Office 365 Web App Launcher Improvements

Do you sometimes wish you could get to your Office 365 applications faster? Microsoft has tweaked the Office 365 web app launcher so you not only get to your apps faster, but you also get to view your most relevant programs, files, contacts, and activities more conveniently. Here’s how it can make you more productive.

Key changes to the Office 365 main page

The newly added “Recommended” section displays activities — comments, edits, and @ mentions — on recently opened files. This gives users an overview of changes to recent documents.

Underneath the “Recommended” section is the “Recent” document column, which shows the most recent activities, while “Places” displays the SharePoint sites you frequently visit and the OneDrive folders you’ve recently accessed.

Being able to see the edits, shares, and comments on your documents makes collaboration more transparent among users within an organization, and these new upgrades make that possible.

What’s more, you can now search among online documents, web apps, SharePoint sites, and contacts within Office.com without having to open individual apps. For example, when searching for a document whose file name you don’t know, you can type in the name of the author and the results will show you the author’s profile and other relevant files and activities.

Web app launcher enhancements

One of the biggest improvements to Office.com, however, is how apps are displayed in the app launcher.

The main window of the new web app launcher has been redesigned to highlight the most frequently used apps. It will still show all the apps within your Office 365 subscription, but you can pin your most used apps or display all items in the main bar, which makes opening and switching between apps a lot easier.

You can also return to the main page with a single click of the Office 365 button from the App Launcher — no need to minimize or close each app.

Office 365 Gallery

Users aren’t always aware of every application included in their subscription, which is what the Office 365 Gallery is for. Its main function is to provide users with personalized suggestions of applications — and their descriptions — which may be useful to their active tasks. These suggestions include links to mobile and desktop-based versions of the applications they recommend, and resources for learning more about them. To access the Gallery, click “Explore your applications” from the Office.com main page.

Each of the changes in the new and improved Office 365 are aimed at simplifying and personalizing business users’ experiences, and we recommend exploring the tools available to you. Call us at 800-421-7151 to know more about Office 365’s productivity-enhancing applications and features.

What Are the Advantages of SaaS?

Almost every business relies on software to operate, and for most SMBs and firms, the costs of software — including license and maintenance — are painfully expensive. So is there a solution that allows you to leverage the power of software without a high price tag? One candidate is the software delivery service called SaaS. Read on to learn more about it.

What is SaaS and what makes it appealing?

Software as a Service (SaaS) is a software delivery model that allows you, as a user, to access software from any device via the internet. This gives you more flexibility since you won’t have to come to the office to use the software, but will be able to work from anywhere that has an internet connection.

As opposed to a traditional on-premises setup where software is stored locally, SaaS software is hosted in the cloud, eliminating the need to buy new hardware or spend money on its maintenance. Besides, by transferring software hosting to a third party, you’re also outsourcing all the responsibilities that come with maintenance such as upgrades and troubleshooting.

Another aspect that sets SaaS apart from using on-premises software is licensing. With on-premises, you purchase a license and pay yearly support fees; while with SaaS, you pay a monthly or annual subscription fee that covers licenses, support, and other fees. This is advantageous since it allows you to spread out costs over time, instead of purchasing licenses outright.

Will my data be safe?

One of the issues that makes companies reluctant to switch to SaaS is data security. Who will own my data? Will my data be safe? What if the vendor goes out of business?

First of all, when you’re outsourcing your software to a SaaS vendor, you have to sign a service level agreement (SLA). Make sure that the SLA specifies that you own the data and that the vendor is obliged to provide access to your data even if they go bankrupt.

Secondly, it’s likely that data hosted by your SaaS vendor will be more secure than when it’s stored on your average SMB’s or firm’s network. That’s because SaaS vendors have to undergo strict security audits, forcing them to invest more in security, backup technology, and maintenance than a typical SMB has to.

Should I switch to SaaS or stick to on-premises?

SaaS is an ideal solution for firms and SMBs with straightforward business models that are looking for a way to reduce upfront costs. But if your business is large or has complex business processes, a traditional on-premises solution might be a better choice since it offers more functionality and allows for full customization.

Still unsure about whether SaaS is the right answer for your organization? Want to know more about SaaS before making the transition? Call us today at 800-421-7151. Our experts are ready to answer any questions you may have about SaaS!

Equifax’s Leak: Lessons Learned

No business owner wants their customers’ data leaked, but no matter how well your prevention plan is, the unexpected can happen. And when it does, what will determine the fate of your business is how well you respond to it. So before you start planning an incident response, read the following story and recite this: Don’t walk in the footsteps of Equifax.

What happened to Equifax?

Equifax, the huge American credit agency announced in September 2017 that its database was hacked, resulting in a leak of tons of consumers’ private data, including personally identifiable information of around 143 million US citizens. It included names, social security numbers, addresses, birthdates, and credit card and driver’s license numbers.

Equifax responded by setting up a new site, www.equifaxsecurity2017.com, to help its customers determine whether they had been affected and to provide more information about the incident.

Soon after, Equifax’s official Twitter account tweeted a link that directed customers to www.securityequifax2017.com, which is actually a fake site.

Fortunately for Equifax’s customers, the fake phishing site was set up by a software engineer who wanted to use it for educational purposes and to expose flaws in Equifax’s incident response practice. So, no further harm was done to the already-damaged customers, and Equifax is left with even more embarrassment.

So what did Equifax do wrong?

One of the huge mistakes Equifax made in responding to its data breach was setting up a new website to give updated information to its consumers outside of its main domain, equifax.com.

Why? You first need to know that since the invention of phishing scams, phishers have been creating fake versions of big companies’ websites. That’s why so many major corporations buy domains that are the common misspellings of their real domains.

You should also know that phishers can’t create a web page on the company’s main domain, so if Equifax’s new site was hosted there, it’d be easy for customers to tell whether the new page was legitimate and not be fooled by a fake domain name.

What’s obvious from this embarrassing misstep is that Equifax had never planned for a data leak. And this is an unforgivable oversight by a company that handles the information of over 800 million consumers and more than 88 million businesses worldwide.

Don’t repeat Equifax’s mistake

Whether your business is a small startup or as big as Equifax, it needs to prepare for a data breach. Besides having a comprehensive network defense plan, you also need to have the right incident response plan in place.

So what you should do after you’ve discovered the leak is, first of all, be upfront with your customers and notify them as soon as possible.

You also need to establish a message that includes the following information:
How the leak occurred
How the leak could affect your customers
How you will prevent future attacks
What your company will do to support affected customers
You should also create a web page to keep your customers up to date. But remember, the new web page should be under your company’s primary domain name.

As we’ve seen from Equifax, an incident response plan that’s robust is a must. Feel free call WAMS at 800-421-7151 to talk to our experts about how you can come up with an acute one — so you won’t have to repeat Equifax’s apologetic statement, since it doesn’t help the company redeemged reputation at all.

Office 365 Threat Comes with New Techniques

If you’re using Office 365, you wouldn’t want to miss this news: Online scammers are carrying out a highly customized spear-phishing campaign to steal Office 365 users’ credentials and attack organizations internally. Get yourself informed and read on.

What makes it different from other scams?

The new threat comes in the form of spear phishing, an old familiar method in which hackers send emails that purport to be from trusted sources and dupe you into disclosing sensitive information. In this particular attack, the email messages are admirably well-crafted, making them even harder to spot.

The emails are also rid of the usual telltale signs such as misspelled words, suspicious attachments, and dubious requests. You might have to recalibrate what you know about phishing scams, because this new threat ticks all the boxes that make it look legitimate.

How does it work?

The hackers behind the attack craft personalized messages, pretending to be from trusted sources, such as your colleagues or Microsoft itself, and send them to your inbox. The messages could contain a link or a PDF file that leads to a legitimate-looking landing page. Upon clicking the link, the user will be prompted to enter his or her credentials, which the hacker will use to launch attacks within the organization.

Once they gain control of your account, they might set up new forwarding rules to monitor your communication patterns, which will be useful for their future attacks. They might even use your account to send further phishing emails to your co-workers to collect more sensitive information.

As for the phishing emails with PDF attachments, there will be instructions to fill in username and password to view the document. And once you do, your account is no longer yours.

Another way they can get your credentials is by sending an invoice that requires you to log on to a web portal to view the file. Attackers can also use this technique to trick you into performing a certain action, such as forwarding sensitive information or paying an invoice.

What can you do to stay protected?

Your first line of defense is multi-factor authentication, whereby you use a password and another authentication method — like an SMS code — to secure your account. This function is already included in Office 365 and here’s a step-by-step guide on how to activate it.

The second line of defense is training yourself and your employees to spot common phishing techniques. In particular, verify the accuracy of the wording and the sensibility of the requests in the messages.

For good measure, your organization can also install an email-validation system which is designed to detect and prevent email spoofing, such as the Domain-based Message Authentication, Reporting and Conformance (DMARC).

Identifying phishing emails and planning and implementing a robust defense system are ways to protect you and your organization against the new Office 365 threat. For tips on how to spot this type of scam and how to plan thorough security practices, contact our experts today at 800-421-7151.

SMBs Survive Disasters With Virtualization

Hurricanes Harvey and Irma caused millions of dollars in damages. Some of that damage was unavoidable, but hundreds of businesses managed to stay open thanks to innovative virtualization solutions. If you’re not already taking advantage of this technology, it’s time to find out what you’re missing.

Virtual desktops

In most offices, employees are still dependent on desktop computers. Their workstations grant them access to everything from customer relationship software to company databases and when these computers go down, there’s no way to get work done. Virtualized desktops allow users to access their files and even computing power from across the internet.

Instead of logging on to an operating system stored on a hard drive just a few inches away from their keyboard, employees can take advantage of server hardware to store their files across a network. With barebones computers, employees can log in to these virtual desktops either in the office or from home. Floods, fires and other disasters won’t prevent your team from working because they can continue remotely.

Virtual applications

Devoting a portion of your server’s hardware and software resources to virtual desktops requires a fair amount of computing power. If the majority of your employees’ time is spent working with just one or two pieces of software, you can virtualize just those applications.

If a hurricane destroyed your office and the hardware inside it, virtualized applications can be restored in minutes. They don’t need to be installed on the machines that use them, and as long as you have backups these applications can be streamed to employee computers just like a cloud-based application.

Virtual servers

If you use virtual desktops or applications, it makes perfect sense to use virtual servers as well. With a little help from a managed services provider, your servers can be configured to automatically create virtual backups. Beyond preventing data loss, these backups also make it possible to restore server functionality with off site restorations.

Virtualized servers are incredibly useful when clients need access to a website or database that you maintain in the office. For example, if you provide background checks on tenants to rental property owners through your website, an unexpected power outage won’t cause an interruption of service. Your virtualization solution will boot up a backup server away from the power outage and your customers will be none the wiser.

The benefits of virtualization extend far beyond disaster recovery planning. Your business can also reduce IT costs and increase hardware capacity — all it takes is some help from trained experts. Call us today at 800-421-7151 to learn more about what we can do for you.

DR Tips for Floods and Hurricanes

The trail of devastation left by Hurricanes Harvey and Irma has reminded us once again that coastlines and even entire regions of the country can be demolished by natural disasters. While catastrophes cannot be prevented, planning around them with a well-crafted disaster recovery (DR) strategy can help minimize the damages and keep your business alive.

Pay attention to location
First and foremost, your backup site should be in a hurricane-free zone. Ideally, your offsite facility should be located at least 100 miles away from your main location. If this isn’t possible, make sure it is built to withstand wind speeds of 160 mph (as fast as Category 5 storms), and is supported by backup generators and uninterruptible power supplies.

You should also request an upper floor installation or, at the very least, keep critical IT equipment 18 inches off the ground to prevent water damage.

Determine recovery hierarchy
Certain parts of your IT are more mission-critical than others. Ask yourself which systems or data must be recovered in minutes, hours, or days to get your business back to running efficiently.

For example, you may find that recovering sensitive customer information and e-commerce systems take priority over recovering your email server. Whatever the case may be, prioritizing your systems ensures that the right ones are recovered quickly after a disaster.

Use image-based backups
Unlike fragile tape backups, image-based backups take “snapshots” of your systems, creating a copy of the OS, software, and data stored in it. From here, you can easily boot the virtual image on any device, allowing you to back up and restore critical business systems in seconds.

Take advantage of the cloud
The cloud allows you to host applications and store data in high-availability, geo-redundant servers. This means your backups can be accessed via the internet, allowing authorized users to access critical files from any device. Expert technicians will also watch over and secure your backups, allowing you to enjoy the benefits of enterprise-level backup facilities and IT support.

Back up your data frequently
Back up your data often, especially during disaster season. If your latest backups were created on the 15th of September and the next storm, Hurricane Jose, makes landfall on the 28th, you could lose nearly two weeks of data.

Get in the habit of replicating your files at the end of each day, which should be easy if you’ve opted for image-based backups.

Test your DR plan
After setting up your backups, check whether they are restoring your files accurately and on time. Your employees should be drilled on the recovery procedures and their responsibilities during and after disaster strikes. Your DR team should also be trained on how to failover to the backup site before the storm hits. Finally, providers, contractors, and customers need to be notified about how the hurricane will affect your operations.

As cell towers and internet connections may be affected during this time, make sure your company forums are online and have your employees register with the Red Cross Safe and Well website so you can check their statuses.

It’s nearly impossible to experience little-to-no disruptions during disasters like Harvey or Irma, but with the right support, you can minimize downtime. If you’re concerned about any natural disasters putting you out of business, call us today at800-421-7151. We offer comprehensive business continuity services that every company must have.

What Will You Do When This Disaster Hits Your Business?

In today’s world of rampant cybercrime, every savvy business owner knows the necessity of locking down their data. However, we find that the cyber security technologies used by the vast majority of businesses are woefully out of date. Sure, your current solution may have worked great, but digital threats to the safety of your company are constantly evolving. Criminals will eventually attempt to breach your data — and your barriers are not as secure as you might think.

Before World War II, the Germans developed a technology that would prove to be a key player in the conflict: its family of infamous Enigma machines. These devices, about the size of a small microwave, were composed primarily of a typewriter and a series of three or four rotors. By using a set of rules
contained in a corresponding codebook, German soldiers would use the machine to encode vital messages to be sent covertly over the airwaves. The number of potential permutations — and thus solutions — for the code was in the tens of millions. The Germans were confident that the code could never be broken and used it for a vast array of top-secret communications.

The code’s impenetrability didn’t last. Via photographs of stolen Enigma operating manuals, the Polish Cipher Bureau reconstructed one of the stubborn Enigma machines, internal wiring and all, enabling them to decrypt the Wehrmacht’s messages from 1933 to 1938. Facing an impending German invasion, Poland decided to share these secrets with the British. But, at the outbreak of the war, the Germans increased the security of the Enigma initiative by changing the cipher system daily. In response, a British code-breaking team, led by genius English computer scientist Alan Turing, constructed primitive computers, known as “bombes,” that allowed them to decrypt the incredibly complicated ciphers faster than ever before. But it wasn’t until the capture of the U-110 warship and the seizure of its Enigma machine and codebooks that the British were able to decrypt the most complicated cipher of the war, the Kriegsmarine Enigma.

The information gleaned from these decrypts are believed to have shortened the war by more than two years, saving over 14 million lives.

Just like you, the Germans believed the systems they had put in place to defend their secrets were impenetrable. And it’s true: the system had few cryptographic weaknesses. However, there were flaws in German procedure, mistakes made by Enigma operators, and failures to introduce changes into the Enigma formula — along with the Allied capture of key equipment and intelligence — that ultimately allowed the Allies to crack the code once and for all.

Take this as a cautionary tale: the most advanced, complex cryptography system in the world became obsolete within 10 years. The same goes for your potentially outdated cyber security measures.

Though they may not be led by Alan Turing and his crack team, you can bet criminals are constantly chipping away at the defenses of even the most powerful firewalls. The arms race between cyber security companies and cybercriminals rages on behind the scenes, and you can bet that they’ve already cracked your business’s “Enigma.” Just look at the massive European cyber-attack this past June, which infected computers from over 27 companies across the continent, including those of the largest oil company in Russia, with ransomware. The unimaginable cost of that attack is something you certainly don’t want your business to shoulder.

As technology evolves, so does crime. New threats arise each and every day. While solutions are available (and needed), they are notably absent in older software developed at a time before these constantly morphing attacks even existed.

Once the enemy has found a way to pick your lock, you need a new lock. Luckily, you have your trusty IT provider, constantly on the lookout for cutting-edge solutions that protect our clients from even the nastiest malware.

Don’t be like the Germans. Constantly look at options to upgrade to more robust, better cyber security to defend yourself from the bleeding-edge hackers, and sleep safe knowing your business is secure.

Reduce Your Printing Costs with These 5 Tips

Outdated printers, the lack of a printing workflow, and an over-reliance on hard copies may be contributing to your ballooning printing expenditures. With some creative problem-solving and fresh ideas, you could drastically reduce your printing budget. Start by following these five tips.

Replace Outdated Printers

Outdated and cheap printers may be functional, but they are putting a huge dent in your IT budget.

Any piece of equipment that is seven years old (or older) requires frequent repairs and causes more trouble than it’s worth. Because old printers are no longer under warranty, fixing them is more costly and challenging. It’s also difficult to replace parts for old printers because manufacturers have stopped carrying them for models that have been phased out.

When you replace outdated equipment with newer, multi-functional printers, you’re investing in hardware that will pay for itself with increases in productivity and efficiency.

Avoid Purchasing Unnecessary Supplies

A poorly managed printer environment could result in a stockpile of cartridges, toners, and reams of paper. This happens when, for example, an employee uses a printer that’s about to run out of ink and makes an unnecessary request for a new ink or toner. This is more common than you may think, and definitely more expensive.

In the absence of a dedicated printer manager, you can avoid this situation by automating supply replacement. Assign a point person to proactively place orders when supplies are about to run out, so your company can avoid needless purchases.

Impose Strict Process Workflows

Submitting expense reports, filing reimbursements, and other administrative tasks require a proper document workflow. Without a guideline, employees and administrative staff tend to print an unnecessary amount of documents.

Automate your company’s document-driven processes to reduce or prevent redundant print jobs that result in stacks of abandoned documents. Not only is it wasteful, it’s also a security and privacy concern.

Go Paperless

Designing a document management solution that reduces paper consumption is the best way to save money. It may not be possible in every department, but those who can do their jobs without printing should be encouraged to do so by management. Printing lengthy email chains that can be discussed in a meeting is just one example of a wasteful practice that should be avoided.

Reduce IT Support Calls for Printing Issues

Calling your company’s IT guys to assist with problems like paper jams, printer Wi-Fi issues, and other concerns reduces employee frustration. You and your IT personnel could avoid dealing with these productivity killers by identifying the problem areas of your print environment. Then, you can work on solutions specific to your office, such as drafting a printing workflow, or getting help from document management experts who can recommend time- and budget-saving solutions.

Having a group of experts manage your IT workflow can make your day-to-day operations more efficient and help you save on printing costs. Our experts will gladly recommend best practices and tips on document management. Call us today at 800-421-7151.

Social Engineering Exploits Facebook

You’ve received a message from one of your Facebook friends. You click on the link not knowing what you’ve gotten yourself into. This describes one of the latest social media adware schemes, which has wreaked havoc on Facebook users worldwide.

What is it?

Little is known about the adware itself or those behind it, but it was uncovered by David Jacoby, senior security researcher at Kaspersky Lab, when he received a Facebook message from one of his friends, only to find out that wasn’t the case.

Basically, the adware uses Facebook Messenger to track your browser activity and pushes you to click on malicious ads or give out personal information.

How does it work?

By clickjacking and hijacking credentials of Facebook users, the adware is able to send messages to people in the victim’s contact list. If you’re one of those people, you’ll receive a phony message from your friend’s compromised Facebook account.

The message includes your friend’s name followed by the word “Video,” a shocked face emoji, and a shortened URL. Once clicked, the URL will redirect you to a Google Doc with a blurred photo taken from your friend’s Facebook page, disguised as a video. If you click on the “video”, you’ll be redirected to one of a number of targeted websites based on your browser, operating system, and location.

For instance, if you use Google Chrome, you’ll be sent to a website that looks exactly like YouTube, complete with the official logo. The hoax website will show you a fake error message to trick you into downloading a malicious Chrome extension.

If you’re on Firefox, you’ll be sent to a site with a false Flash Player update notice and a Windows adware executable; the same goes with OS X except the adware is hidden in a .dmg file.

The goal here is to move your browser through a set of websites so tracking cookies can monitor your activity and display malicious ads or you can be “social engineered” to give up confidential information.

How do you avoid falling victim?

Facebook has rolled out a number of automated systems to stop harmful links and files. What’s more, they will provide you with a free antivirus scan if they suspect that your account has been compromised by adware.

Still, you should be very skeptical about any shortened URL links sent to you by your Facebook friends, no matter how long you’ve been friends.

Due to their low key nature as potential security endpoints, cyber criminals are turning to social media platforms as their new medium of choice. To keep your business safe, you need to stay up-to-date and educate your employees. If you have any other questions about social media and how it can impact your business, just give us a call at 800-421-7151.

Move over IE, Hello Microsoft Edge!

Not all Windows users are fans of Internet Explorer, and not all Mac users are crazy about Safari. But there’s good news for Windows users: Windows 10 replaces IE with a brand new browser, Microsoft Edge. Here is a list of the key features you shouldn’t miss out on:

Import favorites
You can easily import the list of websites you’ve marked as favorites from any web browser to Microsoft Edge. You can do this by going to the More actions tab (located right next to the address bar), then Settings, and clicking on the Favorites settings tab. From there, choose the pages you want to add to your favorites list and click Import.

Change font size in reading view
Even with your reading glasses on, a website’s font can be too small to read. Microsoft Edge allows you to adjust the reading view by going to Other actions and selecting the Settings tab. From there, scroll down and click on the Reading section that will allow you to adjust the font size and even brightness to your liking.

Make notes on the website
Ever wished you could write on, circle, or highlight specific parts of a website and share them with your friends? Microsoft Edge lets you do just that with its new note feature. Select Make a web note and use tools such as the ballpoint pen or highlighter, or add a typed note on the page you’re browsing. When you’re done, click Save or Share to complete the process.

Reading list
This feature allows you to save articles, e-books, or any other content you wish to peruse later. By signing in with a Microsoft account, your reading list will appear on all your Windows 10 devices. Select Add to favorites or reading list, and then Reading list > Add. You can also add a link to your reading list by right-clicking on any link without having to visit the page.

