What you need to know about VPNs for Personal Use

With stories of large-scale data breaches and internet service providers tracking internet habits, online privacy is becoming a rare commodity. Incognito mode and private browsing features may be able to cover up your browsing history, but they don’t completely protect your online activities. You need a Virtual Private Network (VPN).

What is VPN?

Simply put, a VPN is a group of servers you connect to via the internet. Once you’ve established a connection, your computer acts as if it’s on the same local connection as the VPN, making it seem like you moved to a different location.

When you surf the web through a VPN, all the data transmitted and received is also encrypted, preventing anyone — from hackers to government agencies — from monitoring your online activities.

Why should you have one?

Of course, security and privacy are major reasons why you would want a VPN. For example, if you’re connected to a public WiFi network — like the ones you typically see in local cafes and airports — using a VPN encrypts the information you’re sending or accessing online. This means things like credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

VPNs are also useful for accessing geo-restricted websites. If you’re traveling abroad and certain US websites are blocked in that region, you can simply connect to a VPN located in the US to access the sites you need.

Which VPN should you choose?

Given the increasing demand for secure online privacy, VPNs are surging in popularity. The following considerations can help you find the right one.

1. Cost
While free VPNs are available, we strongly suggest you avoid them. These keep logs of your internet activity, and in some cases sell them to the highest bidder. Maintaining a VPN service is also expensive, which means the free ones will likely plaster ads on your browser to make a quick buck.

Paid VPNs like SurfEasy and StrongVPN often come with more robust features and configurations that keep you secure. What’s more, they don’t keep a record of the sites you visit and hound you with pop-ups that lead to dangerous websites.

2. Location
The physical location of VPN servers is important if you want to access region-blocked websites. So if you’re planning on accessing your VPN service while traveling, your VPN provider must at least have servers installed or accessible in the locations you will be in.

3. Capacity
Read through a VPN provider’s terms of service to determine how much data you’re allowed to use. If possible, find out how many servers a VPN provider has. If they have plenty of servers online, you can rest assured that they have the capacity to support your internet browsing.

4. Device compatibility
Another important factor to consider is whether the VPN can be used across multiple devices. Nowadays, employees work on laptops, tablets, and smartphones, so you’ll want a VPN that’s compatible with all these.

5. IP leaking
Finally, a great way to evaluate a VPN service is to sign up for their free trial service and visit https://ipleak.net/, which will allow you to check whether your real IP address is actually being leaked. If it manages to track your physical location, you need to opt for a more reliable VPN service.

The VPN services described in this article are for personal and private usage for home computers and personal laptops. These services may or may not integrate or work with corporate VPN’s that your firm or enterprise may currently be using.

VPNs are now a vital component of cybersecurity, and if you need help selecting the right VPN for your business or personal usage, consult with our security experts today by calling 800-421-7151 or emailing info@wamsinc.com. We also offer comprehensive cybersecurity services so no hacker or third party can get their hands on your data.

What’s New with the Chrome Cleanup Tool?

Even if you’re sure that the websites you visit are safe, harmful software can still slip through, especially when you download and install free programs and applications. As the world’s most popular browser, Chrome is especially prone to infection. Fortunately, Google has improved Chrome’s Cleanup tool for Windows by integrating the following security features.

Detect Hijacked Settings

Many users prefer to enhance their browsing experience by installing extensions or plug-ins, some of which could be malicious. When these extensions are installed, they could inject harmful ads into web pages or allow access to third-party servers without the user’s consent.

Google’s new hijacked settings detection function prevents this from happening. Once it detects an attempt by a third party to change your browser’s settings, it will automatically revert to Chrome’s default settings. And in case you suspect any unauthorized change in your browser, you can manually reset settings in Chrome.

Simplify Cleanup

You probably don’t remember downloading many of the files in your Downloads folder, but these are actually software and other attachments that were bundled with the software that you do use.

Chrome Cleanup’s newly simplified feature makes it easier for you to determine harmful files, easing the pain of sorting through and deleting tons of downloaded files. Whenever it detects a malicious software, users will get a pop-up message that offers them an easy way to remove the potential threat, get more details about it, or disregard it in case of false detection.

Maximize Removal of Nonessential Software

Aside from the simplified interface, Google also made some much-needed improvements in Chrome Cleanup’s performance, so it’s now capable of eliminating more junkware.

Tricking users into installing a program without their consent is one of the many characteristics of unwanted software that Google lists under its Unwanted Software Policy. To help fight against this and other browser security risks, the company has partnered with an IT security team to strengthen Chrome’s ability to detect and remove unwelcome add-ons.

It’s important to note that these upgrades don’t affect Chrome’s performance and speed because they work in the background. In addition, these changes are now available in Windows devices but will soon roll out to other platforms. In the meantime, if you want to find out more about browser and application security, contact our security specialists today at 800-421-7151!

Tips and Tricks to Prolong Laptop Battery Life

A laptop would just be a cold piece of aluminum with a flat battery if you don’t have a power socket at hand. It’s hard to get any work done when you’re peppered with pop-ups and warning messages when the battery power gets low. So here are some tips you can use to prolong the life of your precious laptop battery.

Some truths about your laptop battery

Batteries in many devices nowadays are lithium-based — either lithium-ion or lithium-polymer — so users must take note of the following guidelines for their proper maintenance:

  • They can’t be overcharged, even though you leave your battery plugged in for a long period of time. When the battery hits 100%, it’ll stop charging.
  • Leaving your battery completely drained will damage it.
  • Batteries have limited lifespans. So no matter what you do, yours will age from the very first time you charge it. This is because as time passes, the ions will no longer be able to flow efficiently from the anode to the cathode, thereby reducing its capacity.

What else can degrade your battery

Besides its being naturally prone to deterioration, your battery can degrade due to higher-than-normal voltages, which happens when you keep your battery fully charged at all times. Even though a modern laptop battery cannot be overcharged, doing so will add a stress factor that’ll harm your battery.

Both extremely high temperatures (above 70°F) and low temperatures (between 32-41°F) can also reduce battery capacity and damage its components. The same goes for storing a battery for long periods of time, which can lead to the state of extreme discharge. Another factor is physical damage. Remember that batteries are made up of sensitive materials, and physical collision can damage them.

How to prolong your battery life

Now that you know some facts about your laptop battery, it’s time to learn how to delay its demise:

  • Never leave your battery completely drained.
  • Don’t expose your battery to extremely high or low temperatures.
  • If possible, charge your battery at a lower voltage.
  • If you need to use your laptop for a long period of time while plugged into a power source, it’s better to remove the battery. This is because a plugged-in laptop generates more heat which will damage your battery.
  • When you need to store your battery for a few weeks, you should recharge your battery to 40% and remove it from your laptop for storage.

These are just a few tips on extending the life of your hardware. There are many more ways you can maximize your hardware efficiency and extend its longevity. Call our experts today to find out more at 800-421-7151!

Cybercriminals Confess

 The Top 5 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

The contemporary world is rife with digital thieves. They’re penetrating the complicated data structures of huge credit-monitoring companies like Equifax, scooping up the personal information of millions of people. They’re releasing sensitive customer data to the public from discreet businesses like Ashley Madison. They’re watching webcam feeds of our celebrities without them knowing; they’re locking down the systems of public utilities like the German railway system; they’re even managing to steal thousands of gigabytes of information directly from high-profile government entities like the CIA.

They’re also targeting small businesses exactly like your own and extorting them for thousands and thousands of dollars. When running a company, it’s vital to have a dedicated security team, equipped with the most up-to-the-minute security technology, on your side to protect you from these malicious cyberthreats. But it’s not enough to leave it to somebody else. You also need to be informed. Here are five of the most common ways hackers infiltrate your network:

1 Phishing Scams

You receive an e-mail in your work inbox coming directly from a high-ranking employee with whom you’ve been

working on a project. Inside is a link he needs you to click to access some “vital information,” but when you click it, it rapidly installs a host of malware on the computer, spreads through the network and locks out everyone in the company.

Phishing scams are the oldest trick in a hacker’s book – ever received one of those “Nigerian Prince” scams? – but they’re still wildly successful. Not only that, but they’re becoming increasingly more sophisticated. As Thomas Peters writes for “Newsweek,” “The best messages look like they’re trying to protect the company. One well-meaning system administrator even offered to post a PDF that could deliver malware on an internal server because it was called, ‘How to avoid a phishing attack.’” How’s that for irony?

2 Social Engineering

Social engineering is a type of “hacking” that uses real, well-intentioned people to carry out its schemes, rather than intricate lines of code. This is especially effective for gathering sensitive information that can later be used

in another type of attack – e-mail passwords used for phishing scams, for example. Maybe your IT guy receives a call from the “secretary” of one of your clients, pretending that they’re experiencing problems with your

service due to some firewall, a problem that your IT professional is more than happy to help out with. Before you know it, the caller knows the ins and outs of your entire security system, or lack thereof. Social engineers have been known to use phone company customer service departments, Facebook and other services to gather Social Security or credit card numbers, prepare for digital robbery and even change the passwords to your central data network security.

3 Password Hacking

You may think that your passwords are clever and complicated, filled with exclamation points and random numbers, but it’s rarely enough. With information gathered carefully from social engineering or a simple check on your employees’ social media accounts, hackers can easily use brute-force to figure out that your password

is the name of the family dog, followed by your anniversary (for example). That’s if they didn’t already manage to steal your password through one of the techniques listed above.

4 Fault Injection

Sophisticated hackers can scan your business’s network or software source code for weak points. Once they’re

located, they can surgically attempt to crash the system through snippets of code they splice in expressly for that purpose. Different commands can do different things, whether they want to deliver a devastating virus,

redirect links on your website to malicious malware or steal and erase vast swathes of information.

5 USB-based Malware

At the last conference you attended, someone probably handed out free branded USB sticks to keep their business top-of-mind. Hackers will sometimes covertly slip a bunch of infected USB sticks into a company’s stash. The instant somebody tries to use one, their computer is taken over by ransomware.

So What Can I Do About It?

It’s a scary world out there, with virtually everyone left vulnerable to digital attack. Knowing the strategies hackers deploy is half the battle. But, frankly, these techniques are constantly changing; it’s impossible to keep up by yourself.

That’s why it’s so important to utilize only the most up-to-date security solutions when protecting your business. Hackers move fast. You and your security technology need to stay one step ahead, and WAMS will help you to do just that. Give us a call at 800-421-7151 to find out how.

Benefits of Serverless Computing

“Serverless computing” sounds like a dream come true. It conjures images of a world where business owners don’t need to worry about purchasing expensive hardware or configuring complex software. But serverless computing isn’t just a dream, it’s the next big thing in cloud computing.

What is it?

Outsourcing workloads to the cloud — like websites and apps — requires just as much hardware as if the computations were performed in an on-site server. The only difference is the location of the server.

Office 365 or Google Docs are great examples of this model. Thousands of servers are set up to run these apps so there is always enough capacity to handle the millions of people who use these apps at any given moment. Microsoft and Google need to manage and maintain these servers 24/7 to keep up with demand so they’re always on and always ready to handle more workloads, even during off-peak hours.

Serverless computing changes everything by allowing developers to create apps and websites that use cloud resources only when they’re needed. So, if you were to create a web app, you wouldn’t need to pay for a dedicated cloud server. The cloud provider would host your app’s programming code and run it only when a user requested it. The cloud provider would take care of allocating the appropriate resources and charge by the second for what you use.

Who can benefit from it?

Serverless computing is for users who use cloud resources for processing power. If you’re using the cloud only to store files, serverless services aren’t going to help you. However, if you use the cloud to process information and turn it into something more useful, serverless computing will help you immensely.

An everyday example of this is Amazon’s Alexa. Every command the AI assistant responds to is nothing more than an app that sits dormant until a user tells Alexa to run it. Small businesses are creating apps in Amazon’s cloud that can be processed by the voice assistant without the burden of setting up a dedicated server.

Serverless computing isn’t about getting rid of servers; it’s about using their raw computing power without being forced to fine tune them first. It falls under the umbrella of virtualization technology and is another step in the right direction for small businesses working with limited budgets.

For more information about how virtualization can help you lower costs and increase efficiencies, give us a call today at 800-421-7151.

Google Weighs in on Account Hijacking

According to experts, passwords shouldn’t be the only way you defend your accounts. After all, hackers have plenty of tricks and tools to steal them. So to help businesses fully understand the risks involved, Google conducted a study on the causes of account hijacking.

The results
From March 2016 to March 2017, Google and UC Berkeley researchers examined three main ways hackers hijack accounts:

Keylogging software – a malicious program that records computer users’ keystrokes
Phishing emails – to lead people into dangerous websites
Stolen passwords – available to the highest bidder
In just one year, Google found 788,000 successful keylogging attacks, 12.4 million victims of phishing attacks, and 1.9 billion accounts exposed via login credentials sold on the black market.

Researchers suggest the reason so many accounts are hacked is because people tend to reuse their passwords, which means if one set of login credentials is exposed, other accounts could be compromised.

Phishing is also a big threat because it targets users — the weakest links in your cybersecurity. The strongest password or security system won’t mean anything if your employees constantly fall for online scams.

