Information Technology News & Information

Are You Using Windows Installer?

You May Be Sabotaging Yourself! This latest cyber-attack uses Windows Installer to download malware onto your computers. What is CVE-2017-11882, and what does it do? How should you detect and protect against it? What other similar malware attacks have come up in the past? These are all questions you should be asking yourself in order to develop the best defense against this type of attack. It seems like just when we’ve learned how to protect against one type of malware, four others pop up. Recently, Microsoft began combating CVE-2017-11882, which exploited a vulnerability in Microsoft Office. Then, just as expected, as one weakness was fought, a new one popped up. CVE-2017-11882 exploited a new vulnerability within the Windows Installer. The previous version of CVE-2017-11882 The previous version would exploit the vulnerability using windows executable msht.exe, and then run a PowerShell script which would download and execute the payload. The problem with this is that while previous versions have edited Microsoft Installer, this version doesn’t edit it. What it actually does is use Microsoft Installer for the exact purpose that it was built for, to install things. Only this time it forces it to install malicious programs on your computer. The new attack uses msiexec.exe as part of the Windows Installer service. For example, the user could receive an email with an attachment. Since the attachment seems legitimate, the user opens and begins downloading it. This attachment installs a malicious MSI package through the use of CVE-2017-11882. This then, in turn, releases either an MSIL or a Delphi binary. This binary will then launch another instance of itself. This duplicate binary is then hollowed out to create a new home for the new malware payload. How does CVE-2017-11882 go undetected? This package provides a compression layer that file scan engines need to process and enumerate in order to detect the file as malicious. This is similar to movies where the complicated retina scan needs is needed to gain access to a specific area of the building, yet the spy is still able to get in, due to his fancy contact lens. The system scans the lens and thinks that he is an authorized user, and allows him passage. Similarly, because of this compressed file mask of sorts, it’s hard to detect and identify the actual payload since it is contained in the heavily obfuscated MSIL or Delphi binary. What can we do to protect against CVE-2017-11882? Sometimes there are simple solutions to significant problems. For example, one of the easiest ways in which you can defend yourself and your business from CVE-2017-11882 is by having a strong email policy for your company. You should use strong passwords, with both capital and lowercase letters, as well as some symbols. You should never write passwords down, or use the same password for multiple accounts. Doing so can result in a hacker not only having access to your email but also to any and all accounts. Also, you should change your passwords often; it is recommended to change them every two months. This way you can stay ahead of the hackers before they have an opportunity to figure out your password, you will have already changed it. Email and Passwords Besides password strength, you should also focus on training employees about the dangers of email attacks, such as those that use the Microsoft Installer. It’s vital that they are trained not to click or open any suspicious emails. For example, employees should be trained to recognize phishing emails that may carry malware, and also to know how to isolate and flag these emails. This way other employees are immediately notified of the email, and won’t themselves fall victim. Employees should always check emails and names of unknown senders to ensure they are legitimate. They should always look for inconsistencies or style red flags such as grammar mistakes, capital letters, or excessive use of punctuation. Restrict or disable Windows Installer A second way to protect yourself is by limiting or completely disabling the Windows Installer itself. This would prevent potential attackers from being able to install their malicious software on your user’s systems. This way, only the system administrator could install programs. Controlling the access and spread of these attacks can significantly help your company to protect itself. Rather than trying to put out fires all over the place, you can then focus on one area and defend it appropriately. Microsoft Recommendations Microsoft recommends that if you think that you are infected with this malware, you should use your security software to detect and remove the threat. Remember to use appropriate software based on which operating system you are using. Microsoft states that Windows Defender works best for Windows 10 to detect and remove this malware. Microsoft Security Essentials works for Windows 7 and Windows Vista and has the appropriate defense and removal for this malware. After detection and removal, you should update your software to further protect yourself from future exploits. Similar previous attacks Attacks like this are not rare in the least. For example, in November of 2017, there was also a vulnerability in Microsoft Office 2000. This flaw allowed hackers to install malware without user interaction. So, while you were just writing a report in Microsoft Word, hackers were downloading malicious malware into your computer without your knowledge or permission. This could easily be fixed by updating software, such as using only the most recent form of Microsoft Office, so that your computers and networks are protected against the latest of threats. We should stay vigilant, to protect our network and our businesses. Knowing what is out there and what can wreak havoc on your business is half the battle. The other half is updating your staff and your software to ensure that you are providing the most vigorous defense possible. Look for vulnerabilities in your system and business. Additionally, it is crucial to stay up to date with the latest cyber-attack news. This will keep you in the know as

