Beware of sneaky Microsoft Office malware


Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks
Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

Posted in Uncategorized | Leave a comment

Re-secure your passwords!


In 2003, a manager at the National Institute of Standards and Technology (NIST) authored a document on password best practices for businesses, federal agencies, and academic institutions. Now retired, the author admits that his document was misguided. Find out why and what great passwords are made of.

The problem

The issue isn’t necessarily that NIST advised people to create passwords that are easy to crack, but it did steer people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone, including you and your colleagues, to use passwords that are hard for humans to remember but easy for computers to guess.

The solution

One cartoonist pointed out just how ridiculous NIST’s best practices were when he revealed that a password like “Tr0ub4dor&3” could be cracked in only three days while a password like “correcthorsebatterystaple” would take about 550 years.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

  • Multi-factor Authentication – which only grants access after you have successfully presented several pieces of evidence
  • Single Sign-On – which allows users to securely access multiple accounts with one set of credentials
  • Account Monitoring Tools – which recognize suspicious activity and lock out hackers

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do to fortify security, just give us a call.

Posted in Uncategorized | Leave a comment

The right way to set up guest Wi-Fi


Customers, partners, and vendors expect internet access when they’re visiting someone else’s office. This is why guest Wi-Fi access is so common. But setting it up the wrong way can create a frustrating experience for people looking to connect and leave your company exposed to attacks. Here’s how to do it right.

Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.

Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

Ways to create secondary Wi-Fi for guests

If you router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.

If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.

Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.

Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.

Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call.

Posted in Uncategorized | Leave a comment

Office 2019 is on its way


As a convenient cloud solution, Office 365 boasts nearly 30 million users. But that’s nothing compared to licensed versions of Microsoft’s productivity suite, which have more than one billion users. Office 2019 was announced in September and it will mean big changes for businesses that want simpler versions of Word, PowerPoint, Excel and more.

Microsoft Office 2019: release and features

For the past ten years, Microsoft has updated its suite of productivity software every three years. The current version is Office 2016, and in sticking with the schedule Office 2019 will be available for purchase at the end of next year. However, previews of the next version will become available several months before the final release.

According to Microsoft, the newest version of Office will include:

  • The usual Office applications (Word, Excel, PowerPoint, etc.)
  • Office server programs (Exchange, SharePoint and Skype for Business)
  • Security and IT management enhancements
  • Improved “inking” features for touchscreen usability
  • Streamlined data analysis features in Excel
  • New PowerPoint presentation features like Morph and Zoom

Office 2019 vs. Office 365

The biggest difference between Office 2019 and Office 365 will be price. For the former, users pay a one-time fee to acquire a software license. Once users have a license, they own that version of Office forever (although Microsoft will stop providing support 10 years after the product is released).

With Office 365, users pay a monthly subscription fee and can use applications as long as they don’t fall behind on the bill. Programs included in the Office suite can be accessed online or installed locally (as long as you connect to the internet at least once per month).

Thanks to cloud technology, Office 365 can be updated much more easily than other versions of Office. O365 users will probably have access to Office 2019 features around the same time as its release, possibly sooner.

Much like an O365 subscription, our managed IT services are charged based on a flat monthly rate. We can help your small- or medium-sized business enjoy all the benefits of the cloud. Just give us a call today.

Posted in Uncategorized | Leave a comment

Hackers KRACK WiFi security


For ages, most people assumed that setting a strong password on their WiFi router was enough to prevent cyberattacks, but recent events prove otherwise. Two Belgian security analysts have found a serious weakness in WiFi networks, called KRACK, that puts your wireless devices in danger.

What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks
Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.

Posted in Uncategorized | Leave a comment

Exciting updates from Microsoft’s conference


In Microsoft’s latest conference, the company has launched brand new software bundles together with bargain-priced Windows devices for schools and businesses; but announced that Skype for Business has seen its day and will no longer be supported. Read on for more details.

