Security Breaches: Tips for Prevention

As long as businesses host valuable data, cyber criminals will continue to bypass the security protocols meant to protect this data. The causes of security breaches range from device theft or loss, weak and stolen credentials, malware, and outdated systems that use ineffective security measures. And with these five tips, you can take the first step toward making sure a security breach never strikes at your precious business data.

Limitation of lateral data transfers

Employees not being educated on data sharing and security is one of the biggest reasons for internal data breaches. It’s a good idea to limit access to important data and information by restricting access privileges to only a small number of individuals. Also, you can decide to use network segmentation to cut unnecessary communication from your own network to others.

Keeping Your Machines and Devices Updated

Internal breaches might also occur when employees work with unguarded or unprotected machines. They might unknowingly download malware, which normally wouldn’t be a problem if machines were properly managed. Updating your operating systems, antivirus software, business software, and firewalls as often as possible will go a long way toward solidifying your defense systems.

Use Monitoring and Machine Learning to Sniff Out Abnormalities

It’s not all on your employees, however. Network administrators should employ monitoring software to prevent breaches by analyzing what is “normal” behavior and comparing that to what appears to be suspicious behavior. Cyber criminals often hide in networks to exploit them over a long period of time. Even if you miss them the first time, you should monitor suspicious activity so you can recognize impropriety and amend security policies before it goes any further.

Creating Strong Security Passwords and Credentials

No matter how often we say it, there’s always room for improvement when it comes to your passwords and login procedures. In addition to text-based credentials, you should require other methods whenever possible. Great for fortifying your network, fingerprints and smart cards, for example, are much harder for cyber criminals to fake. Regardless of which factors are used, they must be frequently updated to prevent breaches, accidental or otherwise.

Security Insurance

In the end, no system is perfect. Zero-day attacks exploit unknown gaps in security, and human error, accidental or otherwise, can never be totally prevented. And for this reason, small businesses need to start embracing cyber insurance policies. These policies help cover the damages that might occur even under a top-of-the-line security infrastructure. Considerations for selecting a policy include legal fees, first and third-party coverage, and coverage for reputation rehabilitation.

Cyber security is definitely overwhelming – even for many seasoned IT professionals. But not for us. We spend our days researching and experimenting to craft the best security solutions on the market. If you’re interested in one of our cutting-edge cyber-security plans, call us today.

New Features Keep Office 365 Users Safe

The new features recently unveiled by Office 365 promise to bring business owners to a more secure and knowledgeable position in which to make important decisions regarding the future of their corporation. Microsoft expanded the popular program’s basic scope to include data protection and productivity tools, including the replacement of Delve Analytics with the MyAnalytics add-on. Let’s take a look at the three features Microsoft added to Office 365 and the implications of these new additions.

Azure Information Protection
Using Office 365 protection technology, also known as Azure RMS, this feature allows business leaders to mark sensitive documents and control who has access to information in various documents. The protection travels with the data, whether it is online or provided through another device. Business owners can mark a document as internal and keep it from being sent outside the company. Drop-down menus also allow users to apply trackable data protection in order to identify potential leaks and gain insight into how a business is structured.

Enterprise Mobility + Security Suite
Re-branded from the Enterprise Mobility Suite, this feature adds more security potential to sensitive data while allowing business owners to manage apps on any device from one location. Users have more control over identity-driven access and also encrypts data to allow secure collaboration among employees.

Productivity Insight
This feature, an addition to Delve Analytics, tracks an employee’s time management at the office. MyAnalytics for Outlook allows business owners or managers to see who has read, replied, and forwarded their email while also providing them with information on the the email sender. The feature also acts as a storage receptacle for shared files and contact information so they can be accessed quickly.

As Office 365 expands its services to include security and productivity features, companies using cloud-based servers have an advantage over old-school computer users. Not only do they have access to the technology to keep their data safe and accessible to employees, but they also have the management software to see where their efforts are paying off by way of productivity programs. If you need to know more about the new features of Office 365, give us a call at 800-421-7151. We can answer your questions and help you get the most out of the new Security and Productivity Insight additions.

iPad Mini 5 Feature Leaks

Contrary to everyone’s expectations, the new iPad Mini 5 will not be launched like other Apple products in September. People expect it to be launched in March 2017. The previous iPad Mini 4 is like the first iPad but slimmer and with additional features. iPad Mini 5 is expected to be an improved version of its predecessors. Here are the rumors circling the new product.