Information Technology News & Information

Hammett Technologies Provides Specialized IT Service and Cuts Costs

Sunair Awnings & Solar Screens protects their customers from the sun and rain, and they’ve been doing so since 1880. They lead the industry with the highest quality, most innovative custom-made retractable awnings and shade systems. In fact, Sunair was the first company to introduce the European-style retractable awning to the North American Market. Hammett Technologies has been Sunair’s IT Consultant for the past 11 years. Previously, Vice President of Sales, Jim Wills, acted as their in-house IT guy and admits he wasn’t very good at it. The Situation: Sunair Needed an IT Consultant Who Was Knowledgeable and Capable. Previously, Sunair used a slew of other IT providers, but none of them delivered the service they required. An essential requirement was that their IT Consultant understood their business and implemented technology based on their unique needs. “We were outsourcing our needs one by one at first, and worked with several different IT services,” says Jim Wills, Vice President of Sales at Sunair. “We didn’t have a CTO or CIO, and while my knowledge was good, our needs very quickly exceeded my technical expertise.” After working with so many other providers, Sunair knew they needed an IT Partner who would put their needs first and integrate technology that was right for their growing business. “We quickly realized how different Hammett was from other IT providers. Hammett Technologies is so focused on our needs that they are like an extension of our company, rather than an outside provider,” says Wills. The Solution: Hammett Technologies Provides the Right Guidance and Saves Sunair Money. Hammett Technologies met all of Sunair’s technology needs and more. Our experts focus on providing specialized IT services that transform as a company grows. Along with a helpdesk, IT management, and support, we act as Sunair’s CIO, CISO, and CTO. As a result, we’ve saved them a great deal of money. Jim from Sunair went on to say, “Hammett’s current projects are very exciting and will contribute to our bottom line, providing more for us than they will cost. They’re installing and implementing a VOIP system which will give us a great return and the ability to provide excellent customer service. Now we can balance customer support calls between our two plants. This will help us provide the level of service our customers deserve without having to hire additional staff”. In 2017, our IT Consultants helped Sunair save between $15,000 and $20,000 by evaluating their current systems rather than letting them purchase vendor-recommended hardware. We also helped Sunair save on staff and in-house IT services. “Hammett implemented a CRM system for us,” continues Wills. “This allows all members of our sales and service team to access customer information and track all the transactions that occurred over time. Now, they can retrieve this information immediately.” The Outcome: Hammet Streamlined Sunair’s Operations While Improving Their Bottom Line. Our IT Consultants successfully lowered costs for Sunair by recommending and implementing the right technologies. Jim raves about our team: “Hammett acts as an extension of Sunair, not as an independent contractor trying to extract revenue. They help us keep costs low while keeping our customers happy. They also treat our ‘wallet’ as their own – the amount we spend on Hammett’s services is a fraction of what we would spend with other companies”. Sunair Awnings and Solar Screens experienced what we do for all our clients. We work to cut costs while delivering exemplary service that is far above what other IT companies provide. Hammett Technologies will ensure you realize the true value of your information technology. Call us at (443) 216-9999 or send us an email: info@hammett-tech.com. We’ll address your unique IT requirements while saving you money.

Information Technology News & Information

5 Questions to Ask When Looking for A Managed IT Services Provider

There are plenty of options when it comes to finding a Managed IT Services provider for your business – how can you tell which is the right choice for you? These days, business owners are searching for every advantage to put their company on top. With so much competition out there, just a few small issues here and there can result in costly slow-downs to daily work. One of these resides in your IT department. Nothing is more frustrating than broken computers, slow internet service, and expensive service calls. Things like this can ruin your week and take a huge chunk out of the budget. Though there’s no way to stop computer and network problems from happening, there are ways to minimize your exposure. For small and mid-sized businesses, the solution is Managed IT Services. With Managed IT Services, you can forget about setting up an expensive Server Room and hiring a bunch of highly trained IT people. You’ll probably only need a handful of IT people on staff to handle simple issues that crop up in day-to-day business. The problem comes with the fact that there are so many IT service providers these days and so it can be difficult to find the one that works best for your company. To help, check out these five timely tips to help you find the right IT service provider so you can get back to the job of running your company. Tip One: The Budget Although having the best IT support for your company is important, sometimes managed service providers are keen on trying to sell you expensive services that you really don’t need. To avoid this scenario, sit down with your on-staff IT people and talk about exactly what services your company needs to stay up and running. Speak to your accountant and make sure about the monthly amount that will fit comfortably into your budget. All companies are nervous about data breaches these days; they can be expensive and stressful. However, don’t let that push you to buy over-priced services that you really can’t afford and don’t need. For some companies, hiring a consultant to advise you is a good solution. Tip Two: Understand Your Contract Too many business owners get locked into long-term contracts that they can’t afford. Make sure you understand exactly what your contract includes. How often can you call for service? Some companies allow unlimited service calls for just a few extra dollars per month. This can be a good way to go if your computer equipment is getting old and might break down more often than new equipment. Another issue is whether the contract includes regular updates to software and hardware. One of the biggest issues that companies face is the evolution of technology. Every year, technological capabilities develop at phenomenal rates; it’s hard to keep up. There are new devices, gadgets and social media sites that demand faster computers and networks. Managed IT Services should keep you up to date with the latest advances in business technology. Tip Three: Stay Proactive The whole point of Managed IT Services is that you have someone else to handle network and computer problems. As with all service providers, some are just better at their jobs than others. Make sure your Managed IT Services provider believes in staying proactive. Avoid providers who only come out when there’s a problem. You need a company that will stay on top of all the latest threats. One data breach could drive you into bankruptcy, so it’s important for your IT support provider to make sure your computers are ready for whatever may come. Often, you can find out about things like this by reading online reviews of the company. Have they had any complaints filed against them? How long have they been in business? Don’t let a fast-talking salesman sell you on a company with two employees that just opened its doors. Find someone that has a great reputation and has been in business for years. You want to work with providers who will stand behind their services and won’t stop until you’re satisfied. Tip Four: Is it Scalable? Hopefully, your business is growing. What will happen if you need to add five new computers? IT services should grow as your company grows. You don’t need to understand all the intricacies of cost optimization, cloud services, and scalability, but you should know what it will cost in terms of money and time when your company begins to grow. Ask intelligent questions about colocation and virtual infrastructures. Many business owners are not well versed on these topics but your company’s IT professionals should be. You need IT people you can count on; not people who try to dazzle you with big words. Your on-staff IT team should be working proactively each day to ensure ongoing network services and a sound infrastructure. Hire the best people you can afford and expect them to do their jobs. Tip Five: Ask the Right Questions In the world of Information Technology, there’s quite a bit that the average business owner doesn’t know about. For instance, will the Managed IT Services provider perform regular security updates and patch management? These are both crucial to preventing cyber breaches. Will they perform network monitoring and send alerts when something looks out of order? A new service provider should begin your professional relationship by performing a vulnerability and risk assessment. This will tell you whether your software and hardware are up to par. Is your equipment set up to handle the massive number of new cyber threats that are hurled at businesses each year? How many times have you waited all day for a service provider to show up? This is stressful and costly for any business owner. Ask if the IT provider has a guaranteed response time. It can also be very helpful to have 24/7 Helpdesk support. Be sure this is included in your contract. Many managed IT providers also offer additional services that can be