Protecting your accounts

There are several things you can do thwart account hijacking. For starters, you should set strong and unique passwords for each account to minimize data breaches.

While the general rule in the past was to set a complex password — a mix of letters, numbers, and symbols — recent studies suggest that longer, 20-character “passphrases” are much tougher to crack. If you find it difficult to remember several passwords, consider using a password manager, which not only stores all your passwords, but can generate strong passwords, too.

To deal with phishing attacks, you should activate multi-factor authentication on your accounts. This adds an extra layer of identity verification to your password (e.g., a fingerprint scan or a temporary security key sent to your phone), making your login details ‘unphishable.’

Security training is also crucial. This includes teaching your employees about what phishing attacks look like and instructing them on password protection best practices so they never fall victim to account hijacking.

The bottom line is not only that strong password security requires strong defense mechanisms; you and your employees must be vigilant, too.

Need more advice on keeping your business safe? Call us today at 800-421-7151! We provide critical security updates and comprehensive support services to help you stay well ahead of cybercriminals.

Beware of Sneaky Microsoft Office Malware

Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks

Beyond saying no, you can protect yourself by following these security best practices:

-Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
-View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
-Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.

Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.
Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started at 800-421-7151!

How The Cloud Could Have Averted Disaster For Hundreds Of Companies Affected By These Catastrophes

Two months after hurricanes Harvey and Irma wreaked havoc on coastal cities, large swaths of the United States are still reeling from their impact. In their wake, the nation has been moved as we witness numerous communities unite to rebuild, finding their bearings among the millions of dollars of flooding damage and rampant destruction. Though the wonderful people of these cities will persevere, these wounds will leave indelible scars on the affected areas.

Even with the concerted efforts of thousands of volunteers and community members alike, Russel Honore — the former Joint Task Force Katrina commander — told the FOX Business Network that an estimated “40% of small businesses don’t survive” widespread natural disasters like hurricanes. Part of this is due to raw damage, lack of proper insurance or business infrastructure simply being washed away in the flood. Other businesses can’t afford to hemorrhage money as they wait for the electricity grid to come back online, and are forced to shutter operations for good.

However, what is even more commonly fatal to companies both big and small is the loss of vital data. Many businesses can handle cleaning up flood damage, and they regain their footing quickly after a naturaldisaster. Still, if on-site servers, computers or network infrastructure soaks up the bruntof the water, then it’s going to be difficult, if not impossible, to get the company back to a pre-disaster point. If a company’s main server fails, it can mean thousands of hours of hard work down the drain, the loss of most clientele and hundreds of hours of downtime spent desperately trying to recover key data, which usually remains lost
forever.

But if, prior to catastrophe, a business has migrated their precious data to the cloud, they’re going to have a much easier time getting back on their feet and going straight to work. Even if an entire business is leveled, with cloud computing, employees can easily access the data central to the company’s operation and keep it afloat in
the interim.

Most cloud services back up your data with several levels of redundancy, making it almost impossible to lose it all, regardless of what may come. Whether it’s earthquakes, hurricanes or solar flares, you can rest easy knowing that your data is safe and sound and ready for you to access it. It’s a much safer, more secure way to go than having a server lurking in your back office, where it’s far more exposed than you might think.

This principle applies not only to environmental disasters, but to numerous other ways companies lose data each and every day. Whether it’s a disgruntled employee damaging or stealing precious data, or a hacker snaking their way deep into your systems and holding them for ransom, it’s all too easy to lose localized data. Some business owners feel uncomfortable holding their data off-site, citing security concerns, but it’s quite the opposite: the cloud sidesteps these concerns almost entirely, guarding your data behind highly secure cloud-based computing solutions and providing you with numerous backup options. Not to mention, according to a 2012 Alert Logic report, “on-premises environment users actually suffer more incidents” than those that use the cloud, and also suffer “significantly more brute force attacks compared to their counterparts.”

While it’s true that not every business is right for the cloud, it’s certainly something business owners should look into if they want to ensure the longevity of their company. If you’re interested, sign up to get our free cloud computing report.

Watch Out for the Huge KRACK in WiFi Security!

A fundamental flaw with WiFi networks has recently been discovered by two security researchers. According to their reports, the KRACK vulnerability renders advanced encryption protocols useless and affects nearly every wireless device. Read on to find out more about KRACK hacks and how you can defend against them.

What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 — a security protocol used by routers and devices to encrypt activity — and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices — like smart thermostats and IP cameras — rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks
Free public WiFi networks — even ones that are password-protected — in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today by emailing info@wamsinc.com.

How to Set Up Secure Guest Wi-Fi

Today, Wi-Fi isn’t only crucial for your employees to get work done, it’s also a necessary amenity for your office guests. But there’s a right and a wrong way to set up guest Wi-Fi and the latter can result in a frustrating experience for users. So, how do you set up guest Wi-Fi properly?

Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.

Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

Ways to create secondary Wi-Fi for guests

If you router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.

If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.

Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.

Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.

Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call at 800-421-7151.

Secure Your Passwords Now

For years, we’ve been told that strong passwords include three things: upper and lower-case letters, numbers, and symbols. And why wouldn’t we when the National Institute of Standards and Technology (NIST) told us they were the minimum for robust passwords? Here’s why and how it involves you.

The Problem
The issue isn’t necessarily that NIST advised people to create passwords that are easy to crack, but it did steer people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone, including you and your colleagues, to use passwords that are hard for humans to remember but easy for computers to guess.

The Solution

One cartoonist pointed out just how ridiculous NIST’s best practices were when he revealed that a password like “Tr0ub4dor&3” could be cracked in only three days while a password like “correcthorsebatterystaple” would take about 550 years.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

Multi-factor Authentication – which only grants access after you have successfully presented several pieces of evidence
Single Sign-On – which allows users to securely access multiple accounts with one set of credentials
Account Monitoring Tools – which recognize suspicious activity and lock out hackers

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do to fortify security, just give us a call at 800-421-7151.

New Version of Microsoft Office Announced

Do you use Microsoft Word, PowerPoint or Excel on a daily basis? You’re not alone. The Office suite has more than one billion users, and with a new version coming out next year that number could go up. Whether your organization currently uses Office or not, you need to be prepared for the next version.

Microsoft Office 2019: release and features

For the past ten years, Microsoft has updated its suite of productivity software every three years. The current version is Office 2016, and in sticking with the schedule Office 2019 will be available for purchase at the end of next year. However, previews of the next version will become available several months before the final release.

According to Microsoft, the newest version of Office will include:

-The usual Office applications (Word, Excel, PowerPoint, etc.)
-Office server programs (Exchange, SharePoint and Skype for Business)
-Security and IT management enhancements
-Improved “inking” features for touchscreen usability
-Streamlined data analysis features in Excel
-New PowerPoint presentation features like Morph and Zoom
-Office 2019 vs. Office 365

The biggest difference between Office 2019 and Office 365 will be price. For the former, users pay a one-time fee to acquire a software license. Once users have a license, they own that version of Office forever (although Microsoft will stop providing support 10 years after the product is released).

With Office 365, users pay a monthly subscription fee and can use applications as long as they don’t fall behind on the bill. Programs included in the Office suite can be accessed online or installed locally (as long as you connect to the internet at least once per month).

Thanks to cloud technology, Office 365 can be updated much more easily than other versions of Office. O365 users will probably have access to Office 2019 features around the same time as its release, possibly sooner.

The only drawback of Office 365 is its IT management requirements. Unlike its licensed counterparts, O365 requires one or more servers to be set up, domains to be maintained, and files to be migrated to the cloud.

Much like an O365 subscription, our managed IT services are charged based on a flat monthly rate. We can help your small- or medium-sized business enjoy all the benefits of the cloud. Just give us a call today at 800-421-7151.

The Best Computer Productivity Hacks

We’re all obsessed with finding new ways to become more productive. Business gurus often emphasize the importance of time management and taking breaks to avoid burnout. But aside from motivating yourself to work more efficiently, there are plenty of tools that increase your daily output. If you use a computer all day, check out these productivity hacks.

Monitor Productivity Levels
Start by tracking how much work you complete on an average day. Google Chrome Extensions like RescueTime record your most frequently visited sites, and track how much time you spend away from your computer. Running the app will provide you with a productivity rating and a detailed log of how you spend an average day.

If you find out you’re wasting a huge portion of your time on social networking, you’re more likely to make conscious adjustments on how you manage your time.

Get Rid of Clutter
Another way to increase output is by deleting old files, uninstalling unused programs, and organizing documents into appropriately labeled folders. This makes your work easier to find and improves your computer’s performance.

As for the clutter in your email inbox, Gmail and Outlook both have features that filter out unimportant messages. Simply enable Priority Inbox on Gmail or Clutter on Outlook to get a clean, spam-free inbox.

Block Time-Wasting Sites
Visiting non-work-related websites is a surefire way to hinder productivity. A quick, five-minute break to check your Facebook feed or watch a YouTube clip may not seem like much, but a few of those per day add up to a lot of time.

If you and your employees have trouble staying away from sites like Facebook, Instagram and Twitter, it’s a good idea to block access to them using URL filters.

Of course, if you want your employees to take occasional breaks during the day, you could use apps like StayFocusd or Strict Workflow. These allow you to set a limit on how long and how many times users can visit non-work-related sites.

Stay On Track with To-Do Lists
To-do lists help you break down large projects into manageable, bite-sized tasks. And perhaps the most satisfying aspect is crossing things off the list, giving you and your employees a sense of accomplishment and total visibility of your progress.

There are wide variety of digital to-do lists available today like Google Tasks or Trello. These platforms allow you to set deadlines for small tasks and write clear instructions for each item on the list. What’s more, they’re incredibly easy to use and are great for keeping track of your workflow.

Use Keyboard Shortcuts
Last but not least, mastering keyboard shortcuts will make it easier to perform simple functions than if you’re stuck looking for them in the toolbar. There are more than a hundred useful shortcuts, but some that you should always keep in mind are:

Ctrl + C, Ctrl + V, Ctrl + X – to copy, paste, and cut selected items
Ctrl + Z – to undo changes
Ctrl + T – to open a new tab on your web browser
Alt + Tab – to switch between open windows
Alt + F4 – to close the program
For many more like these, take a look at Windows’ list of advanced shortcuts.

These are just some of the tips every user should know to stay productive. If you need more ideas on how to get more out of your technology, call us today. We provide enterprise-level tools and advice that will make your life a lot easier.

Office 365 Web App Launcher Improvements

Do you sometimes wish you could get to your Office 365 applications faster? Microsoft has tweaked the Office 365 web app launcher so you not only get to your apps faster, but you also get to view your most relevant programs, files, contacts, and activities more conveniently. Here’s how it can make you more productive.

Key changes to the Office 365 main page

The newly added “Recommended” section displays activities — comments, edits, and @ mentions — on recently opened files. This gives users an overview of changes to recent documents.

Underneath the “Recommended” section is the “Recent” document column, which shows the most recent activities, while “Places” displays the SharePoint sites you frequently visit and the OneDrive folders you’ve recently accessed.

Being able to see the edits, shares, and comments on your documents makes collaboration more transparent among users within an organization, and these new upgrades make that possible.

What’s more, you can now search among online documents, web apps, SharePoint sites, and contacts within Office.com without having to open individual apps. For example, when searching for a document whose file name you don’t know, you can type in the name of the author and the results will show you the author’s profile and other relevant files and activities.

Web app launcher enhancements

One of the biggest improvements to Office.com, however, is how apps are displayed in the app launcher.

The main window of the new web app launcher has been redesigned to highlight the most frequently used apps. It will still show all the apps within your Office 365 subscription, but you can pin your most used apps or display all items in the main bar, which makes opening and switching between apps a lot easier.

You can also return to the main page with a single click of the Office 365 button from the App Launcher — no need to minimize or close each app.

Office 365 Gallery

Users aren’t always aware of every application included in their subscription, which is what the Office 365 Gallery is for. Its main function is to provide users with personalized suggestions of applications — and their descriptions — which may be useful to their active tasks. These suggestions include links to mobile and desktop-based versions of the applications they recommend, and resources for learning more about them. To access the Gallery, click “Explore your applications” from the Office.com main page.

Each of the changes in the new and improved Office 365 are aimed at simplifying and personalizing business users’ experiences, and we recommend exploring the tools available to you. Call us at 800-421-7151 to know more about Office 365’s productivity-enhancing applications and features.

What Are the Advantages of SaaS?

Almost every business relies on software to operate, and for most SMBs and firms, the costs of software — including license and maintenance — are painfully expensive. So is there a solution that allows you to leverage the power of software without a high price tag? One candidate is the software delivery service called SaaS. Read on to learn more about it.

What is SaaS and what makes it appealing?

Software as a Service (SaaS) is a software delivery model that allows you, as a user, to access software from any device via the internet. This gives you more flexibility since you won’t have to come to the office to use the software, but will be able to work from anywhere that has an internet connection.

