Can it be used to obtain more information about an individual that would result in financial harm or identity theft?
  • Is it a personally identifiable nude or sexually explicit photo or video shared without consent?

Ensuring the security of private data is paramount to the success of businesses operating in every industry. Whether it be on-site or online, if data were to fall into the wrong hands, not only could that cause financial and reputational ruin, it could even close down your business for good. If you want to know more about how to keep your data safe, feel free to call or email us!

Posted in Uncategorized | Leave a comment

Microsoft issues security patch for XP

By EDITOR 

When a Microsoft product reaches its “end-of-life,” the tech developer no longer provides feature updates, technical assistance, and automatic fixes for that product. Support for Windows XP, for instance, ended in April 2014. That said, recent malware attacks have caused Microsoft to continue support for their outdated operating system. Read on to find out more.

More WannaCry copycats
The primary reason why Microsoft reassessed their update policy for Windows XP was due to the success of WannaCry, a ransomware worm that encrypted hundreds of thousands of computers worldwide. Even though the attack did not affect XP computers, Microsoft anticipates increased risk of similar attacks for the outdated OS being developed in the near future.

According to Microsoft’s Head of Cyber Defense Operations Center Adrienne Hall, cyberattacks by government organizations and copycat hacking groups are imminent; and this time, they’ll improve upon WannaCry’s shortcomings. In fact, shortly after WannaCry was stopped on May 12th, other strains with more sophisticated code popped up seeking to exploit the same weaknesses.

NSA leaks
Many security experts also suspect that Microsoft is releasing security fixes for outdated systems because of leaked NSA hacking tools. Over the years, the NSA’s ‘hacking’ department, Equation Group, has been storing cyber exploits in its arsenal. But a group known as the Shadow Brokers found these exploits and publicly disclosed them, which led to the WannaCry outbreak.

Right now, the Shadow Brokers are promising to leak more NSA exploit tools to hackers in the Dark Web who are willing to pay $10,000.

The update
Since a significant portion of businesses are still working with XP, Microsoft believes that their recent security update is the best way to protect all Windows users. The new patch fixes 16 critical vulnerabilities, many of which seem to defend against the exploits leaked by the Shadow Brokers.

Windows 10 users can find the critical update in the Microsoft Download Center. Alternatively, they can simply check for updates in Windows Update, which can be found in the Settings menu. But to install the update for unsupported operating systems, users should visit Microsoft’s security advisory page for tips and download links.

Although Microsoft has extended support for Windows XP, don’t expect regular fixes for outdated systems. As always, the best protection is to use an up-to-date system that’s equipped with the latest security patches.

“Older systems, even if fully updated, lack the latest security features,” said Hall.

If you’re unsure about your Windows security, what operating system you’re running, or how to protect your company workstations, give us a call. Our certified and experienced experts will help keep your business safe from WannaCry and future malware attacks.

Posted in Uncategorized | Leave a comment