Information Technology News & Information

Insider Advice On Managed Security Service Providers

Learn the seven key questions every business should ask when deciding on which Managed Security Service Provider to hire. A Managed Security Service Provider is an extension of your IT services department that focuses solely on the security of your company. The services that a Managed Security Service Provider provides range on the network security management spectrum from virus and spam blocking, to intrusion detection, firewalls, and virtual private network (VPN) management. Additionally, some Managed Security Service Providers offer other features such as system changes, modifications, and upgrades. When your company’s security is on the line, it is incredibly important to fully evaluate your options for Managed Security Service Provider. To help make this decision, here are seven questions every business should ask when deciding on which Managed Security Service Providers to hire. What Is Their Reputation? Checking the reputation and reviews of a business doesn’t only apply to restaurants, but it is also essential when hiring a Managed Security Service Provider. Roger Smith, Amazon #1 Best Selling Author, Experienced Cybercrime and CyberSecurity Expert, Speaker, and Trainer, explains that that reputation is critical in deciding whether to hire a Managed Security Service Provider. Smith goes on to further clarify that “Making a bad decision or deciding on one provider based solely on cost can cripple your business”. What Can The Managed Security Service Provider Do For Your Business? Before you hire a Managed Security Service Provider, you need to know what they do, and what they can do for your business. You can evaluate their features by looking into four key categories: Technology, Management, Adaptability, and Compliance. A Managed Security Service Provider typically offers businesses technology such as firewalls, wireless solutions, VPNs and patch management. Managed Security Service Providers are responsible for managing policies, risks, procedures, processes, auditing, reports, training, and education. Managed Security Service Providers should be able to adapt to your business needs under any circumstance. For example, Managed Security Service Providers should offer disaster recovery, business continuity, and backup storage and protection as well. Knowing each feature, and its importance to your company allows you to better evaluate which Managed Security Service Provider will work best for you. John Penland, the founder of InfoTech, states that “In order to provide exceptional value, a provider must first understand their customer’s business model. This helps providers develop a rock-solid solution that can create a long-lasting, happy customer”. Do They Have The Expertise? Not all Managed Security Service Providers are the same. While they might all roughly do the same work, it doesn’t mean that they will all fit well with your company. For example, a Managed Security Service Provider that works for a healthcare business might not be as successful for an accounting business. There are differences in timelines, terms, and expertise that can affect their successful integration into your business. Ian Trump, an ITIL Certified Information Technology Consultant with 20 years’ experience, explains that “When evaluating the Managed Security Service Provider, you need to know whether they have some experience in your particular vertical. A Managed Security Service Provider that specializes in healthcare services may not be a good fit for a logistics and transport or manufacturing company”. Do They Have The Capability? You need to be sure of what you need from your Managed Security Service Provider, then cross-reference that to ensure that they are capable of providing those services to you. Brian Laing, an IT Security innovator from Lastline, states that “The key to evaluating a Managed Security Service Provider is to first codify your requirements”. Splitting these into different requirements not only simplifies which Managed Security Service Provider might be better, but it can also completely remove a vendor from the selection process. This will save your business valuable money and time. What Are They Going To Change To Make Your Life Easier? Hiring a Managed Security Service Provider should make running your business smoother. When hiring and evaluating your Managed Security Service Provider, ensure that you are firm on nonnegotiable expectations of service. Ian Trump further iterates the importance of a mutually beneficial relationship by explaining that “When contracting the services, I would approach negotiations as a partnership and use language which provides mutual benefit, measurable deliverables, service level agreements (on both sides), and dispute resolution mechanisms”. What Benefits Are You Going To Get Out Of It If You Partner With Them? It is essential to create a specific service level agreement with your chosen Managed Security Service Provider. This ensures that all parties involved understand the requirements on both sides – recognizing this as a mutual relationship is key. They are there to protect your company, data, customers, and staff and you are there to pay them. Just as you wouldn’t hire an employee to sit on Facebook all day, you shouldn’t hire a Managed Security Service Provider that won’t carry their own weight. How Much Will It Cost? Outsourcing to a Managed Security Service Provider can save your business 60-75%. Managed Security Service Providers cost on average about $75,000 a year. While this sounds hefty, you can compare it to the cost of a small IT department doing the same amount of work. Three IT staff, with a salary of $72,000 annually plus the cost of cybersecurity software, hardware, and equipment can easily run you upwards of $300,000. Additionally, the use of a Managed Security Service Provider saves you money by providing your business with critical cyber protection 24 hours a day, seven days a week, 365 days a year. The cost of this with a traditional employee would be exponentially expensive. It is important to understand all aspects of your contract and to thoroughly investigate the financial aspects of it. Protecting your investment in a business is no different in the process of hiring a Managed Security Service Provider. Due diligence is important during the hiring and evaluating stage, as it provides your business peace of mind and ensures that your Managed Security Service Provider will continue to work as