As opposed to a traditional on-premises setup where software is stored locally, SaaS software is hosted in the cloud, eliminating the need to buy new hardware or spend money on its maintenance. Besides, by transferring software hosting to a third party, you’re also outsourcing all the responsibilities that come with maintenance such as upgrades and troubleshooting.

Another aspect that sets SaaS apart from using on-premises software is licensing. With on-premises, you purchase a license and pay yearly support fees; while with SaaS, you pay a monthly or annual subscription fee that covers licenses, support, and other fees. This is advantageous since it allows you to spread out costs over time, instead of purchasing licenses outright.

Will my data be safe?

One of the issues that makes companies reluctant to switch to SaaS is data security. Who will own my data? Will my data be safe? What if the vendor goes out of business?

First of all, when you’re outsourcing your software to a SaaS vendor, you have to sign a service level agreement (SLA). Make sure that the SLA specifies that you own the data and that the vendor is obliged to provide access to your data even if they go bankrupt.

Secondly, it’s likely that data hosted by your SaaS vendor will be more secure than when it’s stored on your average SMB’s or firm’s network. That’s because SaaS vendors have to undergo strict security audits, forcing them to invest more in security, backup technology, and maintenance than a typical SMB has to.

Should I switch to SaaS or stick to on-premises?

SaaS is an ideal solution for firms and SMBs with straightforward business models that are looking for a way to reduce upfront costs. But if your business is large or has complex business processes, a traditional on-premises solution might be a better choice since it offers more functionality and allows for full customization.

Still unsure about whether SaaS is the right answer for your organization? Want to know more about SaaS before making the transition? Call us today at 800-421-7151. Our experts are ready to answer any questions you may have about SaaS!

Equifax’s Leak: Lessons Learned

No business owner wants their customers’ data leaked, but no matter how well your prevention plan is, the unexpected can happen. And when it does, what will determine the fate of your business is how well you respond to it. So before you start planning an incident response, read the following story and recite this: Don’t walk in the footsteps of Equifax.

What happened to Equifax?

Equifax, the huge American credit agency announced in September 2017 that its database was hacked, resulting in a leak of tons of consumers’ private data, including personally identifiable information of around 143 million US citizens. It included names, social security numbers, addresses, birthdates, and credit card and driver’s license numbers.

Equifax responded by setting up a new site, www.equifaxsecurity2017.com, to help its customers determine whether they had been affected and to provide more information about the incident.

Soon after, Equifax’s official Twitter account tweeted a link that directed customers to www.securityequifax2017.com, which is actually a fake site.

Fortunately for Equifax’s customers, the fake phishing site was set up by a software engineer who wanted to use it for educational purposes and to expose flaws in Equifax’s incident response practice. So, no further harm was done to the already-damaged customers, and Equifax is left with even more embarrassment.

So what did Equifax do wrong?

One of the huge mistakes Equifax made in responding to its data breach was setting up a new website to give updated information to its consumers outside of its main domain, equifax.com.

Why? You first need to know that since the invention of phishing scams, phishers have been creating fake versions of big companies’ websites. That’s why so many major corporations buy domains that are the common misspellings of their real domains.

You should also know that phishers can’t create a web page on the company’s main domain, so if Equifax’s new site was hosted there, it’d be easy for customers to tell whether the new page was legitimate and not be fooled by a fake domain name.

What’s obvious from this embarrassing misstep is that Equifax had never planned for a data leak. And this is an unforgivable oversight by a company that handles the information of over 800 million consumers and more than 88 million businesses worldwide.

Don’t repeat Equifax’s mistake

Whether your business is a small startup or as big as Equifax, it needs to prepare for a data breach. Besides having a comprehensive network defense plan, you also need to have the right incident response plan in place.

So what you should do after you’ve discovered the leak is, first of all, be upfront with your customers and notify them as soon as possible.

You also need to establish a message that includes the following information:
How the leak occurred
How the leak could affect your customers
How you will prevent future attacks
What your company will do to support affected customers
You should also create a web page to keep your customers up to date. But remember, the new web page should be under your company’s primary domain name.

As we’ve seen from Equifax, an incident response plan that’s robust is a must. Feel free call WAMS at 800-421-7151 to talk to our experts about how you can come up with an acute one — so you won’t have to repeat Equifax’s apologetic statement, since it doesn’t help the company redeemged reputation at all.

Office 365 Threat Comes with New Techniques

If you’re using Office 365, you wouldn’t want to miss this news: Online scammers are carrying out a highly customized spear-phishing campaign to steal Office 365 users’ credentials and attack organizations internally. Get yourself informed and read on.

What makes it different from other scams?

The new threat comes in the form of spear phishing, an old familiar method in which hackers send emails that purport to be from trusted sources and dupe you into disclosing sensitive information. In this particular attack, the email messages are admirably well-crafted, making them even harder to spot.

The emails are also rid of the usual telltale signs such as misspelled words, suspicious attachments, and dubious requests. You might have to recalibrate what you know about phishing scams, because this new threat ticks all the boxes that make it look legitimate.

How does it work?

The hackers behind the attack craft personalized messages, pretending to be from trusted sources, such as your colleagues or Microsoft itself, and send them to your inbox. The messages could contain a link or a PDF file that leads to a legitimate-looking landing page. Upon clicking the link, the user will be prompted to enter his or her credentials, which the hacker will use to launch attacks within the organization.

Once they gain control of your account, they might set up new forwarding rules to monitor your communication patterns, which will be useful for their future attacks. They might even use your account to send further phishing emails to your co-workers to collect more sensitive information.

As for the phishing emails with PDF attachments, there will be instructions to fill in username and password to view the document. And once you do, your account is no longer yours.

Another way they can get your credentials is by sending an invoice that requires you to log on to a web portal to view the file. Attackers can also use this technique to trick you into performing a certain action, such as forwarding sensitive information or paying an invoice.

What can you do to stay protected?

Your first line of defense is multi-factor authentication, whereby you use a password and another authentication method — like an SMS code — to secure your account. This function is already included in Office 365 and here’s a step-by-step guide on how to activate it.

The second line of defense is training yourself and your employees to spot common phishing techniques. In particular, verify the accuracy of the wording and the sensibility of the requests in the messages.

For good measure, your organization can also install an email-validation system which is designed to detect and prevent email spoofing, such as the Domain-based Message Authentication, Reporting and Conformance (DMARC).

Identifying phishing emails and planning and implementing a robust defense system are ways to protect you and your organization against the new Office 365 threat. For tips on how to spot this type of scam and how to plan thorough security practices, contact our experts today at 800-421-7151.

SMBs Survive Disasters With Virtualization

Hurricanes Harvey and Irma caused millions of dollars in damages. Some of that damage was unavoidable, but hundreds of businesses managed to stay open thanks to innovative virtualization solutions. If you’re not already taking advantage of this technology, it’s time to find out what you’re missing.

Virtual desktops

In most offices, employees are still dependent on desktop computers. Their workstations grant them access to everything from customer relationship software to company databases and when these computers go down, there’s no way to get work done. Virtualized desktops allow users to access their files and even computing power from across the internet.

Instead of logging on to an operating system stored on a hard drive just a few inches away from their keyboard, employees can take advantage of server hardware to store their files across a network. With barebones computers, employees can log in to these virtual desktops either in the office or from home. Floods, fires and other disasters won’t prevent your team from working because they can continue remotely.

Virtual applications

Devoting a portion of your server’s hardware and software resources to virtual desktops requires a fair amount of computing power. If the majority of your employees’ time is spent working with just one or two pieces of software, you can virtualize just those applications.

If a hurricane destroyed your office and the hardware inside it, virtualized applications can be restored in minutes. They don’t need to be installed on the machines that use them, and as long as you have backups these applications can be streamed to employee computers just like a cloud-based application.

Virtual servers

If you use virtual desktops or applications, it makes perfect sense to use virtual servers as well. With a little help from a managed services provider, your servers can be configured to automatically create virtual backups. Beyond preventing data loss, these backups also make it possible to restore server functionality with off site restorations.

Virtualized servers are incredibly useful when clients need access to a website or database that you maintain in the office. For example, if you provide background checks on tenants to rental property owners through your website, an unexpected power outage won’t cause an interruption of service. Your virtualization solution will boot up a backup server away from the power outage and your customers will be none the wiser.

The benefits of virtualization extend far beyond disaster recovery planning. Your business can also reduce IT costs and increase hardware capacity — all it takes is some help from trained experts. Call us today at 800-421-7151 to learn more about what we can do for you.

DR Tips for Floods and Hurricanes

The trail of devastation left by Hurricanes Harvey and Irma has reminded us once again that coastlines and even entire regions of the country can be demolished by natural disasters. While catastrophes cannot be prevented, planning around them with a well-crafted disaster recovery (DR) strategy can help minimize the damages and keep your business alive.

Pay attention to location
First and foremost, your backup site should be in a hurricane-free zone. Ideally, your offsite facility should be located at least 100 miles away from your main location. If this isn’t possible, make sure it is built to withstand wind speeds of 160 mph (as fast as Category 5 storms), and is supported by backup generators and uninterruptible power supplies.

You should also request an upper floor installation or, at the very least, keep critical IT equipment 18 inches off the ground to prevent water damage.

Determine recovery hierarchy
Certain parts of your IT are more mission-critical than others. Ask yourself which systems or data must be recovered in minutes, hours, or days to get your business back to running efficiently.

For example, you may find that recovering sensitive customer information and e-commerce systems take priority over recovering your email server. Whatever the case may be, prioritizing your systems ensures that the right ones are recovered quickly after a disaster.

Use image-based backups
Unlike fragile tape backups, image-based backups take “snapshots” of your systems, creating a copy of the OS, software, and data stored in it. From here, you can easily boot the virtual image on any device, allowing you to back up and restore critical business systems in seconds.

Take advantage of the cloud
The cloud allows you to host applications and store data in high-availability, geo-redundant servers. This means your backups can be accessed via the internet, allowing authorized users to access critical files from any device. Expert technicians will also watch over and secure your backups, allowing you to enjoy the benefits of enterprise-level backup facilities and IT support.

Back up your data frequently
Back up your data often, especially during disaster season. If your latest backups were created on the 15th of September and the next storm, Hurricane Jose, makes landfall on the 28th, you could lose nearly two weeks of data.

Get in the habit of replicating your files at the end of each day, which should be easy if you’ve opted for image-based backups.

Test your DR plan
After setting up your backups, check whether they are restoring your files accurately and on time. Your employees should be drilled on the recovery procedures and their responsibilities during and after disaster strikes. Your DR team should also be trained on how to failover to the backup site before the storm hits. Finally, providers, contractors, and customers need to be notified about how the hurricane will affect your operations.

As cell towers and internet connections may be affected during this time, make sure your company forums are online and have your employees register with the Red Cross Safe and Well website so you can check their statuses.

It’s nearly impossible to experience little-to-no disruptions during disasters like Harvey or Irma, but with the right support, you can minimize downtime. If you’re concerned about any natural disasters putting you out of business, call us today at800-421-7151. We offer comprehensive business continuity services that every company must have.

What Will You Do When This Disaster Hits Your Business?

In today’s world of rampant cybercrime, every savvy business owner knows the necessity of locking down their data. However, we find that the cyber security technologies used by the vast majority of businesses are woefully out of date. Sure, your current solution may have worked great, but digital threats to the safety of your company are constantly evolving. Criminals will eventually attempt to breach your data — and your barriers are not as secure as you might think.

Before World War II, the Germans developed a technology that would prove to be a key player in the conflict: its family of infamous Enigma machines. These devices, about the size of a small microwave, were composed primarily of a typewriter and a series of three or four rotors. By using a set of rules
contained in a corresponding codebook, German soldiers would use the machine to encode vital messages to be sent covertly over the airwaves. The number of potential permutations — and thus solutions — for the code was in the tens of millions. The Germans were confident that the code could never be broken and used it for a vast array of top-secret communications.

The code’s impenetrability didn’t last. Via photographs of stolen Enigma operating manuals, the Polish Cipher Bureau reconstructed one of the stubborn Enigma machines, internal wiring and all, enabling them to decrypt the Wehrmacht’s messages from 1933 to 1938. Facing an impending German invasion, Poland decided to share these secrets with the British. But, at the outbreak of the war, the Germans increased the security of the Enigma initiative by changing the cipher system daily. In response, a British code-breaking team, led by genius English computer scientist Alan Turing, constructed primitive computers, known as “bombes,” that allowed them to decrypt the incredibly complicated ciphers faster than ever before. But it wasn’t until the capture of the U-110 warship and the seizure of its Enigma machine and codebooks that the British were able to decrypt the most complicated cipher of the war, the Kriegsmarine Enigma.

The information gleaned from these decrypts are believed to have shortened the war by more than two years, saving over 14 million lives.

Just like you, the Germans believed the systems they had put in place to defend their secrets were impenetrable. And it’s true: the system had few cryptographic weaknesses. However, there were flaws in German procedure, mistakes made by Enigma operators, and failures to introduce changes into the Enigma formula — along with the Allied capture of key equipment and intelligence — that ultimately allowed the Allies to crack the code once and for all.

