Spiced up security features on Android Oreo

By EDITOR 

There’s plenty to get excited about in Android 8.0: improved auto-fill functionality, picture-in-picture capability, greater notification control, and plenty more. While these features are all-impressive, Android has also included a number of significant security enhancements that you shouldn’t miss.

More secure booting

Android’s Verified Boot feature was introduced in 2013 and has been fine-tuned since. In Oreo, it performs a quick inspection of a device’s software before it starts up.

The Verified Boot functionality prevents the device from starting if it detects that its OS reverted to an older version, which can expose it to security risks resulting from the older version’s vulnerabilities. With this upgrade, any attempts to exploit your device and data can be foiled by a system reboot.

Chip-embedded security

If you’re worried about physical attacks compromising your device’s security, Oreo covers that front by enabling a chip-based feature that fortifies security for Android devices. Integrating chip technology into supported devices’ security system makes tampering and other forms of physical intrusion extremely challenging for hackers, giving users greater protection.

Stricter app permissions

It’s tempting to simply click ‘OK’ whenever downloaded apps request permission to access your data and perform certain functions during installation. Android has limited what apps can actually gain access to your data with the System Alert Window feature.

The system alerts on previous Android OS were supposed to allow apps and programs to interact with the users by sending pop-up boxes and similar elements that usually cover up the device’s entire screen. However, Android developers detected a potential for its abuse. For example, hackers can easily use similar pop-up boxes that purport to be from legitimate apps.

With the new System Alert Window in Oreo, the pop-up boxes have been modified so that they’re easier to dismiss, limiting what malicious apps can do to trick users into clicking them.

Two-factor authentication support

Two-factor verification has become a standard feature in cyber security because it adds a much-needed layer of protection in accessing a password-protected account. It typically works by prompting a user to enter another piece of information in a separate device (e.g., a smartphone) or any physical token, which only the account owner would have.

Android 8.0 integrates a two-step verification that allows the use of a security key, which can easily connect to an Android device. Currently, it works only on apps that support it, but it won’t be long before more apps adopt it as an essential security protocol.

Stronger Sandboxing

Sandboxing essentially does one crucial thing for security: isolate compromised or problematic areas within a software or system so that they don’t infect the rest of the system.

Android Oreo beefs up its sandboxing capability by deploying a filter that prevents malicious apps from accessing the OS’s command center, thereby limiting their interaction with the system and other safe apps.

These security improvements aren’t the most noticeable features in Android Oreo, but they’re worth paying attention to. If you need to learn more about your systems’ and devices’ security features, get in touch with us today.

Posted in Uncategorized | Leave a comment

Beware of sneaky Microsoft Office malware

By EDITOR 

Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks
Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

Posted in Uncategorized | Leave a comment

Re-secure your passwords!

By EDITOR 

In 2003, a manager at the National Institute of Standards and Technology (NIST) authored a document on password best practices for businesses, federal agencies, and academic institutions. Now retired, the author admits that his document was misguided. Find out why and what great passwords are made of.

The problem

The issue isn’t necessarily that NIST advised people to create passwords that are easy to crack, but it did steer people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone, including you and your colleagues, to use passwords that are hard for humans to remember but easy for computers to guess.

The solution

One cartoonist pointed out just how ridiculous NIST’s best practices were when he revealed that a password like “Tr0ub4dor&3” could be cracked in only three days while a password like “correcthorsebatterystaple” would take about 550 years.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

  • Multi-factor Authentication – which only grants access after you have successfully presented several pieces of evidence
  • Single Sign-On – which allows users to securely access multiple accounts with one set of credentials
  • Account Monitoring Tools – which recognize suspicious activity and lock out hackers

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do to fortify security, just give us a call.

Posted in Uncategorized | Leave a comment

The right way to set up guest Wi-Fi

By EDITOR 

Customers, partners, and vendors expect internet access when they’re visiting someone else’s office. This is why guest Wi-Fi access is so common. But setting it up the wrong way can create a frustrating experience for people looking to connect and leave your company exposed to attacks. Here’s how to do it right.

Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.

Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

Ways to create secondary Wi-Fi for guests

If you router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.

If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.

Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.

Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.

Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call.

Posted in Uncategorized | Leave a comment

Office 2019 is on its way

By EDITOR 

As a convenient cloud solution, Office 365 boasts nearly 30 million users. But that’s nothing compared to licensed versions of Microsoft’s productivity suite, which have more than one billion users. Office 2019 was announced in September and it will mean big changes for businesses that want simpler versions of Word, PowerPoint, Excel and more.

Microsoft Office 2019: release and features

For the past ten years, Microsoft has updated its suite of productivity software every three years. The current version is Office 2016, and in sticking with the schedule Office 2019 will be available for purchase at the end of next year. However, previews of the next version will become available several months before the final release.

According to Microsoft, the newest version of Office will include:

  • The usual Office applications (Word, Excel, PowerPoint, etc.)
  • Office server programs (Exchange, SharePoint and Skype for Business)
  • Security and IT management enhancements
  • Improved “inking” features for touchscreen usability
  • Streamlined data analysis features in Excel
  • New PowerPoint presentation features like Morph and Zoom

Office 2019 vs. Office 365

The biggest difference between Office 2019 and Office 365 will be price. For the former, users pay a one-time fee to acquire a software license. Once users have a license, they own that version of Office forever (although Microsoft will stop providing support 10 years after the product is released).

With Office 365, users pay a monthly subscription fee and can use applications as long as they don’t fall behind on the bill. Programs included in the Office suite can be accessed online or installed locally (as long as you connect to the internet at least once per month).

Thanks to cloud technology, Office 365 can be updated much more easily than other versions of Office. O365 users will probably have access to Office 2019 features around the same time as its release, possibly sooner.

Much like an O365 subscription, our managed IT services are charged based on a flat monthly rate. We can help your small- or medium-sized business enjoy all the benefits of the cloud. Just give us a call today.

Posted in Uncategorized | Leave a comment

Hackers KRACK WiFi security

By EDITOR 

For ages, most people assumed that setting a strong password on their WiFi router was enough to prevent cyberattacks, but recent events prove otherwise. Two Belgian security analysts have found a serious weakness in WiFi networks, called KRACK, that puts your wireless devices in danger.

What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks
Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.

Posted in Uncategorized | Leave a comment

Exciting updates from Microsoft’s conference

By EDITOR 

In Microsoft’s latest conference, the company has launched brand new software bundles together with bargain-priced Windows devices for schools and businesses; but announced that Skype for Business has seen its day and will no longer be supported. Read on for more details.

Good news for schools and educators

Microsoft recently rolled out Microsoft 365 for Education, which combines Office 365 for Education, Windows 10, Enterprise Mobility and Security, and even Minecraft: Education Edition — a game that teaches kids how to code. This new bundle will provide more advanced tools for learning, increase classroom communication capabilities, and improve security.

Note that Office 365 for Education is already free and this will not change. However, the new Microsoft 365 for Education is equipped with more educational apps such as 3D and data virtualization tools, plus Microsoft Teams. While this makes it more tempting to use, all the goodies come with a cost — a per-user, per-month subscription.

In terms of hardware, Microsoft’s Windows 10 S laptops, which are already aimed at school users, will come with free Minecraft Education, Office 365 for Education, and Microsoft Teams — all for a price starting as low as $189.

What’s new for business people

Microsoft is targeting “firstline workers” such as clerks and sales reps with a new enterprise plan called “Microsoft 365 F1.” This software bundle combines Office 365, Windows 10, Enterprise Mobility and Security, and Microsoft Staffhub to enhance employee productivity.

The company also partners with hardware providers and has come up with Windows 10 S laptops for businesses. These ultra-slim laptops have enhanced security since they only run apps from the Window Store. But the glamor of it all is their wallet-friendly pricing.

HP Stream 14 Pro, Acer Aspire 1, Acer Swift 1, and Lenovo V330 ranges from $275 to $349. The first model is available now, while the rest will be released later this year and in February for Lenovo.