Information Technology News & Information

Nine Must-Have Cybersecurity Strategies For Small Businesses

Your small business is at risk. There’s no way to sugar coat it and no way to say it any more plainly. Every day there are criminals targeting businesses. Why? Because they want your money, they want your private data, or they just want to cause trouble for you. It doesn’t matter what they want. The scary thing is that they can do immense damage to your company in a very short window of time. If ransomware takes control of and encrypts your data, your only recourse is to pay the criminals. But what if you could get ahead of the criminals and enact nine strategies that will enhance your company’s cybersecurity posture? It’s time to take a stand and act BEFORE the bad guys do their damage. These nine cybersecurity tips will help your business be proactive regarding your IT security. #1 – Strengthen Your Payment Gateway With Card Best Practices Your bank and credit card issuers can help you tremendously in the area of IT security for credit and debit cards. They will help you by supplying many of the tools that you need to validate cards and ensure that the cards you process haven’t been compromised by fraud. Part of the credit/debit card cybersecurity best practices is the practice of isolation. By putting your payment systems on a separate computer – even a separate internet connection – then the computers you use for internet use, you lower the risk. Another best practice that revolves around keeping up with cybersecurity technology is the move from magnetic strip readers to chip card or EMV readers. These new EMV readers are now the industry standard, and even small businesses need to comply with this new payment security measure. #2 – Backup Everything Your business cannot operate effectively without access to your data. If you don’t back it up, your data may not be there for you when you need it the most. A busy office creates thousands of files each day, and the secure backup of these files needs to be a part of your company’s cybersecurity strategy. Backups should be made at least daily and mirrored in the cloud or an offsite server. Backup should be overseen by an IT support and IT security professional. Companies like us have the cybersecurity experts that are proficient in handling automatic, secure data backup and recovery for companies large and small. #3 – Get Your Physical Access Points Secured If the bad guys – even bad employees – can just walk into any office in the building and access computers, laptops, tablets, or smartphones, you’re not even close to having bulletproof cybersecurity. You need to ensure that your devices are protected by two-factor authentication and that you use door locks and more sophisticated electronic access systems to prevent entry by unauthorized individuals. Everyone in the company should have their own secure passwords, and admin privileges should only be given to the actual network administrator. #4 – Have Structured Procedures In Place For Mobile Devices The mobile devices that your company employees use can present some unique problems when it comes to cybersecurity. IT security experts routinely point to unsecured mobile devices as the vulnerability used by cyber-criminals to gain access to company networks. Make sure your employees use passwords to protect their smartphones and tablets. Contact an IT security professional – like our cybersecurity experts – to help you with data encryption, secure file synchronization, and secure network access. Cybersecurity experts can help you protect your data with remote wipe capability if your phone is lost or stolen. #5 – Secure Your Entire Website Everyone knows that their sign up forms and check out pages need to be secure, but what about the rest of your company’s website? We’ve all had the experience of going to a business site, only to find that it has been hacked and taken over by malicious cyber-criminals. Don’t let it happen to you. Implement antivirus and anti-spyware software on your computers Do all the updates, upgrades, and patches issued by your operating system developer Bring in an IT security professional to do a vulnerability assessment on a regular basis #6 – Lock Down Your Networks Your network connects all your devices, the internet, and your peripheral devices (like printers). Each device is a point at which a criminal could gain access. Here are some tips. Your internet connection isn’t safe unless you are utilizing a monitored firewall and leveraging the power of encryption. Make sure to hide your company WiFI and use controlled access to customer WiFi. Password protect your router. Disconnect any WiFi enabled devices that you don’t regularly use and security check. #7 – Put Policies in Place to Secure Private Data Your employees should know what the IT security policies of the company are and how to deal with private information. But they won’t unless you specifically take the time and invest in cybersecurity awareness training. Once you have done the training, they should be aware of and be held responsible for following IT security protocols. #8 – Employees Are Your First Line Of Defense Against Cyber-Criminals Employees want to help you secure your business against cyber-crime, but often don’t know that they are letting the bad guys in the front door. By training your employees on topics like phishing, social engineering, ransomware, spyware, and adware, you can drastically reduce your risk. Following that training, employ and cyber security professional to run tests on your employees’ ability to spot these scams and intrusion attempts. #9 – Leverage Strong Passwords And Multi-Factor Identification Your staff should be instructed on what makes for a good password. Better yet, hire an IT security professional to set up multi-factor identification and single sign-on strategies for your business. These cybersecurity tactics can help your employees be more efficient while enabling a higher degree of security for your company. Looking for IT security experts to help your business avoid intrusions, disruptions, and costly downtime? 