Take this as a cautionary tale: the most advanced, complex cryptography system in the world became obsolete within 10 years. The same goes for your potentially outdated cyber security measures.

Though they may not be led by Alan Turing and his crack team, you can bet criminals are constantly chipping away at the defenses of even the most powerful firewalls. The arms race between cyber security companies and cybercriminals rages on behind the scenes, and you can bet that they’ve already cracked your business’s “Enigma.” Just look at the massive European cyber-attack this past June, which infected computers from over 27 companies across the continent, including those of the largest oil company in Russia, with ransomware. The unimaginable cost of that attack is something you certainly don’t want your business to shoulder.

As technology evolves, so does crime. New threats arise each and every day. While solutions are available (and needed), they are notably absent in older software developed at a time before these constantly morphing attacks even existed.

Once the enemy has found a way to pick your lock, you need a new lock. Luckily, you have your trusty IT provider, constantly on the lookout for cutting-edge solutions that protect our clients from even the nastiest malware.

Don’t be like the Germans. Constantly look at options to upgrade to more robust, better cyber security to defend yourself from the bleeding-edge hackers, and sleep safe knowing your business is secure.

Reduce Your Printing Costs with These 5 Tips

Outdated printers, the lack of a printing workflow, and an over-reliance on hard copies may be contributing to your ballooning printing expenditures. With some creative problem-solving and fresh ideas, you could drastically reduce your printing budget. Start by following these five tips.

Replace Outdated Printers

Outdated and cheap printers may be functional, but they are putting a huge dent in your IT budget.

Any piece of equipment that is seven years old (or older) requires frequent repairs and causes more trouble than it’s worth. Because old printers are no longer under warranty, fixing them is more costly and challenging. It’s also difficult to replace parts for old printers because manufacturers have stopped carrying them for models that have been phased out.

When you replace outdated equipment with newer, multi-functional printers, you’re investing in hardware that will pay for itself with increases in productivity and efficiency.

Avoid Purchasing Unnecessary Supplies

A poorly managed printer environment could result in a stockpile of cartridges, toners, and reams of paper. This happens when, for example, an employee uses a printer that’s about to run out of ink and makes an unnecessary request for a new ink or toner. This is more common than you may think, and definitely more expensive.

In the absence of a dedicated printer manager, you can avoid this situation by automating supply replacement. Assign a point person to proactively place orders when supplies are about to run out, so your company can avoid needless purchases.

Impose Strict Process Workflows

Submitting expense reports, filing reimbursements, and other administrative tasks require a proper document workflow. Without a guideline, employees and administrative staff tend to print an unnecessary amount of documents.

Automate your company’s document-driven processes to reduce or prevent redundant print jobs that result in stacks of abandoned documents. Not only is it wasteful, it’s also a security and privacy concern.

Go Paperless

Designing a document management solution that reduces paper consumption is the best way to save money. It may not be possible in every department, but those who can do their jobs without printing should be encouraged to do so by management. Printing lengthy email chains that can be discussed in a meeting is just one example of a wasteful practice that should be avoided.

Reduce IT Support Calls for Printing Issues

Calling your company’s IT guys to assist with problems like paper jams, printer Wi-Fi issues, and other concerns reduces employee frustration. You and your IT personnel could avoid dealing with these productivity killers by identifying the problem areas of your print environment. Then, you can work on solutions specific to your office, such as drafting a printing workflow, or getting help from document management experts who can recommend time- and budget-saving solutions.

Having a group of experts manage your IT workflow can make your day-to-day operations more efficient and help you save on printing costs. Our experts will gladly recommend best practices and tips on document management. Call us today at 800-421-7151.

Social Engineering Exploits Facebook

You’ve received a message from one of your Facebook friends. You click on the link not knowing what you’ve gotten yourself into. This describes one of the latest social media adware schemes, which has wreaked havoc on Facebook users worldwide.

What is it?

Little is known about the adware itself or those behind it, but it was uncovered by David Jacoby, senior security researcher at Kaspersky Lab, when he received a Facebook message from one of his friends, only to find out that wasn’t the case.

Basically, the adware uses Facebook Messenger to track your browser activity and pushes you to click on malicious ads or give out personal information.

How does it work?

By clickjacking and hijacking credentials of Facebook users, the adware is able to send messages to people in the victim’s contact list. If you’re one of those people, you’ll receive a phony message from your friend’s compromised Facebook account.

The message includes your friend’s name followed by the word “Video,” a shocked face emoji, and a shortened URL. Once clicked, the URL will redirect you to a Google Doc with a blurred photo taken from your friend’s Facebook page, disguised as a video. If you click on the “video”, you’ll be redirected to one of a number of targeted websites based on your browser, operating system, and location.

For instance, if you use Google Chrome, you’ll be sent to a website that looks exactly like YouTube, complete with the official logo. The hoax website will show you a fake error message to trick you into downloading a malicious Chrome extension.

If you’re on Firefox, you’ll be sent to a site with a false Flash Player update notice and a Windows adware executable; the same goes with OS X except the adware is hidden in a .dmg file.

The goal here is to move your browser through a set of websites so tracking cookies can monitor your activity and display malicious ads or you can be “social engineered” to give up confidential information.

How do you avoid falling victim?

Facebook has rolled out a number of automated systems to stop harmful links and files. What’s more, they will provide you with a free antivirus scan if they suspect that your account has been compromised by adware.

Still, you should be very skeptical about any shortened URL links sent to you by your Facebook friends, no matter how long you’ve been friends.

Due to their low key nature as potential security endpoints, cyber criminals are turning to social media platforms as their new medium of choice. To keep your business safe, you need to stay up-to-date and educate your employees. If you have any other questions about social media and how it can impact your business, just give us a call at 800-421-7151.

Move over IE, Hello Microsoft Edge!

Not all Windows users are fans of Internet Explorer, and not all Mac users are crazy about Safari. But there’s good news for Windows users: Windows 10 replaces IE with a brand new browser, Microsoft Edge. Here is a list of the key features you shouldn’t miss out on:

Import favorites
You can easily import the list of websites you’ve marked as favorites from any web browser to Microsoft Edge. You can do this by going to the More actions tab (located right next to the address bar), then Settings, and clicking on the Favorites settings tab. From there, choose the pages you want to add to your favorites list and click Import.

Change font size in reading view
Even with your reading glasses on, a website’s font can be too small to read. Microsoft Edge allows you to adjust the reading view by going to Other actions and selecting the Settings tab. From there, scroll down and click on the Reading section that will allow you to adjust the font size and even brightness to your liking.

Make notes on the website
Ever wished you could write on, circle, or highlight specific parts of a website and share them with your friends? Microsoft Edge lets you do just that with its new note feature. Select Make a web note and use tools such as the ballpoint pen or highlighter, or add a typed note on the page you’re browsing. When you’re done, click Save or Share to complete the process.

Reading list
This feature allows you to save articles, e-books, or any other content you wish to peruse later. By signing in with a Microsoft account, your reading list will appear on all your Windows 10 devices. Select Add to favorites or reading list, and then Reading list > Add. You can also add a link to your reading list by right-clicking on any link without having to visit the page.

Ask Cortana
Microsoft Edge users can easily access Cortana, Windows’ voice-activated personal assistant since it is built into the web browser. Cortana can make dinner reservations, offer additional discounts on certain shopping websites, and download applications that you may find useful. Simply highlight a word, phrase, or image, press and right-click it, and then select Ask Cortana to get more information or find related images.

View and delete browser history
As you browse the web, Microsoft Edge remembers and stores the information you’ve entered into forms, passwords, and sites you’ve visited. Most of it will be stored on your PC; but if you use Cortana, some of the data will be stored in the cloud which will be used to better assist you.

If you need to delete cache history, you can do so by following either of these two methods:

View your browsing history at Hub > History, then select Clear all history. If you want to retain certain data, you can choose what to remove, then select Clear.
Since Cortana’s browsing history is stored in the cloud, select Change what Microsoft Edge knows about me in the cloud, then select Clear browsing history.
Switching from one web browser to another isn’t always as smooth as it is made out to be. In order for users to make the most out of their time online, they require a period of adjustment. If you still have questions about making Microsoft Edge your default browser, get in touch with our experts today at 800-421-7151.

Beware of a New Ransomware Similar to Locky

Disguising itself as an invoice proved to be an effective approach for the original Locky ransomware, which infected millions of users in 2016. Although it was mostly defeated, hackers are currently using a similar approach to spreading a new type of malware. In 2017, a new Locky ransomware is poised to duplicate the success of its predecessor.

Quick facts

According to a threat intelligence report, the email-based ransomware attacks started on August 9 and were detected through 62,000 phishing emails in 133 countries in just three days. It also revealed that 11,625 IP addresses were used to carry out the attacks, with the IP range owners consisting mostly of internet service providers and telecom companies.

How it works

The malicious email contains an attachment named “E 2017-08-09 (580).vbs” and just one line of text. Like the original Locky authors, attackers responsible for the new variant deploy social engineering tactics to scam recipients into opening the attached .doc, zip, pdf, .jpg or tiff file, which installs the ransomware into their systems.

When an unsuspecting user downloads the file, the macros run a file that provides the encryption Trojan with an entry point into the system. The Trojan then encrypts the infected computer’s files.

Once encryption is completed, the user receives instructions to download the Tor browser so they can access the “dark web” for details on how to pay the ransom. To retrieve their encrypted files, users will be asked to pay from 0.5-1 Bitcoin.

What you need to do

This ransomware variant builds on the strengths of previous Trojans. In fact, the original Locky strain made it easy for cyber criminals to develop a formidable ransomware that could evade existing cyber security solutions. This is why adopting a “deny all” security stance, whereby all files are considered unsafe until proven otherwise, is the best way to avoid infection.

Here are other tips to avoid infection:

Don’t open unsolicited attachments in suspicious emails. Alert your IT staff, and most importantly disallow macros in Microsoft Office unless they’ve been verified by your IT team.
Performing regular backups guarantees you never have to pay cyber criminals a ransom. If all other security measures fail, you can always rely on your backups, which protect your business not just from cyber crime-related disasters, but also from natural and other unforeseen system failures.
Train your staff to identify online scams like phishing. This and other similar ransomware strains take advantage of users’ lack of cyber security training.
Update your operating systems as soon as updates become available to reduce, or eliminate, the chances of your system’s vulnerabilities being exploited.
Even with a trained staff and the latest protections installed, your IT infrastructure may still have unidentified security holes. Cyber security experts can better evaluate your entire infrastructure and recommend the necessary patches for your business’s specific threats. To secure your systems, get in touch with our experts now at 800-421-7151.

Amazon CEO’s Secret To Avoiding Email Overwhelm

Do you look at your inbox and want to cry? If so, you’re not alone. According to widely cited Radicati Group research, the average person gets 120 business emails every day. If you don’t manage your emails, you could end up in another statistical majority. People spend at least 14 percent of their workday on email alone. Is it any wonder that a recent Harris Poll found that only 45 percent of our workdays are spent on actual work? If you’re looking for the solution to your email woes, start with some of Silicon Valley greats.

BEZOS DELEGATES If you want to watch a corporate team start to sweat, see what happens when they get a “?” email from Jeff Bezos. Business Insider reports that the notoriously easy-to-contact Amazon CEO will forward customer complaints to his people and add only a question mark to the original query. Getting that dreaded mark is a little like getting the black spot from Blind Pew the pirate. You know that a day of reckoning is at hand. Follow Bezos’ lead. Instead of answering all emails yourself, ask, “Can this be better handled by someone else?” Forward it to your team and save yourself the time.

USE AUTO REPLIES You can also use auto-reply tools to manage the flood. Tommy John CEO Tom Patterson did just that after his emails skyrocketed from 150 to 400 a day. He tells Inc.com that “there weren’t enough minutes in a day to answer all of them.” So he didn’t; he set up an auto-reply to tell people that he only checked email before 9 and after 5 — and to please call or text if it was urgent. The result? “It forced me to delegate and empower others to respond,” he says. Suddenly the flow slowed to a trickle.

DO YOU GET MORE EMAILS THAN BILL GATES? And it really should only be a trickle; Bill Gates reports that he only gets 40–50 emails a day. Ask yourself, “Should I really be getting more emails than Bill Gates?” One possible cause for email inundation, according to LinkedIn CEO Jeff Weiner, is other employees sending too much email of their own. He writes, “Two of the people I worked most closely with ended up leaving the organization within the span of several weeks. After they left I realized my inbox traffic had been reduced by roughly 20–30 percent.” If you have over-communicators in your ranks, ask them to tone back the digital flood.

SET BOUNDARIES Creating a hard buffer between your email and your life is another CEO tactic. Arianna Huffington doesn’t check her email for a half hour after waking or before going to bed, and she never touches it around her kids. That space to breathe is essential to maintaining a work-life balance. And if it gets bad enough? Etsy’s Chad Dickerson has a solution: email bankruptcy! He tells Fast Company that every few years, he just deletes everything and starts fresh!