Ask Cortana
Microsoft Edge users can easily access Cortana, Windows’ voice-activated personal assistant since it is built into the web browser. Cortana can make dinner reservations, offer additional discounts on certain shopping websites, and download applications that you may find useful. Simply highlight a word, phrase, or image, press and right-click it, and then select Ask Cortana to get more information or find related images.

View and delete browser history
As you browse the web, Microsoft Edge remembers and stores the information you’ve entered into forms, passwords, and sites you’ve visited. Most of it will be stored on your PC; but if you use Cortana, some of the data will be stored in the cloud which will be used to better assist you.

If you need to delete cache history, you can do so by following either of these two methods:

View your browsing history at Hub > History, then select Clear all history. If you want to retain certain data, you can choose what to remove, then select Clear.
Since Cortana’s browsing history is stored in the cloud, select Change what Microsoft Edge knows about me in the cloud, then select Clear browsing history.
Switching from one web browser to another isn’t always as smooth as it is made out to be. In order for users to make the most out of their time online, they require a period of adjustment. If you still have questions about making Microsoft Edge your default browser, get in touch with our experts today at 800-421-7151.

Beware of a New Ransomware Similar to Locky

Disguising itself as an invoice proved to be an effective approach for the original Locky ransomware, which infected millions of users in 2016. Although it was mostly defeated, hackers are currently using a similar approach to spreading a new type of malware. In 2017, a new Locky ransomware is poised to duplicate the success of its predecessor.

Quick facts

According to a threat intelligence report, the email-based ransomware attacks started on August 9 and were detected through 62,000 phishing emails in 133 countries in just three days. It also revealed that 11,625 IP addresses were used to carry out the attacks, with the IP range owners consisting mostly of internet service providers and telecom companies.

How it works

The malicious email contains an attachment named “E 2017-08-09 (580).vbs” and just one line of text. Like the original Locky authors, attackers responsible for the new variant deploy social engineering tactics to scam recipients into opening the attached .doc, zip, pdf, .jpg or tiff file, which installs the ransomware into their systems.

When an unsuspecting user downloads the file, the macros run a file that provides the encryption Trojan with an entry point into the system. The Trojan then encrypts the infected computer’s files.

Once encryption is completed, the user receives instructions to download the Tor browser so they can access the “dark web” for details on how to pay the ransom. To retrieve their encrypted files, users will be asked to pay from 0.5-1 Bitcoin.

What you need to do

This ransomware variant builds on the strengths of previous Trojans. In fact, the original Locky strain made it easy for cyber criminals to develop a formidable ransomware that could evade existing cyber security solutions. This is why adopting a “deny all” security stance, whereby all files are considered unsafe until proven otherwise, is the best way to avoid infection.

Here are other tips to avoid infection:

Don’t open unsolicited attachments in suspicious emails. Alert your IT staff, and most importantly disallow macros in Microsoft Office unless they’ve been verified by your IT team.
Performing regular backups guarantees you never have to pay cyber criminals a ransom. If all other security measures fail, you can always rely on your backups, which protect your business not just from cyber crime-related disasters, but also from natural and other unforeseen system failures.
Train your staff to identify online scams like phishing. This and other similar ransomware strains take advantage of users’ lack of cyber security training.
Update your operating systems as soon as updates become available to reduce, or eliminate, the chances of your system’s vulnerabilities being exploited.
Even with a trained staff and the latest protections installed, your IT infrastructure may still have unidentified security holes. Cyber security experts can better evaluate your entire infrastructure and recommend the necessary patches for your business’s specific threats. To secure your systems, get in touch with our experts now at 800-421-7151.

Amazon CEO’s Secret To Avoiding Email Overwhelm

Do you look at your inbox and want to cry? If so, you’re not alone. According to widely cited Radicati Group research, the average person gets 120 business emails every day. If you don’t manage your emails, you could end up in another statistical majority. People spend at least 14 percent of their workday on email alone. Is it any wonder that a recent Harris Poll found that only 45 percent of our workdays are spent on actual work? If you’re looking for the solution to your email woes, start with some of Silicon Valley greats.

BEZOS DELEGATES If you want to watch a corporate team start to sweat, see what happens when they get a “?” email from Jeff Bezos. Business Insider reports that the notoriously easy-to-contact Amazon CEO will forward customer complaints to his people and add only a question mark to the original query. Getting that dreaded mark is a little like getting the black spot from Blind Pew the pirate. You know that a day of reckoning is at hand. Follow Bezos’ lead. Instead of answering all emails yourself, ask, “Can this be better handled by someone else?” Forward it to your team and save yourself the time.

USE AUTO REPLIES You can also use auto-reply tools to manage the flood. Tommy John CEO Tom Patterson did just that after his emails skyrocketed from 150 to 400 a day. He tells Inc.com that “there weren’t enough minutes in a day to answer all of them.” So he didn’t; he set up an auto-reply to tell people that he only checked email before 9 and after 5 — and to please call or text if it was urgent. The result? “It forced me to delegate and empower others to respond,” he says. Suddenly the flow slowed to a trickle.

DO YOU GET MORE EMAILS THAN BILL GATES? And it really should only be a trickle; Bill Gates reports that he only gets 40–50 emails a day. Ask yourself, “Should I really be getting more emails than Bill Gates?” One possible cause for email inundation, according to LinkedIn CEO Jeff Weiner, is other employees sending too much email of their own. He writes, “Two of the people I worked most closely with ended up leaving the organization within the span of several weeks. After they left I realized my inbox traffic had been reduced by roughly 20–30 percent.” If you have over-communicators in your ranks, ask them to tone back the digital flood.

SET BOUNDARIES Creating a hard buffer between your email and your life is another CEO tactic. Arianna Huffington doesn’t check her email for a half hour after waking or before going to bed, and she never touches it around her kids. That space to breathe is essential to maintaining a work-life balance. And if it gets bad enough? Etsy’s Chad Dickerson has a solution: email bankruptcy! He tells Fast Company that every few years, he just deletes everything and starts fresh!

Not all Silicon Valley gurus have it figured out, however. Apple CEO Tim Cook doesn’t get 120 business emails a day. No, according to an ABC interview, he gets closer to 700. He just gets up at the crack of dawn every morning and starts reading. Hint Water CEO Kara Goldin does the same thing, preparing for a 12-hour workday with a marathon email session. But as you can tell from the other people we’ve discussed, this is an exception, not the rule. Emulate Jeff Bezos or Arianna Huffington instead and watch your email stress melt away.

Are all Hackers Out to Do Harm?

Newspaper headlines and Hollywood movies have influenced our understanding of computer hackers, but in the real world it’s not so simple. Some hackers are making tremendous contributions to the field of cyber security, it just depends on which hat they’re wearing that day. Take a few minutes to learn about white, black and gray hat hackers.

A complicated history

Since all the way back in the 1950s, the term hacker has been vaguely defined. As computers and the people who worked with them became more accessible, the word was used to describe someone who explored the details and limits of technology by testing them from a variety of angles.

But by the 1980s, hackers became associated with teenagers who were being caught breaking into government computer systems. Partially because that is what they called themselves, and partially because the word hacker has an inherently aggressive ring to it.

Today, several of those pioneering hackers run multimillion-dollar cyber security consulting businesses. So what should you call someone who uses their knowledge for good?

“White hat” hackers

Sometimes referred to as ethical hackers, or plain old network security specialists, these are the good guys. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs or working as full-time technicians, white hat hackers are just interested in making an honest buck.

Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.

“Black hat” hackers

Closer to the definition that most people outside the IT world know and use, black hat hackers create programs and campaigns solely for causing damage. This may be anything from financial harm in the form of ransomware to digital vandalism.

Albert Gonzalez is one of the many poster children for black hat hacking. In 2005, he organized a group of individuals to compromise poorly secured wireless networks and steal information. He is most famous for stealing over 90 million credit and debit card numbers from TJ Maxx over the course of two years.

“Gray hat” hackers

Whether someone is a security specialist or a cyber criminal, the majority of their work is usually conducted over the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking.

Today, there are quite a few headlines making the rounds describing Marcus Hutchins as a gray hat hacker. Hutchins became an overnight superstar earlier this year when he poked and prodded the WannaCry ransomware until he found a way to stop it.

During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has been arrested and branded a “gray hat” hacker.

The world of cyber security is far more complicated than the stylized hacking in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t give small businesses a pass. If you need a team of experienced professionals to help you tackle the complexities of modern cyber security, call us today at 800-421-7151.

6 CRM Best Practices You Need to Know

Most companies have customer relationship management (CRM) software to help them keep track of contact information and purchase history. But having a large database is worthless if you’re not using it to build long-lasting relationships. To keep existing clients coming back and bring new ones in, follow these CRM best practices.

Always update customer information
A CRM system is only effective when the data it provides is current. If the customer’s address, company name, or preferred method of contact has changed, your staff should be recording this information immediately so your sales and marketing teams are always equipped with the right information.

Use purchasing history for upselling opportunities
It’s easier to sell to existing customers than acquiring new ones. Boost your sales performance by analyzing your existing clients’ purchasing history and designing promotions or events designed just for them. For example, if they recently purchased a razor from your online store, you can program your CRM to recommend related products like shaving cream or aftershave. Not only does this widen your profit margins, it also makes customers’ lives a lot easier and promotes repeat business.

Automate processes
Take advantage of the workflow automation features in CRM apps to eliminate time-consuming and repetitive tasks. For instance, when a new lead is added to your CRM (via newsletter subscriptions or website visits), the CRM can be programmed to send follow-up emails, offer promotions, and other interactions to keep your business at the forefront of their attention. This saves you from writing the same canned responses while also making sure that you’re engaging your clients throughout the entire sales process.

Learn from analytics
CRM also makes it possible to analyze customer trends and behavior. If you noticed a spike in demand for certain products and services during the holidays, be more aggressive in pushing them out next year. If certain email campaigns were more successful than others (e.g., higher open rates, click-through-rates, and potential customers), understand what elements were responsible for that success and try to replicate them the next time you send a newsletter.

Customer data should also be used to shape sales and marketing tactics. A salesperson that already knows the client’s name, locations, and preferences can deliver more personal sales pitches and has a better chance of closing a deal. The point is this: If you’re not learning from your data, your business growth will be limited.

Integrate CRM with other business software
Tying CRM software to other programs makes it even more powerful. Integration with accounting software combines customer and financial data, eliminating redundant manual data entry and providing more insightful reports. When used alongside a VoIP system, your staff will get relevant customer information from multiple databases displayed on one screen when they’re about to make a call.

Get some CRM support
Last but not least, work with a CRM provider that offers 24/7 support. Ideally, they should be keeping your data safe, updating your software regularly, and advising you on how to use complex CRM features.

This may seem like a lot, but the important thing to remember is that just like every technology investment, CRM requires active participation from executives, managers, and frontline staff. If you need more advice on keeping customers happy or want to know what technologies can add value to your business, call us today at 800-421-7151.

Ways to Protect your Company Mobile Devices

Mobile devices can’t accomplish everything that desktops and laptops can, but that doesn’t mean they’re not important to businesses. More and more employees are using smartphones and tablets to increase productivity and enhance collaboration. But before you adopt a mobile device policy, you must keep them safe from cyber criminals. Cyber criminals now have more entry points to steal your data, but there are simple ways to keep your company’s mobile devices safe.

Ensure mobile OS is up-to-date

Apple and Android’s operating system updates improve overall user experience, but their most important function is to fix security vulnerabilities. You can reduce your business’s exposure to threats by installing updates for ALL devices as soon as they become available. Some people wait for a few weeks or months to update their device’s OS. This gives hackers ample time to exploit vulnerabilities on devices that run on outdated operating systems.

Install business applications only

Downloading apps seems harmless, but lenient mobile devices policies on what should and shouldn’t be downloaded on company devices could lead to staff downloading and installing non-business-related apps from third-party stores, most of which are notorious for malicious advertising codes and other threats.

Be careful with public Wi-Fi networks

Emergency situations might compel you to use password-free Wi-Fi networks in hotels, airport, cafes, or any public place. Connecting to an open network could expose your confidential information and sensitive company data to hackers connected to the same network.

You can avoid this by providing a practical internet data plan, preferably one that includes roaming services, for remote workers. And if you really have to connect to an open Wi-Fi, don’t use the connection for transferring sensitive data.

Enable phone tracking tools

Losing a company-issued mobile device is a scenario many would rather not contemplate, but it happens. Devices can be misplaced or stolen, and enabling a useful app such as ‘Find my iPhone’ for iOS devices, ‘GPS Phone Tracker’ for Android, or any other device-tracking app in Apple’s App or Android’s Google Play stores helps users locate lost phones, or otherwise delete data in stolen devices. Downloading and setting up the app takes just a few minutes, and it will give you peace of mind knowing that even if your phone is lost or stolen, its contents will not be compromised.

Screen SMS carefully

SMS messaging may not be as effective as email phishing, but SMS phishing can also be used to trick users into clicking malicious links. Hackers send messages purporting to be from someone you know or a legitimate source that asks you to urgently send confidential data. You can either delete these messages, block unknown senders, or alert your IT department in case you encounter a possible scammer.

Mobile devices are becoming more critical to operations. And with more devices open to attack, businesses must bolster their cybersecurity efforts. Hackers will exploit every possible vulnerability, and that includes those in unsecured smartphones and tablets. Get in touch with us if you need comprehensive security solutions for your business by calling 800-421-7151.

Know These Types of Malware to Stay Protected

Computer threats have been around for decades. In fact, one of the first computer viruses was detected in the early 70s. Technology has come a long way since then, but so have online threats: Spyware, ransomware, virus, trojans, and all types of malware designed to wreak havoc. Here’s how different types of malware work and how you can avoid falling victim.

Viruses

Once created to annoy users by making small changes to their computers, like altering wallpapers, this type of malware has evolved into a malicious tool used to breach confidential data. Most of the time, viruses work by attaching themselves to .exe files in order to infect computers once the file has been opened. This can result in various issues with your computer’s operating system, at their worst, rendering your computer unusable.

To avoid these unfortunate circumstances, you should scan executable files before running them. There are plenty of antivirus software options, but we recommend choosing one that scans in real-time rather than manually.

Spyware

Unlike viruses, spyware doesn’t harm your computer, but instead, targets you. Spyware attaches itself to executable files and once opened or downloaded, will install itself, often times completely unnoticed. Once running on your computer, it can track everything you type, including passwords and other confidential information. Hackers can then use this information to access your files, emails, bank accounts, or anything else you do on your computer.

But don’t panic just yet, you can protect yourself by installing anti-spyware software, sometimes included in all-purpose “anti-malware” software. Note that most reputable antivirus software also come bundled with anti-spyware solutions.

Adware

Are you redirected to a particular page every time you start your browser? Do you get pop ups when surfing the internet? If either situation sounds familiar, you’re likely dealing with adware. Also known as Potential Unwanted Programs (PUP), adware isn’t designed to steal your data, but to get you to click on fraudulent ads. Whether you click on the ad or not, adware can significantly slow down your computer since they take up valuable bandwidth. Worse still, they’re often attached with other types of malware.

Some adware programs come packaged with legitimate software and trick you into accepting their terms of use, which make them especially difficult to remove. To eradicate adware, you’ll need a solution with specialized adware removal protocols.

Scareware

This type of malware works like adware except that it doesn’t make money by tricking you into clicking on ads, but by scaring you into buying a software you don’t need. An example is a pop up ad that tells you your computer is infected with a virus and you need to buy a certain software to eliminate it. If you fall for one of these tactics and click on the ad, you’ll be redirected to a website where you can buy the fake antivirus software.

Scareware acts more like a diversion from the other malware that often comes with it. A good antivirus solution will help scan for scareware too, but you should patch your operating systems regularly just to be safe.

Ransomware

Ransomware has become increasingly common and hostile. It encrypts your computer files and holds them hostage until you’ve paid a fee for the decryption code. Because ransomware comes with sophisticated encryption, there aren’t many options unless you have backups of your data.

There are some tools that can protect against ransomware but we recommend that you backup your data and practice safe web browsing habits.

Worms

Similar to viruses, worms replicate themselves to widen the scope of their damage. However, worms don’t require human intervention to replicate themselves as they use security flaws to transmit from one computer to the next, making them far more dangerous than your typical virus. They often spread via email, sending emails to everyone in an infected user’s contact list, which was exactly the case with the ILOVEYOU worm that cost businesses approximately $5.5 billion worth of damage.

The easiest ways to protect your network from worms is to use a firewall to block external access to your computer network, and to be careful when clicking on unknown links in your email or unknown messages on social media.

Trojans

Usually downloaded from rogue websites, Trojans create digital backdoors that allow hackers to take control of your computer without your knowledge. They can steal your personal information, your files, or cause your computer to stop working. Sometimes hackers will use your computer as a proxy to conceal their identity or to send out spam.

To avoid trojan attacks, you should never open emails or download attachments from unknown senders. If you’re skeptical, use your antivirus software to scan every file first.

In order to keep malware at bay, you need to invest in security solutions with real-time protection and apply security best practices within your office. If you have any questions or concerns, or simply need advice on how to strengthen your business’s security, just give us a call and we’ll be happy to help.

Tell Office 2016 and Office 365 apart

Microsoft delivers some of the best productivity tools for businesses worldwide. Office 2016 and Office 365 are the most popular software in the market today. And while both offer Word, Excel, and PowerPoint, there are some significant differences between each product. Read on to find out.

How they’re paid for
Office 2016 is a stand-alone suite, and regardless of the quantity purchased, is described by Microsoft as a “one-time purchase.” You pay a single, upfront cost, meaning the entire purchase price must be paid before receiving the license to legally run the software for life.

By contrast, Office 365 is a subscription service requiring monthly or annual payments. Office 365 allows users to run applications only if payments are made. If you stop, you will have 30 days to continue operating after the previous payment’s due date before the license expires.

How they’re serviced
Another aspect to consider is the service and support offerings. Microsoft provides monthly security updates for Office 2016 applications, and these updates fix non-security bugs. However, you don’t get upgrades for improved features and functionality. If you wish to run the latest edition, you’ll have to pay another upfront fee.

Office 365 users, on the other hand, get the same security patches as Office 2016 and also additional feature and functionality upgrades twice a year.

How they sync with the cloud
Microsoft announced a major change this April: As of October 13, 2020, Office 2016 applications acquired through an upfront purchase are required to be in the “Mainstream” support period (the first five years of the decade-long commitment) to obtain cloud connectivity. Office 365 subscriptions won’t experience this problem.

In order to achieve measurable results and enjoy business growth, it’s imperative that your business is working with the right Office solution. Give us a call at 800-421-7151 and let our team of experts assess your needs and determine the better option.

Tips and Tricks for Avoiding IoT Threats

Internet of Things (IoT) devices have become more popular with businesses in recent years. This is largely because they can keep track of large amounts of information, analyze data patterns, and streamline business processes. But as you introduce more internet-connected devices into the office space, you may be exposing your business to attacks.

Set passwords
Many often forget they can set passwords for IoT devices. When this happens, they tend to leave their gadgets with default passwords, essentially leaving the door open for hackers. Make sure to set new and strong passwords — preferably with a combination of upper and lower case letters, numbers, and symbols — for each device connected to your network. Then, use a password manager to securely keep track of all your passwords.

Disable Universal Plug and Play (UPnP)
UPnP is designed to help IoT gadgets discover other network devices. However, hackers can also exploit this feature to find and connect to your IoT devices. To prevent them from getting to your network, it’s best to disable this feature completely.

Create a separate network
When you’re dealing with IoT devices, it’s wise to quarantine them in a separate network unconnected to your main office network. By doing this, user gadgets will still have access to the internet but won’t be able to access mission-critical files.

You should also consider investing in device access management tools. These allow you to control which devices can access what data, and prevent unauthorized access.

Update your firmware
If you want to keep your devices secure against the latest attacks, then you need to keep your IoT software up to date. Security researchers are always releasing security patches for the most recent vulnerabilities, so make it a habit to regularly check for and install IoT firmware updates. If you have several gadgets to secure, use patch management software to automate patch distribution and set a schedule to check for updates monthly.

Unplug it
Disconnecting your IoT devices from the internet (or turning them off completely) whenever you don’t need them significantly reduces how vulnerable you are to an attack. Think about it, if there’s nothing to target, hackers won’t be able to make their move. Turning your IoT devices on and off again may not seem like the most convenient strategy, but it does deny unauthorized access to your router.

Unfortunately, as IoT devices become more commonplace in homes and offices, more hackers will develop more cunning ways to exploit them. Getting into the above mentioned security habits can protect you from a wide variety of IoT attacks, but if you really need to beef up your security, then contact us today. We have robust security solutions that keep your hardware safe.

An Intern’s Week at WAMS

WAMS had the pleasure of partaking in an internship and career exploration program called “Living the Map.” A student from Colorado College was interested in spending a week with a marketing executive. Daniel Seddiqui of “Living the Map” reached out to me about this opportunity and sent me Alan Fox, an ambitious college student who had just completed his first year and chose this career exploration program to help him decide on his major. His reflection below describes his experience, and we are so grateful to have had an impact on such a promising young man. This was a wonderful opportunity for the both of us, and it was a pleasure to teach Alan about what I do. As a company, we are so proud to have left this impression on him.

“Ashli Lopp, a marketing executive at the IT consulting company known as WAMS, expressed a primary goal of my five week internship project bluntly when she stated, “It takes doing what you don’t want to do to help you realize the importance of doing what you want to do.”

As I first entered the WAMS office located just outside of the Los Angeles area in Brea, CA, I was nervous about what the week had in store for me. Would my presence be a distraction to others working? Does the individual that I’m shadowing have the time or desire to work with me for an entire week? To put it plainly, I didn’t want to be a problem at all for this company. Within five minutes of entering the office, it became clear that this fear was unwarranted and would not be the case. Ashli, the marketing executive I shadowed for the week, and Kevin, the general manager of WAMS, immediately made me feel welcome. After introducing myself to Kevin and discussing his recent travels in Colorado, Ashli introduced me to the rest of the company and had the patience to teach me about her job as well as a brief overview of the company.

The first thing I noticed in the office was that the employees exuded an unusual level of positivity and joyfulness. They seemed to genuinely enjoy spending time working there and they weren’t simply watching the clock, eagerly awaiting their time to clock out like many of my fellow auto shop  co-workers in the  past would. Throughout my week at WAMS, I tried to pinpoint the source of their workplace jubilance. Was management responsible? Was it the composition of employees? While I do think that WAMS has done an excellent job of hiring exuberant employees that are passionate about their jobs as well as their interactions with each other, I think the company’s upbeat culture has more to do with management incentivizing their employees with freedom and encouragement, rather than fear. Later in the week, account manager Matt Morris addressed this assumption, stating that, “Kevin doesn’t rule with an iron fist. . . He’s made this a place where you don’t dread coming to work.” This claim is supported by the fact that throughout my week with WAMS, I never observed a time when Ashli was motivated to complete a task by fear. On the contrary, Ashli went about her daily obligations with freedom and a sense of pride that she would complete them individually to the best of her abilities—not because a manager was breathing down her neck.