Information Technology News & Information

Boost Employee Awareness and Lower Your Insurance Premium

Cybercrime is a common part of business these days. Even if you haven’t encountered a hacking or malware incident at your business in recent years, the fact is that cybercriminals are coming up with new methods of stealing and compromising sensitive business data every single day. At best, modern cybersecurity measures are 99.9% effective; cybersecurity experts around the world agree that hacks and data breaches are an inevitable part of a business. A majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more. However, as important as this technology is, on its own, it simply isn’t enough. The key to truly comprehensive cybersecurity is simple, yet often overlooked: the user. Your employees are the weak link. Of course, it is important to have a well-managed and maintained IT infrastructure, but in today’s business world social engineering is the number one security threat to any organization. The alarming growth and sophistication of cyber attacks only make this problem worse, as cybercriminals go for the low hanging fruit – that is, your employees. Cybersecurity gimmicks — such as “set it and forget it” firewalls and antivirus software — fail to account for how important the user is. Even the most effective digital security measures can be negated by simple human error, which is why conventional solutions are simply not enough to ensure your business’ safety. Much of cybersecurity is dependent on the user, and as such it’s vital that you properly educate your employees in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology is a secure manner. That’s why extensive security training is so important for you and your staff. By walking your employees through the most common cybercrime methods — phishing, ransomware, email spoofing and more — you can ensure they’re prepared to bolster your business’s security, rather than compromise it. The best part? It may even eventually pay for itself! If you’re currently paying for cybersecurity insurance — and if you’re not, you should be — then you may be entitled to a discount on your premium by investing in security training for your staff. Call your carrier or agent today and find out if you can save some money by training your staff. This is equally important because some forms of cybercrime that rely on the participation of an employee won’t be covered by the insurance. It may fall under human error, for which the wrong carrier or policy won’t pay out. So, not only will training help you save money on your premium, it will also help you avoid situations where you won’t be covered! In 2016, 80% of U.S. companies suffered a cyber attack, and 47% of these were due to ransomware. The lack of employees’ cybersecurity awareness is the leading cause of successful ransomware attacks. This is the easiest way for cybercriminals to obtain access to your private data. Share these tips with your employees to start boosting your cyber defense today: Phishing: This is the most popular tactic used by today’s ransomware hackers. They deliver malware in the form of an email, chat, web ad or website, and design it to impersonate a real employee. They send a message with a sense of urgency and importance, from a government agency or a major corporation to trick your employees. Baiting: This is similar to phishing, and typically involves offering something enticing to an employee in exchange for private data. The “bait” could come as a digital file, such as a music or movie download; or a fake link in an email saying “check out our new employee policies.” Once they go for the bait, the malware is free to infect the computer and the network. Make sure your employees are aware of emails containing attachments that they aren’t expecting. Before clicking on anything, they should confirm who the sender is via a phone call, text message, or by sending a separate email. Malicious websites and malvertisements: These are designed to look like a legitimate website. Cybercriminals can make them look incredibly real by display branding and logos from actual organizations (such as banks). The hackers then insert a code into a legitimate site which redirects unsuspecting users to their malicious site. Teach your employees how to check URLs by hovering their mouse over the link to reveal the complete URL in the status bar at the bottom of the browser. As technology continues to become more sophisticated and complex than ever before, your employees may be operating on outdated knowledge, which can quickly put your business at risk for a data breach! Train your employees to keep them safe AND save money on insurance. For more information, get in touch with {company} right away at {phone} or {email}.  