Among the top rumors and speculations concerning iPad Mini 5 are:

Thinner Design – There are speculations that the new iPad Mini 5 will be thinner than other models. Current iPads are already 6.1mm thin, but Apple plans to set a new record with a 5mm-thick tablet. Whether or not it will do away with the headphone jack like it did for the iPhone 7 is still unclear.

New Aluminum Chassis – The iPad Mini 5 will have a different chassis from the previous models. The new chassis will be made from 7000-series aluminum that has been used on iPhone 6s and iPhone 6s Plus. Because the iPad will be thinner, the new chassis will ensure it is durable and will prevent the tablet from any form of bending.

Smart Connector – It is rumored that the iPad Mini 5 will use smart connectors like the iPad Pro. The tablet will have a smart keyboard and other possibilities for connecting with other accessories.

Pricing – When it comes to pricing for the tablet, Apple is expected to keep the price of the iPad Mini 5 in line with that of its predecessors. Based on the pricing of the Mini 4, the price for the Mini 5 is not expected to be the same, but there is a possibility of a slight price increase on the new product. As always, the prices are expected to be higher for larger storage capacities.

Battery – Since the new iPad Mini 5 will be slim, the battery will be small in size and capacity. The battery will be made using improved technology, ensuring it does not affect the running of the iPad.

The iPad Mini 5 is a featured product expected to be launched in 2017. Users are eagerly waiting to see whether this iteration of the iPad will change the somewhat static smart tablet market. For additional information on Apple products and other tech-related topics, email info@wamsinc.com, and we will answer all of your questions.

Falling for It: Youth and Tech Scams

As long as there have been salesmen, there have been scammers trying to sell useless products. Traditionally the elderly have fallen prey to cold-call fraud, but now scam artists are getting tech-smart, and it’s the younger generation of computer users who are falling for scams. Let’s find out just what’s going on with this new trend, and why the tech-savvy are more vulnerable to it.

Results Conclude Youth is more Gullible

Microsoft recently conducted a survey of 1000 computer users of all ages and from many of the largest countries in the world to find out how many of them had been scammed by phony “technicians” claiming to be employees of Microsoft or other major computer conglomerates. The results were startling when studied demographically. Researchers discovered that seniors, who were traditionally viewed as the major victims of such fraudulent schemes, were not the most likely group to fall for the scam.

Research indicated that although seniors were most likely to buy into a telephone scam, they still did not fall for the act as much as younger age groups. The study found, in fact, that between the ages of 18 and 24, people were 2.5 times more likely to fall for the scam than seniors. Those between the ages of 25 and 34 were three times more likely than seniors to be tricked.

The scam that the Microsoft company recently studied involved the following scenario: Either a person calls claiming to be a technical support technician, or an email or pop-up alerts you that your computer is locked or otherwise compromised. In order to fix the problem, you need to call someone and pay for a program or provide access to your computer so some purported technician can solve the problem “remotely.”

If you fall for this scam, you are giving them funds for a false program or access to your computer – which also allows them access to your personal data and the ability to install malware onto your system. The study revealed that two-thirds of those surveyed (around 660 people) had experienced the scam first-hand. One in five had listened long enough to hear the story, and 1 in 10 actually gave the scammer money.

Why the Younger Demographic Became Easy Victims

While older adults often respond more to phone calls, younger people have learned to ignore phone calls, saving them from being phone victims. However, because younger adults spend the majority of their time online and often remain acutely aware of the status of their computer and online presence, they are more prone to react to a pop-up or email claiming that their computer is in danger. Nearly 60% of the adults aged 18-24 in the study say they were exposed to the scam through pop-up ads or online correspondence.

The takeaway here is simple: Cybersecurity is about more than just firewalls and antivirus software. You need to shore up the human side of your protection protocols. The best way to start is by doing some quick research on social engineering in our previous blogs, but ultimately you’ll need something a little more thorough. Contact us today at 800-421-7151 for more tips and to ask about scheduling a cybersecurity training for your employees.