Other than observing the encouraging role of management within the company, I also thoroughly enjoyed learning about the different ways Ashli attracts clients. First off, she explained the three basic client profiles that she is aiming to attract and how she is able to craft a marketing approach to suit the audience. For example, for firm administrators who are typically more interested in the final result WAMS has to offer and less in the technology, Ashli would appeal to them through means that invoke emotion and focus on possible positive results rather than nitty-gritty tech details of how the system works. In addition, I was interested in the different ways Ashli went about striking fear in the hearts of her potential clients, communicating the dangers of ransomware and how customers needed WAMS to save their firm from potential closure.

While I was fascinated by the way Ashli went about attracting clients, I was also intrigued by the ways she went about keeping clients and making them feel appreciated. Whether it was sending clients cookies embroidered with the WAMS logo, “anniversary” Starbucks gift cards, or shock-and-awe packages containing promotional gear, Ashli was adamant about ensuring that a customer’s business was appreciated and not taken for granted.

Besides focusing on improving and maintaining her client base, Ashli also focused on educating and developing herself as a marketer. Each day Ashli read the news in order to keep up to date and inform her clients about the latest development in her field, whether that’s a development in cyberware or technology. Moreover, her eagerness to improve and develop further ways of marketing was clearly illustrated by her weekly discussion with different marketing employees in different fields across America.

All in all, exposure to both a close-knit, enthusiastic work place and to a marketing professional that was eager to teach me ways of creating and maintaining fruitful client relations made this week an especially beneficial and educational experience.”

Nyetya Ransomware: What You Need to Know

Nyetya, a variant of the Petya ransomware, is spreading across businesses all over the world. Although it shares the same qualities as WannaCry — a ransomware deemed ‘one of the worst in history’ — many cyber security experts are calling it a more virulent strain of malware that could cause greater damage to both small and large organizations. Here’s everything we know about it so far.

Worse than WannaCry

Nyetya is deemed worse than WannaCry mainly because it spreads laterally, meaning it targets computers within networks and affects even systems that have been patched. Because it also spreads internally, it needs to infect only one device to affect several others within a single network.

Cyber researchers trace its origins to a tax accounting software called MEDoc, which infected 12,500 systems in Ukraine. Since the initial infections in June, it has spread to thousands of networks in 64 countries. And although it hasn’t spread as fast as WannaCry, it might have a wider reach soon because it uses three attack pathways to infect a system. It hasn’t made as much money as WannaCry, which is why cyber researchers are concluding that the attacks are not economically motivated.

Don’t Pay the Ransom

Cyber security firms and researchers strongly recommend affected businesses to avoid paying the ransom. According to them, paying the ransom would be a waste since the infected user won’t be able to receive a decryption key to unlock their files or systems. This is because the email provider has blocked the email address on the ransomware message.

Although it operates like a ransomware — locking hard drives and files and demands a $300 ransom in Bitcoin — it functions more as a wiperware that aims to permanently wipe out data and/or destroy systems. So far, it has affected big-name multinationals in various industries, including Merck, Mondelez International, and AP Moller-Maersk, among others.

Perform backups and update outdated security patches

The only way businesses can be protected is by performing backups and staying on top of patch updates.

It’s safe to say that in case of a Nyetya attack, there’s no chance of getting back your data. In such a scenario, you would have only your backup files — whether on an external storage or in the cloud — to fall back on. But backing up is not enough; you should also ensure that your backups are working, which you can do by testing them regularly. Given the nature of Nyetya, you should also make sure that your backups are stored off-site and disconnected from your network.

Like its predecessor, Nyetya exploited vulnerabilities in unpatched Microsoft-run computers. As a business owner, make it a part of your cyber security routine to update your systems with the latest security patches, or risk having your files or systems permanently corrupted.

As a business owner whose operations’ lifeline depends on critical files, your backups are your insurance. If your systems’ network security needs another layer of protection, get in touch with us today at 800-421-7151.

Get Ready for Chrome’s Ad Blocker

For the longest time, we’ve been visiting countless websites only to be greeted with annoying ads that never piqued our interest. Luckily, Chrome users won’t have to put up with them for much longer. Google will release an ad blocker early next year. To that end, here’s everything you need to know.

What is it?

Ad blocker from Chrome actually works like an ad filter, meaning it won’t block all ads from the website, only ones that are determined to be too intrusive, like video autoplay with sound as well as interstitials that take up the entire screen.

A group called the Coalition for Better Ads, which consists of Google, Facebook, News Corp, The Washington Post, and other members will decide whether or not the ads are to be blocked. According to Sridhar Ramaswamy, the executive in charge of Google’s ads, even ads owned or served by Google will be blocked if they don’t meet the new guidelines.

How will it work?

From a consumer’s end, you won’t have to do anything except for updating your Chrome browser. For publishers, Google will provide a tool that you can run to find out if your site’s ads are violating the guidelines. The blocker will apply to both desktop and mobile experiences.

What are the benefits of Chrome ad blocker?

Bad ads slow down the web, make it annoying to browse, and drive consumers to install ad blockers that remove all advertisements. If that continues, publishers will face major obstacles since nearly all websites rely on ads to stay alive.

With Chrome’s ad blocker, wholesale ad blocking can be controlled to please both consumers and publishers. Users get a better web browsing experience and publishers can continue to make profits through online ad sales.

But isn’t Google already using third-party ad-blocking extensions?

Yes, but this means they have to pay third-party ad blockers — like Adblock Plus — a certain amount of fee to whitelist ads for the privilege of working around their filters. With their own ad blocker, this can be eliminated once and for all.

Are there potential drawbacks?

It’s undeniable that Chrome’s ad blocker gives Google lots of power to determine ad standards for everyone. It comes to no surprise that there are skeptics who don’t trust one company to act in everyone’s interest.

And while Google assures that even its own ads will be removed if they violate the rules, the fact that Google itself is an ad company with nearly 89 percent of its revenues coming from online ads doesn’t boost its credibility to industry peers.

Publishers will have fewer options to monetize their sites once Chrome’s ad blocker is implemented. To help, Google will include an option for visitors to pay websites that they’re blocking ads on called Funding Choices. However, a similar feature called Google Contributor has been tested a couple years ago with no signs of catching on so we doubt that Funding Choices will differ.

Despite expected criticism, Chrome’s ad blocker will likely result in a better web browsing experience. And as always, if you have any questions about the web, or IT in general, just give us a call at 800-421-7151 and we’ll be happy to help.

Cybercrime Insurance Loopholes: Protect Yourself

As hacking hit the headlines in the last few years — most recently the global hack in May that targeted companies both large and small — insurance policies to protect businesses against damage and lawsuits have become a very lucrative business indeed. Your company may already have cyber insurance, and that’s a good thing. But that doesn’t mean that you don’t have a job to do — or that the insurance will cover you no matter what.

When you buy a car, you get the warranty. But in order to keep that warranty valid, you have to perform regular maintenance at regularly scheduled times. If you neglect the car, and something fails, the warranty won’t cover it. You didn’t do your job, and the warranty only covers cars that have been taken care of.


Cyber insurance works the same way. If your company’s IT team isn’t keeping systems patched and up to date, taking active measures to prevent ransomware and other cybercrime attacks, and backing everything up in duplicate, it’s a lot like neglecting to maintain that car. And when something bad happens, like a cyber attack, the cyber insurance policy won’t be able to help you, just as a warranty policy won’t cover a neglected car.

Check out this real life policy exclusion we recently uncovered, which doesn’t cover damages “arising out of or resulting from the failure to, within a reasonable period of time, install customary software product updates and releases, or apply customary security-related software patches, to computers and other components of computer systems.” If your cyber insurance policy has a clause like that — and we guarantee that it does — then you’re only going to be able to collect if you take reasonable steps to prevent the crime in the first place.

That doesn’t just mean you will have to pay a ransom out of pocket, by the way. If your security breach leaves client and partner data vulnerable, you could be sued for failing to protect that data. When your cyber insurance policy is voided because of IT security negligence, you won’t be covered against legal damages, either. This is not the kind of position you want to be in.


All of this is not to say that you shouldn’t have cyber insurance, or that it’s not going to pay out in the case of an unfortunate cyber event. It’s just a reminder that your job doesn’t end when you sign that insurance policy. You still have to make a reasonable effort to keep your systems secure — an effort you should be making anyway.

Does the CIA Have Access to Your Router?

There are an exhausting number of cyber security threats to watch out for, and unfortunately you need to add another to the list. A recent leak from the CIA proves that routers are one of the weakest links in network security.

The Wikileaks CIA Documents

For several months, the notorious website famous for leaking government data has been rolling out information it obtained from the Central Intelligence Agency. The documents detail top-secret surveillance projects from 2013 to 2016 and mainly cover cyber espionage.

In the most recent release, documents describe government-sponsored methods and programs used to exploit home, office, and public wireless routers for both tracking internet browsing habits and remotely accessing files stored on devices that connect to compromised networks.

Is My Router One of Them?

According to the documents, 25 models of wireless routers from 10 different manufacturers were being exploited by the CIA. They weren’t off-brand budget devices either; the list includes devices from some of the biggest names in wireless networking:

  • Netgear
  • Linksys
  • Belkin
  • D-Link
  • Asus

Those brands account for over a third of wireless routers on the market, which means there’s a good chance you’re at risk.

After WannaCry used a previous CIA leak to fuel its global spread, you need to worry about more than just being a target of government espionage too. Over the past few years, almost all of these leaks have quickly made their way into criminal hands.

Patching Vulnerabilities

Fixing security gaps in hardware is tricky business, especially when they’re mainly used to monitor rather than corrupt. In most cases, there will be no visual cues or performance problems to indicate your hardware has been infected. As such, you should plan on regularly updating the software on your hardware devices whenever possible.

Accessing your router’s software interface isn’t a user-friendly experience for non-IT folks. Usually, to access it, you need to visit the manufacturer’s website and log in with the administrator username and password. If these are still set to the default “admin” and “password” make sure to change them.

Once logged in, navigate through the settings menus until you find the Firmware Update page. Follow the instructions and confirm that the firmware has been properly installed.

The CIA’s router leaks were vague, so we’re not even sure how recent they are. We are fairly certain, however, that all of the manufacturers have since patched the vulnerabilities. Regardless, updating your router’s firmware will protect from a number of cyber security risks. If you’re unable to finish the task on your own, one of our technicians can fix it, as well as any other firmware vulnerabilities, in a matter hours. All you need to do is call! 800-421-7151.

Changes to Office 365

Whether it’s for the sake of aligning with Windows 10, or not, Office 365 Pro Plus will be upgraded twice a year, in March and September. But what does this mean to business owners like yourself? Will the new update schedule affect how Microsoft plans to deliver and support ProPlus in the future? We’ll answer all that and more.

Why the New Schedule?

Feedback has almost always been Microsoft’s impetus to make changes of any kind, and this is no exception. The software giant wanted to simplify the update process and improve coordination between Office 365 and Windows, and the new schedule should handle both of those aims.

This is particularly helpful for those using Secure Productive Enterprise (SPE). SPE was bundled with Windows 10 and Office 365 ProPlus, meaning subscribers had to deal with two separate upgrades prior to the new schedule. Moving forward, things will be simplified as a single update twice a year will suffice.

What Else Changed?

Microsoft is extending support for ProPlus from 12 months per update to 18 months. This means you can technically update once or twice a year, which we’ll discuss in more detail below.

They’ve also changed the following terminology used in their updates:

  • Current Channel → Monthly Channel
  • First Release for Deferred Channel → Semi-annual Channel (Pilot)
  • Deferred Channel → Semi-annual Channel (Broad)

The Semi-annual Channel (Pilot) and Semi-annual Channel (Broad) describe the twice-a-year feature updates and how they will be deployed: the former to be used as deployment testing and the latter for actual deployment to an organization’s users.

When Will the First ProPlus Upgrade be Released Under the New Schedule?

The first Pilot channel will be available on September 12, 2017, the same day as that month’s Patch Tuesday. The first Broad channel will be available four months later on January 9, 2018, also on a Patch Tuesday.

The second release will bring a new Pilot on March 13, 2018 and a new Broad on July 10, 2018.

Can you Skip a ProPlus Features Upgrade?

While you can in fact choose only to upgrade once a year, you will eventually have to conduct a second upgrade to get the most up-to-date support. Microsoft is giving you two months of overlap in the next update to do this.

So, say your firm deploys the Broad channel in January 2018, but skips the July 2018 upgrade, you would have to upgrade within the two-month span between January 2019 and March 2019 to be eligible for the latest support.

What Happened to the ProPlus Upgrade for June 2017?

Microsoft released new Deferred Channel and First Release for Deferred Channel upgrades on June 13, 2017. You will have three months to conduct enterprise pilots and validate applications with this upgrade before the final Deferred Channel release on September 12, 2017. The last Deferred Channel will be supported until July 10, 2018.

Changes to the support life cycle of Office 365 ProPlus will ultimately save you time and reduce the hassles of conducting upgrades. That said, it might take some time getting used to the new schedule and nomenclature, so if you have any questions about Office 365 or the new schedule, just give us a call at 800-421-7151.

Quick Review: Why You Need Virtualization

With virtualization, you can make software see several separate computers where there is only one, or make several computers look like one supercomputer. That may sound simple, but it’s far from it. Of course the benefits are well worth it; here are just a few.

More Technology Uptime

Virtualization vendors use lots of fancy names for the features of their technology, but behind all the technobabble are a number of revolutionary concepts. Take “fault tolerance” for example. When you use virtualization to pool multiple servers in such a way that they can be used as a single supercomputer, you can drastically increase uptime. If one of those servers goes down, the others continue working uninterrupted.

Another example of this is “live migrations,” which is just a fancy way of saying that employee computers can be worked on by technicians while users are still using them. Say you’ve built a bare-bones workstation (as a virtual machine on the server), but you need to upgrade its storage capacity. Virtualization solutions of today can do that without the need to disconnect the user and restart their computer.

Better Disaster Recovery

Data backups are much simpler in a virtualized environment. In a traditional system, you could create an “image” backup of your server — complete with operating system, applications and system settings. But it could be restored to a computer only with the exact same hardware specifications.

With virtualization, images of your servers and workstations are much more uniform and can be restored to a wider array of computer hardware setups. This is far more convenient and much faster to restore compared to more traditional backups.

More Secure Applications

In an effort to increase security, IT technicians usually advocate isolating software and applications from each other. If malware is able to find a way into your system through a software security gap, you want to do everything in your power to keep it from spreading.

Virtualization can put your applications into quarantined spaces that are allowed to use only minimum system resources and storage, reducing the opportunities they have to wreak havoc on other components of the system.

Longer Technology Lifespans

The same features that quarantine applications can also create customized virtual spaces for old software. If your business needs a piece of software that won’t work on modern operating systems, virtualization allows you to build a small-scale machine with everything the program needs to run. In that virtual space, the application will be more secure, use fewer resources, and remain quarantined from new programs.

In addition to software, virtualization also encourages longer life spans of old hardware components. With virtualization, the hardware an employee uses is little more than a window to the powerful virtual machine on the server. Employee computers need only the hardware required to run the virtualization window, and the majority of the processing takes place on the server. Hardware requirements are much lower for employees and equipment can be used for several years.

Easier Cloud Migrations

There are several ways virtualization and cloud technology overlap. Both help users separate processing power from local hardware and software, delivering computing power over a local network or the internet. Because of these similarities, migrating to the cloud from a virtualized environment is a much simpler task.

There is no debate about the benefits of this technology. The only thing standing between your business and more affordable, efficient computing is an IT provider that can manage it for you. For unlimited technology support, virtualization or otherwise, on a flat monthly fee. Call us today at 800-421-7151.

Office 365 Tips to Make Your Life Easier

Office 365 receives dozens of changes every month, which explains why some get overlooked. While Office 365 Planner or Microsoft Teams are great tools for maximizing productivity, there are hidden functions and tricks you can use to make life a bit easier for yourself. Check out our six tips to improve your user experience with Office 365 below.

Declutter Your Inbox
If you’re having trouble managing the overwhelming amount of emails in your inbox, then using Office 365’s “Clutter” feature can clear up some space. To enable this feature go to Settings > Options > Mail > Automatic processing > Clutter then select Separate items identified as Clutter. Once activated, you need to mark any unwanted messages as “clutter” to teach Office 365. After learning your email preferences, Office 365 will automatically move low-priority messages into your “Clutter” folder, helping you focus on more important emails.

Ignore Group Emails
Are you copied on a long email thread you don’t want to be part of? If so, simply go to the message and find the Ignore setting. Doing this will automatically move future reply-alls to the trash so they never bother you again. Of course, if you ever changed your mind, you could un-ignore the message: Just find the email in your trash folder and click Stop ignoring.

Unsend Emails
In case you sent a message to the wrong recipient or attached the wrong file, Office 365 has a message recall function. To use this, open your sent message, click Actions, and select Recall this message. From here, you can either “Delete unread copies of this message” or “Delete unread copies and replace with a new message.” Bear in mind that this applies only to unread messages and for Outlook users within the same company domain.

Work offline
Whenever you’re working outside the office or in an area with unstable internet, it’s a good idea to enable Offline Access. Found under the Settings menu, this feature allows you to continue working on documents offline and syncs any changes made when you have an internet connection. Offline access is also available in your SharePoint Online document libraries.

Use Outlook Plugins
Aside from sending and receiving emails, Outlook also has some awesome third-party plugins. Some of our favorite integrations include PayPal, which allows you to send money securely via email; and Uber, which lets you set up an Uber ride reminder for any calendar event. Find more of productivity-boosting plugins in the Office Store.

Tell Office Applications What To Do
If you’re not a fan of sifting through menus and options, you can always take advantage of the Tell Me function in your Office 2016 apps. When you press Alt + Q, you bring up a search bar that allows you to look for the functions you need. Suppose you need to put a wall of text into columns on Word but can’t find where it is specifically. Just type ‘column’ and Microsoft will help you with the rest.

These tricks and features themselves will definitely increase productivity. And fortunately, there’s, there’s more coming. Microsoft continues to expand Office 365’s capabilities, and if you truly want to make the most out of the software, don’t be afraid to explore its newly released features.

For more Office 365 tips and updates, get in touch with us today at 800-421-7151.

Fixing Computers Drains Your Firm’s Funds

Aside from overseeing your business’s network security, IT security staff are also adept at fixing personal computers. However, that doesn’t necessarily mean they should. In fact, such occurrences ought to be minimized, if not avoided altogether. Your security personnel should be focusing on more pressing issues. But if they’re toiling over PC repairs, not only is your staff’s energy drained, but your IT budget plummets, too.

Cost of Fixes

According to a survey of technology professionals, companies waste as much as $88,660 of their yearly IT budget as a result of having security staff spend an hour or more per work week fixing colleagues’ personal computers. The ‘wasted amount’ was based on an average hourly salary of IT staff multiplied by 52 weeks a year. Other than knowing how much time is wasted, what makes things worse is that IT security staff are among the highest paid employees in most companies.

The fixes have mostly to do with individual rather than department- or company-wide computer problems that don’t necessarily benefit the entire company. The resulting amount is especially staggering for small- and medium-sized businesses (SMBs) whose limited resources are better off spent on business intelligence tools and other network security upgrades.

Other Costs

All those hours spent on fixing personal computers often means neglecting security improvements. The recent WannaCry ransomware attacks, which successfully infected 300,000 computers in 150 countries, demonstrate the dangers of failing to update operating system security patches on time. It should be a routine network security task that, if ignored, can leave your business helpless in the face of a cyber attack as formidable as WannaCry. It didn’t make much money, but had it been executed better, its effects would have been more devastating to businesses, regardless of size.

Profitable projects could also be set aside because of employees’ PC issues. For SMBs with one or two IT staff, this is especially detrimental to productivity and growth. They can easily increase their IT budgets, but if employees’ negligible computer issues keep occurring and systems keep crashing, hiring extra IT personnel won’t do much good.

What Businesses Should Do

The key takeaway in all this is: Proactive IT management eliminates the expenditure required to fix problematic computers. Bolstering your entire IT infrastructure against disruptive crashes is the first step in avoiding the wasteful use of your staff’s time and your company’s money.

Even if your small business has the resources to hire extra staff, the general shortage of cyber security skills also poses a problem. Ultimately, the solution shouldn’t always have to be increasing manpower, but rather maximizing existing resources.

Having experts proactively maintain your IT eliminates the need to solve recurring small issues and lets your staff find a better use for technology resources. If you need non-disruptive technology, call us today at 800-421-7151 for advice.

How To Keep Your Employees From Leaking Confidential Information

Back in 2014, Code Spaces was murdered. The company offered tools for source code management, but they didn’t have solid control over sensitive information — including their backups. One cyberattack later, and Code Spaces was out of business. Their killer had used some standard techniques, but the most effective was getting an unwitting Code Space employee to help — likely via a phishing attack.

When it comes to cybercrime that targets businesses, employees are the largest risks. Sure, your IT guys and gals are trained to recognize phishing attempts, funky websites, and other things that just don’t seem right. But can you say the same thing about the people in reception, or the folks over in sales?

Sure, those employees might know that clicking on links or opening attachments in strange emails can cause issues. But things have become pretty sophisticated; cybercriminals can make it look like someone in your office is sending the email, even if the content looks funny. It only takes a click to compromise the system. It also only takes a click to Google a funny-looking link or ask IT about a weird download you don’t recognize.

Just as you can’t trust people to be email-savvy, you also can’t trust them to come up with good people still use birthdays, pet names, or even “password” as their passcodes — or they meet the bare-minimum standards for required passcode complexity. Randomly generated passcodes are always better, and requiring multiple levels of authentication for secure data access is a must-do.

Remember, that’s just for the office. Once employees start working outside of your network, even more issues crop up. It’s not always possible to keep them from working from home, or from a coffee shop on the road. But it is possible to invest in security tools, like email encryption, that keep data more secure if they have to work outside your network. And if people are working remotely, remind them that walking away from the computer is a no-no. Anybody could lean over and see what they’re working on, download malware or spyware, or even swipe the entire device and walk out — all of which are cybersecurity disasters.