Information Technology News & Information

Ransomware Preys On Your Employees

Ransomware has quickly become one of the biggest cyber threats to businesses today, especially given the recent Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries. This kind of malware presents serious data integrity and financial concerns for affected businesses. It works by tricking a user into opening an executable file (either as an email attachment or downloaded from a webpage linked in an email) which then encrypts the victim’s files and holds them for ransom. A majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more. However, as important as this technology is, on its own, it simply isn’t enough to protect against threats like ransomware. The key to truly comprehensive cybersecurity is simple, yet often overlooked: the user. Cybersecurity company Malwarebytes has found that as many as one-third of businesses like yours were hit by ransomware within the last year – the key to all these incidents? The “human factor”. Included in Malwarebytes’ Second Annual State of Ransomware Report, data showed that, of the 32% of organizations that were hit by malware, 20% had to immediately halt their operations. It gets worse – further statistics showed that: 25% of businesses were hit with more than 20 ransomware attacks in 2016 31% of affected businesses in Australia did not know they were hit by ransomware, as compared to 9% in the US 46% of Australian victimized businesses paid the ransom, and after paying, 40% still lost their files. Cybersecurity gimmicks — such as “set it and forget it” firewalls and antivirus software — fail to account for how important the user is. Even the most effective digital security measures can be negated by simple human error, which is why conventional solutions are simply not enough to ensure your business’ safety. Much of cybersecurity is dependent on the user, and as such it’s vital that you properly educate your employees in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology in a secure manner. “People [behind the ransomware attacks] are going to more of the human factor now,” said Malwarebytes Senior Systems Engineer Brett Callaughan to CNET. “A lot more attackers are becoming aware of the fact that they can make small amounts of money on a grand scale very quickly if they completely automate this. The attackers we’re seeing are extremely sophisticated — they’re not fussed about creating a file and making something look real. They’ll just go after the user and they’ll spray and pray. If you hit 100,000 email accounts and 10,000 hit the button and you’re charging $200 a piece? That’s a significant amount of income right there from doing very little.” So what can you do? First of all, ensure your employees are comprehensively trained in cybercrime awareness and prevention so that they can help keep your business safe. Training should include: How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more. How to use business technology without exposing data and other assets to external threats by accident. How to respond when you suspect that an attack is occurring or has occurred. Further vital information that your staff needs to maintain a secure business. That said, employee awareness will only do so much. Remember that ransomware is likely today’s biggest threat to cybersecurity, which means anything less than a comprehensive defense won’t be enough. You hear about it everywhere, along with a range of possible solutions, most of which are defensive – ways to keep the intruders out before they encrypt your files and send you the ransom note. Both industry leaders and cybercrime law enforcement members agree that the best defense against ransomware, other types of malware and similar cybersecurity threats is a robust data backup contingency. Have you invested in one for your business? When developing your ransomware defense, keep these recommendations in mind: Make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Test your backup and cybersecurity measures thoroughly and regularly; create dummy files and then delete them to see how fast they can be restored, or schedule a day to literally unplug your critical systems to find out how long it takes to get online again. Be sure to make the most of the available resources (both provided online and through expert IT consultants) to ensure that you’re not overlooking vulnerabilities in your IT security methodology. The good news is that you don’t have to do all this on your own. Partner with an experienced, expert provider of security support and solutions like {company} today to ensure you’re comprehensively protected from ransomware on all fronts. For more information about how to train your employees to protect your business against ransomware, get in touch with {company} right away at {phone} or {email}. The post Ransomware Preys On Your Employees appeared first on This Website Is Only Available For Members Of The Ulistic Marketing Programs. People Caught Stealing Content From This Site Will Face Legal Action..

Information Technology News & Information

Isn’t It Time to Migrate to Office 365?