Not all Silicon Valley gurus have it figured out, however. Apple CEO Tim Cook doesn’t get 120 business emails a day. No, according to an ABC interview, he gets closer to 700. He just gets up at the crack of dawn every morning and starts reading. Hint Water CEO Kara Goldin does the same thing, preparing for a 12-hour workday with a marathon email session. But as you can tell from the other people we’ve discussed, this is an exception, not the rule. Emulate Jeff Bezos or Arianna Huffington instead and watch your email stress melt away.

Are all Hackers Out to Do Harm?

Newspaper headlines and Hollywood movies have influenced our understanding of computer hackers, but in the real world it’s not so simple. Some hackers are making tremendous contributions to the field of cyber security, it just depends on which hat they’re wearing that day. Take a few minutes to learn about white, black and gray hat hackers.

A complicated history

Since all the way back in the 1950s, the term hacker has been vaguely defined. As computers and the people who worked with them became more accessible, the word was used to describe someone who explored the details and limits of technology by testing them from a variety of angles.

But by the 1980s, hackers became associated with teenagers who were being caught breaking into government computer systems. Partially because that is what they called themselves, and partially because the word hacker has an inherently aggressive ring to it.

Today, several of those pioneering hackers run multimillion-dollar cyber security consulting businesses. So what should you call someone who uses their knowledge for good?

“White hat” hackers

Sometimes referred to as ethical hackers, or plain old network security specialists, these are the good guys. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs or working as full-time technicians, white hat hackers are just interested in making an honest buck.

Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.

“Black hat” hackers

Closer to the definition that most people outside the IT world know and use, black hat hackers create programs and campaigns solely for causing damage. This may be anything from financial harm in the form of ransomware to digital vandalism.

Albert Gonzalez is one of the many poster children for black hat hacking. In 2005, he organized a group of individuals to compromise poorly secured wireless networks and steal information. He is most famous for stealing over 90 million credit and debit card numbers from TJ Maxx over the course of two years.

“Gray hat” hackers

Whether someone is a security specialist or a cyber criminal, the majority of their work is usually conducted over the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking.

Today, there are quite a few headlines making the rounds describing Marcus Hutchins as a gray hat hacker. Hutchins became an overnight superstar earlier this year when he poked and prodded the WannaCry ransomware until he found a way to stop it.

During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has been arrested and branded a “gray hat” hacker.

The world of cyber security is far more complicated than the stylized hacking in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t give small businesses a pass. If you need a team of experienced professionals to help you tackle the complexities of modern cyber security, call us today at 800-421-7151.

6 CRM Best Practices You Need to Know

Most companies have customer relationship management (CRM) software to help them keep track of contact information and purchase history. But having a large database is worthless if you’re not using it to build long-lasting relationships. To keep existing clients coming back and bring new ones in, follow these CRM best practices.

Always update customer information
A CRM system is only effective when the data it provides is current. If the customer’s address, company name, or preferred method of contact has changed, your staff should be recording this information immediately so your sales and marketing teams are always equipped with the right information.

Use purchasing history for upselling opportunities
It’s easier to sell to existing customers than acquiring new ones. Boost your sales performance by analyzing your existing clients’ purchasing history and designing promotions or events designed just for them. For example, if they recently purchased a razor from your online store, you can program your CRM to recommend related products like shaving cream or aftershave. Not only does this widen your profit margins, it also makes customers’ lives a lot easier and promotes repeat business.

Automate processes
Take advantage of the workflow automation features in CRM apps to eliminate time-consuming and repetitive tasks. For instance, when a new lead is added to your CRM (via newsletter subscriptions or website visits), the CRM can be programmed to send follow-up emails, offer promotions, and other interactions to keep your business at the forefront of their attention. This saves you from writing the same canned responses while also making sure that you’re engaging your clients throughout the entire sales process.

Learn from analytics
CRM also makes it possible to analyze customer trends and behavior. If you noticed a spike in demand for certain products and services during the holidays, be more aggressive in pushing them out next year. If certain email campaigns were more successful than others (e.g., higher open rates, click-through-rates, and potential customers), understand what elements were responsible for that success and try to replicate them the next time you send a newsletter.

Customer data should also be used to shape sales and marketing tactics. A salesperson that already knows the client’s name, locations, and preferences can deliver more personal sales pitches and has a better chance of closing a deal. The point is this: If you’re not learning from your data, your business growth will be limited.

Integrate CRM with other business software
Tying CRM software to other programs makes it even more powerful. Integration with accounting software combines customer and financial data, eliminating redundant manual data entry and providing more insightful reports. When used alongside a VoIP system, your staff will get relevant customer information from multiple databases displayed on one screen when they’re about to make a call.

Get some CRM support
Last but not least, work with a CRM provider that offers 24/7 support. Ideally, they should be keeping your data safe, updating your software regularly, and advising you on how to use complex CRM features.

This may seem like a lot, but the important thing to remember is that just like every technology investment, CRM requires active participation from executives, managers, and frontline staff. If you need more advice on keeping customers happy or want to know what technologies can add value to your business, call us today at 800-421-7151.

Ways to Protect your Company Mobile Devices

Mobile devices can’t accomplish everything that desktops and laptops can, but that doesn’t mean they’re not important to businesses. More and more employees are using smartphones and tablets to increase productivity and enhance collaboration. But before you adopt a mobile device policy, you must keep them safe from cyber criminals. Cyber criminals now have more entry points to steal your data, but there are simple ways to keep your company’s mobile devices safe.

Ensure mobile OS is up-to-date

Apple and Android’s operating system updates improve overall user experience, but their most important function is to fix security vulnerabilities. You can reduce your business’s exposure to threats by installing updates for ALL devices as soon as they become available. Some people wait for a few weeks or months to update their device’s OS. This gives hackers ample time to exploit vulnerabilities on devices that run on outdated operating systems.

Install business applications only

Downloading apps seems harmless, but lenient mobile devices policies on what should and shouldn’t be downloaded on company devices could lead to staff downloading and installing non-business-related apps from third-party stores, most of which are notorious for malicious advertising codes and other threats.

Be careful with public Wi-Fi networks

Emergency situations might compel you to use password-free Wi-Fi networks in hotels, airport, cafes, or any public place. Connecting to an open network could expose your confidential information and sensitive company data to hackers connected to the same network.

You can avoid this by providing a practical internet data plan, preferably one that includes roaming services, for remote workers. And if you really have to connect to an open Wi-Fi, don’t use the connection for transferring sensitive data.

Enable phone tracking tools

Losing a company-issued mobile device is a scenario many would rather not contemplate, but it happens. Devices can be misplaced or stolen, and enabling a useful app such as ‘Find my iPhone’ for iOS devices, ‘GPS Phone Tracker’ for Android, or any other device-tracking app in Apple’s App or Android’s Google Play stores helps users locate lost phones, or otherwise delete data in stolen devices. Downloading and setting up the app takes just a few minutes, and it will give you peace of mind knowing that even if your phone is lost or stolen, its contents will not be compromised.

Screen SMS carefully

SMS messaging may not be as effective as email phishing, but SMS phishing can also be used to trick users into clicking malicious links. Hackers send messages purporting to be from someone you know or a legitimate source that asks you to urgently send confidential data. You can either delete these messages, block unknown senders, or alert your IT department in case you encounter a possible scammer.

Mobile devices are becoming more critical to operations. And with more devices open to attack, businesses must bolster their cybersecurity efforts. Hackers will exploit every possible vulnerability, and that includes those in unsecured smartphones and tablets. Get in touch with us if you need comprehensive security solutions for your business by calling 800-421-7151.

Know These Types of Malware to Stay Protected

Computer threats have been around for decades. In fact, one of the first computer viruses was detected in the early 70s. Technology has come a long way since then, but so have online threats: Spyware, ransomware, virus, trojans, and all types of malware designed to wreak havoc. Here’s how different types of malware work and how you can avoid falling victim.

Viruses

Once created to annoy users by making small changes to their computers, like altering wallpapers, this type of malware has evolved into a malicious tool used to breach confidential data. Most of the time, viruses work by attaching themselves to .exe files in order to infect computers once the file has been opened. This can result in various issues with your computer’s operating system, at their worst, rendering your computer unusable.

To avoid these unfortunate circumstances, you should scan executable files before running them. There are plenty of antivirus software options, but we recommend choosing one that scans in real-time rather than manually.

Spyware

Unlike viruses, spyware doesn’t harm your computer, but instead, targets you. Spyware attaches itself to executable files and once opened or downloaded, will install itself, often times completely unnoticed. Once running on your computer, it can track everything you type, including passwords and other confidential information. Hackers can then use this information to access your files, emails, bank accounts, or anything else you do on your computer.

But don’t panic just yet, you can protect yourself by installing anti-spyware software, sometimes included in all-purpose “anti-malware” software. Note that most reputable antivirus software also come bundled with anti-spyware solutions.

Adware

Are you redirected to a particular page every time you start your browser? Do you get pop ups when surfing the internet? If either situation sounds familiar, you’re likely dealing with adware. Also known as Potential Unwanted Programs (PUP), adware isn’t designed to steal your data, but to get you to click on fraudulent ads. Whether you click on the ad or not, adware can significantly slow down your computer since they take up valuable bandwidth. Worse still, they’re often attached with other types of malware.

Some adware programs come packaged with legitimate software and trick you into accepting their terms of use, which make them especially difficult to remove. To eradicate adware, you’ll need a solution with specialized adware removal protocols.

Scareware

This type of malware works like adware except that it doesn’t make money by tricking you into clicking on ads, but by scaring you into buying a software you don’t need. An example is a pop up ad that tells you your computer is infected with a virus and you need to buy a certain software to eliminate it. If you fall for one of these tactics and click on the ad, you’ll be redirected to a website where you can buy the fake antivirus software.

Scareware acts more like a diversion from the other malware that often comes with it. A good antivirus solution will help scan for scareware too, but you should patch your operating systems regularly just to be safe.

Ransomware

Ransomware has become increasingly common and hostile. It encrypts your computer files and holds them hostage until you’ve paid a fee for the decryption code. Because ransomware comes with sophisticated encryption, there aren’t many options unless you have backups of your data.

There are some tools that can protect against ransomware but we recommend that you backup your data and practice safe web browsing habits.

Worms

Similar to viruses, worms replicate themselves to widen the scope of their damage. However, worms don’t require human intervention to replicate themselves as they use security flaws to transmit from one computer to the next, making them far more dangerous than your typical virus. They often spread via email, sending emails to everyone in an infected user’s contact list, which was exactly the case with the ILOVEYOU worm that cost businesses approximately $5.5 billion worth of damage.

The easiest ways to protect your network from worms is to use a firewall to block external access to your computer network, and to be careful when clicking on unknown links in your email or unknown messages on social media.

Trojans

Usually downloaded from rogue websites, Trojans create digital backdoors that allow hackers to take control of your computer without your knowledge. They can steal your personal information, your files, or cause your computer to stop working. Sometimes hackers will use your computer as a proxy to conceal their identity or to send out spam.

To avoid trojan attacks, you should never open emails or download attachments from unknown senders. If you’re skeptical, use your antivirus software to scan every file first.

In order to keep malware at bay, you need to invest in security solutions with real-time protection and apply security best practices within your office. If you have any questions or concerns, or simply need advice on how to strengthen your business’s security, just give us a call and we’ll be happy to help.

Tell Office 2016 and Office 365 apart

Microsoft delivers some of the best productivity tools for businesses worldwide. Office 2016 and Office 365 are the most popular software in the market today. And while both offer Word, Excel, and PowerPoint, there are some significant differences between each product. Read on to find out.

How they’re paid for
Office 2016 is a stand-alone suite, and regardless of the quantity purchased, is described by Microsoft as a “one-time purchase.” You pay a single, upfront cost, meaning the entire purchase price must be paid before receiving the license to legally run the software for life.

By contrast, Office 365 is a subscription service requiring monthly or annual payments. Office 365 allows users to run applications only if payments are made. If you stop, you will have 30 days to continue operating after the previous payment’s due date before the license expires.

How they’re serviced
Another aspect to consider is the service and support offerings. Microsoft provides monthly security updates for Office 2016 applications, and these updates fix non-security bugs. However, you don’t get upgrades for improved features and functionality. If you wish to run the latest edition, you’ll have to pay another upfront fee.

Office 365 users, on the other hand, get the same security patches as Office 2016 and also additional feature and functionality upgrades twice a year.

How they sync with the cloud
Microsoft announced a major change this April: As of October 13, 2020, Office 2016 applications acquired through an upfront purchase are required to be in the “Mainstream” support period (the first five years of the decade-long commitment) to obtain cloud connectivity. Office 365 subscriptions won’t experience this problem.

In order to achieve measurable results and enjoy business growth, it’s imperative that your business is working with the right Office solution. Give us a call at 800-421-7151 and let our team of experts assess your needs and determine the better option.

Tips and Tricks for Avoiding IoT Threats

Internet of Things (IoT) devices have become more popular with businesses in recent years. This is largely because they can keep track of large amounts of information, analyze data patterns, and streamline business processes. But as you introduce more internet-connected devices into the office space, you may be exposing your business to attacks.