Good news for schools and educators

Microsoft recently rolled out Microsoft 365 for Education, which combines Office 365 for Education, Windows 10, Enterprise Mobility and Security, and even Minecraft: Education Edition — a game that teaches kids how to code. This new bundle will provide more advanced tools for learning, increase classroom communication capabilities, and improve security.

Note that Office 365 for Education is already free and this will not change. However, the new Microsoft 365 for Education is equipped with more educational apps such as 3D and data virtualization tools, plus Microsoft Teams. While this makes it more tempting to use, all the goodies come with a cost — a per-user, per-month subscription.

In terms of hardware, Microsoft’s Windows 10 S laptops, which are already aimed at school users, will come with free Minecraft Education, Office 365 for Education, and Microsoft Teams — all for a price starting as low as $189.

What’s new for business people

Microsoft is targeting “firstline workers” such as clerks and sales reps with a new enterprise plan called “Microsoft 365 F1.” This software bundle combines Office 365, Windows 10, Enterprise Mobility and Security, and Microsoft Staffhub to enhance employee productivity.

The company also partners with hardware providers and has come up with Windows 10 S laptops for businesses. These ultra-slim laptops have enhanced security since they only run apps from the Window Store. But the glamor of it all is their wallet-friendly pricing.

HP Stream 14 Pro, Acer Aspire 1, Acer Swift 1, and Lenovo V330 ranges from $275 to $349. The first model is available now, while the rest will be released later this year and in February for Lenovo.

Goodbye Skype for Business

Microsoft officially announced that it will phase out Skype for Business and focus instead on developing “Microsoft Teams,” a communication tool the company launched earlier to compete with Slack.

This is not as dreadful as it may sound, since Skype and Teams share similar architecture, meaning we’ll probably get a better collaboration tool that still retains some of the Skype features we know and love.

New software and gadgets are exciting, yet in reality, not everyone can rush out to buy a new product every time it comes out. A more practical way would be to make use of what you already have. And you can do so with the help of our IT staff; they’ll be more than happy to help you maximize the performance of your current Microsoft software and hardware, or deploy new solutions if you wish. Call us today!

Posted in Uncategorized | Leave a comment

Troubleshoot your WiFi with ease


You’ve invested in WiFi routers so you can access emails, collaborate in real-time, browse Facebook, and watch YouTube videos at blistering speeds. But when your WiFi refuses to work the way it should, the frustration sets in and you begin to contemplate smashing your router into pieces. Avoid the temptation with these easy ways to troubleshoot five common WiFi problems.

Range constraints

WiFi works via radio waves which are broadcast to all possible areas from a central hub, usually a piece of hardware known as a router. In order to avoid a weak signal in your office, make sure:

  • Your router is placed in a centralized location and not tucked away in the farthest corner of your facility.
  • Your WiFi antennae are either in a fully horizontal or vertical position for optimal signal distribution.

Note that WiFi range constraints can also occur from interference, so if your office is situated in a highly populated area, try changing your router’s channel.

Slow speed

Despite having high-speed or fiber optic internet, slow load times can still occur for a number of reasons. To eliminate this, try the following:

  • Make sure your router is located in the same room as your endpoints.
  • Have more routers to better accommodate a high number of connected devices.
  • Close bandwidth-intensive applications such as Skype, Dropbox, YouTube, and Facebook.
  • Disable your router’s power-saving mode.
  • Create a new router channel to avoid network bottlenecks.

Connection issues

We understand how frustrating it can be when the WiFi network shows up on your device but you just can’t seem to get it to connect. Before you give up, these solutions might help:

  • Determine whether your WiFi connection is the problem or if your internet is down by plugging in your laptop directly into the router via an Ethernet cable. If you get a connection, then your WiFi is the culprit.
  • Reset your router with a paperclip or a pen and hold down that tiny button for about 30 seconds.
  • Try rebooting your device.

Unstable connection

Random drops in WiFi connection can happen from time to time. If this has become a constant nuisance in your office, try the following quick fixes:

  • Move your router to a different spot or even a different room.
  • Avoid having multiple routers in the same location as they can confuse your device.

