Microsoft is the best choice for almost all daily work in the office, whether it’s Microsoft Word for documentation, Microsoft Outlook for email or Microsoft Excel for spreadsheets, so why not get the most out of those services? With the right Microsoft Office 365 expert, you can do even more with it. However, as one of the world’s biggest technology companies, Microsoft knows that a product has to continually change in order to keep up with the ever-changing demands of users. Unfortunately, this can sometimes cause issues when a relied upon feature or version of software becomes unsupported. Case in point – Microsoft has recently announced that an upcoming change will affect how Office 365 connects to Outlook, which could keep some users from accessing their inboxes. This key change will end up affecting all Outlook users that are using a version more than two years old to connect to an Office 365 mailbox. That is, the protocol that allowed Outlook versions from 2007, 2010, and 2013 to connect with Office 365 (RPC over HTTP, or, Outlook Anywhere) will stop being supported by Office 365 after October 31, 2017. Details include: Users of Outlook 2007 will not be able to connect to Office 365 after October 31. If that is the version you are currently using, you will therefore need to upgrade to a newer version of Outlook. Users of Outlook 2010 will only be able to connect to Office 365 after October 31 if the proper updates have been installed in order to meet or exceed a specific build number: 14.0.7164.5002. Furthermore, it’s important not to forget that Microsoft mainstream support for Outlook 2010 has expired. Users Outlook 2013 will only be able to connect to Office 365 after October 31 if the proper updates have been installed in order to meet or exceed a specific build number: 15.0.4779.1002. So what can you do to keep connected to your Outlook inbox? First of all: don’t worry. With expert Microsoft Office 365 support from {company}, you can rest easy. We can handle your update processes and any migrations or further support needed to ensure that you and your employees always have access to your Outlook inboxes, both before and after October 31. In order to keep you connected we’ll do the following for you: Verify your business’ Outlook versions and build numbers Inform you of any required upgrades that need to be made by October 31 Let you know of any opportunities to move to enhanced Office 365 licensing options that will both handle the necessary upgrades and improve your productivity Implement an Office 365 data backup strategy if your current strategy isn’t adequate to protect your Exchange, SharePoint, and OneDrive for Business data Once we’ve got you properly setup to keep you connected to your Outlook inboxes, don’t forget that we can do a lot more as well. If you don’t feel that you’re getting everything you think you should from Microsoft Office 365, then allow {company} to help. Our team of Microsoft experts is well-versed in everything that Office 365 has to offer, from the core functions of workhorses like PowerPoint and Excel to the hidden features and handy tricks that will allow you to use old standards in new and exciting ways. Upgrading to a more recent version of Microsoft Office 365 and actually using this new version to its full potential requires a solid grasp of exactly what it has to offer, which features and applications will have the most benefit for your unique business, and how to leverage the cloud aspect of this productivity suite to improve the way your staff gets work done. Partnering with Microsoft Office 365 expert takes the guesswork out of it, and offers your business a valuable resource to help your team use this game-changing Office suite to your maximum advantage. Because what’s the point of investing in high-end technology if you’re not going to use it the way it was intended? The {company} team has handled countless businesses’ transitions to Microsoft Office 365, taking care of everything from the initial install to helping to set up access to OneDrive to keeping track of subscription and licensing information. By making sure that every aspect of Office 365 has been setup correctly and taking the time to help your staff understand how the new tools they’ve been given actually work, your business can take advantage of a host of incredible new options that will help to simplify tasks, speed up projects, and impress your clients. The key to finding real success with Microsoft Office 365 is having the needed resources and support in place to keep things running smoothly. That means having an experienced IT provider like {company} taking care of needed patches and updates, monitoring and maintaining the security of your entire IT environment, and helping you manage the devices that have access to mission-critical data and applications. Microsoft Office 365 is flexible, versatile, and surprisingly simple. It’s just a matter of having the right IT provider implement and leverage this incredible productivity tool, making sure you’re not missing out on what Microsoft Office 365 has to offer. Interested? Call {company} right away at {phone} or email {email} to learn mo