Set passwords
Many often forget they can set passwords for IoT devices. When this happens, they tend to leave their gadgets with default passwords, essentially leaving the door open for hackers. Make sure to set new and strong passwords — preferably with a combination of upper and lower case letters, numbers, and symbols — for each device connected to your network. Then, use a password manager to securely keep track of all your passwords.

Disable Universal Plug and Play (UPnP)
UPnP is designed to help IoT gadgets discover other network devices. However, hackers can also exploit this feature to find and connect to your IoT devices. To prevent them from getting to your network, it’s best to disable this feature completely.

Create a separate network
When you’re dealing with IoT devices, it’s wise to quarantine them in a separate network unconnected to your main office network. By doing this, user gadgets will still have access to the internet but won’t be able to access mission-critical files.

You should also consider investing in device access management tools. These allow you to control which devices can access what data, and prevent unauthorized access.

Update your firmware
If you want to keep your devices secure against the latest attacks, then you need to keep your IoT software up to date. Security researchers are always releasing security patches for the most recent vulnerabilities, so make it a habit to regularly check for and install IoT firmware updates. If you have several gadgets to secure, use patch management software to automate patch distribution and set a schedule to check for updates monthly.

Unplug it
Disconnecting your IoT devices from the internet (or turning them off completely) whenever you don’t need them significantly reduces how vulnerable you are to an attack. Think about it, if there’s nothing to target, hackers won’t be able to make their move. Turning your IoT devices on and off again may not seem like the most convenient strategy, but it does deny unauthorized access to your router.

Unfortunately, as IoT devices become more commonplace in homes and offices, more hackers will develop more cunning ways to exploit them. Getting into the above mentioned security habits can protect you from a wide variety of IoT attacks, but if you really need to beef up your security, then contact us today. We have robust security solutions that keep your hardware safe.

An Intern’s Week at WAMS

WAMS had the pleasure of partaking in an internship and career exploration program called “Living the Map.” A student from Colorado College was interested in spending a week with a marketing executive. Daniel Seddiqui of “Living the Map” reached out to me about this opportunity and sent me Alan Fox, an ambitious college student who had just completed his first year and chose this career exploration program to help him decide on his major. His reflection below describes his experience, and we are so grateful to have had an impact on such a promising young man. This was a wonderful opportunity for the both of us, and it was a pleasure to teach Alan about what I do. As a company, we are so proud to have left this impression on him.

“Ashli Lopp, a marketing executive at the IT consulting company known as WAMS, expressed a primary goal of my five week internship project bluntly when she stated, “It takes doing what you don’t want to do to help you realize the importance of doing what you want to do.”

As I first entered the WAMS office located just outside of the Los Angeles area in Brea, CA, I was nervous about what the week had in store for me. Would my presence be a distraction to others working? Does the individual that I’m shadowing have the time or desire to work with me for an entire week? To put it plainly, I didn’t want to be a problem at all for this company. Within five minutes of entering the office, it became clear that this fear was unwarranted and would not be the case. Ashli, the marketing executive I shadowed for the week, and Kevin, the general manager of WAMS, immediately made me feel welcome. After introducing myself to Kevin and discussing his recent travels in Colorado, Ashli introduced me to the rest of the company and had the patience to teach me about her job as well as a brief overview of the company.

The first thing I noticed in the office was that the employees exuded an unusual level of positivity and joyfulness. They seemed to genuinely enjoy spending time working there and they weren’t simply watching the clock, eagerly awaiting their time to clock out like many of my fellow auto shop  co-workers in the  past would. Throughout my week at WAMS, I tried to pinpoint the source of their workplace jubilance. Was management responsible? Was it the composition of employees? While I do think that WAMS has done an excellent job of hiring exuberant employees that are passionate about their jobs as well as their interactions with each other, I think the company’s upbeat culture has more to do with management incentivizing their employees with freedom and encouragement, rather than fear. Later in the week, account manager Matt Morris addressed this assumption, stating that, “Kevin doesn’t rule with an iron fist. . . He’s made this a place where you don’t dread coming to work.” This claim is supported by the fact that throughout my week with WAMS, I never observed a time when Ashli was motivated to complete a task by fear. On the contrary, Ashli went about her daily obligations with freedom and a sense of pride that she would complete them individually to the best of her abilities—not because a manager was breathing down her neck.

Other than observing the encouraging role of management within the company, I also thoroughly enjoyed learning about the different ways Ashli attracts clients. First off, she explained the three basic client profiles that she is aiming to attract and how she is able to craft a marketing approach to suit the audience. For example, for firm administrators who are typically more interested in the final result WAMS has to offer and less in the technology, Ashli would appeal to them through means that invoke emotion and focus on possible positive results rather than nitty-gritty tech details of how the system works. In addition, I was interested in the different ways Ashli went about striking fear in the hearts of her potential clients, communicating the dangers of ransomware and how customers needed WAMS to save their firm from potential closure.

While I was fascinated by the way Ashli went about attracting clients, I was also intrigued by the ways she went about keeping clients and making them feel appreciated. Whether it was sending clients cookies embroidered with the WAMS logo, “anniversary” Starbucks gift cards, or shock-and-awe packages containing promotional gear, Ashli was adamant about ensuring that a customer’s business was appreciated and not taken for granted.

Besides focusing on improving and maintaining her client base, Ashli also focused on educating and developing herself as a marketer. Each day Ashli read the news in order to keep up to date and inform her clients about the latest development in her field, whether that’s a development in cyberware or technology. Moreover, her eagerness to improve and develop further ways of marketing was clearly illustrated by her weekly discussion with different marketing employees in different fields across America.

All in all, exposure to both a close-knit, enthusiastic work place and to a marketing professional that was eager to teach me ways of creating and maintaining fruitful client relations made this week an especially beneficial and educational experience.”

Nyetya Ransomware: What You Need to Know

Nyetya, a variant of the Petya ransomware, is spreading across businesses all over the world. Although it shares the same qualities as WannaCry — a ransomware deemed ‘one of the worst in history’ — many cyber security experts are calling it a more virulent strain of malware that could cause greater damage to both small and large organizations. Here’s everything we know about it so far.

Worse than WannaCry

Nyetya is deemed worse than WannaCry mainly because it spreads laterally, meaning it targets computers within networks and affects even systems that have been patched. Because it also spreads internally, it needs to infect only one device to affect several others within a single network.

Cyber researchers trace its origins to a tax accounting software called MEDoc, which infected 12,500 systems in Ukraine. Since the initial infections in June, it has spread to thousands of networks in 64 countries. And although it hasn’t spread as fast as WannaCry, it might have a wider reach soon because it uses three attack pathways to infect a system. It hasn’t made as much money as WannaCry, which is why cyber researchers are concluding that the attacks are not economically motivated.

Don’t Pay the Ransom

Cyber security firms and researchers strongly recommend affected businesses to avoid paying the ransom. According to them, paying the ransom would be a waste since the infected user won’t be able to receive a decryption key to unlock their files or systems. This is because the email provider has blocked the email address on the ransomware message.

Although it operates like a ransomware — locking hard drives and files and demands a $300 ransom in Bitcoin — it functions more as a wiperware that aims to permanently wipe out data and/or destroy systems. So far, it has affected big-name multinationals in various industries, including Merck, Mondelez International, and AP Moller-Maersk, among others.

Perform backups and update outdated security patches

The only way businesses can be protected is by performing backups and staying on top of patch updates.

It’s safe to say that in case of a Nyetya attack, there’s no chance of getting back your data. In such a scenario, you would have only your backup files — whether on an external storage or in the cloud — to fall back on. But backing up is not enough; you should also ensure that your backups are working, which you can do by testing them regularly. Given the nature of Nyetya, you should also make sure that your backups are stored off-site and disconnected from your network.

Like its predecessor, Nyetya exploited vulnerabilities in unpatched Microsoft-run computers. As a business owner, make it a part of your cyber security routine to update your systems with the latest security patches, or risk having your files or systems permanently corrupted.

As a business owner whose operations’ lifeline depends on critical files, your backups are your insurance. If your systems’ network security needs another layer of protection, get in touch with us today at 800-421-7151.

Get Ready for Chrome’s Ad Blocker

For the longest time, we’ve been visiting countless websites only to be greeted with annoying ads that never piqued our interest. Luckily, Chrome users won’t have to put up with them for much longer. Google will release an ad blocker early next year. To that end, here’s everything you need to know.

What is it?

Ad blocker from Chrome actually works like an ad filter, meaning it won’t block all ads from the website, only ones that are determined to be too intrusive, like video autoplay with sound as well as interstitials that take up the entire screen.

A group called the Coalition for Better Ads, which consists of Google, Facebook, News Corp, The Washington Post, and other members will decide whether or not the ads are to be blocked. According to Sridhar Ramaswamy, the executive in charge of Google’s ads, even ads owned or served by Google will be blocked if they don’t meet the new guidelines.

How will it work?

From a consumer’s end, you won’t have to do anything except for updating your Chrome browser. For publishers, Google will provide a tool that you can run to find out if your site’s ads are violating the guidelines. The blocker will apply to both desktop and mobile experiences.

What are the benefits of Chrome ad blocker?

Bad ads slow down the web, make it annoying to browse, and drive consumers to install ad blockers that remove all advertisements. If that continues, publishers will face major obstacles since nearly all websites rely on ads to stay alive.

With Chrome’s ad blocker, wholesale ad blocking can be controlled to please both consumers and publishers. Users get a better web browsing experience and publishers can continue to make profits through online ad sales.

But isn’t Google already using third-party ad-blocking extensions?

Yes, but this means they have to pay third-party ad blockers — like Adblock Plus — a certain amount of fee to whitelist ads for the privilege of working around their filters. With their own ad blocker, this can be eliminated once and for all.

Are there potential drawbacks?

It’s undeniable that Chrome’s ad blocker gives Google lots of power to determine ad standards for everyone. It comes to no surprise that there are skeptics who don’t trust one company to act in everyone’s interest.

And while Google assures that even its own ads will be removed if they violate the rules, the fact that Google itself is an ad company with nearly 89 percent of its revenues coming from online ads doesn’t boost its credibility to industry peers.

Publishers will have fewer options to monetize their sites once Chrome’s ad blocker is implemented. To help, Google will include an option for visitors to pay websites that they’re blocking ads on called Funding Choices. However, a similar feature called Google Contributor has been tested a couple years ago with no signs of catching on so we doubt that Funding Choices will differ.

Despite expected criticism, Chrome’s ad blocker will likely result in a better web browsing experience. And as always, if you have any questions about the web, or IT in general, just give us a call at 800-421-7151 and we’ll be happy to help.

Cybercrime Insurance Loopholes: Protect Yourself

As hacking hit the headlines in the last few years — most recently the global hack in May that targeted companies both large and small — insurance policies to protect businesses against damage and lawsuits have become a very lucrative business indeed. Your company may already have cyber insurance, and that’s a good thing. But that doesn’t mean that you don’t have a job to do — or that the insurance will cover you no matter what.

When you buy a car, you get the warranty. But in order to keep that warranty valid, you have to perform regular maintenance at regularly scheduled times. If you neglect the car, and something fails, the warranty won’t cover it. You didn’t do your job, and the warranty only covers cars that have been taken care of.


Cyber insurance works the same way. If your company’s IT team isn’t keeping systems patched and up to date, taking active measures to prevent ransomware and other cybercrime attacks, and backing everything up in duplicate, it’s a lot like neglecting to maintain that car. And when something bad happens, like a cyber attack, the cyber insurance policy won’t be able to help you, just as a warranty policy won’t cover a neglected car.

Check out this real life policy exclusion we recently uncovered, which doesn’t cover damages “arising out of or resulting from the failure to, within a reasonable period of time, install customary software product updates and releases, or apply customary security-related software patches, to computers and other components of computer systems.” If your cyber insurance policy has a clause like that — and we guarantee that it does — then you’re only going to be able to collect if you take reasonable steps to prevent the crime in the first place.

That doesn’t just mean you will have to pay a ransom out of pocket, by the way. If your security breach leaves client and partner data vulnerable, you could be sued for failing to protect that data. When your cyber insurance policy is voided because of IT security negligence, you won’t be covered against legal damages, either. This is not the kind of position you want to be in.


All of this is not to say that you shouldn’t have cyber insurance, or that it’s not going to pay out in the case of an unfortunate cyber event. It’s just a reminder that your job doesn’t end when you sign that insurance policy. You still have to make a reasonable effort to keep your systems secure — an effort you should be making anyway.

Does the CIA Have Access to Your Router?

There are an exhausting number of cyber security threats to watch out for, and unfortunately you need to add another to the list. A recent leak from the CIA proves that routers are one of the weakest links in network security.

The Wikileaks CIA Documents

For several months, the notorious website famous for leaking government data has been rolling out information it obtained from the Central Intelligence Agency. The documents detail top-secret surveillance projects from 2013 to 2016 and mainly cover cyber espionage.

In the most recent release, documents describe government-sponsored methods and programs used to exploit home, office, and public wireless routers for both tracking internet browsing habits and remotely accessing files stored on devices that connect to compromised networks.

Is My Router One of Them?