Goodbye Skype for Business

Microsoft officially announced that it will phase out Skype for Business and focus instead on developing “Microsoft Teams,” a communication tool the company launched earlier to compete with Slack.

This is not as dreadful as it may sound, since Skype and Teams share similar architecture, meaning we’ll probably get a better collaboration tool that still retains some of the Skype features we know and love.

New software and gadgets are exciting, yet in reality, not everyone can rush out to buy a new product every time it comes out. A more practical way would be to make use of what you already have. And you can do so with the help of our IT staff; they’ll be more than happy to help you maximize the performance of your current Microsoft software and hardware, or deploy new solutions if you wish. Call us today!

Posted in Uncategorized | Leave a comment

Troubleshoot your WiFi with ease

By EDITOR 

You’ve invested in WiFi routers so you can access emails, collaborate in real-time, browse Facebook, and watch YouTube videos at blistering speeds. But when your WiFi refuses to work the way it should, the frustration sets in and you begin to contemplate smashing your router into pieces. Avoid the temptation with these easy ways to troubleshoot five common WiFi problems.

Range constraints

WiFi works via radio waves which are broadcast to all possible areas from a central hub, usually a piece of hardware known as a router. In order to avoid a weak signal in your office, make sure:

  • Your router is placed in a centralized location and not tucked away in the farthest corner of your facility.
  • Your WiFi antennae are either in a fully horizontal or vertical position for optimal signal distribution.

Note that WiFi range constraints can also occur from interference, so if your office is situated in a highly populated area, try changing your router’s channel.

Slow speed

Despite having high-speed or fiber optic internet, slow load times can still occur for a number of reasons. To eliminate this, try the following:

  • Make sure your router is located in the same room as your endpoints.
  • Have more routers to better accommodate a high number of connected devices.
  • Close bandwidth-intensive applications such as Skype, Dropbox, YouTube, and Facebook.
  • Disable your router’s power-saving mode.
  • Create a new router channel to avoid network bottlenecks.

Connection issues

We understand how frustrating it can be when the WiFi network shows up on your device but you just can’t seem to get it to connect. Before you give up, these solutions might help:

  • Determine whether your WiFi connection is the problem or if your internet is down by plugging in your laptop directly into the router via an Ethernet cable. If you get a connection, then your WiFi is the culprit.
  • Reset your router with a paperclip or a pen and hold down that tiny button for about 30 seconds.
  • Try rebooting your device.

Unstable connection

Random drops in WiFi connection can happen from time to time. If this has become a constant nuisance in your office, try the following quick fixes:

  • Move your router to a different spot or even a different room.
  • Avoid having multiple routers in the same location as they can confuse your device.

Network not found

Glitches in the router can result in your WiFi network not appearing at all. Two solutions that can resolve the problem are:

  • Disconnecting the router from the power source and waiting at least 30 seconds before reconnecting it.
  • Checking to see how old your router is; if it’s over three years old, you’re probably due for a replacement.

When you  experience WiFi issues, these tips will help you avoid serious downtime.  But if you’d rather have a dedicated technology provider take care of your hardware needs, give us a call and we’ll be happy to help.

Posted in Uncategorized | Leave a comment

Useful features on the new Outlook.com

By EDITOR 

Along with a new, clean look, Outlook.com introduces improvements that will make you and your staff’s lives easier. A more convenient mail sorting system, easy-to-implement social media integration, and enhanced security features are some of the advantages users should be excited about.

Easy elimination of unwanted emails

Employees spend an excessive amount of time poring through both important and junk emails. In the redesigned Outlook.com, it takes only three clicks to block unwanted emails, helping you to organize your mailbox better and faster. Simply click on the Sweep function to configure inbox preferences like blocking incoming emails from specific senders or automatically deleting 10-day-old messages.

In case you accidentally delete important messages, you can use the “undelete” function to retrieve them without the assistance of IT staff.