If you don’t use HTTPS on your website, it will now be labeled “NOT SECURE” in Chrome. Even if you haven’t considered using HTTPS (HyperText Transfer Protocol “Secure”) for your business website, you’ve probably seen it before. The history of this security protocol goes back many years to the beginnings of the commercialized Internet – And it’s about to get a big emphasis, thanks to upcoming changes from Google. If you haven’t thought about transitioning your website to HTTPS, now is an excellent time to start making plans. Here’s why. HTTPS: The Security Format Ahead of Its Time The HTTPS protocol was developed in the mid-1990s thanks to efforts by companies like Netscape and Spyglass (remember them?). The problem was, at that time, the Internet wasn’t very secure, and exchanging data for commercial transactions (payment and contact info) was a risky business.  As a result, organizations developed SSL (secure sockets layer) security, encryption that could be used to verify their website’s authenticity and protect consumer information. This quickly became a go-to security measure for large online retailers, especially once Microsoft officially adopted HTTPS. Rival protocols battled for a few years, but as SSL continued to evolve, global standards took hold. By the 2000s, HTTPS had become the universal way to protect data and assure individuals that a site was secure. A Quick History of Google and HTTPS As the Internet grew in the 2000s, HTTPS slowly expanded beyond commercial sites into other types of websites, including news and service organizations. It moved slowly because internet security was still relatively new. HTTPS was primarily relegated to website data behind logins, or data managed by particularly large organizations. Google was surprisingly ambivalent about HTTPS for many years. It even refused to index HTTPS pages up through 2013.  It didn’t see those pages as an appreciable, easily measured part of the Internet. But this soon changed as Google realized the role it played by encouraging internet security through page rankings, and how it assigned value to online content. Google algorithm updates focused on improving the quality and safety of the Internet. They added a new algorithm in 2014 designed to factor in secure sites of all kinds. And, for the benefit of users, they started labeling secured sites more prominently in Chrome. This new algorithm had one primary purpose: It improved rankings for sites that invested in HTTPS security, in real time. This meant that companies could basically get a ranking boost just by switching to the HTTPS protocol.  However, there were difficulties in this approach. For one thing, while Google boosted HTTPS rankings, the company (probably unintentionally) made it difficult to change over to HTTPS with Google Webmaster Tools. Plus, the SEO boost that HTTPS provided was minuscule. This led companies to ask, “Well, why bother?” As a result, Google didn’t see the intended growth of HTTPS sites. Google’s Latest HTTPS Change. Fast-forward to the end of 2016: Data security has become more important than ever as security threats rise at an alarming rate. Today, Google has decided to take its HTTPS encouragement up several notches with a big upcoming change: Companies that adopt HTTPS will be designated as “SECURE” on Chrome browsers. Companies that don’t use HTTPS will now be labeled “NOT SECURE” when users open the site in Chrome. This will apply to all websites without HTTPS, no matter what other security measures they employ. This change will go into effect in October 2017 – a swiftly approaching deadline. Google didn’t mention whether or not it would add more weight to HTTPS in its ranking algorithm. They’re under no obligation to tell anyone if they’re changing the algorithm, so this move could easily be followed by harsher SEO penalties for HTTP-only sites. What Should You Do About HTTPS? Fortunately, Google is good about giving companies advice on what to do to improve their sites. If you’re worried, the company breaks down the solution into two different steps. First: Make sure that all forms associated with passwords and credit fields of any kind are provided via the HTTPS protocol. That means the entire page at the top-level must be HTTPS, as well as any iframe inputs. Don’t make the mistake of simply searching for, and converting all your iframes: Google specifically says this won’t work – you need to make the entire page HTTPS to avoid the “Not Secure” warning. Second: The first step is simply a patch to treat immediate symptoms. Your long-term solution should be to convert your entire site, in all its various forms, to HTTPS. The “Not Secure” warning will still show up on other pages without HTTPS. Customers may be less likely to notice it on, say, content-only pages, but it will be there, and you need to get rid of it. Remember, October 2017 is the cutoff date, so it’s important to make the change to HTTPS if you want to prevent the Chrome warning label from showing on your site. If your site is hosted, look at the services and packages provided by your host. Most will offer an upgrade to HTTPS that allows for a quick site conversion. Check to see if you have room in the budget for this upgrade. {company} helps businesses in {city} with security updates and data services. Contact us at {phone} or {email} for this, or other IT issues.