Network not found

Glitches in the router can result in your WiFi network not appearing at all. Two solutions that can resolve the problem are:

  • Disconnecting the router from the power source and waiting at least 30 seconds before reconnecting it.
  • Checking to see how old your router is; if it’s over three years old, you’re probably due for a replacement.

When you  experience WiFi issues, these tips will help you avoid serious downtime.  But if you’d rather have a dedicated technology provider take care of your hardware needs, give us a call and we’ll be happy to help.

Posted in Uncategorized | Leave a comment

Useful features on the new


Along with a new, clean look, introduces improvements that will make you and your staff’s lives easier. A more convenient mail sorting system, easy-to-implement social media integration, and enhanced security features are some of the advantages users should be excited about.

Easy elimination of unwanted emails

Employees spend an excessive amount of time poring through both important and junk emails. In the redesigned, it takes only three clicks to block unwanted emails, helping you to organize your mailbox better and faster. Simply click on the Sweep function to configure inbox preferences like blocking incoming emails from specific senders or automatically deleting 10-day-old messages.

In case you accidentally delete important messages, you can use the “undelete” function to retrieve them without the assistance of IT staff.

New security features

When you log in to your Outlook account on a public device or on your laptop using public WiFi, Microsoft will send you a one-time password via SMS. Once you’ve logged out of your account, further attempts by intruders to log in to your account in the same public place will be foiled by this additional safety procedure.

Another security feature is the stealth email address features, which allows you to create a temporary email address. This is particularly useful in situations where you have to provide your email to sign up for a service, e.g., eCommerce or file sharing websites, and you’re not sure whether or not these sites are secure. Using your temporary email address, you can filter incoming emails from suspicious senders or delete them if you suspect that they’re spam.

Social media contacts integration

For users whose business connections extend to their social media contacts, this feature lets you easily sync and consolidate Outlook contacts with contacts from Facebook, Twitter, LinkedIn, and Google Plus. Note that you can choose to sync just one platform, e.g., LinkedIn, to ensure that only professional contacts get synced to your Outlook account.

Minimal advertising

If you spend an inordinate amount of time in your email, a busy interface can be distracting. The new reduces the number of intrusive ads on your screen, unlike in Gmail where ads appear right on top of your most recent email. Although there are ads, they are not prominently placed within your mailbox, and you have some control over the ads that do get shown.

Other enhancements

Other minor but useful enhancements include a bigger reply window, HTML and CSS formatting functionality, folders and category labeling features, increased storage capacity via SkyDrive integration, an improved photo gallery viewer, and more. These are just some of the more useful enhancements on, and Microsoft is expected to add even more in the future.

If you need more productivity-enhancing email features, or if you want to make the most of your existing email functions, call us today for tips and recommendations.

Posted in Uncategorized | Leave a comment

New phishing scam targets Office 365 users


With more than 100 million monthly active subscribers, Office 365 has attracted the attention of hackers who’ve revamped an age-old trick. This time, they come up with a highly targeted, well-crafted spear-phishing scam that’s even more difficult to identify. Here’s everything you need to know.

What makes it different from other scams?

The new threat comes in the form of spear phishing, an old familiar method in which hackers send emails that purport to be from trusted sources and dupe you into disclosing sensitive information. In this particular attack, the email messages are admirably well-crafted, making them even harder to spot.

The emails are also rid of the usual telltale signs such as misspelled words, suspicious attachments, and dubious requests. You might have to recalibrate what you know about phishing scams, because this new threat ticks all the boxes that make it look legitimate.

How does it work?

The hackers behind the attack craft personalized messages, pretending to be from trusted sources, such as your colleagues or Microsoft itself, and send them to your inbox. The messages could contain a link or a PDF file that leads to a legitimate-looking landing page. Upon clicking the link, the user will be prompted to enter his or her credentials, which the hacker will use to launch attacks within the organization.