Last but not least, you need to consider the possibility of a deliberate security compromise. Whether they’re setting themselves up for a future job or setting you up for a vengeful fall, this common occurrence is hard to prevent. It’s possible that Code Space’s demise was the result of malice, so let it be a warning to you as well! Whenever an employee leaves the company for any reason, remove their accounts and access to your data. And make it clear to employees that this behavior is considered stealing, or worse, and will be treated as such in criminal and civil court.

You really have your work cut out for you, huh? Fortunately, it’s still possible to run a secure-enough company in today’s world. Keep an eye on your data and on your employees. And foster an open communication that allows you to spot potential — or developing — compromises as soon as possible. Need security training? Email us at info@wamsinc.com to schedule! 

How did WannaCry Spread so Far?!

By now, you must have heard of the WannaCry ransomware. It ranks as one of the most effective pieces of malware in the internet’s history, and it has everyone worried about what’s coming next. To guard yourself, the best place to start is with a better understanding of what made WannaCry different.

Ransomware Review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry Ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to Protect Yourself from What Comes Next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.

Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”

Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.

Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, email us any time at info@wamsinc.com.

Bluesnarfing? What you Need to Know.

When buying a technological device today, whether it’s a smartphone, a speaker, a keyboard or a smart watch, one of things people look for is Bluetooth compatibility. And who could blame them when Bluetooth has become a ubiquitous feature of technology that everyone can’t live without. But just like any technology, convenience can quickly turn into chaos when fallen into the wrong hands. With that in mind, here’s what you need to know to guard against cybercriminals when using Bluetooth.

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?

Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?

The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:

  • Switching your Bluetooth to “non-discovery” mode
  • Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
  • Never accept pairing requests from unknown users
  • Require user approval for connection requests (configurable in your smartphone’s security features)
  • Avoid pairing devices for the first time in public areas

Bluesnarfing isn’t by any means the newest trick in a cybercriminal’s book, but that doesn’t mean it’s any less vicious. If you’d like to know more about how to keep your IT and your devices safe, give us a call at 800-421-7151 and we’ll be happy to advise.

Data Loss Prevention Tips for Office 365

Office 365 is a complete cloud solution that allows you to store thousands of files and collaborate on them, too. In addition to its productivity features, Office 365 comes with security and compliance solutions that will help businesses avoid the crushing financial and legal repercussions of data loss. However, even with its comprehensive security tools, some data security risks still need to be addressed. The following tips will help your business’s data remain private and secure.

Take Advantage of Policy Alerts
Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure Mobile Devices
With the growing trend of using personal smartphones and tablets to access work email, calendar, contacts, and documents, securing mobile devices is now a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access rules, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use Multi-Factor Authentication
Because of the growing sophistication of today’s cyberattacks, a single password shouldn’t be the only safeguard for Office 365 accounts. To reduce account hijacking instances, you must enable Office 365 multi-factor authentication. This feature makes it more difficult for hackers to access your account since they not only have to guess user passwords but also provide a second authentication factor like a temporary SMS code.

Apply Session Timeouts
Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to compromise sensitive data. But by applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from simply opening company workstations and accessing private information.

Avoid Public Calendar Sharing
Office 365 calendar sharing features allows employees to share and sync their schedules with their colleagues. However, publicly sharing this schedule is a bad idea. Enabling public calendar sharing helps attackers understand how your company works, determine who’s away, and identify your most vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash a slew of malware attacks to corrupt your data before your business can respond.

Employ Role-Based Access Controls
Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt Emails
Encrypting classified information is your last line of defense to secure your data. Should hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate flexibly, you must be aware of the potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. And if you need help securing your Office 365, we can help with that too! Simply contact us today at 800-421-7151.

Protect your Data from WannaCry

This month, ransomware has taken center stage yet again. WannaCry has already infected thousands of users around the world. In true ransomware fashion, WannaCry holds user data hostage until the victim decides to pay the ransom. What’s more alarming, however, is that the global success of this malware will likely spawn even more potent variants. To protect your business from ransomware attacks, consider these tips.

Update Your Software
The first (and probably best) defense against WannaCry ransomware is to update your operating system. New research from Kaspersky shows that machines running Windows XP, 7 and outdated Windows 10 versions were affected by the ransomware. To check whether your systems are up to date, open your Windows search bar, look for Windows Update, click Check for Updates, and install any major updates.

Also, don’t forget to download the latest security patches for your business applications and security software.

Run Security Programs
Many antivirus programs now have mechanisms for detecting and blocking WannaCry malware; so when you’ve fully updated your security software, run a full system scan.

Keep in mind that antivirus isn’t a foolproof security solution. Instead, run it alongside other security applications like intrusion prevention systems and firewalls.

Use Data Backup and Recovery Tools
If WannaCry does infect your computers, only a solid data backup and recovery solution can save your business. Before ransomware strikes, periodically back up your files in both an external hard drive and a cloud-based backup service.

External hard drives will serve as your local backup solution for quick recovery times. However, we recommend keeping the external drive disconnected when it’s not being used and plugging it in only when you need to back up files at the end of the day. This is because when ransomware infects a computer, it will usually look to encrypt local backup drives as well.

Cloud-based backups, on the other hand, allow you to store files in remote data centers and access them from any internet-enabled device. When selecting a cloud services provider, make sure they provide the appropriate cloud protections to your files. For example, your backup vendor should provide reporting tools to keep track of any anomalies in your files. Document versioning features are also important. This allows you to recover older versions of a document in case the current version is encrypted.

After your local and cloud backups are set up, perform regular tests to ensure your disaster recovery plan works.

Stay Informed
Finally, it’s important to stay on guard at all times. WannaCry is just one of many ransomware strains affecting businesses today, and in order to stay safe you need to be constantly up to date on the latest cybersecurity- and business continuity-related news.

For more ransomware prevention tips and services, call us today at 800-421-7151. We’ll make sure hackers don’t hold your business hostage.

Office 365 Gets New Security Tools

Security is, by far, the biggest issue concerning most businesses today. Although safeguards like firewalls and antivirus software are necessary, it is foolish not to take additional steps for protection in dealing with increasingly sophisticated cyberattacks. Today, companies require multiple layers of security to steer clear of cyberattacks and compliance woes. To help companies with this process, Microsoft has released threat intelligence, advanced threat protection, and data governance features.

Threat Intelligence
Threat Intelligence for Office 365 gathers data from Microsoft security databases, Office clients, email, and other recorded security incidents to detect various cyberattacks. This feature gives users in-depth knowledge about prevalent malware strains and real-time breach information to analyze the severity of certain attacks.

What’s more, Threat Intelligence comes with customizable threat alert notifications and easy-to-use remediation options for dealing with suspicious content.

Advanced Threat Protection (ATP) Upgrades
In addition to Threat Intelligence, Office 365’s ATP service now has a revamped reporting dashboard that displays security insights across a company. This includes a security summary of what types of malware and spam were sent to your organization, and which ones were blocked. According to Microsoft, these reports will help you assess the effectiveness of your current security infrastructure.

ATP also has a new capability called “Safe Links” which defends against potentially malicious links in emails and embedded in Excel, Word, and PowerPoint files. If suspicious links are discovered, the user will be redirected to a warning page to avoid an infection.

Advanced Data Governance
The newly released Advanced Data Governance feature is also a much needed enhancement for highly-regulated companies. It classifies files based on user interaction, age, and type, and recommends general data retention and deletion policy recommendations. If, for example, your business has retained credit card data for longer than necessary, Advanced Data Governance will alert you of the possible data governance risks.

Data Loss Prevention Enhancements
Last but not least, the Office 365 Security & Compliance Center is also receiving data loss prevention upgrades. With it, you can easily access and customize app permissions and control device and content security policies. So if someone in your company attempts to leak sensitive customer information, Office 365 will notify your administrators immediately.

Although all these features are available only for Office 365 Enterprise E5 subscribers, security- and compliance-conscious companies definitely need these upgrades. Get the right Office 365 subscription by contacting us today at 800-421-7151.

Server Management: 4 Essentials

By their very definition, servers are tasked with managing significantly higher burdens than the average desktop workstation. If your business has a server onsite, there are so many things you need to consider to get the most out of your investment. Read on for a few of them:

Mount Your Servers Properly

Small businesses are usually forced to prioritize the here and now over long-term planning. Not for lack of caring, it’s just a fact of working on tight budgets and with small teams. This is especially evident when it comes to server planning. When your business first sets up shop, it’s tempting to plug in a server right next to your workstations – but doing so puts your hardware in harm’s way.

Mounting servers in a rack protects them from the accidents commonly associated with highly trafficked areas: spills, crumbs, and tripping hazards. Server racks keep your most essential hardware safe by organizing everything in a space that is more accessible for cleaning and management but less exposed to the day-to-day wear and tear of your office.

Server planning is all about leaving room for the future. When choosing your rack mount, make sure to leave room for the hardware you will need to expand in the future. Unless office space is a serious concern, it’s better to have a half-empty server rack than to be forced to tear the whole thing down and redesign it the moment you need to expand.

Keep Servers Separate from the Main Area

Depending on what type of servers you are running, they can create quite a bit of noise. This coupled with the fact that they are comprised of valuable hardware means that you should do everything in your power to keep your servers physically separate from your working space. If you don’t have room for a server room, consider investing a little extra in a secure rack mount with built-in sound reduction.

Never Skimp on Cooling

Even when your business first opens its doors, server cooling is a crucial consideration. These computers are designed to work at peak capacity and need optimal conditions to do so efficiently. Even if your equipment seems to be performing just fine, too much heat can drastically reduce its lifespan.

Make sure that your cooling solution operates outside the confines of your building’s infrastructure. If the central air gets shut off at night, or if your office experiences power outages, you need a cooling solution that switches over to backup power with your servers.

Keep Wiring Neatly Arranged

For anyone without hands-on experience with server hardware, the number of wires going into and out of your setup is shocking. Getting the whole mess organized isn’t just about cleanliness, it also affects the performance of your current setup and the viability of installing future upgrades. Any time you are installing, removing, or rearranging your server cables, check that everything is neatly labeled and safely grouped together.

Managing any type of hardware comes with dozens of important considerations, and that goes doubly so for servers. The best way to guarantee your IT investments are getting the care they require is by partnering with a managed IT services provider. To learn more about our services, give us a call today.

Use This 9-Step Checklist To Ensure Your Data Is Safe, Secure And Recoverable

Summer is upon us… Time for a stroll in the park…softball…fishing…a few rounds of golf…

Yet how could you possibly relax if some random bit of malware, software glitch or cyber-attack catches you off guard just as you’re walking out the door? A well-designed secure computer network gives you the confidence that “all systems are go,” whether you’re having fun in the sun, or just getting things done with your team.

Here’s a quick nine-step checklist we use to ensure that a company’s computer network, and the data for that business, is safe and secure from disruption, if not absolute devastation:

  1. A written recovery plan. Simply thinking through what needs to happen when things go south, and documenting it all IN ADVANCE, can go a long way toward getting your network back up and running quickly if it gets hacked, impacted by natural disaster or compromised by human error.
  2. Have a clear communication plan. What if your employees can’t access your office, e-mail or phone system? How will they communicate with you? Make sure your communications plan details every alternative, including MULTIPLE ways to stay in touch in the event of a disaster.
  3. Automate your data backups. THE #1 cause of data loss is human error. If your backup system depends on a human being always doing something right, it’s a recipe for disaster. Automate your backups wherever possible so they run like clockwork.
  4. Have redundant off-site backups. On-site backups are a good first step, but if they get flooded, burned or hacked along with your server, you’re out of luck. ALWAYS maintain a recent copy of your data off-site.
  5. Enable remote network access. Without remote access to your network, you and your staff won’t be able to keep working in the event that you can’t get into your office. To keep your business going, at the very minimum, you need a way for your IT specialist to quickly step in when needed.
  6. System images are critical. Storing your data off-site is a good first step. But if your system is compromised, the software and architecture that handles all that data MUST be restored for it to be useful. Imaging your server creates a replica of the original, saving you an enormous amount of time and energy in getting your network back in gear, should the need arise. Without it, you risk losing all your preferences, configurations, favorites and more.
  7. Maintain an up-to-date network “blueprint.” To rebuild all or part of your network, you’ll need a blueprint of the software, data, systems and hardware that comprise your company’s network. An IT professional can create this for you. It could save you a huge amount of time and money in the event your network needs to be restored.
  8. Don’t ignore routine maintenance. While fires, flooding and other natural disasters are always a risk, it’s ever more likely that you’ll have downtime due to a software or hardware glitch or cyber-attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Deteriorating hardware and corrupted software can wipe you out. Replace and update them as needed to steer clear of this threat.
  9. Test, Test, Test! If you’re going to go to the trouble of setting up a plan, at least make sure it works! An IT professional can check monthly to make sure your systems work properly and your data is secure. After all, the worst time to test your parachute is AFTER you jump out of the plane.

Contact us at 800-421-7151or info@wamsinc.com, or visit wamsinc.com to schedule our Disaster Recovery Audit FREE of charge. Contact us TODAY to get scheduled!

2017 IT: Where it’s been and Where it’s Headed

Although we are not even halfway through the year, the world of IT has already changed so much! The Internet of Things, CRM Intelligence, Artificial Intelligence, and Security have been the hottest topics of IT in 2017 thus far. We conducted a survey of more than 200 law firms in Southern California in order to determine the top priorities for IT projects this year as well as the major driving forces in IT spending/budget allocation for 2017. It has been forecasted that businesses and firms will move to a Hybrid Cloud Solution as the primary model, and although this projection is due to advancing security strategies, your best bet for protection will be determined by the training of your staff.

Computerworld’s Forecast 2017 Survey of 196 IT managers, directors, and executives determined that productivity, security and compliance, client satisfaction, new revenue streams, and maintenance of service were all top priorities of which companies were looking to gain from IT in 2017; each category’s importance was dispersed relatively evenly. We however saw a large shift in the response of the 200 law firms that we surveyed, in which security and compliance were the most important priority of what was expected from their 2017 IT strategies. For law firms, this comes as no surprise; security and compliance are top priorities in avoiding any sort of malpractice suit because your clients’ data is precious and valuable. There is a clear pattern as to why security is such a strong concern, especially when adopting new solutions.

The Internet of Things

There has been so much hype around the “Internet of Things” in tech blogs lately, but what exactly is it? The Internet of Things (or IoT, for short) refers to a network of physical objects that feature an IP address of internet connectivity, as well as the communication that occurs between these objects and other internet-enabled devices and systems. Many homes are set up with smart thermostats, security systems, and lighting systems that are all controlled by a mobile device; this is an internet of things. Although currently only 12% of IT managers are actively pursuing an IoT project, it is projected to be more prevalent in the workplace in the near future.

IoT trends are forecasted to move toward more standardized solutions and a more rapid adoption in the consumer market as IoT solutions become more viable. The IoT provides real-time data analytics to the manufacturers of these products and solutions in order to better assess necessary changes based on consumer behavior; this is great for you as a consumer to enjoy a better experience but also has caused some to be leery about utilization of these solutions. It is predicted that as the IoT grows, so will cybercriminals’ attempts to target and compromise your solutions. This should not keep you from enjoying the benefits of an IoT solution, but this does mean that you need to ensure that it is being executed safely, because as attack attempts increase, so will security standards for IoT devices. Such a solution in your workplace may include turning on a light in your break room before you enter it, or having your coffee made before you leave your desk to retrieve it; these may be little things, but they can actually increase productivity and efficiency in the workplace.

CRM Intelligence

For law firms specifically, 2017 has forecasted a major increase of CRM (Customer Relationship Management) solutions. For those unfamiliar, at its core a CRM application maintains categorized lists of clients, prospects, and other important contacts. For each one it stores addresses, phone numbers, e-mail addresses, legal needs, and interactions with you, plus a wealth of biographical information. The applications track your interactions with clients and prospects, personalizing your communications. The key features that a law firm should expect from a CRM solution include task management, campaign and case management, contact management, lead management, and marketing automation. Additional benefits include mass email, strengthened relationships with clients, remote access, and social media integration.

The biggest trends we are seeing in 2017 include real-time hyper targeting, AI powered bots, multi-channel capabilities for social media, and most importantly, more platforms tailored to your specific job function. Do your research to ensure that you choose the solution that is best tailored to your needs. Capterra’s list is a great place to start.

Hybrid Cloud

Whenever the term “Cloud Solution” comes to mind for law firms, the biggest questions encompass security and compliance, as well as the ability to keep using your legacy software. When implemented correctly, firms often get to enjoy not only a more secure, but also more flexible solution. With a hybrid solution, your data and backups are stored off-site, so if anything happens to your network you are covered and able to restore your backup. In a hybrid cloud solution, you truly get the best of both worlds, and often benefit from cost savings as well, since you aren’t paying for all those expensive servers.

You may be afraid to make the leap to a solution involving the Cloud, but what many fail to realize is that if you do any banking online, use Office 365, or use social media for business, you already are operating in the cloud. As with any solution, there are risks associated with Hybrid Cloud solutions. You must ensure that your data  is protected and can be recovered easily by having redundancy. Your provider must have and honor a service-level agreement ensuring uptime and security on their solution.. We implement Cloud and Hybrid Cloud solutions at WAMS for our clients. Security is our top priority and we provide for all of our Cloud Connect clients a detailed service agreement..

Artificial Intelligence

The three largest categories of Artificial Intelligence breaking out in 2017 are Advanced Machine Learning, Business Intelligence, and, probably the most Sci-Fi of them all, Virtual Personal Assistants (VPAs). Advanced Machine Learning, in the field of data analytics, is a method used to devise complex models and algorithms that lend themselves to prediction. Business intelligence, or BI, is a term used to describe software applications that analyze an organizations raw data and related activities including data mining, online analytical processing, querying, and reporting. Business intelligence is useful for areas of your business such as monitoring your staff’s online activity to ensure productivity and security. Advanced Machine learning takes BI a step further and basically creates algorithms to analyze data and helps you to make predictions based on patterns.

When you think of a virtual personal assistant, you may be thinking of something out of a movie. The realistic VPAs of this time would be more like Siri or Alexa, which have become the norm for many people. It is however, predicted that more and more businesses will use virtual assistants to greet you, such as at an airport or at a front desk, and some can even communicate with you in various ways. On a business level, it has been projected that Artificial Intelligence will be used this year to automate processes, better organize unstructured data, create chatbots for marketing and customer service, and make business predictions through machine learning. On the consumer level it is predicted that “smart” everything will become the norm.

There are pros and cons to utilizing artificial intelligence, and it is important to be aware of when it is appropriate. Error free processing, intricate process automation, faster data insights, and better research outcomes are all pros of using artificial intelligence in the workplace. The cons that you may face are the fact that it is never good to rely solely on technology and we have seen a predicted threaten of job losses and over concentration of power due to the small amount of people that are creating these solutions. The ultimate pro and con of artificial intelligence is that it is smart, but isn’t too smart just yet.

Security

When considering the implementation of all of these new solutions and technologies, the number one focus should always be security. Staff awareness and training to combat cybersecurity threats is vital to your firm’s success. The ransomware industry is becoming an industry of its own, with its own customer support and cybercrime products popping up left and right. It has also been forecasted that cybercriminals will exploit browsers to find better ways to attack individuals, and there has even been talks of a twenty four hour internet shut down. This is why it is vital to protect yourself, have backups in place that you could restore data before it was compromised, and properly train your staff on awareness. Whether you want to implement an IoT solution, are ready to implement a CRM , think it may be time to move to the Cloud, or want to use artificial intelligence to better monitor your team, do your due-diligence by researching and always ensure that any of these solutions are secure.

3 Reasons Why Security is Better in the Cloud

If small- and medium-sized businesses think cyber security is impossible to manage now, just think about what it was like before the internet provided a way to receive IT support remotely. In today’s business landscape, enterprise-level solutions and security can be delivered from almost anywhere in the world. Read on to find out why that’s even safer than you realize.

Hands-on Management

Unless you have an overinflated budget, relying on local copies of data and software means IT staff are forced to spread themselves across a bevy of different technologies. For example, one or two in-house tech support employees can’t become experts in one service or solution without sacrificing others. If they focus on just cybersecurity, the quality of hardware maintenance and helpdesk service are going to take a nosedive.

However, Cloud Service Providers (CSPs) benefit from economies of scale. CSPs maintain tens, sometimes thousands, of servers and can hire technicians who specialize in every subset of cloud technology.

Fewer Vulnerabilities

Cloud security isn’t only superior because more technicians are watching over servers. When all the facets of your business’s IT are in one place, the vulnerabilities associated with each technology get mixed together to drastically increase your risk exposure.

For example, a server sitting on the same network as workstations could be compromised by an employee downloading malware. And this exposure extends to physical security as well. The more employees you have who aren’t trained in cyber security, the more likely it is that one of them will leave a server room unlocked or unsecured.

CSPs exist solely to provide their clients with cloud services. There are no untrained employees and there are significantly fewer access points to the network.

Business Continuity

The same technology that allows you to access data from anywhere in the world also allows you to erect a wall between your local network and your data backups. Most modern iterations of malware are programmed to aggressively replicate themselves, and the best way to combat this is by quarantining your backups in the cloud. This is commonly referred to as data redundancy in the cybersecurity world, and nowhere is it as easy to achieve as in the cloud.

The cloud doesn’t only keep your data safe from the spread of malware, it also keeps data safe from natural and manmade disasters. When data is stored in the cloud, employees will still have access to it in the event that your local workstations or servers go down.

The cloud has come a long way over the years. It’s not just the security that has gotten better; customized software, platforms and half a dozen other services can be delivered via the cloud. Whatever it is you need, we can secure and manage it for you. Call us today at 800-421-7151.

Tips on Prolonging Laptop Battery Life

Certain laptop brands have longer battery lives than others. But, there are power-saving techniques that help preserve battery power regardless of brand. Laptops are most useful to businesses with remote work policies, and if you spend the majority of your working hours on one, these tips on prolonging your its battery life will come in handy.

Manage Your Laptop’s Power Settings

Computer manufacturers are aware that battery life is an important consideration for most users, which is why many Windows and Apple computers have settings that help reduce battery consumption. Windows laptops have a Power Plan setting that lets you choose either a standard setting or a customized power plan; Energy Saver under MacOS’ ‘System Preferences’ offers a setting that allows you to adjust display and sleep controls.

Adjust Display and System Settings

You can also make adjustments to your laptop’s display and system settings to reduce brightness, turn off screensaver, disable Bluetooth and Wi-Fi (when they’re not used), and trigger the system to hibernate instead of sleep. A “sleeping” laptop consumes a little energy, but a “hibernating” laptop consumes absolutely none.

Use a Battery Monitor and Other Maintenance Tools

If you think your laptop battery drains unusually fast, access your system’s battery maintenance tool to check its status. If your laptop doesn’t have one, you can download an application that creates a battery health report. That report will include charge cycle count, which determines the number of charge cycles your laptop has; and battery life estimate, which states how much longer the battery will provide power based on its current settings.