A discussion of how to best go about taking complicated IT concepts and communicating them to your team in the right way. The world of information technology is something of a natural contradiction. On the one hand, the resources that we depend so heavily on are designed to make our lives simpler, not more complex. They’re intended to allow us to work smarter, not harder. To do that, they need to be accessible to everyday people — both those who have devoted a lifetime of education to the topic and those who haven’t. Yet at the same time, IT professionals find themselves awash in a world of highly technical terms and acronyms that describe incredibly complex subjects. Again, being able to properly utilize those IT resources requires an infrastructure that is aligned with your long-term strategy, but oftentimes this level of technicality can keep most people at a distance. Luckily, communication skills will come in handy when operating in the IT space — just not necessarily in the way you may have thought. If you really want to learn how to communicate IT concepts in the easiest way possible to those who may not be experts, there are a few key things to keep in mind. Understand Your Audience In many ways, the secret to effective communication involves knowing who you’re speaking to and adapting to their capacity — regardless of whether you’re talking about IT, science, mathematics or some other complicated topic. If you’re speaking to a tech-based audience, naturally you would be able to get away with some of the jargon that keeps others at a distance. If you’re speaking to a non-technical audience, put things in terms of what they can do, not what they are. For example, don’t talk about the finer points of a server, breaking down the detailed technical specifications as precisely as you can. Talk instead about what that server does — how it changes their lives, makes things easier and the very real value that it provides. Your audience may not know how a server works at the end of your conversation, but they will know how it is about to change their lives and why it is so important. Get Comfortable With Metaphors and Analogies One of the best ways to take complicated IT concepts and distil them down into something more easily accessible for novices is to use metaphors and analogies when explaining certain key ideas. If you were trying to tackle a topic like the internet of things, for example, you wouldn’t necessarily describe the billions of connected devices that are designed to make up this concept over the course of the next few years. You wouldn’t talk about complicated sensors and other elements all creating, sending and receiving data among themselves at all times. Instead, you might focus in on something that is a point of reference in their lives — a more easily accessible idea like a thermostat that automatically learns your schedule and starts adjusting the temperature of your home based on the time of day and when you’re going to get home from work. Start simple with something that matters to them and build out to the broader and more complicated implications of the concept from there. Explain, Explain and then Explain Some More Another helpful way to explain complicated topics to non-IT people — which also works for explaining any other highly technical idea — is to get to the same destination in as many different ways as you can. Remember that everyone is a little bit different. Some people grasp new ideas right away, while others will require a bit of extra love and care. If there are two different ways to explain something, don’t pick one or the other. Instead, use both. If there are eight different ways to explain an IT concept, that’s even better. Though it may feel like overkill to you, remember that you’re the one who already grasps the concept — not the person you’re speaking to. At some point, something is going to stick and both parties will be much better off because of it. Lean Into Pop Culture to Make IT Sound Fun Finally, another useful way to take a complex idea and present it to a non-technical audience is to rely on pop culture and other types of references to make it memorable, relatable, and most importantly, fun. Think back a few years ago to the debut of the iPad. Though Apple’s tablet may seem commonplace today, it was a totally foreign concept to many people when it originally debuted. A lot of people didn’t really understand the broader implications of it or what allowed it to be more than just a giant iPhone. Explaining how a tablet fits into your workflow may be difficult when someone has just, minutes earlier, learned what a tablet is, but with pop culture you can do the next best thing. What is an iPad if not one of the communicator devices from Gene Roddenberry’s sci-fi classic “Star Trek”? Or how about that scene in “Minority Report” in which Tom Cruise is hiding on a subway train and he spots a man reading a digital newspaper that he’s controlling entirely through touch? Points of reference for modern day IT concepts and items exist all throughout popular culture. You should try to use them as a bit of a “common starting point” whenever you can. If someone understands your pop culture reference, terrific — you now have something to build from to introduce them to the more technical IT concepts with relative ease. IT concepts can often seem overwhelming and insurmountable — but if you approach things from the right direction, getting everyone on the same page doesn’t have to be nearly as difficult as certain people often make it. If you’re in {city} and would like to find out more information about these or other essential IT concepts, please don’t delay. Contact {company} today by phone at {phone}

From strong security to seamless integration and even unprecedented mobile access, Microsoft Office 365 has plenty to offer your business.   Office 365 offers some clear advantages for business, whether you need to boost your collaborative abilities, improve mobile access or only want to be sure your data stays secure. Learning about this innovative, easy to use the suite of software can help you decide if it is a good fit for your organization. If you already use Office 365, learning more about your options can ensure you make the most of this scalable, flexible business solution. Benefits of Adopting Office 365 Office 365 Offers Easy and Seamless Integration with Other Solutions The tools you already know, use and rely on for your workflow can seamlessly integrate into Office 365. The list of programs and tools that perform well with Office 365 is extensive and includes common solutions like Word, Excel, Outlook and Power Point. Office 365 makes it easy to standardize your file formats and to ensure that everyone one your team can open, access and use the pieces you create. Mobile, on the Go Access is Easy with Office 365 Mobile use is at an all-time high and your team uses smartphones, tablets and other devices to stay connected and perform tasks, even when they are not in the office. Microsoft Office 365 allows your team to open and process documents, access contacts and calendar information and send emails from any connected device. Office 365 works with both PC and Mac and with Android, iPhone and even Blackberry devices. This mobility allows you and your team to work from home, while you are traveling or from virtually anywhere you can get a connection. Whether you are heading to a trade show, calling on clients or taking a much-needed day off, you connect in an instant to get the information you need to serve customers or support your team. Office 365 Enhances Communication and Collaboration It’s easier than ever before to collaborate with your team and for your workers to share and access information. A password protected portal can be established that allows your team to quickly access the documentation or files then need – and more than one person can access and work on a piece at a time. Once work is complete, progress is tracked and noted so that anyone in the group can quickly determine what has been done and what still needs to be completed. Collaboration and communication are about more than just opening, editing and sharing documents; Office 365 also supports robust, large scale storage and sharing and even online