If communication is the key to personal and career success, then we should be doing everything in our power to ensure our communication lines are well established, extremely efficient, and thoroughly secure. Migrating to Office 365 might be what your business needs to get the most out of your email server. Why migrate to Office 365? Office 365 provides you with some new, much-needed features like: Microsoft Lync Online with real-time collaboration and communication. SharePoint Online that offers world-class collaboration and an easy-to-use information sharing platform. Microsoft Office Professional Plus with the most popular client tools on the planet such as Microsoft Word, Excel, PowerPoint, Outlook and OneNote. This ensures that you always have the latest versions of these apps at your fingertips, whether it be while working on your desktop, or on a tablet at home. Microsoft Exchange Online and an improved experience with mainstream e-mail and messaging. What are my migration options? Microsoft offers three main bulk migration options for Office 365: Cutover, Staged, and Hybrid: Cutover Migration works best for businesses with 2,000 mailboxes and under. With this option, you can’t keep mailboxes on-premises, only in the cloud. Staged Migration works best for Exchange 2007 and 2003 but requires a directory. Staged Migration can keep mailboxes on-premises as well as in the cloud, and there’s no limit to the number of mailboxes that you can move. Hybrid Migration works best with Exchange 2010, 2013, and 2016, and like Staged Migration, it also requires a directory. Not only can Hybrid keep mailboxes on-premises as well as in the cloud, it also provides seamless functionality across environments. What if these options don’t quite fit my needs? If these options don’t fit your needs, there are also three less common options. The IMAP option works best with Exchange 2000, but it won’t move calendar items or tasks. If you prefer a more hands-off approach, or if your business is simply too large for the other options, you can have Microsoft Office import items for you. This is an excellent option if you have more than 10TB of data. Or, if you prefer, you can use third-party applications like Lotus Notes, or Novell GroupWise to migrate your mail and data, but this option doesn’t allow mailboxes to be stored on-premises, only in the cloud. How to Prepare for Migration After you’ve selected the option that meets your migration needs, you should begin preparing for your migration to Office 365. Microsoft recommends that you use the email migration service Outlook Anywhere (also known as RPC over HTTP), to connect to your on-premises Exchange Server. This allows you and your staff to use Outlook as you normally do without the need for special connections such as hardware, smart cards, or security tokens. Once you enable Outlook Anywhere, verify that you can connect to it outside your corporate network. Then configure Outlook Anywhere on your on-premise Exchange Server. This allows you and your staff to use Outlook as you normally would, without the need for special connections such as hardware, smart cards, or security tokens. Once you have it configured or enabled, you will want to verify that you can connect to it outside your corporate network. Next, you should set permissions on your account so that after migration you can connect it to your new Office 365 email system. Remember that the admin must be assigned “Full Access permission” or “Receive As” permission to modify the Target Address. Also, be sure to turn off the unified messaging until after the migration is complete. To begin the migration, you will want to verify your domain address in Office 365. Use directory synchronization to create users in your new Office 365. Next, create a list of mailboxes that you want to migrate and create a migration endpoint that’s connected to the on-premises server. These Migration Endpoints capture the remote server’s information and provide the credentials for migrating your data. Now You’re Ready to Migrate Your Mailboxes. If you are performing a stage migration, select the users to include in the first batch of the migration. Now you can begin the migration. Once you receive notification that the sync is complete, verify that the migration worked to ensure there are no errors and that you have included the appropriate users in the Office 365 Admin Center. After Migration After your migration to Office 365, you should complete a few post-migration steps to ensure the new system is running smoothly and effectively: Route emails directly to your new Office 365. It can take up to 72 hours for some email systems to recognize the change from on-premises to cloud email. Activate your Office 365 user accounts by assigning the appropriate licenses. Create an auto-discover record so users can quickly access their new mailboxes. Lastly, you should retire your on-premises email servers and celebrate as the migration is now officially complete! At this point, you should feel a sense of accomplishment (and well-deserved at that). But your work isn’t done yet. Through Office 365 Support you can easily try out all the new features and maybe even gain a level up on the old features. Office 365 walks you through signing in, creating and saving projects, sharing and collaborating with staff, and setting up your mobile apps. Then, it introduces you to a few new things that will increase your productivity at work, such as Flash Fill in Excel or morphing your slides in PowerPoint. Finally, schedule regular training for your staff to make the most out of your new Office 365.  Then you can “pat yourself on the back!” As you can see, migrating to Office 365 isn’t easy. That’s why businesses in {city} count on the experts at {company} to handle the migration for them. For more information contact us at: {phone} or {email}