Keep Your Laptop Operating Efficiently

One way to accomplish this is by managing your web browser usage. Having many tabs open on your browser drains your battery’s power and reduces your productivity.  When multitasking, close unused apps and programs – especially those that download files or play media, as they consume the most power. This not only helps reduce battery consumption, but also helps the user stay focused on the task at hand.

Handle your Laptop with Care

Laptops are delicate and require safe handling and a cool temperature. With the exception of a few models (e.g., Apple’s MacBook Air), many devices are designed with a cooling system that keeps its CPU, graphics processor, and other components from overheating; and not to mention, its battery from depleting fast.

For that reason, handling your laptop with great care ensures longer battery life and better overall performance. When using your laptop on-the-go, make sure you don’t block its vents from circulating air, which means you should never put it on a surface such as a bed or similar soft surface that could prevent its cooling fans from working. And while it may seem harmless – and appropriate – putting your laptop on your lap is actually unsafe.

For businesses with remote workers and/or bring your own device (BYOD) policies, a laptop that lasts all day allows employees to be more productive and saves your company from having to spend on new laptops or replace batteries as a result of neglect. For cost-effective strategies on business technology, call us today at 800-421-7151.

Homographs: The Newest Trend in Phishing

So much of cybersecurity depends on adequate awareness from users. Phishing for example, preys on people’s fears and desires to convince them to click on hyperlink images and text before checking where they actually lead to. However, with the latest trend in phishing, even the most cautious users can get swept up. Read on to educate yourself on how to avoid this dangerous scam.

What are Homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How Does This Lead to Phishing Attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The Solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today at 800-421-7151.

When Did You Last Update Your Firmware?

Most IT consultants constantly remind clients of how important it is to update and patch their software, but neglect the importance of updating hardware. We don’t mean replacing it with new hardware; we mean updating the applications and settings coded into the physical IT powering every modern office.

What is Firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is Firmware Security so Important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How Do I Protect Myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a D-Link or Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today at 800-421-7151.

Back Up your Mobile Devices Now

Mobile phones’ sizes and styles went through massive changes in the last few years. And as their looks and dimensions changed, so did their functions. With better capacity and bigger storage, mobile phones turned into veritable mini-computers that businesses were quick to adopt as a vital office tool. Naturally, hackers got the memo. With new schemes targeted specifically towards mobile devices, you’d be well served backing up the files in your mobile device, now.

Malware On Mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device Disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup Options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

6 Ways To Dodge A Data Disaster

You stride into the office early one Monday morning. You grab a cup of coffee, flip on your computer and start checking e-mail…

A note pops up that rivets your attention:

“Your files have been encrypted. Send $5,000 within five days or they will all be destroyed.”

You start sweating as your throat constricts and your chest tightens. Sure enough, every time you try to open a document, the same message appears. Your phone rings. It’s Bob in accounting, and he’s having the same problem. All files across your entire network have been encrypted. You contact the local police. They suggest you call the FBI. The FBI says they can’t help you. What do you do next?

  1. You pay the five grand, desperately hoping you’ll get your data back, or…
  2. You calmly call your IT pro, who says, “No problem, your backups are all current. No files were lost. Everything will be restored by noon, if not sooner.”

If your answer is “b,” you breathe a sigh of relief and get back to work as your backup plan kicks in…

Ransomware attacks are more common than ever, especially at smaller companies. That’s because small companies make easy marks for hackers. The average small business is much easier to hack than high-value, heavily fortified targets like banks and big corporations. According to Time magazine, cybersecurity experts estimate that several million attacks occur in the US alone every year. And that figure is climbing.

So how can you make sure you never have to sweat a ransomware attack or other data disaster? One sure solution is having a solid backup plan in place. When all your data and applications can be duplicated, you have plenty of options in the event of an attack. Here then are six ways to make sure you’re in good shape, no matter what happens to your current data:

Insist on regular, remote and redundant processes. A good rule of thumb is 3-2-1. That means three copies of your data are stored in two off-site locations and backed up at least once per day.

Guard against human error. Make sure people doing backups know exactly what to do. Take people out of the loop and automate wherever possible. And watch for situations where backups aren’t a part of someone’s regular duties.

Check backup software settings routinely. When new software or updates are put into service, a change in the way the settings are configured can cause incomplete backups, or backups that fail. Do the people who maintain your backups include this on their regular to-do list?

Make sure critical files aren’t getting left out. As resources are added and priorities shift, documents and folders can get misplaced or accidentally left off the backup list. Insist on a quarterly or annual meeting with your backup management team to make sure all mission-critical files are included in your organization’s data recovery systems.

Address network issues immediately. Any component in your network that isn’t working properly can introduce another point of failure in your backup process. Every juncture in your network, from a misconfigured switch to a flaky host bus adapter, can hurt your backups.

Ask for help with your data backup and recovery system. You cannot be expected to be an expert in all things. Yet data is the backbone of your business – its protection and recovery should not be left to chance. Leverage the knowledge, skill and experience of an expert who stays current with all the latest IT issues.

Data Recovery Review Reveals Backup System Vulnerabilities

Don’t let your company become yet another statistic. Just one ransomware attack can result in a serious financial blow if you’re not prepared. Visit wamsinc.com TODAY or call 800-421-7151 by April 30 for a FREE Data Recovery Review, ordinarily a $300 service. We’ll provide you with a complete on-site assessment of your current backup system to check for and safeguard against any gaps that could prove financially lethal to your business.

Why You Should Review Social Media Practices

With more and more social media platforms popping up all the time, it can be tough to keep track of social media policies and assess their effectiveness. However, if you fail to review them annually, your employees might get so obsessed with what’s trending on Twitter that they miss their deadlines. That would impact productivity and ultimately, your bottom line.

Avoid Legal Trouble
Do you remember Chipotle’s social media debacle in 2015? It lost a lawsuit for firing an employee that posted negative content on social media because it turned out that Chipotle’s social media policy violated federal labor laws. That’s why you should work with your legal team to keep your policies up to date: so they comply with the Federal Trade Commission and the National Labor Relations Board.

Protect Company Information
Social media policies can actually help safeguard sensitive data from hackers and cyber attacks, especially in a bring-your-own-device (BYOD) working environment. Employees must know the proprietary company information that must never be shared, as well as understand that confidential information – such as marketing tactics, non-public financials, and future product launches – are to be communicated only ‘internally.’ A good example is General Motor’s social media policy, which clearly spells out what can and can’t be disclosed to the public.

Define Which Kinds of Social Media Activities Aren’t Allowed
Although posting offensive or insensitive material on a company-branded social media page being is an obvious no-no, it still happens. For the people handling your company’s social media, what precautionary mechanisms are in place to avoid a public relations disaster? Are there rules for different platforms? Beyond that, however, is a lot of gray area when it comes to if and how employees will be held accountable for what they post on their personal profiles. When social media policies clearly outline how employees should behave online and the punishments that come with violating that agreement, you can deter rogue employee posts and avoid a viral fiasco.

Effective social media policies need to be fluid and responsive to the fast-paced modern business environment. Taking the time out to perform yearly social media policy reviews will save your employees a lot of confusion while helping your company steer clear of potential PR and legal nightmares. If you have further questions, don’t hesitate to send us an email or give us a call at 800-421-7151. We can direct you to software to help you monitor online activity.

Should Your Fear Government Surveillance?

Accusations of inappropriate government surveillance have been swirling after Wikileaks recently released thousands of pages supposedly detailing the CIA’s exploitation of compromised devices and applications. But in today’s climate, every headline needs to be taken with a grain of salt. Read on to find out what’s actually at stake and why you probably don’t need to worry.

What Devices and Apps are Supposedly Vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two Considerations before Freaking Out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering – and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS – surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today at 800-421-7151.

Malspam Campaign Personalizes Emails with Recipient’s Name and Address

A spam campaign is personalizing its emails with the recipient’s name and address so that more people will feel inclined to open the malicious attachment.

Sophos Labs has seen several versions of this scam pop up in recent weeks. But although the text differs across samples, all the emails generally follow the same format. The scam email includes the recipient’s first name in the salutation, their last name as the title of the attachment, and their physical address in the body of the message.

Here’s one example of the scam.

“Good day to you, [FIRST NAME]

I am disturbing you for a very important occasion. Though you don’t know me, but I have significant ammount of individual info about you. The fact is that, most probably mistakenly, the data your account has been emailed to me.

For instance, your address is:
[STREET ADDRESS] Borsetshire
ZZ99 3WZ

I am a lawful citizen, so I decided to personal details may have been hacked. I pinned the file – [LAST NAME].dot that I received, that you could view what data has become available for deceivers. Document password is – 3776.

Best regards,
[SENDER NAME] [sic]”

It’s not clear where the attackers obtain each recipient’s personal information. But considering the wealth of data breaches, it’s probable they purchased the data on an underground forum. They then could have used an automated tool to properly format the address based upon the recipient’s country of origin.

So what happens if the recipient clicks on the attachment?

Nothing too out of the ordinary. A Microsoft Word document opens and prompts the user to enter the password. It then asks them to “Enable Content”. If the user complies, the document tries two different web pages hosted on hacked servers and loads what appears to be a GIF file.

But as Sophos Labs senior security advisor Paul Ducklin explains in a blog post, there’s more to this file than meets the eye:

“In fact, the GIF file has just 10 bytes of valid header data, followed by a 256-byte decryption key, followed by about 0.5MB of binary data scrambled by XORing it with the decryption key repeated over and over. (This is known as a Vigenère cipher, named after a cryptographer from the 1500s who didn’t actually invent it.)

“The GIF header makes the file look innocent, even though it won’t display as an image, and the Vigenère scrambling means that the suspicious parts of the file aren’t obvious.”

At that point, the malicious code embedded in the Word document initiates a decryption process of the executable and saves it to the Temp folder. When Sophos Labs tested this attack vector, malware known as Troj/Agent-AURH infected their computer. The trojan enlisted their machine into a botnet and then awaited further instructions from its command and control (C&C) server.

This is not the first scam of its kind. We’ve seen other personalized campaigns targeting users in the UK and Germany. Those emails infected recipients with Maktub Locker ransomware and a banking trojan named Nymaim.B, respectively.

To defend against these types of scams, users should avoid clicking on suspicious links and email attachments. They should also not click on an attachment just because the email contains their personal information. Rather, they should generally assume someone gained their information from a data breach. They should therefore monitor their accounts for any signs that are indicative of fraud. If they believe the scam emails are more targeted in nature, they should report the attacks to law enforcement.

These are important online behaviors to keep your staff trained on. For more information on email security and training for best online practices, call us today at 800-421-7151.

As read on TripWire, article by David Bisson

Check Out this List of Free Ransomware Decryptors

We’ve gotten so caught up discussing ransomware prevention with our clients that we’ve neglected to mention that several strains have already been defeated. In fact, there’s a decent chance you can actually decrypt all your data for free. Always make sure to check these lists before responding to a cyber attacker’s demands.

The State of Ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Zombie Ransomware is Easy to Defeat

Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Kaspersky Lab’s No Ransom list
Avast’s free decryption tools
Trend Micro’s Ransomware File Decryptor
Fightransomware.com’s Breaking Free list
Prevention

But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware. First, train your employees about what they should and shouldn’t be opening when browsing the web and checking email.

Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.

Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting against a never-ending stream of cyber attacks – hand it over to us and be done with it. Call today to find out more:800-421-7151.

Which Type of Firewall is Right for You?

Software solutions are almost always more user-friendly than hardware solutions. There’s no need to worry about cabling, firmware, and power consumption. But when it comes to firewalls, a software solution just can’t measure up to its hardware counterpart. Make sure you have all the facts before deciding which is right for you.

Software firewalls

Calling a piece of software a “firewall” is a bit of an exaggeration. Installing it on a local hard drive is more like locks on a door than impenetrable walls. When data is scanned for threats by a software firewall, the information it contains has already been passed through your router, network switch, and finally your local hard drive.

Once the whole cycle has finished, software firewalls can prohibit risky activities based on blacklisted IP addresses, known malware definitions, and suspicious application requests.

Although these solutions do have value, they can’t guarantee that malware won’t spread to other systems before each packet of data can be scanned, unless they’re standing guard at your business’s gateway to the internet. And whenever the computer with the firewall is powered off, everything it protects is left unguarded.

Hardware firewalls

Because the drawbacks of a software-based firewall are centered around their inefficient network position, a hardware solution is the safer option. Hardware firewalls sit directly behind your router, so every single packet of data coming from the internet must pass through your gatekeeper before landing on any of your internal drives.

Most of these solutions include far more sophisticated controls than just web filtering and basic data scanning. Like most developments in the IT industry, newer hardware firewalls focus on “intelligent” functions that analyze huge datasets to recognize malware and cyberattacks based on irregular activities instead of relying solely on cataloged viruses and attack vectors.

Another benefit of hardware firewalls is that they’re always on. There’s no need to worry about whether the workstation hosting your solution will crash because these devices are built for 24/7 protection. The only downside to this type of solution is the level of monitoring and maintenance it requires. Hardware firewalls are extremely complex and managing them is no easy task.

“Cloud” firewalls

The most recent, and undoubtedly best, solution to network perimeter security are “cloud” firewalls. These are on-site pieces of hardware with software interfaces that can be managed remotely by certified security professionals.

This service model means that experts will monitor your network performance and security for anomalies while your team goes about its business as usual. No need for onsite tweaks and updates — all of it can be done remotely.

You may hear a lot of experts telling you that the age of on-site hardware has passed and everything can be done in the cloud. Remote administration may be the next wave in network services, but the need for hardware will never go away. If you need someone to manage your physical devices, contact us today.

Selecting the Perfect Office 365 Plan

Office 365 Business, Business Premium, Enterprise E1, E3, and E5. Each of these Office 365 plans offer different features and services. Implement the wrong one, and you may end up with a solution that doesn’t fully meet your company’s needs. To help your business select the right Office 365 license, we’ve summarized and listed the different features of each plan.

Business or Enterprise?

If you’re running a cloud-first business, you’ll have to decide between Office 365 Business and Enterprise. Both may have access to Office Online and OneDrive, but there are some notable differences between the plan.

For one, Office 365 Enterprise E3 and E5 plans have unlimited archive and mail storage space, while Business plans have a 50-GB storage limit and don’t provide archive access from the Outlook client.

When it comes to SharePoint, Business plans are short on enterprise search, Excel services, and Visio features. Additionally, unified communication solutions, Power BI, and Delve analytics are also missing from the Office 365 Business offering.

Although it may seem like Enterprise subscriptions are superior — and in some ways they are — Business plans are perfect for smaller companies running on a tight budget. Office 365 Business and Business Premium cost $10 and $15 per user per month respectively, while E5, the biggest Enterprise plan, costs $35 per user per month.

As a general rule, start looking for Enterprise plans when your employee headcount exceeds 50 people and users require more storage space and solutions.

E1, E3, or E5?
If you do opt for Office 365 Enterprise plans, you’ll have to examine the features and choose one of three plans (E1, E3, and E5) that suits your needs.

E1 offers basic enterprise solutions such as Outlook and Word, OneNote, PowerPoint, and Excel online for only $8 per user per month. Apart from this, users also get access to SharePoint Team sites, video conferencing, and Yammer for enterprise social media.

E3 provides all E1 features and adds data loss prevention, rights management, and encryption to ensure business security and compliance. While E5 is a full enterprise-grade solution with all the aforementioned features plus analytics tools, advanced threat protection, flexible Skype for Business conferencing, and unified communication solutions.

Small- and medium-sized enterprises will usually select either E1 or E3 subscriptions and decide to add third-party applications to meet cloud security and VoIP demands. But if you have the resources and prefer a fully-managed suite of Microsoft applications, E5 plans are the way to go.

Migrating to an Office 365 platform is a big step, and if you’re still undecided about which plan to opt for, contact us today at 800-421-7151. We don’t just provide Office 365, we assess your business and find the best solution that meets your budget and objectives.

“What do you mean I’m not safe from All Ransomware Attacks?!”

If your IT provider is anything like WAMS, then they do everything in their power to
protect you from all types of viruses, malware, and ransomware out there. Chances are that you
are paying accordingly for your protection and are getting sound advice from your provider. So
how is it that your IT provider cannot protect you from all attacks? After all, they should know
everything shouldn’t they?

We aren’t going to sugar coat things here… the truth is, we don’t and we can’t. But, we
can keep you as safe as possible. It’s unfortunate the way the ransomware industry, yes,
industry, is growing and changing today. Recently cybercrime has evolved into a full blown
industry; who would have thought that Ransomware as a Service would become a thing?
Criminals are getting smarter and constantly learning ways to get past what used to be viewed
as everything-proof security. The ones creating malware these days are just as brilliant as your
security solution experts; they have simply chosen the dark side of IT. It’s definitely a scary
thought, which is exactly why you need to equip yourself with as much security and protection
as is available to you.

Try to think of it this way: your IT provider in many ways is to your network system what
your doctor is to you. You visit your doctor when you are ill and come up with a solution for how
you will recover; what kind of treatment you will be needing. Most people also have regular
checkups with their physician even when they feel healthy just to ensure that everything is going
smoothly. Your doctor offers many preventative solutions as well, such as vitamins, diet,
exercise, and vaccinations. Your doctor is the expert, and yet even when following directions,
you still occasionally catch something. There are two aspects that your doctor cannot control
that can cause you to become ill: the environment and your actions. We all know that you have
minimal control over the environment; more importantly, your doctor can make
recommendations over and over yet without proper execution you are at a higher risk. Be it the
flu, a cold, a hereditary illness, etc. Try to think of your IT provider in the same way. Your
systems are monitored, updates are constantly implemented, and they protect you to the best of
their abilities. Your IT providers are the experts, but sometimes there are attacks that have
evolved; brilliant culprits who have figured out how to get past even the most up-to-date security
settings. And without proper security training, your staff may be your biggest risk factor for
allowing these infections to occur. Undoubtedly, a solution to fight and/or prevent these attacks
will be found quickly in most cases; that doesn’t mean that you may not be vulnerable. Like your
body to illnesses, there is always something out there that will present as a threat to your
system.

If your IT provider doesn’t have all the answers, then what are you to do? The reality is
that nobody truly has all of the answers; and probably never will. The best strategy is to plan for
the worst and have steps in place to limit the negative impact. We can stay up to date in every
way possible, follow every IT security blog, and do everything in our power to stay updated and
ahead of the game on the latest attacks. The problem is that much like real-life illnesses,
ransomware is changing and evolving rapidly. When new ones begin to attack, there may not be
a set solution for neither prevention nor destruction, other than wiping your system and restoring
from a backup. However, below is WAMS’s prescription on the many ways that you can prevent
yourself from future attacks.

1. Stay updated.
Work with an IT provider that keeps you in the know on the latest updates
regarding major attacks and security breaches. For instance, WAMS posts vital information
on social media, to blogs, and sends out a WAMS Warning email any time there is a culprit
on the rise or a security issue coming forward.

2. Work with an IT provider that you know you can trust.
Why is this so important? Your
provider will make recommendations based on your system’s needs. You need to feel
excellent about the recommendations you receive from your provider, and more importantly,
be 110% confident that it is in your best interest to implement those recommendations if you
want your best chance at avoiding ransomware attacks.

3. Know that you are compliant
with all necessary data security obligations. It is important to
know that you are HIPAA, SEC, FERPA, FTC, and ITAR compliant in your security and data
storage. You also may be subject to the Payment Card Industry Data Security Standards as
well.

4. Have redundant backups in place.
We truly cannot stress enough to you just how
important this is. If you do not have a redundant backup system in place and you are hit with
ransomware, you cannot retrieve your data unless you pay for the decryption key. The
number one problem with ransomware is that no matter how hard even the most brilliant of
IT providers try, decrypting ransomware without a key is completely unheard of. We’d like to
wave our magic wands and rid you of these nasty infections, but that’s not an industry
possibility… yet.

5. Email security. At WAMS, we implement Mimecast’s solutions not only for our clients but
internally as well because we know that we are protected from multiple different types of
attacks. Our solutions provide security, archiving, continuity, malicious Url defense,
attachment sandboxing, data leak prevention, and email encryption.

6. Mandatory security training
for your staff. We can’t control everything out there affecting
your network, but we can provide your team with security training and assist you in putting
together policies that will keep your network safe.

We can’t stress enough to you that this “prescription” is a list of steps for your best shot
at protecting yourself and avoiding future hits. Never underestimate the power that you give
criminals when you do not take the necessary precautions and allow yourself to be vulnerable. It
is vital that you are just as careful about the health of your network as you are about your own
health. Let your IT provider be your network doctor, and allow them to keep your system healthy.

“Lucky Charm” Keeps Hackers Out

Ralph’s been a good employee for you. Shows up on time. Gets the job done. Doesn’t hassle anybody.

He’s also a porn addict. When nobody’s looking, he’s visiting sites – on your network – that you’d be appalled to see. IF…you knew about them. Without careful monitoring and filtering, this kind of Internet use on your network can remain hidden.

Shocking? Hard to believe it could happen at your company? A survey by International Data Corporation (IDC) revealed that 70% of all web traffic to Internet pornography sites occurs during the work hours of 9 a.m. to 5 p.m. Ralph’s little visits may seem harmless, but they’re adding a serious level of risk to the financial health and security of your company.

Here’s how. A visit to an adult website can be tracked. And if a logged-in user’s identity is leaked, it can be embarrassing, to say the least, to that user. The user may even become a victim of “sextortion” or blackmail. Just ask any of the people who used Ashley Madison, a dating site for illicit affairs. When the site was hacked, users were suddenly at risk of having their indiscretions revealed. This gives cybercriminals a powerful lever to pressure an employee into revealing sensitive company data. Considering that 60% of security breaches start from within the company, you have to wonder what someone at risk of being exposed might do to keep their little secret, well…secret.

Let’s face it, if you’re not carefully monitoring and managing how your network is being used, your company’s data could be in serious jeopardy.

Content Filtering In Today’s Web 2.0 World
Whether you’re already monitoring user activity on your network or not, you need to stay vigilant about evolving risks. And content filtering is key. If your business is like many, you may already be doing some filtering. But is it enough? As technology evolves, hackers drum up ever stealthier ways to invade your network.

Cloud-based filtering, for example, becomes a must when mobile devices tap into your network. The old concept of a static, location-based “firewall” just doesn’t cut it anymore when your staff goes mobile.