meetings. Intuitive, Easy and Accessible Unlike some other programs or packages, Office is free of jargon and very user-friendly. It has an intuitive, easy to learn dashboard that is standardized between applications. Even those in your group that are not particularly tech savvy can get up to speed quickly and become efficient users of this flexible suite of tools. You do not need an on-site IT team to handle Office 365 issues and no one on your team needs to attend any kind of special certification to actually use this software. Security and Safety Provides Peace of Mind Microsoft has a robust and proactive security team and Office 365 receives their full attention. In many cases, the company has recognized vulnerabilities and released patches well before a publicized ransomware or malware attack. By identifying risk and possibilities for exploitation early, Microsoft has a long history of taking aggressive action to prevent you from being victimized by cybercriminals. In an ever-changing, ever-evolving landscape, regular patches and updates are a must; you’re far more likely to be victimized if you use a system that is regularly protected and up-to-date. Security is about more than updates; Office 365 features the same robust systems used by Microsoft and some of the biggest brands to protect networks, documents and even email. With built in scanning capabilities, your Office 365 suite can scan your email around the clock and alert you to any suspicious software or attempts to hack your systems. Office 365 was designed with reliability in mind and Microsoft does more than the promise they’ll be online; they offer a 99.9% uptime guarantee via a financially backed SLA (Service Level Agreement) to provide peach of mind about availability. Flexible, Scalable Solutions With a simple pay-as-you go pricing setup and plenty of flexible options, you can start small and scale at your own pace. You don’t have to pay for more than you’ll use or begin to feel restricted as you grow. For new businesses experiencing growth, this flexibility ensures cost effectiveness. Since you can scale up as needed, your team can continue to work with the tools they are familiar with as you grow, you don’t have to change to a new system or adapt to new tools. From cost efficiency and scalability to the peace of mind that comes from working with Microsoft, Office 365 has plenty to offer the enterprises of all sizes. Interested in Office 365 and want to learn exactly what it can do for you? Contact {company} at {email} or by phone at {phone}; we understand the power of this powerful suite of tools and know just how much it can help your business grow.

Help protect yourself from identity theft online by asking yourself these six questions. I feel safe in assuming that if you met a stranger on the street who wanted you to disclose your personal banking information, you would tell him to go take a long walk off a short pier or keep you would keep your mouth shut at least. Then why do so many otherwise intelligent business owners fall for scams online? When I speak to my clients about phishing scams and protecting their identity online, they nod their heads and assure me they would never fall for a Nigerian banking scam or open an attachment from an unknown person. Yet, every month, successful business owners contact me to ask for help reclaiming their lives after cyber criminals steal their identities. The hard truth is recovering from identity theft is a long, painful process. It is much easier and way less expensive to prevent identity crimes from occurring in the first place by protecting yourself from an identity scam. Protecting Your Identity Online Help keep your identity more secure online by asking yourself these six questions to help prevent yourself from becoming another victim of identity scammers. Are you expecting to hear from the person or business contacting you? Unless you have an ongoing relationship with the sender of an email or message, any inquiry for personal information you receive is most likely an attempt to defraud you. Even if you have business with the company supposedly contacting you, is there a legitimate reason for the business to communicate with you now? It is now common for a fraudster to choose the name of a large company like PayPal, Amazon or local utility company which most people use. So just because you are a customer of a company, doesn’t mean the email is real. If you are ever in doubt about whether a request from a company is legitimate or not, open a new web browser and visit the company’s website by typing the full domain name directly into the address bar. Never click on any links from the email which may take you to a copy of the company’s site. Does the email look professional? Carefully examine any email you receive which asks for sensitive information. Compare the questionable email to other emails which you have received in the past from the same company and know are legitimate. Look at details like the logo, the salutation, and the way the email is written. The majority of phishing scams originate outside the United States in countries where English is not the official language. Many scam emails contain multiple spelling and grammar mistakes. When an email contains language which encourages a quick response to prevent being locked out of your account or losing your benefits it is most often a red flag. Do I really know who sent you that? Online scammers are great at making their emails and social messages appear to be coming from a friend or associate you know. Manipulating the source of a message, or the header is ‘spoofing.’ Spoofing causes US businesses to lose billions of dollars in fraud. Before you respond to an unexpected message requesting by sending any form of personal information, always double check that the sender’s email matches the person or company you think sent the message. If the sender is using an email address which is different, don’t respond. The safest approach is calling and speaking with the sender by telephone to verify the legitimacy of the request. Why is the person asking for that particular information from me? Many scammers use a spoof email to ask users to confirm personal information relating to the individual’s account. Most of the time, the information these scammers ask for is something which a real business would not need to confirm a user’s identity. Banks and financial institutions never request users to confirm passwords or user names through email. A legitimate business won’t ask for you to send sensitive information over an unsecured server. Is the payment page secure? The majority of purchases in the US are made online. But before you input your credit card information, you need to make sure you are not about to send your credit card information to a scammer. Help keep your bank account safe by always checking that the payment page is secure and authentic. Never access a payment page directly from an off-site link. It is common for a cyber criminal to send a spoof email which contains an embedded link to a special offer. But when you click on the link, it redirects you to a copy of the site designed by the scammer to steal your credit card information. Never pay on a page which doesn’t have a “https://” before the domain name and look for an icon of a padlock in the address bar. If you are unsure about the security of a site’s payment page, don’t make a purchase. Am I revealing too much personal information on social media? A profile on a social media service like Facebook, Instagram, LinkedIn, and Twitter is a treasure trove for identity thieves. Many users of these social media services do not understand just how much of the information they publicly share can help scammers to gain access to their accounts. Avoid sharing sensitive information such as birth dates, anniversary dates, names of children, pets, friends, and spouses. Don’t post pictures scammers can use to create fake accounts. Never reveal your home or work address. Always use the highest level of privacy available from a social media service and never accept strangers as friends. Regrettably, it is impossible to guarantee you will never be a victim of online identity theft, but when you remember to ask yourself these questions, you will lower the chances you will.