Choosing the Right Computer for Your Firm

Running a firm, you probably work more than 40 hours a week to build your business up. From the intricacy of your clients’ needs to the mundane details of running a business, you’ve got your hands full making choices that can make or break your firm. One important decision you’ll have to make is about your firm’s computer hardware, in particular whether to invest in a desktop system or laptop. Keep reading for valuable tips on how to make the best choice for your business.

Portability

Modern desktop computers aren’t nearly as immobile as they used to be. In many cases the screen is thin and light, and all-in-one desktops are easy to unplug, move and plug in on the road. But there are still places the desktop cannot go. Laptops allow you to go anywhere, even places without electricity. But this ability to take your work anywhere can be counterproductive by creating more stress on employees who think they must work all the time.

Memory/Speed

Desktop computers often have more memory than laptops, and they’re faster speeds due to better processors. This is now changing as a result of advancing technology, but until the cost of high-powered laptops becomes affordable to the general public, the desktop computer is going to provide businesses with more speed. If your employees’ work is limited to word processing and emailing, laptops should be enough. However, anything more will probably require a desktop machine.

Security

An SMB’s computer hardware needs to be secure to ensure that private company information doesn’t end up in the wrong hands. On a desktop computer, the hardware is easier to defend against malware and adware. It’s also more physically secure because the desktop is often kept in one location and not easy to snatch. If you do choose the laptop route, make sure to have strict policies on how to protect machines that leave the office.

Price

Traditionally, the laptop has been cheaper and available to more people. This is true particularly for smaller notebook-style laptops. But desktop computers are becoming more affordable as more people have access to them through local channels. With a capable IT service provider, cost probably won’t be a deciding factor between the two options.

Quality

Although laptop computers provide the convenience of portability, over time they’re prone to problems with the battery and charging cord. They are also easily damaged. By contrast, desktops are generally more sturdy. But when they do experience a problem, it often leads to expensive repairs.

Final Recommendation

The desktop versus laptop debate is an old one, with supporters on both sides touting the advantages of their choice to all who will listen. A growing company really needs a combination of both types of computers. However, a desktop computer will be generally more reliable for the fledgling company owner to start with. Laptops should be added as budget permits to provide that extra portability and convenience.
If you have questions regarding the best choice for your company, give us a call at 800-421-7151. We’ll be happy to provide you the assistance you need to improve your business.

Communicate Better with the Outlook Update

Microsoft Outlook has recently gone through some major updates and renovations. These updates apply to anyone using Outlook 2016, Outlook 2013, Outlook 2010, and Outlook 2007. The purpose of all the massive changes to this oft-used communications tool is simple: to improve user experience and make this a streamlined and easy-to-navigate communications hub. Here are just some of the ways that the latest Outlook update changes the user experience.

Improved Contact Cards
One of the most welcome changes with the Outlook update is that the concept of the Contact Card has been greatly improved upon. In previous manifestations of Outlook, the information about contacts that was quickly available was limited to basic information such as name, phone number, and email address. With the new Outlook, Contact Cards can contain a person’s job title, their relationship to you, and what your most recent communications were so that you can better remember who you are talking to and what you were talking about.

Smarter Search Features
Searching contacts, emails, and other features of Outlook is easier with the latest update. Search features are now smarter in that they can go off of the first letter you type and retrieve your most frequent search requests starting with that letter. This speeds up searching and helps retrieve relevant information in seconds, not minutes.

People Section Enhancements
Outlook has also made some major improvements and enhancements to the ‘main people’ section of Outlook. You can now create smart lists of people based on common features. This will include your most frequently contacted people, groups based on job titles or departments, favorites, and those who need follow-up. These lists makes sending group emails to relevant contacts much simpler because you don’t have to scour all your contacts to find the right people.

Now that you know some of the ways that Outlook has changed the user experience with its latest updates, you can begin to put these to use in your business. Contact us by calling 800-421-7151 or email alopp@wamsinc.com to help you navigate those changes and put the benefits to use in your business and personal communications.

Windows 10 Releases New Security Patches

Windows 10 delivers comprehensive protection with built-in security features, including anti-virus firewalls and windows defender. The operating system also updates itself regularly to keep your security current and to continuously help safeguard against threats. Unfortunately, nothing is perfect, and Microsoft has announced some dangerous flaws hiding within Windows 10. But fret not, they’ve released patches for them all, and we’ve got the details right here.