Information Technology News & Information

Meltdown and Spectre Update

With TV shows like Black Mirror captivating audiences around the world, it’s no wonder this addiction to technology is also reflected in the marketplace. This theatrical fiction became true when it revealed the vulnerabilities in technology. The press named them Meltdown and Spectre. Both Spectre and Meltdown allow attackers to access data. The difference between the two is that Meltdown gives an attacker access to data in programs that only administrators should have access to, and Spectre makes a program reveal data that should have been kept confidential. While both are worrisome, numerous patches for Meltdown have been deployed. Spectre, on the other hand, is a bit more complicated to contain. Spectre affects modern processors and operating systems, including chipsets from Intel, AMD, and ARM. It also affects other systems such as Android, Chrome, iOS, and MacOS. Therefore, Microsoft advises customers to seek guidance from these respective vendors. News of this broke on January 6th when Google released this comment: “Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD, and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD, and ARM on 2017-06-01 [1]. So far, there are three known variants of the issue: Variant 1: bounds check bypass (CVE-2017-5753), Variant 2: branch target injection (CVE-2017-5715), and Variant 3: rogue data cache load (CVE-2017-5754).” Spectre is responsible for variants 1 and 2 and Meltdown for variant 3. What devices can Meltdown and Spectre affect? –Workstations, laptops, in-house servers, smartphones, and tablets. While this can be overwhelming, there is good news. Microsoft and other systems like Android, Chrome, iOS, and MacOS have already put updates in place that can effectively protect and secure your devices. The key to keeping your devices safe, after updating, is to continue to monitor and detect for any first-warning signs such as phishing emails or browser-based exploits. Spectre and Meltdown use these as vehicles to obtain your confidential data. If you limit their transport capabilities, you can effectively protect your data. It’s terrifying enough that this could affect personal devices, but now they are far more dangerous and could possibly enter your home or business via smart-home devices. This year at CES, tech companies, such as LG and Samsung, doubled down on connected platforms built on user data. In one year, we witnessed a jump from 29% to 35.9% in smart-home device use like Alexa and Google Assistant. With this latest threat and deep infiltration of technology, it’s more important than ever for companies to ensure their smart-home platforms and servers are secure. On this note, Google, Amazon, and Microsoft all say they’ve patched their servers against known exploits. So how do we protect ourselves from these threats? The first step is to the make sure your systems are up to date. Microsoft released several updates to help mitigate these vulnerabilities. They also took action to secure their cloud services. Microsoft says these vulnerabilities haven’t been used to attack customers at this time. They continue to work closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. It’s recommended that you use available protections, including hardware/firmware and software updates. This includes microcodes from device OEMs, and in some cases updates to antivirus software. In addition to these operating systems updates, look for firmware updates that eliminate the vulnerabilities introduced via Meltdown and Spectre. Microsoft goes on to say that antivirus updates should be installed first. Then make sure your Windows automatic updates are turned on. (If automatic update is turned on, the updates will be automatically installed.) Also, install hardware (firmware) updates from your PC manufacturer. You may need to proactively check with the device manufacturer for updates. This could require going to a device driver update page on the manufacturer’s website. While updating helps to secure and protect your data, it has a downside. It’s important to note that you will see a difference in your device’s performance by installing this update. This can be as high as 42 percent but is dependent on the device and its use. For example, an article in PC World states: “Here’s how much the Meltdown and Spectre fix hurt my Surface Book performance… the sequential read and write performance doesn’t change much…But…4K performance ain’t pretty. While 4K read performance was similar, the write performance dropped by 26 percent. Far worse, though, 4K read and write with high queue depth take a performance hit of 42 percent and 39 percent, respectively. Ouch.” The age of an Intel chip can impact the effectiveness of the patch. Navin Shenoy from Intel, explains: “On 8th generation platforms with SSDs it’s small…the expected impact is less than 6 percent.” Some users have experienced a much more noticeable impact with web applications that rely on JavaScript operations. The good news in all of this is that companies have banded together to fight these common adversaries, e.g., Meltdown, and Spectre. This united front against these bugs has resulted in shared patches. Similar to the U.S. military’s war on terror, companies like Netflix and Amazon have developed a united plan of attack. This collaboration gives researchers the upper hand on Spectre and Meltdown for the first time since this technological chaos began.  

Information Technology News & Information

How to Setup Google Hangouts with External Users

Google Hangouts is a convenient and user-friendly way to have a video call with clients, coworkers, or friends. These meetings can be easily recorded for playback later or to upload to YouTube. Of course, this video meeting software is designed to work with G Suite, Google’s suite of products that includes Gmail, Google Drive, Google Docs, Google Sheets, and Google Calendar for business. While you may be running G Suite for all your business needs, or maybe you just enjoy their Hangouts app, not everyone you need to chat or meet with will be a Google user. Google realized this and has made it possible for users of the other guys (Microsoft, Yahoo, etc.) to join your Hangouts. The process is pretty simple, really. Google gives external users the ability to join a Hangouts call if the call is added to the Google calendar or someone already on the call invites them during the call. To make this process even simpler, all you have to do is supply the person you are wanting to have in the call, with the link. This way, as long as they have the link they can request access to your Hangouts call. Having external users available for the calls in Hangouts has several advantages, including: External users can always request access to video calls using the meeting link. There’s no need for them to be invited, and there’s no need to have to share manually enabled. It provides the best experience when using non-Google software to join Hangouts calls. Allowing guest to request access by default provides the best experience. Simplifies access to video calls when G Suite accounts are not provided to all users. Ensures all users in your company are allowed to request to join when being migrated. Allowing external guests to join by default is an easy menu option that can be turned on before the Hangouts call gets underway. All you need is the link, then visit the menu: Sign-in to the Google Admin console Find apps, then click on G Suite, then Talk/Hangouts Click Global Settings Under Hangouts video calls, click All Classic Hangouts video calls begin with external guests allowed to request access… The user only needs to click the link or put it into a browser, where they will be prompted to input their name when they click the link to request access. Google account not required. IMPORTANT: Someone in your company must approve the external guest that is requesting access who is trying to get in through the link. Inviting users without a G Suites account opens up a world of collaboration, but it also comes with a few restrictions. For example, external users are restricted to presenting and participating in the call, but cannot use text chat or other Hangout apps. External guests are able to join your Hangouts meeting from a PC, Mac, tablet, smartphone, or Chromebox.