Short on resources but still need to improve data security? Here are the steps you should consider. A very typical attitude exists among growing companies that are upgrading their data security systems. It goes something like, “We would love to improve our IT security – but we don’t have room in our budget for anything big.” Given how sensitive data security currently is to business survival, we’re not sure that’s the right attitude to have, but the fact is that many companies just don’t have many resources available to invest in new security licenses or services. That’s fine: Here are key steps you can take without making significant budget changes. 1. Use Available Biometrics and Manage User Identities Biometrics may sound like a high-tech field, but biometric devices have fallen in price and become commonplace, removing budgetary concerns about upgrades. In fact, if you have a device made within the last couple years, it probably comes with a fingerprint scanner or similar device without any extra charge (how long has it been since we’ve been logging into our phones with fingerprints?). Even if you are using older desktops or laptops, biometric devices are a quick, affordable purchase that will allow your company far more efficient login tracking and device protection. Passwords have problems – especially when they are poorly chosen or never changed. Biometric logins don’t have these problems and are generally more employee-friendly to use. 2. Maintain a Dedicated Security Administrator Services like Microsoft’s Office 365 Threat Intelligence use automatic threat detection services to sift through data and watch for any signs of malware or hacking. Threat Intelligence can alert companies about suspicious behavior or logins, as well as keep businesses updated on the latest threats and necessary precautionary steps to take. The good news is that Threat Intelligence is typically offered as a free security perk. However, it requires an experienced security administrator who can receive regular alerts and who knows what to do about them. Creating an entirely new position is unlikely with budget constraints, but consider shuffling responsibilities if necessary so that a trusted IT hire or manager can hold this responsibility for the long term. 3. Practice Consistent Access Management All data systems come with ways to manage access: Unfortunately, not all companies use access control to the proper extent. Some sensitive data simply cannot be available to everyone without inviting serious security risks. Even data held behind authorization walls can be compromised if that authorization is handed out too quickly, or at the wrong time during workflow. For a low-cost way of shoring up your data security, take a look at access management practices and how easy it is for people to improperly access sensitive data. This isn’t just a systems question, either – it’s also an environmental and practices issue. No business should leave computers open in lobbies or common areas with access to sensitive data enabled. 4. Fix Compatibility Issues and Implement Security Updates ASAP Security updates and patches are designed to counter malware or close vulnerabilities that could later be exploited. It may seem like Security 101 to apply these patches, but many companies struggle with this simple step. It’s best tackled in two stages: Go through operations and check to see if updates will cause any compatibility problems. This is an IT specialty, and IT experts should have no problem finding any potential problems.If any software or systems run into issues when you try to update, then fix them first or find alternatives that are up to date. Do this regularly with security patches, and you will end up with flexible, fast systems that can be updated in a day or two. Don’t do it, and you’ll be stuck with compatibility issues that will keep getting worse. Set your update schedule, and make updates on work devices automatic so that no one has the choice to just ignore the patch. Remember, time is of the essence, so even if you need to wait on vendor updates or switch to a different app, think in terms of days or weeks instead of months. 5. Change to Mobile-Capable File Servers This is probably the most cash-heavy option on the list, but if you already have the right server hardware or flexibility in switching hosting services, it doesn’t cost much to make a server upgrade, especially if you are already paying for a license/service. Today’s mobile-friendly business world benefits far more from adaptable, streamlined, and mobile-capable systems that eschew external hard drives (another cost-saver) for cloud sharing and virtualization. Cut back on hardware, revamp your data services, and the company may come out the other end with fewer long-term costs. 6. Enable All Two-Step Verification Everything from Gmail to O365 offers multi-factor authentication. All businesses should allow this type of the audit: It makes data theft far more complicated and doesn’t come with any associated costs (other than a bit of your time). 7. Make Employee Education Part of Your Daily Meetings Educating employees isn’t always easy, but it’s very cost effective! The problem is that a single education or training session has minimal impact. Over time, without reinforcement, employees tend to get lazy about security, so you can’t just tell them once. A better idea is to devote a portion of your daily or weekly meetings to talking about general data security. You can give tips about how to treat mobile devices before a business trip, updates on new security initiatives, and reminders about logging off computers in public areas. As long as you make it part of the continued conversation, it will stay in employee’s mind and become a part of the workplace. However, always try to explain the impact on the company itself, and why security rules exist so that employees understand what’s at stake. A short news brief about data attacks in your industry can make a compelling point if there are any good recent examples. There are also online resources available to help out. Do you have more specific questions about your