Internet Explorer
In its Windows 10 announcement, Microsoft clarified that it found four zero-day flaws, which are vulnerabilities that have never been seen before. Of the four, the most concerning is the one that allows cyberattackers to remotely take control of your machine with full administrative rights via Internet Explorer. All that is required to deploy the malware is visiting a website with the corresponding code.
Microsoft Office also has a critical flaw that grants attackers the ability to corrupt memory and abuse privileges inherent to the user who opened the mischievous Office document. By amending how documents are saved and how code within a document is executed, Microsoft believes users will be much safer from email attachment schemes.

Exchange Server
For companies with on-premise servers, Microsoft Exchange Server patches need special attention. Without them, a malicious email could grant cyberattackers the ability to remotely insert and execute commands within the server. Patch MS16-108 provides cumulative updates and changes the way hotfixes and service packs are delivered. Lastly, it tries to ensure Microsoft Exchange Server follows a scheduled delivery model.

Microsoft Graphics
This security update for the Microsoft Graphics component of Windows 10 is considered ‘critical’ because of its presence throughout the entire operating system. Patch MS16-106 removes vulnerabilities in graphics processing protocols that would allow attackers to remotely control and exploit target systems.

If your desktops have not automatically updated themselves, users can trigger a manual update by opening the Settings window, selecting Update & Security, and finally Windows Update. Once there, simply select Check for Updates and follow the prompts to download and install the necessary updates.

Managing one machine is hard enough. If you’re struggling to keep an entire office up and running, chances are you feel like you’re treading water in steel-toed boots. For total monitoring and maintenance of all your Windows machines, call us today at 800-421-7151; we’ll throw you a lifeline and pull you aboard.

Bizarro Sundown Exploit Kit Distributing Locky Ransomware via ShadowGate

The Bizarro Sundown exploit kit is spreading two versions of Locky ransomware via the still-active ShadowGate malvertising campaign.

In October, Trend Micro spotted two versions of Bizarro Sundown, a modification of the earlier Sundown exploit kit which rose to prominence with RIG following Neutrino’s demise.

The first iteration reared its ugly head at the beginning of the month to scan users’ computers for three vulnerabilities: one memory corruption bug in Internet Explorer and two security holes in Adobe Flash Player.

That version shared some similarities with Sundown in how it redirected targets to websites hosting malware. But it did make an effort to distinguish itself. Trend Micro threat analysts Brooks Li and Joseph C. Chen explain:

“The first Bizarro Sundown attacks shared a similar URL format as Sundown. However, it obfuscates its landing pages differently, without using a query string. Bizarro Sundown also added anti-crawling functionality. An increasingly common feature found in exploit kits today, anti-crawling functions are designed to defeat automated crawlers used by researchers and analysts. It was used to deliver a Locky variant which appended the .odin extension for encrypted files.”

First detected in late-September 2016, the .odin file virus is one of several of Locky’s variants that have surfaced in the past few months. Those include .zepto in July 2016 and one other variant in October.

Bizarro Sundown’s second version emerged in mid-October. Aside from dropping the IE exploit, it began using a malicious Flash (.SWF file) to determine the Flash Player version installed on each victim’s computer.

It then used this information to deliver the appropriate Flash exploit, a technique which effectively removed landing pages from its distribution campaign of the .thor Locky variant.

Both exploit kits operated through ShadowGate. Researchers at Cisco Talos reportedly took down the malvertising campaign that targeted multiple open-source advertising servers back in September 2016. But that’s not what Li and Chen found:

“While the campaign was reportedly shut down in September this year, we found that it’s still alive and well, using 181 compromised sites to deliver ransomware. In September we saw ShadowGate using the Neutrino exploit kit to drop a variant of Locky (with the encrypted files having the .zepto extension). On October 5, the campaign shifted to Bizarro Sundown. Two weeks later (October 19), a modified version of Bizarro Sundown was spotted.”

To protect against both versions of Bizarro Sundown, users should make sure they keep their software and operating systems up-to-date. They should also develop a data backup plan just in case they experience a ransomware infection.

As read on Tripwire