According to the documents, 25 models of wireless routers from 10 different manufacturers were being exploited by the CIA. They weren’t off-brand budget devices either; the list includes devices from some of the biggest names in wireless networking:

  • Netgear
  • Linksys
  • Belkin
  • D-Link
  • Asus

Those brands account for over a third of wireless routers on the market, which means there’s a good chance you’re at risk.

After WannaCry used a previous CIA leak to fuel its global spread, you need to worry about more than just being a target of government espionage too. Over the past few years, almost all of these leaks have quickly made their way into criminal hands.

Patching Vulnerabilities

Fixing security gaps in hardware is tricky business, especially when they’re mainly used to monitor rather than corrupt. In most cases, there will be no visual cues or performance problems to indicate your hardware has been infected. As such, you should plan on regularly updating the software on your hardware devices whenever possible.

Accessing your router’s software interface isn’t a user-friendly experience for non-IT folks. Usually, to access it, you need to visit the manufacturer’s website and log in with the administrator username and password. If these are still set to the default “admin” and “password” make sure to change them.

Once logged in, navigate through the settings menus until you find the Firmware Update page. Follow the instructions and confirm that the firmware has been properly installed.

The CIA’s router leaks were vague, so we’re not even sure how recent they are. We are fairly certain, however, that all of the manufacturers have since patched the vulnerabilities. Regardless, updating your router’s firmware will protect from a number of cyber security risks. If you’re unable to finish the task on your own, one of our technicians can fix it, as well as any other firmware vulnerabilities, in a matter hours. All you need to do is call! 800-421-7151.

Changes to Office 365

Whether it’s for the sake of aligning with Windows 10, or not, Office 365 Pro Plus will be upgraded twice a year, in March and September. But what does this mean to business owners like yourself? Will the new update schedule affect how Microsoft plans to deliver and support ProPlus in the future? We’ll answer all that and more.

Why the New Schedule?

Feedback has almost always been Microsoft’s impetus to make changes of any kind, and this is no exception. The software giant wanted to simplify the update process and improve coordination between Office 365 and Windows, and the new schedule should handle both of those aims.

This is particularly helpful for those using Secure Productive Enterprise (SPE). SPE was bundled with Windows 10 and Office 365 ProPlus, meaning subscribers had to deal with two separate upgrades prior to the new schedule. Moving forward, things will be simplified as a single update twice a year will suffice.

What Else Changed?

Microsoft is extending support for ProPlus from 12 months per update to 18 months. This means you can technically update once or twice a year, which we’ll discuss in more detail below.

They’ve also changed the following terminology used in their updates:

  • Current Channel → Monthly Channel
  • First Release for Deferred Channel → Semi-annual Channel (Pilot)
  • Deferred Channel → Semi-annual Channel (Broad)

The Semi-annual Channel (Pilot) and Semi-annual Channel (Broad) describe the twice-a-year feature updates and how they will be deployed: the former to be used as deployment testing and the latter for actual deployment to an organization’s users.

When Will the First ProPlus Upgrade be Released Under the New Schedule?

The first Pilot channel will be available on September 12, 2017, the same day as that month’s Patch Tuesday. The first Broad channel will be available four months later on January 9, 2018, also on a Patch Tuesday.

The second release will bring a new Pilot on March 13, 2018 and a new Broad on July 10, 2018.

Can you Skip a ProPlus Features Upgrade?

While you can in fact choose only to upgrade once a year, you will eventually have to conduct a second upgrade to get the most up-to-date support. Microsoft is giving you two months of overlap in the next update to do this.

So, say your firm deploys the Broad channel in January 2018, but skips the July 2018 upgrade, you would have to upgrade within the two-month span between January 2019 and March 2019 to be eligible for the latest support.

What Happened to the ProPlus Upgrade for June 2017?

Microsoft released new Deferred Channel and First Release for Deferred Channel upgrades on June 13, 2017. You will have three months to conduct enterprise pilots and validate applications with this upgrade before the final Deferred Channel release on September 12, 2017. The last Deferred Channel will be supported until July 10, 2018.

Changes to the support life cycle of Office 365 ProPlus will ultimately save you time and reduce the hassles of conducting upgrades. That said, it might take some time getting used to the new schedule and nomenclature, so if you have any questions about Office 365 or the new schedule, just give us a call at 800-421-7151.

Quick Review: Why You Need Virtualization

With virtualization, you can make software see several separate computers where there is only one, or make several computers look like one supercomputer. That may sound simple, but it’s far from it. Of course the benefits are well worth it; here are just a few.

More Technology Uptime

Virtualization vendors use lots of fancy names for the features of their technology, but behind all the technobabble are a number of revolutionary concepts. Take “fault tolerance” for example. When you use virtualization to pool multiple servers in such a way that they can be used as a single supercomputer, you can drastically increase uptime. If one of those servers goes down, the others continue working uninterrupted.

Another example of this is “live migrations,” which is just a fancy way of saying that employee computers can be worked on by technicians while users are still using them. Say you’ve built a bare-bones workstation (as a virtual machine on the server), but you need to upgrade its storage capacity. Virtualization solutions of today can do that without the need to disconnect the user and restart their computer.

Better Disaster Recovery

Data backups are much simpler in a virtualized environment. In a traditional system, you could create an “image” backup of your server — complete with operating system, applications and system settings. But it could be restored to a computer only with the exact same hardware specifications.

With virtualization, images of your servers and workstations are much more uniform and can be restored to a wider array of computer hardware setups. This is far more convenient and much faster to restore compared to more traditional backups.

More Secure Applications

In an effort to increase security, IT technicians usually advocate isolating software and applications from each other. If malware is able to find a way into your system through a software security gap, you want to do everything in your power to keep it from spreading.

Virtualization can put your applications into quarantined spaces that are allowed to use only minimum system resources and storage, reducing the opportunities they have to wreak havoc on other components of the system.

Longer Technology Lifespans

The same features that quarantine applications can also create customized virtual spaces for old software. If your business needs a piece of software that won’t work on modern operating systems, virtualization allows you to build a small-scale machine with everything the program needs to run. In that virtual space, the application will be more secure, use fewer resources, and remain quarantined from new programs.

In addition to software, virtualization also encourages longer life spans of old hardware components. With virtualization, the hardware an employee uses is little more than a window to the powerful virtual machine on the server. Employee computers need only the hardware required to run the virtualization window, and the majority of the processing takes place on the server. Hardware requirements are much lower for employees and equipment can be used for several years.

Easier Cloud Migrations

There are several ways virtualization and cloud technology overlap. Both help users separate processing power from local hardware and software, delivering computing power over a local network or the internet. Because of these similarities, migrating to the cloud from a virtualized environment is a much simpler task.

There is no debate about the benefits of this technology. The only thing standing between your business and more affordable, efficient computing is an IT provider that can manage it for you. For unlimited technology support, virtualization or otherwise, on a flat monthly fee. Call us today at 800-421-7151.

Office 365 Tips to Make Your Life Easier

Office 365 receives dozens of changes every month, which explains why some get overlooked. While Office 365 Planner or Microsoft Teams are great tools for maximizing productivity, there are hidden functions and tricks you can use to make life a bit easier for yourself. Check out our six tips to improve your user experience with Office 365 below.

Declutter Your Inbox
If you’re having trouble managing the overwhelming amount of emails in your inbox, then using Office 365’s “Clutter” feature can clear up some space. To enable this feature go to Settings > Options > Mail > Automatic processing > Clutter then select Separate items identified as Clutter. Once activated, you need to mark any unwanted messages as “clutter” to teach Office 365. After learning your email preferences, Office 365 will automatically move low-priority messages into your “Clutter” folder, helping you focus on more important emails.

Ignore Group Emails
Are you copied on a long email thread you don’t want to be part of? If so, simply go to the message and find the Ignore setting. Doing this will automatically move future reply-alls to the trash so they never bother you again. Of course, if you ever changed your mind, you could un-ignore the message: Just find the email in your trash folder and click Stop ignoring.

Unsend Emails
In case you sent a message to the wrong recipient or attached the wrong file, Office 365 has a message recall function. To use this, open your sent message, click Actions, and select Recall this message. From here, you can either “Delete unread copies of this message” or “Delete unread copies and replace with a new message.” Bear in mind that this applies only to unread messages and for Outlook users within the same company domain.

Work offline
Whenever you’re working outside the office or in an area with unstable internet, it’s a good idea to enable Offline Access. Found under the Settings menu, this feature allows you to continue working on documents offline and syncs any changes made when you have an internet connection. Offline access is also available in your SharePoint Online document libraries.

Use Outlook Plugins
Aside from sending and receiving emails, Outlook also has some awesome third-party plugins. Some of our favorite integrations include PayPal, which allows you to send money securely via email; and Uber, which lets you set up an Uber ride reminder for any calendar event. Find more of productivity-boosting plugins in the Office Store.

Tell Office Applications What To Do
If you’re not a fan of sifting through menus and options, you can always take advantage of the Tell Me function in your Office 2016 apps. When you press Alt + Q, you bring up a search bar that allows you to look for the functions you need. Suppose you need to put a wall of text into columns on Word but can’t find where it is specifically. Just type ‘column’ and Microsoft will help you with the rest.

These tricks and features themselves will definitely increase productivity. And fortunately, there’s, there’s more coming. Microsoft continues to expand Office 365’s capabilities, and if you truly want to make the most out of the software, don’t be afraid to explore its newly released features.

For more Office 365 tips and updates, get in touch with us today at 800-421-7151.

Fixing Computers Drains Your Firm’s Funds

Aside from overseeing your business’s network security, IT security staff are also adept at fixing personal computers. However, that doesn’t necessarily mean they should. In fact, such occurrences ought to be minimized, if not avoided altogether. Your security personnel should be focusing on more pressing issues. But if they’re toiling over PC repairs, not only is your staff’s energy drained, but your IT budget plummets, too.

Cost of Fixes

According to a survey of technology professionals, companies waste as much as $88,660 of their yearly IT budget as a result of having security staff spend an hour or more per work week fixing colleagues’ personal computers. The ‘wasted amount’ was based on an average hourly salary of IT staff multiplied by 52 weeks a year. Other than knowing how much time is wasted, what makes things worse is that IT security staff are among the highest paid employees in most companies.

The fixes have mostly to do with individual rather than department- or company-wide computer problems that don’t necessarily benefit the entire company. The resulting amount is especially staggering for small- and medium-sized businesses (SMBs) whose limited resources are better off spent on business intelligence tools and other network security upgrades.

Other Costs

All those hours spent on fixing personal computers often means neglecting security improvements. The recent WannaCry ransomware attacks, which successfully infected 300,000 computers in 150 countries, demonstrate the dangers of failing to update operating system security patches on time. It should be a routine network security task that, if ignored, can leave your business helpless in the face of a cyber attack as formidable as WannaCry. It didn’t make much money, but had it been executed better, its effects would have been more devastating to businesses, regardless of size.

Profitable projects could also be set aside because of employees’ PC issues. For SMBs with one or two IT staff, this is especially detrimental to productivity and growth. They can easily increase their IT budgets, but if employees’ negligible computer issues keep occurring and systems keep crashing, hiring extra IT personnel won’t do much good.

What Businesses Should Do

The key takeaway in all this is: Proactive IT management eliminates the expenditure required to fix problematic computers. Bolstering your entire IT infrastructure against disruptive crashes is the first step in avoiding the wasteful use of your staff’s time and your company’s money.

Even if your small business has the resources to hire extra staff, the general shortage of cyber security skills also poses a problem. Ultimately, the solution shouldn’t always have to be increasing manpower, but rather maximizing existing resources.

Having experts proactively maintain your IT eliminates the need to solve recurring small issues and lets your staff find a better use for technology resources. If you need non-disruptive technology, call us today at 800-421-7151 for advice.

How To Keep Your Employees From Leaking Confidential Information

Back in 2014, Code Spaces was murdered. The company offered tools for source code management, but they didn’t have solid control over sensitive information — including their backups. One cyberattack later, and Code Spaces was out of business. Their killer had used some standard techniques, but the most effective was getting an unwitting Code Space employee to help — likely via a phishing attack.

When it comes to cybercrime that targets businesses, employees are the largest risks. Sure, your IT guys and gals are trained to recognize phishing attempts, funky websites, and other things that just don’t seem right. But can you say the same thing about the people in reception, or the folks over in sales?

Sure, those employees might know that clicking on links or opening attachments in strange emails can cause issues. But things have become pretty sophisticated; cybercriminals can make it look like someone in your office is sending the email, even if the content looks funny. It only takes a click to compromise the system. It also only takes a click to Google a funny-looking link or ask IT about a weird download you don’t recognize.

Just as you can’t trust people to be email-savvy, you also can’t trust them to come up with good people still use birthdays, pet names, or even “password” as their passcodes — or they meet the bare-minimum standards for required passcode complexity. Randomly generated passcodes are always better, and requiring multiple levels of authentication for secure data access is a must-do.

