Security

What is spear phishing and how can my company avoid it?

The average person receives 16 malicious emails per month. A 2018 study of 500,000,000 emails found one out of every 101 emails received were malicious. Are your employees properly educated about this? Or will they click a link that could cost the company millions? Most of the time, the greatest risk to your company’s internet security are the people who work for it (including you). One click on a malicious email—even one that looks like it comes from a friend—could seriously damage your company. New employees are the most at risk for being duped. [1] What is Spear Phishing?  Spear phishing is an attack in which hackers trick targeted users into sharing confidential information. It can also involve tricking the recipient into installing malware on their computer or network. Here is how it works:  1. You receive an email with an attachment from what looks like it originated from a ...

2023-02-16T16:01:31+00:00

Azure Information Protection

How do you ensure your organization's confidential documents are accessible by approved eyes only? Fear not. Azure Active Information Protection can be your trusted friend to ensure that the sensitive data is well protected when appropriate groups or policies are set up and implemented. Specifically, Azure Information Protection, which is data loss prevention (DLP) for documents can be utilized to secure your confidential data. This blog provides a high-level overview of the DLP solution for Microsoft Azure. There are some different ways to start leveraging the platform and protecting your sensitive documents. Labels Place appropriate labels on your documents - you can have these labels applied by the users as they're editing documents Using client application and plugins into the office applications to apply labels when editing documents Customize your labels to control access to the documents by department or personnel. Create visual marking on the documents, such as header, ...

2023-02-16T16:01:33+00:00

Azure Active Directory Identity Management

Microsoft Office 365 is widely used in many organizations. If you are an administrator for your Office 365, you are likely to be familiar with the Admin Center to look at user accounts and monitor activities. But do you know all the account activities were pulled in from Azure Active Directory in the cloud and are only displayed in the admin center?  If you've got Dynamics, Exchange, SharePoint, or any of the Microsoft software that is in the Cloud, it's going to be using Azure Active Directory as its Identity Manager in the back end. There are a couple different approaches to manage identity in Azure Active Directory. Identity Sharing- As an admin, you may be familiar with creating Active Directory trust to different organizations, so you can authenticate across organizations or different servers across organizations. However, you don't have that ability with Azure Active Directory. In Azure AD, it's called ...

2023-02-16T16:01:34+00:00

Multi-Factor Authentication Conditional Access Configuration

Multi-Factor Authentication Conditional Access and Policies Configuration Multi-factor authentication (MFA) creates an extra step to verify user identity who wants to gain access to your server or database. MFA provides greater security with that layered authentication approach. When hosting MFA on-premises, you can lock down the server or cloud applications that are tied in with Microsoft ADFS (Active Directory Federation Services) in the environment that you have deployed. In this blog, we will be discussing a couple of different ways to manage the cloud version MFA, including setting up conditional access for your MFA. MFA Management Console Go to your Groups and select MFA authentication You should see a list of your users with an indication if they have already enabled MFA Enable MFA for your administrators or selected users By enabling MFA, your users or admins will be prompted to set up their second form of authentication device when ...

2023-02-16T16:01:34+00:00

Windows Security Update Headache? Try This Fix.

Security matters – we all understand that.  No matter how highly refined an operating system or environment may be, there will always be some areas of vulnerability – and there will always be someone looking to take advantage of them. Generally, we can be grateful for the fact that Microsoft is pretty diligent about rooting out these vulnerabilities and addressing them; those periodic security updates have undoubtedly saved an incalculable amount of grief. That’s not to say, though, that the update process will always be hassle-free. Safety comes at an occasional cost, at least in terms of convenience. Many of us were reminded of this with the recent release of Windows Security Update Fix KB4103727. Users who have implemented the patch and who use remote desktop to connect to a server can find themselves shut out unexpectedly. An error message such as the following is typical:   The problem is ...

2023-02-16T16:01:38+00:00

April Showers Brings May Security By Avoiding Attacks

The cyber security threat landscape is evolving, most companies’ solutions are not solving these attacks. Attackers are spending more than 287 days on average in companies they breach – and the amount of damage done in that time is astonishing. Three-quarters of those breaches are directly linked to the mismanagement or theft of user credentials.  What is most alarming is that companies’ solutions cannot solve the problem. Expect breaches to happen, instead of struggling to protect your business from outside threats.  So what can you do?  Rely on detection and containment to best secure your environment. What if your employees need to access information from outside the office and often from their own devices?  More importantly, how do you ensure that your data stays safe and out of the reach of likely attacks? One recommendation is to rate your mobility landscape. One question to ask yourself is, “How well am ...

2023-02-16T16:01:38+00:00

Checklist For Evaluating Managed Services Providers

Think of the last business partner you selected for your company. Was it your accountant, attorney or financial advisor? Evaluating your IT consulting firm and even more specifically, your managed service provider is one of more important business decisions you'll make. The right managed service partner helps tobuild reliability and performance into your company’s IT environment – and takes problems and support costs out. A study by SpiceWorks done in November 2017, shows the budget breakdown by company size which states smaller companies are more likely to shell out more for managed hosting, while larger companies are more likely to invest in managed cloud infrastructure in 2018.  Here is the Managed Services budget portion breakdown for 2018: Managed hosting (12%), managed storage/backup (9%), managed hardware support and maintenance (9%), and managed security (9%).  What does it all mean?  Managed Services allow you to augment your existing IT staff and infrastructure by partnering with ...

2023-02-16T16:01:41+00:00

BUDGETING FOR IT IN 2018? BUILD UP THE BASICS

People don’t usually get too excited about the basics where technology is concerned. It’s not surprising. People are interested in what’s new, and technology is all about what’s new, what’s next, what’s going to change the world – new apps, new phones, and new services are where all the action is. That mindset extends beyond people to companies. When considering what to spend IT resources on, there can be a great temptation to be dazzled by the novelty of that supposedly world-changing new application, that lightning-fast machine or that must-have accessory. And sure – some of them are must-haves or at least extremely-good-to-haves. If they come at the cost of taking care of fundamentals, though, that’s a problem. A lot of companies I work with are starting to think about budgets for the next fiscal year. Almost everyone I talk to would probably describe their IT budgets as “tight” – ...

2023-02-16T16:01:41+00:00

WIFI or WI-Spy : Avoiding the Perils of Public Networks

For some reason, it seems to be a well-kept secret that public networks are not exactly secure. Just about anywhere you may go in a given day -  coffee shops, libraries, shopping malls, office buildings, your hotel – there’s a network just waiting for your device to join it. Convenient? Sure. But from a security standpoint, this is not a good thing. Try telling that to a convenience-driven society that’s grown quite used to shopping, checking its email, dating, doing its banking, and chatting on social media, whenever and wherever it wants to. Despite the publicity given to data theft and identity theft, many if not most people don’t change their online behavior on vulnerable public networks, or even take advantage of even basic protective measures. A recent article in Harvard Business Review outlined the range of threats to public wifi users’ security, describing some of the common tricks the ...

2023-02-16T16:01:42+00:00

You almost became the next Equifax. Did you even know? (Part 1 of 2)

While Equifax made global headlines with their cyber breach, IBM’s research has shown that small and mid-sized businesses (SMBs) are the targets of 62% of all cyber attacks. That equates to 4,000 SMBs daily¹ – or in more context, nearly 1 in 4 (24.33%) of U.S. SMBs (excluding nonemployers) annually. While an attack on your organization may not create global headlines, the impact to your organization and its’ employees could be devastating. If it extends to your customers’ information and records, it could negatively impact them and shatter your reputation. How devestating? I’ll share a real-world example. …

2023-02-16T16:01:42+00:00