Then there’s social media. It’s like a big window into the personal lives of your personnel. It lets cybercriminals “case the joint” before breaking in. For instance, when users log in to a personal Facebook account at work and talk about vacations, favorite hangouts or weekend activities, hackers can use that information for social engineering and other ploys.

The number of ways your network is exposed to potentially damaging content grows daily. It’s no wonder that 90% of companies and government agencies surveyed by IDC detected computer security breaches within the previous 12 months. Eighty percent of those organizations acknowledged financial losses due to these breaches. With odds like that against you, an up-to-date content filtering system could well be THE “Lucky Charm” that keeps your company, and your data, safe from all kinds of harm.

Fileless Malware is Back; Are You at Risk?!

How many times have you read a shocking headline, only to find the attached article incredibly underwhelming? Over the last several weeks headlines decrying the threat of “fileless malware” have been everywhere, but the truth is a little less scary. Let’s take a look at what’s really going on and who’s actually at risk.

What is This New Threat?

To oversimplify the matter, fileless malware is stored somewhere other than a hard drive. For example, with some incredibly talented programming, a piece of malware could be stored in your Random Access Memory (RAM).

RAM is a type of temporary memory used only by applications that are running, which means antivirus software never scans it on account of its temporary nature. This makes fileless malware incredibly hard to detect.

This isn’t the First Time it’s Been Detected

Industry-leading cyber security firm Kaspersky Lab first discovered a type of fileless malware on its very own network almost two years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

Where is it now?

Apparently being infected by this strain of malware makes you an expert because Kaspersky Lab was the group that uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyber attackers to withdraw undisclosed sums of cash from ATMs.

Am I at risk?

It is extremely unlikely your business would have been targeted in the earliest stages of this particular strain of malware. Whoever created this program is after cold hard cash. Not ransoms, not valuable data, and not destruction. Unless your network directly handles the transfer of cash assets, you’re fine.

If you want to be extra careful, employ solutions that analyze trends in behavior. When hackers acquire login information, they usually test it out at odd hours and any intrusion prevention system should be able to recognize the attempt as dubious.

Should I Worry About the Future?

The answer is a bit of a mixed bag. Cybersecurity requires constant attention and education, but it’s not something you can just jump into. What you should do is hire a managed services provider that promises 24/7 network monitoring and up-to-the-minute patches and software updates – like us. Call today at 800-421-7151 to get started.

Be the First to Enjoy New Office Apps

Microsoft churns out new Office 365 features for users almost every month. Last year, there were several additions to Word, Excel, and PowerPoint that further enhanced user experience. This year, Microsoft will likely introduce new features that can benefit businesses. If you want to stay on top of new Microsoft features and experience these advantages yourself, then the Office Insider program is for you.

Early access
Similar to the Windows 10 Insider program, the Office Insider program grants users early access to new features, security updates, and bug fixes months before they are available for the general public. Office Insider is available on two levels: the fast ring, where updates are rolled out more frequently but tend to have more issues, and the slow ring, where features are released slower but have little to no software bugs.

The features you have to look forward to include:

Calendar.help – When you sign up for the Office Insider Program you are immediately eligible to beta test Calendar.help, a machine learning feature that uses Cortana to schedule important calls, meetings, and events. When you need to set up an appointment over email, you can simply list your contact, add Cortana to the Cc: line, and state your meeting preferences.
Outlook – In January 30, Microsoft has increased Outlook 2016’s collaboration options. Insider subscribers can upload locally saved email attachments to OneDrive and collaborate with other employees.
Surface Pen – Surface device users in the Insider program can resize, rotate, and move objects in Word, Excel, and PowerPoint with the Surface Pen.
Competitive advantage
Because you’re getting early access to new applications, you’ll have more experience with the features compared to companies who wait for the general availability update. For example, you can test updates like PowerApps — a feature that allows businesses to create software without knowing how to code — and decide whether it’s right for your company months before other general users have worked with the product.

In other words, when your business can access and take advantage of Office 365 Insider features early, you’re essentially setting your company ahead of the competition since ‘late’ adopters will need to spend time getting acquainted with the new patch.

Feedback
The final benefit of the Office Insider program is that you get to voice your opinion on the upcoming features, raise awareness to certain software issues, and provide ideas on how Microsoft can make things better.

Overall, enrolling in the Office Insider program can open up your company to a wide variety of productivity-boosting features. The only question you have to ask yourself now is: Do I want to be at the bleeding edge of tech innovations?

Contact us today to find out how you can get on the inside and know the latest in Office updates.

3 Common Mistake in Virtualized Networks

Data storage may be one of the easiest facets of virtualization to explain, but that doesn’t make it immune to problems arising from confusion. There are a few things that can cause virtualized data storage to underperform, and most of them can be easily fixed by technicians who know their stuff. Read on to find out whether you might have fallen for one of these mistakes.

Poorly structured storage from the get go

Within a virtualized data storage framework, information is grouped into tiers based on how quickly that information needs to be accessible when requested. The fastest drives on the market are still very expensive, and most networks will have to organize data into three different tiers to avoid breaking the bank.

For example, archived or redundant data probably doesn’t need to be on the fastest drive you have, but images on your eCommerce website should get the highest priority if you want customers to have a good experience.

Without a virtualization expert on hand, organizing this data could quickly go off the rails. Ask your IT service provider to see a diagram of where your various data types are stored and how those connect to the software-defined drive at the hub of your solution. If there are too many relays for your server to pass through, it’ll be a slower solution than the non-virtualized alternatives.

Inadequately maintained virtualized storage

How long will your intended design last? Companies evolve and expand in short periods of time, and your infrastructure may look completely different months later. Virtualized data storage requires frequent revisions and updates to perform optimally.

Whoever is in charge of your virtualization solution needs to have intimate knowledge of how data is being accessed. If you’re using virtual machines to access your database and move things around, they need to be precisely arranged to make sure you don’t have 10 workstations trying to access information from the same gateway while five other lanes sit unoccupied.

Incorrect application placement

In addition to watching how your data is accessed as the system shifts and grows, administrators also need to keep a close eye on the non-human components with access to the system. Virtualized applications that access your database may suffer from connectivity problems, but how would you know?

The application won’t alert you, and employees can’t be expected to report every time the network seems slow. Your virtualization expert needs to understand what those applications need to function and how to monitor them closely as time goes on.

Deploying any type of virtualized IT within your business network is a commendable feat. However, the work doesn’t stop there. Without the fine-tuning of an experienced professional, you risk paying for little more than a fancy name. For the best virtualization advice in town, contact us today at 800-421-7151.

That Fake App Just Stole Your ID

Ryan loved tweaking photos on his Android phone.

He’d heard rave reviews from his friends with iPhones about Prisma, a new iOS app for image editing. So when he heard Prisma would soon be released for Android, he logged in to the Google Play Store to see if it was there yet.

To his surprise, he found one that looked just like what his friends were describing. Delighted, he downloaded and started using it. Meanwhile, the app (a fake) was busy installing a Trojan horse on his phone.

When he got to work the next day, he logged his phone into the company network as usual. The malware jumped from his phone to the network. Yet no one knew. Not yet, but that was about to change…

Now, this isn’t necessarily a true story (at least, not one we’ve heard of—yet…), but it absolutely could have been. And similar situations are unfolding as you read this. Yes, possibly even at your company…

Fake apps exploded onto iTunes and Google Play last November, just in time for holiday shopping. Apple “cleaned up” iTunes in an effort to quell users’ concerns, but hackers still find workarounds. Unfortunately, these fake apps pose a real threat to the security of your network. Especially if your company has anything but the strictest BYOD (bring your own device) policies in place. And the more your network’s users socialize and shop on their smartphones, the greater the risk of a damaging breach on your network.

Fake apps look just like real apps. They masquerade as apps from legitimate merchants of all stripes, from retail chains like Dollar Tree and Footlocker, to luxury purveyors such as Jimmy Choo and Christian Dior. Some of the more malicious apps give criminals access to confidential information on the victim’s device. Worse yet, they may install a Trojan horse on that device that can infect your company’s network next time the user logs in.

So what can you do?
First, keep yourself from being fooled. Anyone can easily be tricked unless you know what to look for. Take the following advice to heart and share it with your team:

Beware of Fake Apps!

In case you weren’t aware, one of the latest and most dangerous Internet scams is fake apps. Scammers create apps that look and behave like a real app from a legitimate store. These fake apps can infect your phone or tablet and steal confidential information, including bank account and credit card details. They may also secretly install on your device malicious code that can spread, including to your company network.

Take a moment and reflect on these five tips before downloading any app:
When in doubt, check it out. Ask other users before downloading it. Visit the store’s main website to see if it’s mentioned there. Find out from customer support if it’s the real McCoy.
If you do decide to download an app, first check reviews. Apps with few reviews or bad reviews are throwing down a red flag.
Never, EVER click a link in an e-mail to download an app. Get it from the retailer’s website, or from iTunes or Google Play.
Offer as little of your information as possible if you decide to use an app.
Think twice before linking your credit card to any app.

Most importantly, get professional help to keep your network safe. It really is a jungle out there. New cyberscams, malware and other types of network security threats are cropping up every day. You have more important things to do than to try and keep up with them all.

The Most “Bullet-Proof” Way To Keep Your Network Safe
Let’s not let your company become yet another statistic, hemorrhaging cash as a result of a destructive cyber-attack. Call WAMS TODAY at 800-421-7151, or e-mail me at alopp@wamsinc.com, and let’s make sure your systems are safe. We’ll provide you with a Cyber Security Risk Assessment to check for and safeguard against any points of entry for an attack.

How Can You Go From Reactive to Preventive IT?

Shopping around for a managed IT services provider is tough. You’re looking for a business to manage extremely complex and delicate technology, so they can’t be expected to get into the nitty gritty details of DNS-layer security, intrusion prevention systems, and encryption in their marketing content. But one thing does need clarification: What exactly are “proactive cyber-security” measures?

Understand the Threats You’re Facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate What It is You’re Protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a Baseline of Protection

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

Finalize a Plan

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
“Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.

Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
Antivirus software that specializes in the threats most common to your industry.
As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security by giving us a call for a demonstration at 800-421-7151.

Hyperconvergence Improves Virtualization

Don’t worry, we’ll keep this one simple. Virtualization is confusing enough, and hyperconvergence is one of the newest solutions within the field, making it even harder to grasp. The quick and easy summary is this: Hypconvergence is about virtualizing the hardware and software components required to deploy and manage databases and virtualized desktop infrastructures. Not simple enough? No problem, all we’re covering today is the great benefits you can achieve with this solution.

Using a hyperconvergence model to structure your network is very representative of the current trends in small- and medium-sized business technology. It’s about making enterprise-level solutions more accessible to those looking for a smaller scale. So although a lot of these benefits sound like the same points we argue for other technologies, let’s take a look at how they are unique to hyperconvergence.

Software-Centric Computing

It may not sound huge at first, but by packing everything you need into a single box, and wrapping that box with a flexible and adaptable management software, you empower your hardware infrastructure to receive more regular patches and updates. This makes it much easier to add more hardware later, or restructure what you’re currently using.

Unified Administration

Hyperconvergence consolidates a number of separate functions and services into one piece of technology. Whoever is managing your virtualization services can tweak storage, cloud, backup, and database settings and workloads from one place.

Streamlined Upgrading

Different hyperconvergence “boxes” come in different sizes and capabilities. So all it takes to scale up is buying another unit based on your forecasted needs. If you’re in a place where all you need is a little extra, purchase a smaller upgrade. But when you’re expecting rapid growth, a bigger box will ensure your IT can expand with your business.

Stronger Data Protections

Complexity is the achilles heel of most networked IT. When a small group of people are trying to stay on top of a mounting pile of account management settings, malware definitions, and data storage settings, it’s hard to keep constantly probing cyber-attackers from finding a security hole. But with a hyperconvergence infrastructure, your virtual machines aren’t built by bridging a series of third-party services together — it’s all one service.

Keep in mind that while hyperconvergence is simpler than most virtualization solutions, it’s not so simple as to be managed by in-house IT departments at more small- and medium-sized businesses. The benefit of a more unified virtualization solution when you already have a managed services provider is the speed at which your growth and evolution can be managed.

The better your technology, the faster we can make changes. And the faster we can accommodate your needs, the less downtime you experience. Call us today to find out more about a hyperconverged system.

4 Ways IoT Will Change the Game

From smart thermostats to wearable devices, the Internet of Things (IoT) has reinvented the ways both businesses and individuals connect. Many IT experts have even labeled IoT as a “game changer,” and while we’re usually skeptical of this term when it comes to new technology, IoT devices can open up your business to a multitude of possibilities. Here are four of them.

Improved Logistics
With IoT sensors, supply chain management and order fulfillment processes improve markedly to meet customer demand. For example, sensors on delivery containers and trucks in transit give managers real-time status updates, allowing them to track their items and ensure they reach the right location at the right time.

Streamlined Inventory
IoT also presents automation opportunities for businesses that need to manage and replenish their stock. When data recorded from IoT devices are tied to your enterprise resource planning (ERP) system, you can accurately monitor your inventory, analyze purchase and consumption rates of a particular product, and automatically reorder items when IoT sensors detect that supply is running low. This minimizes out-of-stock incidents and prevents excess stock build-up.

Fast Payment
Given how most payments are done electronically via point-of-sale systems or the internet, IoT has the potential to revolutionize the way businesses process transactions. We’re already seeing a few examples of this today as ApplePay not only allows users to purchase goods and services using smartphone applications, but through wearable technology as well.

Soon enough, IoT devices might even allow restaurants and retailers to register or charge their customers the moment they walk through the door.

Market insight
Businesses that can somehow make sense of IoT-collected data will gain a competitive edge. Marketers, for example, can gather valuable insight into how their products are used and which demographic is utilizing them the most. This information can then inform future marketing efforts and give businesses more direction on how to improve their products and services for their customers.

Although businesses will certainly face many challenges in implementing the Internet of Things, those who manage to overcome them will reap all the benefits of this burgeoning technology.

Want to know if an IoT deployment is right for your business? Contact our certified IT consultants today.

5 Reasons to Purchase CRM Software

Failure to understand your customers’ needs and wants could result in ill-informed marketing strategies. When your company can’t satisfy their demands, they’ll likely turn to your competitors instead. To prevent this, deploying a customer relationship management (CRM) system can make a world of difference. Here’s a handful of reasons to make the switch.

Grows With Your Business
The ol’ Rolodex may have been useful for managing a few clients, but you’re going to need a better solution if you plan to maintain relationships with hundreds, possibly thousands, more. CRM scales with your business, meaning it can handle larger data sets and more clients as you expand your sales operation.

Organizes Your Data
CRM software acts as a central database for all your sales records and transactions. This means important customer information can be retrieved in just a few clicks rather than rifling through thousands of documents, sticky-notes, and disorganized cabinets. And since CRM is hosted in the cloud, sales data, customer interactions, and other actionable information are available for the entire company.

Improves Customer Service
Your sales team could be the most persuasive individuals in the world, but this means nothing if they can’t recall anything about their clients and their preferences. When your sales staff follows up on leads or existing customers, CRM will automatically retrieve contact history, past purchases, and customer preferences from your client database and display them on a single page during the call.

From here, sales representatives, armed with detailed customer information, will be able to recommend products and services that meet the client’s needs. So instead of struggling through a sales call, marketing employees can focus on delivering a professional sales pitch.

Streamlines Your Sales Funnel
CRM comes equipped with workflow management functions, supporting your sales pipeline in a number of ways. For example, you can configure your CRM to send instant follow-up emails when a lead visits a particular product page. You can even use automation to track where certain leads are in the sales pipeline and delegate the task to one of your closers.

Analyzes Sales Data
With real-time sales information, business managers can track marketing campaigns and adjust their strategy accordingly. For instance, you might notice that click-through-rates for promotional emails and company newsletters are higher during Tuesday afternoon rather than Friday night. Having this information can help you focus your marketing efforts and message to generate more leads.

In addition, you can use CRM to analyze customer calling activity, market demographics, lead conversion rates, and key performance indicators to help inform future business decisions.

Understanding your customers can put you several steps ahead of the competition. If you need to manage contacts, eliminate time-consuming procedures, and improve your sales performance, CRM is the perfect business solution.

Email us today to find out whether CRM is the right fit for your business at info@wamsinc.com.

Chrome and Safari: Hackers’ Newest Tools

Filling out web forms often seems like an unbearably monotonous obstacle that gets in the way of online shopping, booking a plane ticket, and doing other types of online registration. With many of today’s transactions done online, people have become accustomed to relying on their browsers’ autofill function to save time. But being able to save time from manually filling in your information comes at a price, especially if you’re using Google Chrome, Safari, and Apple’s mobile-only Opera.

How Do They Do It?

By concealing other fields in a sign-up form, users are tricked into thinking they only have to fill out a few fields. The trickery at work is that upon auto-sign up, other fields, which could include your usernames, passwords, billing address, phone number, credit card number, cvv (the 3-digit code used to validate credit card transactions), and other sensitive information, are auto-filled with the user none the wiser.

This sinister trick is nothing new, but since there hasn’t been any countermeasure since it was first discovered, the threat it poses is worth emphasizing. Finnish whitehat hacker Viljami Kuosmanen recently brought to light how users of Chrome and Safari are particularly vulnerable, and he even came up with a demonstration of how this phishing technique is perpetrated. The technique is so sneaky, it’s enough to make one give up online shopping forever.

Using plugins such as password managers is also fraught with the security risk, as having access to such a utility empowers cyberthieves to do more than just obtain your credit card info; it opens them up to a great amount of personal details. As an alternative, we recommend using a secure software for passwords and usernames, such as LastPass of Dashline.

Preventing an Autofill-Related Theft: So what can you do to avoid falling prey?

Using Mozilla Firefox is one of the easiest available solutions. As of today, Mozilla hasn’t devised a mechanism that affords its users the same convenience that Chrome and Safari users enjoy with autofill. When filling web forms on Firefox, users still have to manually pre-fill each data field due to a lack of a multi-box autofill functionality – a blessing in disguise, given the potential for victimization in autofill-enabled browsers.

Another quick fix is disabling the autofill feature on your Chrome, Safari and Opera (for Apple mobile devices) browsers. This would mean that when filling out web forms, you’d have to manually type responses for every field again, but at least you’d be more secure.

It’s not exactly the most sophisticated form of online data and identity theft, but complacency can result in being victimized by cyber swindlers. Take the first step in ensuring your systems’ safety by getting in touch with our security experts today at 800-421-7151.

The Latest Apple Malware Takes Over Webcams

“The first…of the new year,” is often a coveted title – but not always. With a reputation as a hardware provider whose devices outshine its competitors in the field of cybersecurity, Apple certainly isn’t happy that “The first Apple malware of the new year,” was awarded so early on. We strongly believe in the safeguards installed on Mac computers, but that doesn’t mean you can justify a lax stance on cybersecurity. Take a closer look at this latest strain.

Where Did it Come From?

Dubbed ‘Fruitfly’ by the powers that be at Apple, it looks as though this relatively harmless malware has been hiding inside of OS X for several years. Fruitfly contains code that indicates it was adapted to move from a previous build of OS X to ‘Yosemite,’ which makes it at least three years old.

In fact, there are some lines of code from a library that hasn’t been used since 1998. It’s possible these were included to help hide Fruitfly, but experts have no idea how long it has been holed up inside the infected machines, or who created it.

What Does it Do?

So far, most of the instances of Fruitfly have been at biomedical research institutions. The administrators who discovered the malware explained that it seems to be written to grab screenshots and gain access to a computer’s webcam.

Considering the specific nature of its victims, and what it can accomplish, Fruitfly seems to be a targeted attack that won’t affect the majority of Mac users. However, Apple has yet to release a patch, and dealing with malware is not something to be put off for another day.

How should I Proceed?

We’re always harping on the importance of network monitoring, and now we finally have proof that we are right. Fruitfly was first discovered by an administrator that noticed abnormal outbound network traffic from an individual workstation. Until Apple releases a patch, a better-safe-than-sorry solution is to contact your IT provider about any possible irregularities in your network traffic.

We recommend these additional steps as well:
– Install a full-service internet security suite on your device and keep it updated.
– Keep all software up to date, as this helps to patch vulnerabilities in your software.
– Keep your firewall turned on.
– Never click on suspicious links or open suspicious emails.
– Don’t chat with strangers online.
– Lock down your wireless network with a strong, unique password.
– For maximum security, use a virtual private network for maximum security.

This particular malware targets apple products, but in the age of the Internet of Things it is vital to understand that hackers and malware are compromising webcams on all devices. Once the culprits are in your webcam, they can access anything that you have linked to your network. For additional advice and resources on how to keep your network secure, email us at info@wamsinc.com.

New Malware Tests Virtualization Security

One of the core principles of virtualized technology is the ability to quarantine cyber security threats easily. For the most part, vendors have been winning this security tug-of-war with hackers, but that may change with the resurrection of a long-dormant piece of malware that targets virtualized desktops. If your business employs any form of virtualization, learning more about this updated virus is critically important to the health of your technology.

What is It?

Back in 2012, a brand new virus called “Shamoon” was unleashed onto computers attached to the networks of oil and gas companies. Like something out of a Hollywood film, Shamoon locked down computers and displayed a burning American flag on the display while totally erasing anything stored on the local hard disk. The cybersecurity industry quickly got the virus under control, but not before it destroyed data on nearly 30,000 machines.

For years, Shamoon remained completely inactive – until a few months ago. During a period of rising popularity, virtualization vendors coded doorways into their software specifically designed to thwart Shamoon and similar viruses. But a recent announcement from Palo Alto Networks revealed that someone refurbished Shamoon to include a set of keys that allow it to bypass these doorways. With those safeguards overcome, the virus is free to cause the same damage it was designed to do four years ago.

Who is at Risk?

As of the Palo Alto Networks announcement, only networks using Huawei’s virtual desktop infrastructure management software are exposed. If your business uses one of those services, get in touch with your IT provider as soon as possible to address how you will protect yourself from Shamoon.

On a broader scale, this attack shows how virtualization’s popularity makes it vulnerable. Cyber attackers rarely write malware programs that go after unpopular or underutilized technology. The amount of effort just isn’t worth the pay off.

Headlines decrying the danger of Shamoon will be a siren call to hackers all over the globe to get in on the ground floor of this profitable trend. It happened for ransomware last year, and virtual machine viruses could very well turn out to be the top security threat of 2017.

How Can I Protect My Data?

There are several things you need to do to ensure the safety of your virtual desktops. Firstly, update your passwords frequently and make sure they’re sufficiently complex. Shamoon’s most recent attempt to infect workstations was made possible by default login credentials that had not been updated.