New security features

When you log in to your Outlook account on a public device or on your laptop using public WiFi, Microsoft will send you a one-time password via SMS. Once you’ve logged out of your account, further attempts by intruders to log in to your account in the same public place will be foiled by this additional safety procedure.

Another security feature is the stealth email address features, which allows you to create a temporary email address. This is particularly useful in situations where you have to provide your email to sign up for a service, e.g., eCommerce or file sharing websites, and you’re not sure whether or not these sites are secure. Using your temporary email address, you can filter incoming emails from suspicious senders or delete them if you suspect that they’re spam.

Social media contacts integration

For users whose business connections extend to their social media contacts, this feature lets you easily sync and consolidate Outlook contacts with contacts from Facebook, Twitter, LinkedIn, and Google Plus. Note that you can choose to sync just one platform, e.g., LinkedIn, to ensure that only professional contacts get synced to your Outlook account.

Minimal advertising

If you spend an inordinate amount of time in your email, a busy interface can be distracting. The new Outlook.com reduces the number of intrusive ads on your screen, unlike in Gmail where ads appear right on top of your most recent email. Although there are ads, they are not prominently placed within your mailbox, and you have some control over the ads that do get shown.

Other enhancements

Other minor but useful enhancements include a bigger reply window, HTML and CSS formatting functionality, folders and category labeling features, increased storage capacity via SkyDrive integration, an improved photo gallery viewer, and more. These are just some of the more useful enhancements on Outlook.com, and Microsoft is expected to add even more in the future.

If you need more productivity-enhancing email features, or if you want to make the most of your existing email functions, call us today for tips and recommendations.

Posted in Uncategorized | Leave a comment

New phishing scam targets Office 365 users

By EDITOR 

With more than 100 million monthly active subscribers, Office 365 has attracted the attention of hackers who’ve revamped an age-old trick. This time, they come up with a highly targeted, well-crafted spear-phishing scam that’s even more difficult to identify. Here’s everything you need to know.

What makes it different from other scams?

The new threat comes in the form of spear phishing, an old familiar method in which hackers send emails that purport to be from trusted sources and dupe you into disclosing sensitive information. In this particular attack, the email messages are admirably well-crafted, making them even harder to spot.

The emails are also rid of the usual telltale signs such as misspelled words, suspicious attachments, and dubious requests. You might have to recalibrate what you know about phishing scams, because this new threat ticks all the boxes that make it look legitimate.

How does it work?

The hackers behind the attack craft personalized messages, pretending to be from trusted sources, such as your colleagues or Microsoft itself, and send them to your inbox. The messages could contain a link or a PDF file that leads to a legitimate-looking landing page. Upon clicking the link, the user will be prompted to enter his or her credentials, which the hacker will use to launch attacks within the organization.

Once they gain control of your account, they might set up new forwarding rules to monitor your communication patterns, which will be useful for their future attacks. They might even use your account to send further phishing emails to your co-workers to collect more sensitive information.

As for the phishing emails with PDF attachments, there will be instructions to fill in username and password to view the document. And once you do, your account is no longer yours.

Another way they can get your credentials is by sending an invoice that requires you to log on to a web portal to view the file. Attackers can also use this technique to trick you into performing a certain action, such as forwarding sensitive information or paying an invoice.

What can you do to stay protected?

Your first line of defense is multi-factor authentication, whereby you use a password and another authentication method — like an SMS code — to secure your account. This function is already included in Office 365, you can contact us to activate it.

The second line of defense is training yourself and your employees to spot common phishing techniques. In particular, verify the accuracy of the wording and the sensibility of the requests in the messages.

For good measure, your organization can also install an email-validation system which is designed to detect and prevent email spoofing, such as the Domain-based Message Authentication, Reporting and Conformance (DMARC).

Identifying phishing emails and planning and implementing a robust defense system are ways to protect you and your organization against the new Office 365 threat. For tips on how to spot this type of scam and how to plan thorough security practices, contact our experts today.

Posted in Uncategorized | Leave a comment