Once they gain control of your account, they might set up new forwarding rules to monitor your communication patterns, which will be useful for their future attacks. They might even use your account to send further phishing emails to your co-workers to collect more sensitive information.

As for the phishing emails with PDF attachments, there will be instructions to fill in username and password to view the document. And once you do, your account is no longer yours.

Another way they can get your credentials is by sending an invoice that requires you to log on to a web portal to view the file. Attackers can also use this technique to trick you into performing a certain action, such as forwarding sensitive information or paying an invoice.

What can you do to stay protected?

Your first line of defense is multi-factor authentication, whereby you use a password and another authentication method — like an SMS code — to secure your account. This function is already included in Office 365, you can contact us to activate it.

The second line of defense is training yourself and your employees to spot common phishing techniques. In particular, verify the accuracy of the wording and the sensibility of the requests in the messages.

For good measure, your organization can also install an email-validation system which is designed to detect and prevent email spoofing, such as the Domain-based Message Authentication, Reporting and Conformance (DMARC).

Identifying phishing emails and planning and implementing a robust defense system are ways to protect you and your organization against the new Office 365 threat. For tips on how to spot this type of scam and how to plan thorough security practices, contact our experts today.

Posted in Uncategorized | Leave a comment

5 types of clutter that slow down Windows


If you’ve noticed that your Windows 10 operating system has been running slow, yet no virus has been found and everything seems to be running okay otherwise, your PC might have too much clutter. Clutter can impede its performance and eat away its memory. To help your computer perform at its peak once again, you need to know five types of clutter and how to remove them.

5 types of clutter you need to know

  1. Pre-installed software: This unwanted OEM software, referred to as “bloatware,” poses security risks and takes up tons of CPU, RAM, and disk space. To get rid of it, Refresh Windows.
  2. Windows Updates: All too often, Microsoft launches updates that fail to download correctly, leaving you with corrupted and unusable files. Some of them will be deleted by Windows, while some will hang around forever. To remove them, Reset Windows.
  3. Registry Bloat: Every action performed in Windows gets recorded in your computer’s registry, including files and applications you’ve deleted. And gradually, Windows becomes bogged down by thousands of redundant entries. The solution? Reset Windows.
  4. Error files: Whenever software in your system encounters errors in processing or crashes altogether, Windows will keep a log file of it. And, as with Registry Bloat, these log files accumulate. To remove all these space-eating files, Reset Windows.
  5. User Bloat: This means a large number of your own files, especially if it’s unorganized. Solution: Refresh Windows.

How to declutter Windows

To rid your computer of all this clutter, you have two choices: Reset or Refresh. When you Reset, a brand new copy of Windows 10 is installed and “resets” your system to its original state. When you Refresh, your PC reinstalls Windows 10 free of any bloatware.

Both tools will delete Windows 10 apps and your customized settings, and will give you choices of keeping your old files or deleting them.

To get started, go to Start > Setting > Update and Recovery > Recovery

If you want to Reset Windows, choose Reset This PC > Get Started and then follow the on-screen instructions.

If you want to Refresh Windows, you need to know whether your Windows update version is Windows 10 1607 or Windows 10 1703 since the processes are a bit different.

  • For Windows 10 1607, choose More Recovery Options > Learn How to Start Afresh With a Clean Copy of Windows 10, at which point you’ll see a new screen in your browser. Click Download Tool Now at the bottom of the page, and when the download is finished, follow the on-screen instructions.
  • For Windows 10 1703, click Settings > Update & Recovery > Recovery > More recovery options > Start Afresh to launch Windows Defender. Then click Get Started to start the Refresh process. Alternatively, you can press the Windows key + R, enter systemreset -cleanpc and click Enter. When you see the Fresh Start menu, click next to start the process.

There are innumerable ways to make your computer perform faster and more efficiently, and our Windows experts are equipped with all the tricks of the trade. Give us a call today.

Posted in Uncategorized | Leave a comment