Secondly, install monitoring software to scan and analyze network activity for unusual behavior. Even if legitimate credentials are used across the board, accessing uncommon parts of the network at odd hours will sound an alarm and give administrators precious time to take a closer look at exactly what is happening.

Ultimately, businesses need virtualization experts on hand to protect and preserve desktop infrastructures. Thankfully, you have already found all the help you need. With our vast experience in all forms of virtualized computing, a quick phone call is the only thing between you and getting started. Call us today at 800-421-7151!

3 “Must-Do” IT Resolutions For 2017

“Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” That’s what The Evolution of Ransomware, a study by Mountain View, California-based cybersecurity firm Symantec, reported recently.

If you have any illusions that your company is safe from cyber-attack in 2017, consider just a few findings stated in a recent report by the Herjavec Group, a global information security firm:
-Every second, 12 people online become a victim of cybercrime, totaling more than 1 million victims around the world every day.
-Nearly half of all cyber-attacks globally last year were committed against small businesses.
-Ransomware attacks rose more than an astonishing 300% in 2016.
-The world’s cyber-attack surface will grow an order of magnitude larger between now and 2021.
-The US has declared a national emergency to deal with the cyberthreat.
-There is no effective law enforcement for financial cybercrime today.

Clearly, your company’s information and financial well-being are at greater risk than ever in 2017. You cannot count on the federal or state government or local police to protect your interests. That’s why we STRONGLY SUGGEST that you implement the following resolutions starting TODAY.

Resolution #1: Tune up your backup and recovery system. The #1 antidote to a ransomware attack is an up-to-date backup copy of all your data and software. Yet managing backups takes more than just storing a daily copy of your data. For one thing, if your business is at all typical, the amount of data you store grows by 35% or more PER YEAR. If your data management budget doesn’t expand likewise, expect trouble.

Resolution #2: Harness the power of the cloud — but watch your back. Huge productivity gains and reduced costs can be achieved by making full use of the cloud. Yet it’s a double-edged sword. Any oversight in security practices can lead to a breach. Here are two things you can do to harness the cloud safely:

– Determine which data matters. Some data sets are more crucial to your business than others. Prioritize what must be protected. Trying to protect everything can take focus and resources away from protecting data such as bank account information, customer data and information that must be handled with compliance and regulatory requirements in mind.

– Select cloud providers carefully. Cloud vendors know that data security is vital to your business and promote that fact. Yet not all cloud vendors are the same. You can’t control what happens to your data once it’s in the cloud, but you can control who’s managing it for you.

Resolution #3: Set and enforce a strict Mobile Device Policy. As BYOD becomes the norm, mobile devices open gaping holes in your network’s defenses. Don’t miss any of these three crucial steps:
1. Require that users agree with acceptable-use terms before connecting to your network. Be sure to include terms like required use of very strong passwords, conditions under which company data may be “wiped” and auto-locking after periods of inactivity.

2. Install a Mobile Device Management System on all connected devices. A good system creates a virtual wall between personal and company data. It lets you impose security measures, and it protects user privacy by limiting company access to work data only.

3. Establish a strong protocol for when a connected device is lost or stolen. Make sure features that allow device owners to locate, lock or wipe (destroy) all data on the phone are preset in advance. That way, the user can be instructed to follow your protocol when their phone is lost or stolen.

Managed Services for Cyber Security

Ransomware, Trojan horses, spyware and malware are things firms like yours don’t ever want to come across. While the term cyber security was once thrown around to scare businesses into purchasing security software, today’s sophisticated threats can have an immense impact, and often one that antivirus solution alone can’t handle. With that in mind, we’ve rounded up top cyber attack statistics that illustrate why you need managed services in order to remain safe and operational.

The Numbers

Small businesses are not at risk of being attacked, but worse, they’ve already fallen victim to cyber threats. According to Small Business Trends, 55 percent of survey respondents say their companies have experienced cyber attack sometime between 2015 and 2016. Not only that, 50 percent reported that they have experienced data breaches with customer and employee information during that time, too. The aftermath of these incidents? These companies spent an average of $879,582 to fix the damages done to their IT assets and recover their data. To make matters worse, disruption to their daily operations cost an average of $955,429.

The Attacks

So what types of attack did these businesses experience? The order from most to least common are as follows: Web-based attacks, phishing, general malware, SQL injection, stolen devices, denial of services, advanced malware, malicious insider, cross-site scripting, ransomware and others.

Why Managed Services?

Managed services is the most effective prevention and protection from these malicious threats. They include a full range of proactive IT support that focuses on advanced security such as around the clock monitoring, data encryption and backup, real-time threat prevention and elimination, network and firewall protection and more.

Not only that, but because managed services are designed to identify weak spots in your IT infrastructure and fix them, you’ll enjoy other benefits including faster network performance, business continuity and disaster recovery as well as minimal downtime. One of the best things about managed services is the fact that you get a dedicated team of IT professionals ready to assist with any technology problems you might have. This is much more effective and budget-friendly than having an in-house personnel handling all your IT issues.

Being proactive when it comes to cyber security is the only way to protect what you’ve worked hard to built. If you’d like to know more about how managed services can benefit your business, just give us a call at 800-421-7151, we’re sure we can help.

Don’t Dismiss Disaster Recovery for 2017

Over the previous months, you’ve probably heard about new and disruptive trends like virtual assistants, smartphones, and automation technologies. Some of these IT solutions may even be placed on top of your business priority list. However, with floods, fires, and power outages just around the corner, disaster recovery and business continuity plans should always have a place on your annual budget.

DR Isn’t A Huge Investment
A common misconception about disaster recovery is that it’s a large, bank-breaking investment. Expensive secondary data centers, networks, and server maintenance usually come into mind when a business owner is confronted with the idea of business continuity. And while that may have been true in the past, establishing a strong disaster recovery plan today is as simple – and as cheap – as going to a cloud-based disaster recovery provider and paying for the data and services that your business needs. Subscription pricing models are actually incredibly low, meaning you can have minimal downtime while still having enough to invest in new tech.

Onsite Backups Just Won’t Cut It

Although you might feel secure with a manual backup server down the hall, it is still susceptible to local disasters and, ultimately, does very little in minimizing company downtime. When disaster recovery solutions are hosted in the cloud or in a virtualized server, restoring critical data and applications only take a few minutes.

Business Disasters Can be Man-Made, Too
Even if your workplace is nowhere near frequent disaster zones, cyber attacks and negligent employees can leave the same impact on your business as any natural disaster can. Setting a weak password, clicking on a suspicious link, or connecting to unsecured channels is enough to shut down a 5-, 10-, or even 50-year-old business in mere minutes.

Sure, installing adequate network security is a critical strategy against malicious actors, but last year’s barrage of data breaches suggests that having a Plan B is a must. A suitable disaster recovery plan ensures that your data’s integrity is intact and your business can keep going, no matter the malware, worm, or denial-of-service attack.

Downtime Will Cost You
A business without a DR plan might come out unscathed after a brief power outage, but why risk the potential damages? Either way, downtime will cost your business. First, there’s the general loss of productivity. Every time your employees aren’t connected to the network, money goes down the drain. Then there’s the cost of corrupted company data, damaged hardware, and the inevitable customer backlash. Add all those variables together, and you end up with a business-crippling fee.

So, if you want 2017 to be the best year for your business, make the smart choice and proactively take part in creating your company’s business continuity plan. Your business will be in a better position financially with it than without it.

Keep your business safe, recover from any disaster, and contact us today at 800-421-7151.

New Ransomware Demands Sacrifice

It’s scary to think you can be simply browsing the Internet when WHAM! A screen pops up out of nowhere claiming that you have been hijacked and will need to pay a bitcoin to free your computer. Unfortunately, ransomware like this is not uncommon. But now there’s a new, more devastating virus that asks victims to pick other victims to replace them in order to get their computer information back safely. Read on to find out how Popcorn Time is turning the ransom game on its head – and how you can protect yourself from it.

Ransomware is nothing new. Cybersecurity miscreants have been taking advantage of online users for years by requiring payment to “unlock” a victim’s computer. What Popcorn Time does differently is give users the option to spread the virus to two other victims in the hopes that they will pay the ransom — a tactic that promises to double their money at the expense of your sense of morality (and at the expense of your friendships as well).

The Cost of Popcorn

When you inadvertently download this ransomware, you will be met with a screen that explains that your files have been hijacked/encrypted, and that to get them back you will need to pay one Bitcoin for a decryption key that they keep stored remotely. The Bitcoin fee is usually more than $700, a hefty price to pay during any season but particularly difficult for those infected right after the holiday season.

Spread the Wealth and Hope they Bite

What makes Popcorn Time unique is the option victims have to take their cost away by allowing the ransomware to affect two of their friends for a chance to get a free decryption code. Of course, it works only if both friends pay the ransom, which leaves you looking (and feeling) like a criminal yourself.
Avoiding Popcorn Time this Season

The easiest way to avoid downloading ransomware is to stay off of sites that might contain questionable files. However, this is nearly impossible for modern users, and many hackers are getting good at making their files look legitimate. Limit your exposure to potential ransomware by keeping your software up-to-date and your computer protected with a security program from a reputable company. If you need to learn more about how to avoid running into ransomware while you’re online, give our professional cybersecurity consultants a call at 800-421-7151. We’ll keep you away from the popcorn this year.

Collaboration-Driving Office 365 Updates

Communication might be the key to personal relationships, but collaboration is the key to business connections. That’s why many small- and medium-sized businesses are looking into Office 365, a productivity and collaboration-enhancing software that allows employees to stay productive on-the-go. Recently, Microsoft announced some new Office 365 features, and we’ve rounded up the four latest updates:

Real-time Collaboration in PowerPoint

Users will now be able to share a PowerPoint deck and update documents with others in real time. This means you’ll be able to see edits as your colleagues make them. Microsoft was committed to expanding real-time co-authoring of a company’s native applications, with Microsoft Word already rolling out this feature beforehand. Currently, real-time collaboration is available for PowerPoint on Windows desktops for Office 365 subscribers in the Office Insider program and for PowerPoint Mobile on Windows tablets.

Move Attachments to the Cloud and Share with Colleagues in Outlook

According to Kirk Koenigsbauer, corporate vice president for the Office team, this feature allows users to transform a traditional document into a shared cloud document within Outlook. Previously, Outlook users could only attach cloud-based documents to an email, but this new feature makes it easier to send large files and to collaborate on those files with ease.

Users can upload files into their own OneDrive or a document library as part of an Office 365 group and then designate sharing permissions for the email recipients. The new feature is currently available in Outlook on the web as well as Outlook on Windows desktops for Office 365 subscribers.

Mobile Notifications for Changes to Shared Documents

With this new update, users will be notified when any cloud documents in Word, Excel and PowerPoint are being shared or edited. These notifications let you know when changes are being made, even if you are away from a particular document, so you’re always connected and know when you have to act. This feature can be integrated with the activity feed on Windows desktops, and help businesses improve user collaboration. Koenigsbauer says that Microsoft will continue working on the notification feature “to provide more detail and transparency around shared document activity in the future.” Sharing and editing notifications are available for Word, Excel, and PowerPoint users on Android and Windows Mobile for Office Insiders. This feature will be available for commercial users in all Office mobile applications in the coming months.

Find, Open, and Save Documents in a ‘Shared with Me’ and ‘Recent Folders’ Tab

Microsoft’s “Shared with Me” tab in Word, Excel, and PowerPoint makes it easier for enterprise users to find and open shared documents without having to leave the app you’re working in. At the moment, the Shared with Me tab is available on Windows desktops and Macs for all Office 365 subscribers, iOS and Android devices included. And soon, it will be available on Windows Mobile. And the “Recent Folders” tab — used to help quickly locate files as well — is now available in Word, Excel and PowerPoint on Windows desktops for Office 365 subscribers in the Office Insider program.

Technology has become an integral part of modern businesses, and investing in the right IT resources is needed in order to achieve success. With the latest additions to Microsoft Office 365, small- and medium-sized businesses will enjoy enhanced staff collaboration, increased corporate productivity, and an overall competitive advantage.

Cyberhack Underscores Law Firms’ Vulnerability

Major U.S. law firms have become more vigilant in recent years about the risks of cyberattacks, but revelations this week of a major hack on two New York firms are a reminder that the industry remains vulnerable. 


The Manhattan U.S. attorney’s office unsealed a criminal indictment Tuesday against three Chinese men accused of using stolen law-firm employees credentials to access troves of internal emails at two law firms. The men, according to prosecutors, used details they obtained in law-firm partner emails about pending deals to make more than $4 million in illegal stock trades.

Legal-industry experts say law firms often lag behind corporate clients in data-security measures, even though they are entrusted with valuable trade secrets, market-moving deal news and other sensitive information that is attractive to hackers.
The reason behind the gap is twofold: Lawyers have only felt the treat recently, and law firms traditionally lag behind other industries in tying to become more efficient through technology, largely because they bill their services based on time.

“Law firms aren’t necessarily committed to things that don’t make them money per se,” said Neil Watkins, the senior vice president of security, risk, compliance, and privacy at legal-services company Epic Systems. Mr. Watkins said law firms are at least three years behind what’s become standard of data security in finance and other industries, though he says awareness is improving.

Starting a few years ago, large banks began requiring their top law firms to undergo data-security audits and meet stringent standards.
That level of scrutiny is now being applied by other sectors. Marsh, and McLennon Cos. general counsel, Peter Beshar, said that in recent months, he’s begun requiring his top 10 outside law firms to meet six cybersecurity standards, including using encrypted transmissions when sending messages externally, having detailed incident-response plans and securing $5 million in cybersecurity insurance coverage.

To help stay ahead of a breach, law firms have formed an information-sharing group to learn about new potential threats and system weaknesses from both each other and government agencies. The group, which so far counts more than 100 firms, helped disseminate information on a potential threat a few months ago and thwarted a hack, said Bill Nelson, chief executive officer of the Financial Services information Sharing and Analysis Center, which oversees the legal group and similar entities that focus on other industries. Los angeles family-law lawyer Stacy Phillips said the need to protect the personal information of her clients was at the top of her mind earlier this year the she merged hr boutique law firm into Blank Rome, LLP, a 600-lawyer firm based in Philadelphia. Investing in adequate data-security technology was becoming “prohibitively expensive” at the smaller firm, she said. “It was very much a stress,” she added.

Now at Blank Rome, she said the matrimonial practice, which holds extremely private information from client divorces and custody battles, has a double layer of security to ensure no one else at the firm can access their files.

As read in the Wall Street Journal
Written by Sara Randazzo

Why HTML5 leads the Charge for Chrome

Most people are familiar with the problems associated with loading a Flash-based page, from slower loading times to page crashes that require restarting the browser altogether. Now, Google has announced that its browser will disable Flash and initiate an HTML5 default that will eventually trickle down to every Chrome user. Learn more about how Google will transition the format of the information you find using Chrome and how this will impact your browsing experience.

The Current State of HTML5

HTML5 first hit the market in 2008 as a modification to its 4.0 version, adding a few changes and fixing bugs (as happens with most newer versions of programs). But it also promised to change the way developers design webpages and influence how browsers search for and view online information.

Most websites currently utilize a Flash-based display protocol, which is often slow and uses significantly more resources than HTML5 to accomplish the same tasks. By changing to an HTML5 default and requesting permission to use Flash, users have the advantage of faster load times and a more efficient browsing experience.

The Use of Adobe Flash

One benefit of using Flash for developers is purely aesthetic: Flash makes the website look good because the designs, colors and motion on the page are generally more eye pleasing. Unfortunately, the disadvantages far outweigh the advantages. Using Flash on a commercial website means slower performance, confusing navigation schemes, incompatibility with web analytics software, and limited visibility in some formats.

Google’s Plan to Phase Out Flash

Google Chrome users should begin to notice a change in how they browse websites starting this month, December 2016. Only 1% of Chrome users (and a handful of users using the beta browser) will be asked whether they wish to run Flash as they go about their Christmas shopping.

In January 2017, Google’s proprietary browser will begin asking users whether they wish to use Flash whenever they visit a new website. In February 2017, with the release of the newest iteration of the Chrome browser, users will be asked before Flash components run on a page. Finally, by October 2017 all sites will load using HTML5 by default and require users to physically enable the Adobe Flash to experience anything delivered in that medium.

Developers at Chrome hope that by stretching out the introduction of HTML5 default settings, web designers will have time to adjust their strategies away from Flash and toward a more user-friendly design strategy.

We suggest that you keep an eye on your website and keep up with your web developer to ensure that your site continues to run correctly on all browsers. Your web developer should be aware of the updates of all web browsers and must continuously check your site on these browsers to ensure that your site is displaying correctly and staying gorgeous.

Increasing Windows Update Speeds

One of the issues that face most users of Microsoft’s latest operating system platform is the amount of time and processing power required to perform Windows 10 updates. This issue causes problems both for businesses and individual users alike, because the newest Windows operating system processes these updates automatically. However, Microsoft has come up with a solution to the slow-update problem, and it may actually save you a great deal of frustration.

What Microsoft is proposing to streamline for the Windows 10 update process is a system known as a UUP or a Unified Update Platform. A Unified Update Platform is essentially a large series of changes to Windows 10, all of which occur behind-the-scenes and will not affect overall user experience. These changes will work to reduce the amount of processing power required to update Windows as well as make the updates move faster for Windows 10 users who need to keep things moving along quickly.

This UUP ambition will be accomplished in a number of ways, including significantly shrinking the size of the update files for all devices, and especially, making the Windows phone update process much more streamlined than it currently is. One of the ways Microsoft proposes to streamline and speed up the update process is by sending updates that are device-specific rather than distributing a full bundle of updates together, some of which are not necessary for the device in question.

Currently, Windows 10 updates essentially overhaul the entire version of Windows 10 that users have on their device. This makes the update process easier on Microsoft, but not on users. Instead of this system, the UUP will eventually allow updates to occur only to the specific programs and systems that need updating, leaving the rest of the operating system untouched. Larger system-wide updates will also be much faster and more efficient with the UUP system in place.

Should you have further questions about what this new Windows 10 update process could mean for you and your business, contact us as soon as possible. We can help you with all your operating system needs.

The Newest Cyber-Threats of 2017 to Watch For

The New Year is upon us, and with it comes a new batch of cyber threats. As advances are made in the world of technology, businesses anticipate changes that can make life more convenient. But, like snakes slithering into your home, cyber attackers also keep up with technological changes for their own nefarious ends. Knowing what you are up against is the first step to fighting these threats.

Increased Threats on Cloud Technology

Cloud service has numerous benefits to businesses. They make data storage, collaboration, and processing more efficient; they enable employees to work faster; and they help operations flow smoother. Cloud technology’s popularity is expected to rise well into the next few years, but as demand increases, so does the dangers presented by cyber attackers.

Ransomware Will Be Complex

Ransomware incapacitates computer systems by locking down files and preventing access for ransom. In its 2016 Threat Predictions report, security software company McAfee predicts a peak in ransomware attacks next year. Although they also predict it to recede by mid-year, damages to vulnerable cloud-dependent infrastructures can be great and costly. Most alarming in the prediction, however, is that in the coming year ransomware attacks will be more complex due to new elements.

Ransomworms, which use advanced victimization techniques to mine further data within an already compromised network, are expected to put an even crueler spin to an already formidable malware. Doxing, on the other hand, affects avenues such as social media and any place where sensitive, easily identifiable information can be extracted to serve the ultimate purpose of extorting money. Yet another wicked ransomware to watch out for is Backup Deletion, which destroys the very mechanism that can otherwise help you recover from a compromised system or files: your backup data.

More Threats to IoT (Internet of Things)-Enabled Devices

It is also predicted that 2017 will see attacks made on IoT-powered devices, which will make life harder for those who depend on technology that makes life easier. It targets medical devices and Electronic Medical Records, “connected cars”, basic domestic tools, and tech-driven wearables, such as smartwatches and fitness trackers. The danger posed by this intrusion is fully capable of corrupting information stored in your devices.

Advanced Cyber Espionage

Cyber espionage is by no means a novelty. In 2017, it’s expected to hold sway in cyber-threat prevention measures as it becomes even more complex. It encompasses all sectors of society, including individuals, private organizations, government institutions, and entire countries. Perpetrators will have the means to bypass networks by attacking firewalls and wreak havoc in their victims’ network. Fret not, for there will be measures in place to detect this threat also in the coming year.

Hackers are one of the most cunning criminals to have ever existed. While the cyber-police and the defenses they put up are no slouches, threats to security systems can still make technology-dependent individuals and businesses quiver. Although damaged networks can be repaired, compromised privacy restored, and stolen data returned, the amount of damage that hackers can cause might be irreparable and/or result in a significant dent in your IT infrastructure and budget. The value of a network security system makes itself known when you least expect it, which is why security should be a top priority.

Are your systems protected from these predicted remarkable feats of hacking? Call us if you want to discuss security services that are best for you.

Points to Ponder: Small Business Computers

Buying a computer for a small business seems like a simple task. You work from a budget, go to a store, buy the computer, and assemble the components. This would be true for small businesses from decades past, but times have dramatically changed. To keep up, small businesses must make smart decisions when it comes to purchasing computers. Whether your main consideration is software compatibility, availability, or even battery life, here are some of the things you need to consider when choosing computers for your small business.

Laptop or desktop?

Laptops are highly portable, efficient, and inexpensive. If these are the most important qualities your business requires in a computer, then by all means, choose them. Clearly, desktops aren’t built for mobility, but what they lack in portability, they more than make up for in storage, processing capacity, and security. Although laptops make perfect sense for small businesses with great need for portability, they are much more prone to security threats and are not as easy to upgrade and maintain, unlike desktops.
Processor

The Central Processing Unit (CPU), or simply processor, determines the speed at which you can access your data and perform business-critical tasks. Speed is measured in Gigahertz (GHz), and a processor that runs from 2 to 4 GHz should be plenty for small enterprises. Arguably the most important item on the list of a computer’s specifications, the processor plays a crucial role in your computer’s speed and efficiency.

Storage

As critical hardware components, hard drives indicate how much information you can store and use. Storage capacity typically ranges from 128 gigabytes on “light computers”, all the way up to 2+ terabytes on more critical machines. If your business doesn’t need to store large files such as videos and images and will be used mostly for email and a few applications, 250- or 500-GB storage should do the job. If processor speed is number one on your list of computer requirements, it’s followed closely by hard drive storage.
Operating System

Operating system (OS) decisions often boil down to choosing between Windows or Mac. It might help in your decision-making to know that Windows remains the most widely used OS mainly due to its high compatibility with business software, not to mention, its relatively cheaper price. Macs can perform just as brilliantly as Windows-operated systems can. And although Macs are usually more expensive, they’re well known for their own outstanding features, such as being less prone to crashes.
Other Components

Not to be confused with storage drives, a computer’s Random Access Memory (RAM) is only used to run open applications. It is responsible for keeping your computer performing at optimum speeds, especially when you’re working with several applications or programs at once. For small businesses, a 1200-2600-MHz RAM should suffice. The higher the MHz of your RAM, the higher its performance will be. To keep your basic programs running, 6-8 gigabytes of RAM is often satisfactory.