The world is a more dangerous place for kids than ever before in history. Here is how to keep your kids safe online.   Kids spend an average of nine hours a day online, using social media, playing games, engaging in chat rooms, looking at videos, and generally browsing the web. While the Internet can be educational and informative, it is also where danger lurks. Not speaking to strangers used to be a standard, basic instruction that parents gave to their children. Now, however, parents are oblivious to the incessant online “chat,” which is simply a virtual version of talking to strangers. There are many inherent dangers in giving kids unfettered access to the internet. Among the dangers is that kids will grow up too fast, be traumatized or confused by images they see and text they read, become a victim of bullying or some other crime, or be swayed to think in a way that is dangerous to their well-being. Following are some examples, and how parents can keep kids safe online. Traumatized by Images and Text Young kids who are given tablets, phones, and laptops to “play” with while the parent is busy are easily traumatized by images and text encountered on the internet. Simple and innocent sounding keyword searches that a child might enter can quickly bring up raunchy material that is sometimes purposely formatted to come up in a minor’s online search. There are people who get a thrill out of posting unseemly images and formatting them with kid’s cartoon character names, for example. Preventing young kids from being traumatized by such images and text is as simple as keeping devices out of the hands of youngsters. There are plenty of electronic toys available that don’t include internet access to kids under a certain age. Bear in mind that phones, tablets, and laptops are not toys. Grooming by Pedophiles As with any hunter, pedophiles hang out where their prey is, and kids are the prey of pedophiles. That means that pedophiles hang out in kid’s chat rooms and they set up user accounts on kid’s online games like Minecraft and Roblox. An online gaming environment allows other users to comment as they play. Public comments are visible by everyone, and it’s easy for a child to become a target of a pedophile during game play. Once the target is identified, the pedophile uses sophisticated techniques to garner trust, sympathy, and friendship. At that point, the pedophile may then suggest having a more private conversation that invariably leads to a sexual nature. Over time – and pedophiles are very patient – they can actually have a child consent to a sexual encounter, which is orchestrated by the pedophile. The best and most effective way to prevent your child becoming a target like this is to deny the child access to online games where they play with other, real players. Your child will resist this, especially if their friends get to play online games, so it’s a good idea to form a parenting group where all parents in the community agree to restrict online gaming. There are lots of fun alternative games for kids to play that don’t involve real players, including some that have virtual players so it can feel like a live gaming experience – without the danger. Being a Victim of Phishing Not every internet criminal is after your child. They may use your child to obtain personal information they use for identity theft. Kids and teens are poor gatekeepers of personal information. Their young, innate sense of immortality also makes them feel like they are too smart for a scam like phishing. When it comes to personal information that can be used to obtain financial and identity records, kids simply can’t be trusted to keep it safe. To prevent you or another family member from identity theft, it’s not enough to warn your kids. Kids hear the same news that we do. Repeating stories of kidnappings or people being taken advantage of online won’t work, because kids, like adults, never think it can happen to them. Instead, explain how hackers and “bad people” use the information we provide. For example, explain that many of the same questions that Facebook users divulge are the same as the “security” questions on a typical financial institution’s website. Your high school, favorite teacher, first pet’s name, maiden name, favorite sport or game; all are common knowledge to your Facebook friends. Agree on a fictitious set of answers and information for use in online situations. That way, if a scam artist does try to use those answers, they won’t work in a secure online environment, such as on a credit card application or bank website. Becoming a Victim of Bullying Online bullying is increasing. 52% of young people report that they’ve been bullied online. The actual figure is probably higher because kids are often embarrassed about being bullied. Bullying can lead to anxiety, poor academic performance, depression and can even have fatal consequences. Bullying usually happens on social media, but it can also take place on online gaming platforms. Parents can’t prevent online bullying, but you can monitor your child’s online accounts. Insist on having usernames and passwords and check them frequently to ensure your child hasn’t changed them. Monitor online conversations to nip bullying in the bud. If bullying does occur, contact the relevant authorities. Since bullying is so prevalent, it is recommended to counsel your child about bullying, even if it hasn’t yet occurred. Maintain an environment of open communication with your child so they will feel free to share their concerns. Make time to listen, and above all, watch out for signs of bullying. These include a reluctance to go to school, loss of appetite, angry outbursts and a change in social behavior. If you notice anything suspicious, the first place you should look is on their social media accounts. The world is a more dangerous place for kids than ever before in history. There

Incorrectly hardening servers are one of the biggest challenges in cyber security. Watch from the driver’s seat to see what (ethical!) hackers are looking for so you can protect against vulnerabilities. Security experts on both sides of the house recognize that bringing up a new server improperly can create a wide open door for cybercriminals, but how can you know for sure that you’re closing every nook and cranny and completely hardening your server? Small- to medium-sized organizations are particularly vulnerable, as they may not have the full complement of IT staff required to specialize in cyber security and are likely following a set of directions instead of fully understanding the challenges they’re facing. With the rapid pace of change and the complexity of technology today, it can be difficult to keep up with the myriad options available for your network. {company} agrees, so we’ve put together a first-hand view of how an ethical hacker quickly takes down a business Avaya server in a very short period of time. This cautionary tale may offer you some ideas for keeping your organization’s data such as your customer and employee personal information safe from cybercriminals. Types of Attacks There are some standard types of attacks that we see on a regular basis, many of which are perpetrated when an unethical individual gains access to a key internal server: DoS: Denial of Service attacks can cause a web server to come to a halt, making your website(s) completely unavailable to users. Phishing: Perhaps the most well-known type of attack, phishing occurs when individuals within your organization click on a link or navigate to a website that is fake. Individuals are then tempted to enter personal information or passwords so the hacker can gain entrance to your company. Defacement: A scare tactic that is often used towards politicians or large corporations, defacement occurs when a hacker gains access to a web server and replaces the company’s website with a different page that includes a message, music or even the hacker’s name. DNS Hijacking: Hijacking your domain name server (DNS) redirects all web traffic from your site to another location on the web. Sniffing: Hackers attempt to “sniff out” sensitive information that is being passed internally and externally to your organization through an intercept, in an effort to gain unauthorized server access. Cybersecurity Risks Let’s say your organization’s servers have been hacked. What does this really mean in terms of data loss and security? Not only can your organization’s reputation be ruined by a DNS hijacking that sends your customers to a nefarious website, but cybercriminals can also install malicious viruses that can utilize your systems as a replication tool, sending viruses out to all your clients and contacts. Additionally, a true data breach could be incredibly expensive in terms of lost business and even lawsuits against your organization if the personal financial information is breached and then utilized by hackers. However, perhaps the most troubling and damaging effect of an attack is the loss of trust from your customers, which can have a long-term negative impact on your organization. Let the Hacking Begin The penetration testing was done against three different Avaya servers, exploiting different vulnerabilities each time. In all three instances, the white-hat security tester was able to gain access to all three servers. LDAP Scenario The first activity was to run a Nessus vulnerability scan, which showed that anonymous LDAP queries were a possibility: a hacker’s goldmine of data. Once this was determined, the hacker determined it was an easy step to scan for an Avaya phone tree by using JXplorer and looking for an LDAP tree with root “vsp” with a branch labeled “People”. After that, it was simple enough to scan for the two important entries: “cust” and “admin”. After determining that the passwords within the entries were hashed, it took only a moment to break the encryptions using a software tool called John the Ripper, even with the default settings. Turns out, the passwords were still the default passwords for the system “admin01” and “cust01”. After trying a few different tactics to get a full shell, the hacker eventually was able to utilize a combo of a Meterpreter reverse tcp payload via a Linux binary executable file delivered by msfvenom to essentially backdoor into the system. Next, the hacker was able to gain access to a second box that was tied into the first one, simply by following root SSH keys — which can indicate a way for users to log into the system remotely without a password. An additional find was user passwords on the second server, none of which were difficult for the hacker to guess using easy counter-encryption methods. Two Down . . . On the final server on the same subnet, the security expert quickly got a bonus find: easy logins with a full shell using the default “cust” and “admin” passwords. While they did receive a full shell from the system, the passwords and usernames uncovered in the first two servers also worked on the third. However, the shell would not allow access to the root directory and this third server was proving a difficult nut to crack. After utilizing linuxprivchecker.py script to identify any potential locations to run a binary, the hacker uncovered that the majority of locations on the box were covered with noexec commands — effectively halting binaries from executing to protect the server. Eventually, however, the white hat hacker noticed that there was a diag program setuid binary that was only available to a few users within the group, and not the users whose accounts were already compromised. Getting to the Root After several circuitous attempts, the security expert managed to gain access to a shall as a secondary user, by running through voice-only setup binaries and leveraging the diag command, which runs as root regardless of where the command is executed. The meterpreter reverse payload was used again in this instance, to gain access to the /msg/database/vm/tmp directory,

Reports have begun to pour in regarding a new ransomware infection currently wreaking havoc in Russia, Ukraine, France, Spain, and several other countries. This highly sophisticated Russian strain is known as Petya or Petrwrap, and it has been advancing on a scale comparable to the recent WannaCry ransomware infection. However, unlike WannaCry, this strain lacks both the errors WannaCry contained as well as lacking a kill-switch. A wide range of businesses have reported being hit with this infection, with victims receiving the following message: “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.” Sources state that the message appears as red text on a black background, and demands $300 worth of bitcoin in exchange for the decryption key. While it has not been completely confirmed as of yet, Petya/Petrwrap looks to be taking advantage of the EternalBlue exploit, which was leaked by a group known as The Shadow Brokers. If EternalBlue sounds familiar to you, it should – it’s the same exploit WannaCry took advantage of. If you haven’t already, you should be taking steps to protect your business against this exploit by installing the MS17-010 security update from Windows (which you can find here) and checking to see that your systems are fully patched. Like WannaCry, Petya/Petrwrap has the ability to compromise systems that are firewall protected. As this is a true worm, if the infection is able to reach a single computer within your network all of your systems and servers are at risk of becoming infected. Take a moment to remind your staff that they need to be exercising extreme caution at all times when checking their email. If anything even slightly suspicious finds its way into an employee’s inbox, they need to know how to handle the situation and who to alert. All it takes is one mistake for your business to suffer serious damage, and events like this serve as an ugly reminder that a certain level of vigilance is required at all times to keep your business secure. If you have concerns or want to find out more about what you can do to protect your business in the wake of this latest ransomware attack, please contact {company} right away at {email} or {phone}. Our team is here to help.