Ready to Buy a New Computer?

Deciding which computer to buy is an important business decision. While there are a handful of factors to consider, what you aim to accomplish in your business’s day-to-day operations should be your main consideration when choosing a computer. Businesses that require plenty of remote and mobile work should definitely go for laptops. Those that require regular transfers of large datasets could benefit from the increased storage capacity associated with desktops.

Do you need expert advice in choosing the best computers for your small business? We’re happy to guide you in every step of your purchase decision. Give us a call today at 800-421-7151.

How Automation Helps Small Business Marketing

Small business marketing has often been a difficult endeavor for small business owners. Marketing involves a great deal of time, effort, and can require significant financial investment. For a long time, marketing automation was something only enterprise-level businesses and corporations could afford, but with new technology, that’s no longer the case. Read up on the five most profitable benefits of this new IT innovation right here.

Instant Response to Email Request

If a customer or prospect sends your business an email via your website or a “Contact Us” form, any delay in response could ultimately cost you a client. But if you have a marketing automation plan in place, you can customize automatic email responses to respond to these leads as soon as an email is received. This lets potential customers know either the information they requested or that you will be responding in more detail soon.

Stop Leaving Voicemails and Start Closing Deals

There’s a reason most people prefer to communicate via email: Keeping in touch over phone can be tough if both parties are always busy. An automated system solves this by logging when you’ve contacted leads and automatically emailing them about follow-up times. The call, email, and its response are all logged in your CRM and calendar without a single minute wasted entering mundane information.

Inbound Lead Assignment

When you have phone calls, emails, and meetings piling up, it’s hard to keep track of which customer goes where and who is working with them. With marketing automation software and tracking, customer service representatives are automatically assigned to inbound leads based on specialities and demographics so they can begin working on building profitable rapport right away.

Give and You Shall Receive

Potential clients and leads get dozens, sometimes hundreds of business emails every day. You need something to set your business apart from the rest. By offering valuable content such as “How to” guides and “Total Cost of Ownership” tools in exchange for contact information, you can provide prospects with content they actually want.

All it takes is a web form and some creative writing that ultimately leads visitors back to your products and/or services. Your automation software delivers content to anyone who provides contact information, and it downloads metrics that can be tracked and analyzed by your solution.

Never Type Another Phone Number Again

Networking events mean new contacts and new leads. Although that used to mean thick stacks of business cards, cutting-edge marketing tools make it possible to take a picture of contact information and automatically convert it into a cloud database. Call-ins, scanned business cards, and received emails all get organized into a single digital rolodex with recommendations for whom to contact, and when is best to do so – without one minute of tedious data entry.

Every business owner knows that automating mindless tasks is a worthwhile investment. But not everyone knows just what sort of tools are available to help you cut down on wasted work. Our team can advise you in using technology to add value to your business, and if you’re not utilizing any of the solutions above – that’s the best place to start. Get in touch with us today to make your marketing technology work for you.

$1.5M Cyber-Heist Typifies Growing Threat

Efficient Escrow of California was forced to close its doors and lay off its entire staff when cybercriminals nabbed $1.5 million from its bank account. The thieves gained access to the escrow company’s bank data using a form of “Trojan horse” malware.

Once the hackers broke in, they wired $432,215 from the firm’s bank to an account in Moscow. That was followed by two more transfers totaling $1.1 million, this time to banks in Heilongjiang Province in China, near the Russian border.

The company recovered the first transfer, but not the next two. They were shocked to discover that, unlike with consumer accounts, banks are under no obligation to recoup losses in a cybertheft against a commercial account. That meant a loss of $1.1 million, in a year when they expected to clear less than half that. Unable to replace the funds, they were shut down by state regulators just three days after reporting the loss.

Net result? The two brothers who owned the firm lost their nine-person staff and faced mounting attorneys’ fees nearing the total amount of the funds recovered, with no immediate way to return their customers’ money.

Avoid Getting Blindsided

While hacks against the big boys like Target, Home Depot, and Sony get more than their share of public attention, cyber-attacks on small and medium-sized companies often go unreported, and rarely make national headlines.

Don’t let this lull you into a false sense of security. The number of crippling attacks against everyday businesses is growing. Cybersecurity company Symantec reports, for example, that 52.4% of “phishing” attacks last December were against small firms and businesses – with a massive spike in November. Here are just a few examples out of thousands that you’ll probably never hear about:

Green Ford Sales, a car dealership in Kansas, lost $23,000 when hackers broke into their network and swiped bank account info. They added nine fake employees to the company payroll in less than 24 hours and paid them a total of $63,000 before the company caught on. Only some of the transfers could be canceled in time.

Wright Hotels, a real estate development firm, had $1 million drained from their bank account after thieves gained access to a company e-mail account. Information gleaned from e-mails allowed the thieves to impersonate the owner and convince the bookkeeper to wire money to an account in China.

Maine-based PATCO Construction lost $588,000 in a Trojan horse cyber-heist. They managed to reclaim some of it, but that was offset by interest on thousands of dollars in overdraft loans from their bank.

Why You’re A Target – And How To Fight Back!

Increasingly, cyberthieves view Small Businesses and Firms as easy “soft targets.” That’s because all too often we have:

Bank accounts with thousands of dollars.
– A false sense of security about not being targeted.
– Our customers’ credit card information, social security numbers and other vital data that hackers can easily sell on the black market.

If you don’t want your company to become yet another statistic in today’s cyberwar against smaller companies, and your business doesn’t currently have a “bullet-proof” security shield, you MUST take action without delay – or put everything you’ve worked for at risk. The choice is yours.

Here are three things you can do right away:
1. Remove software that you don’t need from any systems linked to your bank account.
2. Make sure everyone with a device in your network NEVER opens an attachment in an unexpected e-mail.
3. Require two people to sign off on every transaction.

We are offering our Cyber Security Assessment at no cost to firms in the Greater Los Angeles and Orange County areas. Call us at 800-421-7151 or e-mail info@wamsinc.com to schedule.

Protect Yourself from this iPhone Video Bug

Although iPhone bugs and malware are typically unheard of, there’s one circulating the web that you should be aware of right now. The bug, which was discovered in Reddit, is a brief, five-second video that when played causes your iPhone to freeze and ultimately crash. So far the malicious video’s intentions are still unknown, but this trap can be easily avoided.

What is the video? As mentioned, the MP4 video initially seems innocuous enough. It portrays a man standing by a bed with the word “honey” across the screen. After one or two minutes of viewing the video, the affected iPhone becomes sluggish. It then freezes and becomes unresponsive, ultimately requiring a reset.

It appears that the bug takes advantage of a flaw within iOS memory management. The corrupted video generates a loop that causes the affected Apple device to use more memory, leading to a temporary crash.

Reports have shown that the MP4 is hosted on a video-sharing site, Miaopai. Since then, the video has been distributed in other social media platforms, online forums, and, more commonly, as a link via iMessage.

Tests have also found that the video effects the latest iOS version (iOS 10.1 and 10.2) all the way to iOS 5. So far, the bug doesn’t seem to affect other non iOS products. But regardless, all users should be careful of the video.

Although this video’s effects may seem worrying, there is a fix to the problems caused by the corrupt clip.

How to Perform a Hard Restart
The only way to recover from the crash is to do perform a hard restart. To do this, you simply have to hold down the power button and home button for a few seconds.

As for the iPhone 7, all you need to do is hold the power button and volume decrease buttons simultaneously to force a reset. In both cases, just hold the buttons until the Apple logo appears, and your device should restart normally.

Always be careful Even though it’s easy enough to fix, it’s probably best to avoid the crash bug altogether. Soon, Apple will introduce a new security patch for this vulnerability, but until the update is released, you should avoid clicking on suspicious MP4 video links no matter what platform you use.

And this is the same for other videos, URLs, photos, emails, and websites you encounter on the web. When it comes to traversing online worlds, it’s imperative to develop a critical mindset for everything you see in the internet. While this particular bug only slows down your Apple device, you might not be so lucky the next time you unwittingly click on an unknown iMessage link or email attachment.

If there’s any lesson we can learn here, it’s that you can’t be complacent no matter how secure Apple platforms may be. Want to protect your device from future security incidents like these? Contact us today at 800-421-7151, and we’ll provide you with sound advice and security solutions to nip these problems in the bud.

Security Breaches: Tips for Prevention

As long as businesses host valuable data, cyber criminals will continue to bypass the security protocols meant to protect this data. The causes of security breaches range from device theft or loss, weak and stolen credentials, malware, and outdated systems that use ineffective security measures. And with these five tips, you can take the first step toward making sure a security breach never strikes at your precious business data.

Limitation of lateral data transfers

Employees not being educated on data sharing and security is one of the biggest reasons for internal data breaches. It’s a good idea to limit access to important data and information by restricting access privileges to only a small number of individuals. Also, you can decide to use network segmentation to cut unnecessary communication from your own network to others.

Keeping Your Machines and Devices Updated

Internal breaches might also occur when employees work with unguarded or unprotected machines. They might unknowingly download malware, which normally wouldn’t be a problem if machines were properly managed. Updating your operating systems, antivirus software, business software, and firewalls as often as possible will go a long way toward solidifying your defense systems.

Use Monitoring and Machine Learning to Sniff Out Abnormalities

It’s not all on your employees, however. Network administrators should employ monitoring software to prevent breaches by analyzing what is “normal” behavior and comparing that to what appears to be suspicious behavior. Cyber criminals often hide in networks to exploit them over a long period of time. Even if you miss them the first time, you should monitor suspicious activity so you can recognize impropriety and amend security policies before it goes any further.

Creating Strong Security Passwords and Credentials

No matter how often we say it, there’s always room for improvement when it comes to your passwords and login procedures. In addition to text-based credentials, you should require other methods whenever possible. Great for fortifying your network, fingerprints and smart cards, for example, are much harder for cyber criminals to fake. Regardless of which factors are used, they must be frequently updated to prevent breaches, accidental or otherwise.

Security Insurance

In the end, no system is perfect. Zero-day attacks exploit unknown gaps in security, and human error, accidental or otherwise, can never be totally prevented. And for this reason, small businesses need to start embracing cyber insurance policies. These policies help cover the damages that might occur even under a top-of-the-line security infrastructure. Considerations for selecting a policy include legal fees, first and third-party coverage, and coverage for reputation rehabilitation.

Cyber security is definitely overwhelming – even for many seasoned IT professionals. But not for us. We spend our days researching and experimenting to craft the best security solutions on the market. If you’re interested in one of our cutting-edge cyber-security plans, call us today.

New Features Keep Office 365 Users Safe

The new features recently unveiled by Office 365 promise to bring business owners to a more secure and knowledgeable position in which to make important decisions regarding the future of their corporation. Microsoft expanded the popular program’s basic scope to include data protection and productivity tools, including the replacement of Delve Analytics with the MyAnalytics add-on. Let’s take a look at the three features Microsoft added to Office 365 and the implications of these new additions.

Azure Information Protection
Using Office 365 protection technology, also known as Azure RMS, this feature allows business leaders to mark sensitive documents and control who has access to information in various documents. The protection travels with the data, whether it is online or provided through another device. Business owners can mark a document as internal and keep it from being sent outside the company. Drop-down menus also allow users to apply trackable data protection in order to identify potential leaks and gain insight into how a business is structured.

Enterprise Mobility + Security Suite
Re-branded from the Enterprise Mobility Suite, this feature adds more security potential to sensitive data while allowing business owners to manage apps on any device from one location. Users have more control over identity-driven access and also encrypts data to allow secure collaboration among employees.

Productivity Insight
This feature, an addition to Delve Analytics, tracks an employee’s time management at the office. MyAnalytics for Outlook allows business owners or managers to see who has read, replied, and forwarded their email while also providing them with information on the the email sender. The feature also acts as a storage receptacle for shared files and contact information so they can be accessed quickly.

As Office 365 expands its services to include security and productivity features, companies using cloud-based servers have an advantage over old-school computer users. Not only do they have access to the technology to keep their data safe and accessible to employees, but they also have the management software to see where their efforts are paying off by way of productivity programs. If you need to know more about the new features of Office 365, give us a call at 800-421-7151. We can answer your questions and help you get the most out of the new Security and Productivity Insight additions.

iPad Mini 5 Feature Leaks

Contrary to everyone’s expectations, the new iPad Mini 5 will not be launched like other Apple products in September. People expect it to be launched in March 2017. The previous iPad Mini 4 is like the first iPad but slimmer and with additional features. iPad Mini 5 is expected to be an improved version of its predecessors. Here are the rumors circling the new product.

Among the top rumors and speculations concerning iPad Mini 5 are:

Thinner Design – There are speculations that the new iPad Mini 5 will be thinner than other models. Current iPads are already 6.1mm thin, but Apple plans to set a new record with a 5mm-thick tablet. Whether or not it will do away with the headphone jack like it did for the iPhone 7 is still unclear.

New Aluminum Chassis – The iPad Mini 5 will have a different chassis from the previous models. The new chassis will be made from 7000-series aluminum that has been used on iPhone 6s and iPhone 6s Plus. Because the iPad will be thinner, the new chassis will ensure it is durable and will prevent the tablet from any form of bending.

Smart Connector – It is rumored that the iPad Mini 5 will use smart connectors like the iPad Pro. The tablet will have a smart keyboard and other possibilities for connecting with other accessories.

Pricing – When it comes to pricing for the tablet, Apple is expected to keep the price of the iPad Mini 5 in line with that of its predecessors. Based on the pricing of the Mini 4, the price for the Mini 5 is not expected to be the same, but there is a possibility of a slight price increase on the new product. As always, the prices are expected to be higher for larger storage capacities.

Battery – Since the new iPad Mini 5 will be slim, the battery will be small in size and capacity. The battery will be made using improved technology, ensuring it does not affect the running of the iPad.

The iPad Mini 5 is a featured product expected to be launched in 2017. Users are eagerly waiting to see whether this iteration of the iPad will change the somewhat static smart tablet market. For additional information on Apple products and other tech-related topics, email info@wamsinc.com, and we will answer all of your questions.

Falling for It: Youth and Tech Scams

As long as there have been salesmen, there have been scammers trying to sell useless products. Traditionally the elderly have fallen prey to cold-call fraud, but now scam artists are getting tech-smart, and it’s the younger generation of computer users who are falling for scams. Let’s find out just what’s going on with this new trend, and why the tech-savvy are more vulnerable to it.

Results Conclude Youth is more Gullible

Microsoft recently conducted a survey of 1000 computer users of all ages and from many of the largest countries in the world to find out how many of them had been scammed by phony “technicians” claiming to be employees of Microsoft or other major computer conglomerates. The results were startling when studied demographically. Researchers discovered that seniors, who were traditionally viewed as the major victims of such fraudulent schemes, were not the most likely group to fall for the scam.

Research indicated that although seniors were most likely to buy into a telephone scam, they still did not fall for the act as much as younger age groups. The study found, in fact, that between the ages of 18 and 24, people were 2.5 times more likely to fall for the scam than seniors. Those between the ages of 25 and 34 were three times more likely than seniors to be tricked.

The scam that the Microsoft company recently studied involved the following scenario: Either a person calls claiming to be a technical support technician, or an email or pop-up alerts you that your computer is locked or otherwise compromised. In order to fix the problem, you need to call someone and pay for a program or provide access to your computer so some purported technician can solve the problem “remotely.”

If you fall for this scam, you are giving them funds for a false program or access to your computer – which also allows them access to your personal data and the ability to install malware onto your system. The study revealed that two-thirds of those surveyed (around 660 people) had experienced the scam first-hand. One in five had listened long enough to hear the story, and 1 in 10 actually gave the scammer money.

Why the Younger Demographic Became Easy Victims

While older adults often respond more to phone calls, younger people have learned to ignore phone calls, saving them from being phone victims. However, because younger adults spend the majority of their time online and often remain acutely aware of the status of their computer and online presence, they are more prone to react to a pop-up or email claiming that their computer is in danger. Nearly 60% of the adults aged 18-24 in the study say they were exposed to the scam through pop-up ads or online correspondence.

The takeaway here is simple: Cybersecurity is about more than just firewalls and antivirus software. You need to shore up the human side of your protection protocols. The best way to start is by doing some quick research on social engineering in our previous blogs, but ultimately you’ll need something a little more thorough. Contact us today at 800-421-7151 for more tips and to ask about scheduling a cybersecurity training for your employees.

Choosing the Right Computer for Your Firm

Running a firm, you probably work more than 40 hours a week to build your business up. From the intricacy of your clients’ needs to the mundane details of running a business, you’ve got your hands full making choices that can make or break your firm. One important decision you’ll have to make is about your firm’s computer hardware, in particular whether to invest in a desktop system or laptop. Keep reading for valuable tips on how to make the best choice for your business.

Portability

Modern desktop computers aren’t nearly as immobile as they used to be. In many cases the screen is thin and light, and all-in-one desktops are easy to unplug, move and plug in on the road. But there are still places the desktop cannot go. Laptops allow you to go anywhere, even places without electricity. But this ability to take your work anywhere can be counterproductive by creating more stress on employees who think they must work all the time.

Memory/Speed

Desktop computers often have more memory than laptops, and they’re faster speeds due to better processors. This is now changing as a result of advancing technology, but until the cost of high-powered laptops becomes affordable to the general public, the desktop computer is going to provide businesses with more speed. If your employees’ work is limited to word processing and emailing, laptops should be enough. However, anything more will probably require a desktop machine.

Security

An SMB’s computer hardware needs to be secure to ensure that private company information doesn’t end up in the wrong hands. On a desktop computer, the hardware is easier to defend against malware and adware. It’s also more physically secure because the desktop is often kept in one location and not easy to snatch. If you do choose the laptop route, make sure to have strict policies on how to protect machines that leave the office.

Price

Traditionally, the laptop has been cheaper and available to more people. This is true particularly for smaller notebook-style laptops. But desktop computers are becoming more affordable as more people have access to them through local channels. With a capable IT service provider, cost probably won’t be a deciding factor between the two options.

Quality

Although laptop computers provide the convenience of portability, over time they’re prone to problems with the battery and charging cord. They are also easily damaged. By contrast, desktops are generally more sturdy. But when they do experience a problem, it often leads to expensive repairs.

Final Recommendation

The desktop versus laptop debate is an old one, with supporters on both sides touting the advantages of their choice to all who will listen. A growing company really needs a combination of both types of computers. However, a desktop computer will be generally more reliable for the fledgling company owner to start with. Laptops should be added as budget permits to provide that extra portability and convenience.
If you have questions regarding the best choice for your company, give us a call at 800-421-7151. We’ll be happy to provide you the assistance you need to improve your business.

Communicate Better with the Outlook Update

Microsoft Outlook has recently gone through some major updates and renovations. These updates apply to anyone using Outlook 2016, Outlook 2013, Outlook 2010, and Outlook 2007. The purpose of all the massive changes to this oft-used communications tool is simple: to improve user experience and make this a streamlined and easy-to-navigate communications hub. Here are just some of the ways that the latest Outlook update changes the user experience.

Improved Contact Cards
One of the most welcome changes with the Outlook update is that the concept of the Contact Card has been greatly improved upon. In previous manifestations of Outlook, the information about contacts that was quickly available was limited to basic information such as name, phone number, and email address. With the new Outlook, Contact Cards can contain a person’s job title, their relationship to you, and what your most recent communications were so that you can better remember who you are talking to and what you were talking about.

Smarter Search Features
Searching contacts, emails, and other features of Outlook is easier with the latest update. Search features are now smarter in that they can go off of the first letter you type and retrieve your most frequent search requests starting with that letter. This speeds up searching and helps retrieve relevant information in seconds, not minutes.

People Section Enhancements
Outlook has also made some major improvements and enhancements to the ‘main people’ section of Outlook. You can now create smart lists of people based on common features. This will include your most frequently contacted people, groups based on job titles or departments, favorites, and those who need follow-up. These lists makes sending group emails to relevant contacts much simpler because you don’t have to scour all your contacts to find the right people.

Now that you know some of the ways that Outlook has changed the user experience with its latest updates, you can begin to put these to use in your business. Contact us by calling 800-421-7151 or email alopp@wamsinc.com to help you navigate those changes and put the benefits to use in your business and personal communications.

Windows 10 Releases New Security Patches

Windows 10 delivers comprehensive protection with built-in security features, including anti-virus firewalls and windows defender. The operating system also updates itself regularly to keep your security current and to continuously help safeguard against threats. Unfortunately, nothing is perfect, and Microsoft has announced some dangerous flaws hiding within Windows 10. But fret not, they’ve released patches for them all, and we’ve got the details right here.

Internet Explorer
In its Windows 10 announcement, Microsoft clarified that it found four zero-day flaws, which are vulnerabilities that have never been seen before. Of the four, the most concerning is the one that allows cyberattackers to remotely take control of your machine with full administrative rights via Internet Explorer. All that is required to deploy the malware is visiting a website with the corresponding code.
Microsoft Office also has a critical flaw that grants attackers the ability to corrupt memory and abuse privileges inherent to the user who opened the mischievous Office document. By amending how documents are saved and how code within a document is executed, Microsoft believes users will be much safer from email attachment schemes.

Exchange Server
For companies with on-premise servers, Microsoft Exchange Server patches need special attention. Without them, a malicious email could grant cyberattackers the ability to remotely insert and execute commands within the server. Patch MS16-108 provides cumulative updates and changes the way hotfixes and service packs are delivered. Lastly, it tries to ensure Microsoft Exchange Server follows a scheduled delivery model.

Microsoft Graphics
This security update for the Microsoft Graphics component of Windows 10 is considered ‘critical’ because of its presence throughout the entire operating system. Patch MS16-106 removes vulnerabilities in graphics processing protocols that would allow attackers to remotely control and exploit target systems.

If your desktops have not automatically updated themselves, users can trigger a manual update by opening the Settings window, selecting Update & Security, and finally Windows Update. Once there, simply select Check for Updates and follow the prompts to download and install the necessary updates.

Managing one machine is hard enough. If you’re struggling to keep an entire office up and running, chances are you feel like you’re treading water in steel-toed boots. For total monitoring and maintenance of all your Windows machines, call us today at 800-421-7151; we’ll throw you a lifeline and pull you aboard.