Unless you happen to be a cyber criminal, ransomware is bad news. So for the rest of us who might have a run in with a cyber criminal who uses ransomware as a method for extortion, it’s important to know what to do and how to handle such situations. Thankfully, we’re going to provide such tips to stop an individual from holding your data ransom and how to prevent them from getting away with their crime. What’s Ransomware? Ransomware is known as a form of malware that either blocks access to your files (via encryption) or holding your computer hostage. Once a person is infected with ransomware, they’re usually ordered to pay a ransom in order to retrieve their data. Since the ransom can usually range between hundreds or thousands of dollars, many individuals who are unprepared for such attacks end up paying the amount and suffer the financial setback – regardless if get their data after paying the ransom. How Ransomware Is Spreading & Evolving With ransomware finally receiving national attention on the news, it’s safe to say that it’s only evolving and becoming more common in the future. This is mostly due to the fact that cyber criminals are utilizing modern technology that make the most dangerous links seem completely harmless. One specific ransomware strand that has been causing concern has been CDT-Locker. Being incredibly hard to detect, CDT-Locker is capable of hiding in files and going unnoticed by security software. To make them even more threatening, hackers have managed to get people to download such files by utilizing tricks that make them seem harmless. An excellent example would be a hacker (posing as your utility company) claiming that they are about to shut off your power if you don’t fill out a form. Another example could be a hacker utilizing social engineering tactics (to pose as a contact you know) to get you to click on a link via email. To make matters even more bothersome, cyber criminals will even use newsgroup postings and social media to post their malicious codes. By taking advantage of human reactions, cyber criminals have no problem benefiting making money at another’s expense. What To Do In A Ransomware Attack There’s a few guidelines one should follow in the event of a ransomware attack. Such guidelines are: Regardless if you’ve found a questionable file or received a pop-up window demanding payment, the first thing you’ll want to do is to contact law enforcement. Although it’s likely that they might not be able to offer immediate assistance, they should be notified of what’s going on in regards to your attack. Once you’ve contacted the police, contacting the FBI is necessary so they can begin to take action on the matter. The next thing you’ll want to do is to contact your service provider. Make them aware of your situation so they can take action and rectify the issue. Doing so not only makes it easier for them to solve your problem, but this helps them prevent ransomware attacks in the future. The third thing you’ll want to do is to turn off the infected computer and disconnect it from any networks that it could be connected to. By containing the malware, you can prevent further damage to other computers within your network. Many individuals do not know that ransomware can take down an entire network of computers if the infected computer remains on the same network, so removing the infected computer from the network is necessary to stop the problem. The final step is up to you – if you weren’t prepared for a ransomware attack beforehand. If you end up paying the ransom, it is possible that you might not receive your data and end up with a financial setback that could happen again. for example: the cyber criminals already got you once, what would prevent them from attacking you once more? In addition to this, cyber criminals tend to want payment in bitcoins or over the Tor network, since these methods of payment are virtually untraceable. Caving in to the ransom not only makes their illegal acts easier in the future, but it allows ransomware to become much larger problem in the future. However, if you have been backing up you files and information via the cloud or through physical drives, you won’t have to suffer such traumatic experiences. By having this upper hand in a ransomware situation, the cyber criminals remain powerless since they don’t have anything that you don’t already have in your possession. So regardless if you happen to be a small business or a large corporation in {city}, it’s important to back up your files to avoid such severe circumstances. Thankfully, {company} is here to solve your problem. Since a few hours of backing up information on other platforms can save you hundreds of dollars (and time lost medicating headaches during the ordeal), preparing for such situations is one of the the best ways to combat and prevent the event of a ransomware attack. Contact us by {email} or {phone} today so we can save your business a lot of hair pulling in the future.