Remember, that’s just for the office. Once employees start working outside of your network, even more issues crop up. It’s not always possible to keep them from working from home, or from a coffee shop on the road. But it is possible to invest in security tools, like email encryption, that keep data more secure if they have to work outside your network. And if people are working remotely, remind them that walking away from the computer is a no-no. Anybody could lean over and see what they’re working on, download malware or spyware, or even swipe the entire device and walk out — all of which are cybersecurity disasters.

Last but not least, you need to consider the possibility of a deliberate security compromise. Whether they’re setting themselves up for a future job or setting you up for a vengeful fall, this common occurrence is hard to prevent. It’s possible that Code Space’s demise was the result of malice, so let it be a warning to you as well! Whenever an employee leaves the company for any reason, remove their accounts and access to your data. And make it clear to employees that this behavior is considered stealing, or worse, and will be treated as such in criminal and civil court.

You really have your work cut out for you, huh? Fortunately, it’s still possible to run a secure-enough company in today’s world. Keep an eye on your data and on your employees. And foster an open communication that allows you to spot potential — or developing — compromises as soon as possible. Need security training? Email us at info@wamsinc.com to schedule! 

How did WannaCry Spread so Far?!

By now, you must have heard of the WannaCry ransomware. It ranks as one of the most effective pieces of malware in the internet’s history, and it has everyone worried about what’s coming next. To guard yourself, the best place to start is with a better understanding of what made WannaCry different.

Ransomware Review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry Ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to Protect Yourself from What Comes Next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.

Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”

Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.

Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, email us any time at info@wamsinc.com.

Bluesnarfing? What you Need to Know.

When buying a technological device today, whether it’s a smartphone, a speaker, a keyboard or a smart watch, one of things people look for is Bluetooth compatibility. And who could blame them when Bluetooth has become a ubiquitous feature of technology that everyone can’t live without. But just like any technology, convenience can quickly turn into chaos when fallen into the wrong hands. With that in mind, here’s what you need to know to guard against cybercriminals when using Bluetooth.

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?

Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?

The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:

  • Switching your Bluetooth to “non-discovery” mode
  • Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
  • Never accept pairing requests from unknown users
  • Require user approval for connection requests (configurable in your smartphone’s security features)
  • Avoid pairing devices for the first time in public areas

Bluesnarfing isn’t by any means the newest trick in a cybercriminal’s book, but that doesn’t mean it’s any less vicious. If you’d like to know more about how to keep your IT and your devices safe, give us a call at 800-421-7151 and we’ll be happy to advise.

Data Loss Prevention Tips for Office 365

Office 365 is a complete cloud solution that allows you to store thousands of files and collaborate on them, too. In addition to its productivity features, Office 365 comes with security and compliance solutions that will help businesses avoid the crushing financial and legal repercussions of data loss. However, even with its comprehensive security tools, some data security risks still need to be addressed. The following tips will help your business’s data remain private and secure.

Take Advantage of Policy Alerts
Establishing policy notifications in Office 365’s Compliance Center can help you meet your company’s data security obligations. For instance, policy tips can warn employees about sending confidential information anytime they’re about to send messages to contacts who aren’t listed in the company network. These preemptive warnings can prevent data leaks and also educate users on safer data sharing practices.

Secure Mobile Devices
With the growing trend of using personal smartphones and tablets to access work email, calendar, contacts, and documents, securing mobile devices is now a critical part of protecting your organization’s data. Installing mobile device management features for Office 365 enables you to manage security policies and access rules, and remotely wipe sensitive data from mobile devices if they’re lost or stolen.

Use Multi-Factor Authentication
Because of the growing sophistication of today’s cyberattacks, a single password shouldn’t be the only safeguard for Office 365 accounts. To reduce account hijacking instances, you must enable Office 365 multi-factor authentication. This feature makes it more difficult for hackers to access your account since they not only have to guess user passwords but also provide a second authentication factor like a temporary SMS code.

Apply Session Timeouts
Many employees usually forget to log out of their Office 365 accounts and keep their computers or mobile devices unlocked. This could give unauthorized users unfettered access to company accounts, allowing them to compromise sensitive data. But by applying session timeouts to Office 365, email accounts, and internal networks, the system will automatically log users out after 10 minutes, preventing hackers from simply opening company workstations and accessing private information.

Avoid Public Calendar Sharing
Office 365 calendar sharing features allows employees to share and sync their schedules with their colleagues. However, publicly sharing this schedule is a bad idea. Enabling public calendar sharing helps attackers understand how your company works, determine who’s away, and identify your most vulnerable users. For instance, if security administrators are publicly listed as “Away on vacation,” an attacker may see this as an opportunity to unleash a slew of malware attacks to corrupt your data before your business can respond.

Employ Role-Based Access Controls
Another Office 365 feature that will limit the flow of sensitive data across your company is access management. This lets you determine which user (or users) have access to specific files in your company. For example, front-of-house staff won’t be able to read or edit executive-level documents, minimizing data leaks.

Encrypt Emails
Encrypting classified information is your last line of defense to secure your data. Should hackers intercept your emails, encryption tools will make files unreadable to unauthorized recipients. This is a must-have for Office 365, where files and emails are shared on a regular basis.

While Office 365 offers users the ability to share data and collaborate flexibly, you must be aware of the potential data security risks at all times. When you work with us, we will make sure your business keeps up with ever-changing data security and compliance obligations. And if you need help securing your Office 365, we can help with that too! Simply contact us today at 800-421-7151.

Protect your Data from WannaCry

This month, ransomware has taken center stage yet again. WannaCry has already infected thousands of users around the world. In true ransomware fashion, WannaCry holds user data hostage until the victim decides to pay the ransom. What’s more alarming, however, is that the global success of this malware will likely spawn even more potent variants. To protect your business from ransomware attacks, consider these tips.

Update Your Software
The first (and probably best) defense against WannaCry ransomware is to update your operating system. New research from Kaspersky shows that machines running Windows XP, 7 and outdated Windows 10 versions were affected by the ransomware. To check whether your systems are up to date, open your Windows search bar, look for Windows Update, click Check for Updates, and install any major updates.

Also, don’t forget to download the latest security patches for your business applications and security software.

Run Security Programs
Many antivirus programs now have mechanisms for detecting and blocking WannaCry malware; so when you’ve fully updated your security software, run a full system scan.

Keep in mind that antivirus isn’t a foolproof security solution. Instead, run it alongside other security applications like intrusion prevention systems and firewalls.

Use Data Backup and Recovery Tools
If WannaCry does infect your computers, only a solid data backup and recovery solution can save your business. Before ransomware strikes, periodically back up your files in both an external hard drive and a cloud-based backup service.

External hard drives will serve as your local backup solution for quick recovery times. However, we recommend keeping the external drive disconnected when it’s not being used and plugging it in only when you need to back up files at the end of the day. This is because when ransomware infects a computer, it will usually look to encrypt local backup drives as well.

Cloud-based backups, on the other hand, allow you to store files in remote data centers and access them from any internet-enabled device. When selecting a cloud services provider, make sure they provide the appropriate cloud protections to your files. For example, your backup vendor should provide reporting tools to keep track of any anomalies in your files. Document versioning features are also important. This allows you to recover older versions of a document in case the current version is encrypted.

After your local and cloud backups are set up, perform regular tests to ensure your disaster recovery plan works.

Stay Informed
Finally, it’s important to stay on guard at all times. WannaCry is just one of many ransomware strains affecting businesses today, and in order to stay safe you need to be constantly up to date on the latest cybersecurity- and business continuity-related news.

For more ransomware prevention tips and services, call us today at 800-421-7151. We’ll make sure hackers don’t hold your business hostage.

Office 365 Gets New Security Tools

Security is, by far, the biggest issue concerning most businesses today. Although safeguards like firewalls and antivirus software are necessary, it is foolish not to take additional steps for protection in dealing with increasingly sophisticated cyberattacks. Today, companies require multiple layers of security to steer clear of cyberattacks and compliance woes. To help companies with this process, Microsoft has released threat intelligence, advanced threat protection, and data governance features.

Threat Intelligence
Threat Intelligence for Office 365 gathers data from Microsoft security databases, Office clients, email, and other recorded security incidents to detect various cyberattacks. This feature gives users in-depth knowledge about prevalent malware strains and real-time breach information to analyze the severity of certain attacks.

What’s more, Threat Intelligence comes with customizable threat alert notifications and easy-to-use remediation options for dealing with suspicious content.

Advanced Threat Protection (ATP) Upgrades
In addition to Threat Intelligence, Office 365’s ATP service now has a revamped reporting dashboard that displays security insights across a company. This includes a security summary of what types of malware and spam were sent to your organization, and which ones were blocked. According to Microsoft, these reports will help you assess the effectiveness of your current security infrastructure.

ATP also has a new capability called “Safe Links” which defends against potentially malicious links in emails and embedded in Excel, Word, and PowerPoint files. If suspicious links are discovered, the user will be redirected to a warning page to avoid an infection.

Advanced Data Governance
The newly released Advanced Data Governance feature is also a much needed enhancement for highly-regulated companies. It classifies files based on user interaction, age, and type, and recommends general data retention and deletion policy recommendations. If, for example, your business has retained credit card data for longer than necessary, Advanced Data Governance will alert you of the possible data governance risks.

Data Loss Prevention Enhancements
Last but not least, the Office 365 Security & Compliance Center is also receiving data loss prevention upgrades. With it, you can easily access and customize app permissions and control device and content security policies. So if someone in your company attempts to leak sensitive customer information, Office 365 will notify your administrators immediately.

Although all these features are available only for Office 365 Enterprise E5 subscribers, security- and compliance-conscious companies definitely need these upgrades. Get the right Office 365 subscription by contacting us today at 800-421-7151.

Server Management: 4 Essentials

By their very definition, servers are tasked with managing significantly higher burdens than the average desktop workstation. If your business has a server onsite, there are so many things you need to consider to get the most out of your investment. Read on for a few of them:

Mount Your Servers Properly

Small businesses are usually forced to prioritize the here and now over long-term planning. Not for lack of caring, it’s just a fact of working on tight budgets and with small teams. This is especially evident when it comes to server planning. When your business first sets up shop, it’s tempting to plug in a server right next to your workstations – but doing so puts your hardware in harm’s way.

Mounting servers in a rack protects them from the accidents commonly associated with highly trafficked areas: spills, crumbs, and tripping hazards. Server racks keep your most essential hardware safe by organizing everything in a space that is more accessible for cleaning and management but less exposed to the day-to-day wear and tear of your office.

Server planning is all about leaving room for the future. When choosing your rack mount, make sure to leave room for the hardware you will need to expand in the future. Unless office space is a serious concern, it’s better to have a half-empty server rack than to be forced to tear the whole thing down and redesign it the moment you need to expand.

Keep Servers Separate from the Main Area

Depending on what type of servers you are running, they can create quite a bit of noise. This coupled with the fact that they are comprised of valuable hardware means that you should do everything in your power to keep your servers physically separate from your working space. If you don’t have room for a server room, consider investing a little extra in a secure rack mount with built-in sound reduction.

Never Skimp on Cooling

Even when your business first opens its doors, server cooling is a crucial consideration. These computers are designed to work at peak capacity and need optimal conditions to do so efficiently. Even if your equipment seems to be performing just fine, too much heat can drastically reduce its lifespan.

Make sure that your cooling solution operates outside the confines of your building’s infrastructure. If the central air gets shut off at night, or if your office experiences power outages, you need a cooling solution that switches over to backup power with your servers.

Keep Wiring Neatly Arranged

For anyone without hands-on experience with server hardware, the number of wires going into and out of your setup is shocking. Getting the whole mess organized isn’t just about cleanliness, it also affects the performance of your current setup and the viability of installing future upgrades. Any time you are installing, removing, or rearranging your server cables, check that everything is neatly labeled and safely grouped together.

Managing any type of hardware comes with dozens of important considerations, and that goes doubly so for servers. The best way to guarantee your IT investments are getting the care they require is by partnering with a managed IT services provider. To learn more about our services, give us a call today.

Use This 9-Step Checklist To Ensure Your Data Is Safe, Secure And Recoverable

Summer is upon us… Time for a stroll in the park…softball…fishing…a few rounds of golf…

Yet how could you possibly relax if some random bit of malware, software glitch or cyber-attack catches you off guard just as you’re walking out the door? A well-designed secure computer network gives you the confidence that “all systems are go,” whether you’re having fun in the sun, or just getting things done with your team.

Here’s a quick nine-step checklist we use to ensure that a company’s computer network, and the data for that business, is safe and secure from disruption, if not absolute devastation:

  1. A written recovery plan. Simply thinking through what needs to happen when things go south, and documenting it all IN ADVANCE, can go a long way toward getting your network back up and running quickly if it gets hacked, impacted by natural disaster or compromised by human error.
  2. Have a clear communication plan. What if your employees can’t access your office, e-mail or phone system? How will they communicate with you? Make sure your communications plan details every alternative, including MULTIPLE ways to stay in touch in the event of a disaster.
  3. Automate your data backups. THE #1 cause of data loss is human error. If your backup system depends on a human being always doing something right, it’s a recipe for disaster. Automate your backups wherever possible so they run like clockwork.
  4. Have redundant off-site backups. On-site backups are a good first step, but if they get flooded, burned or hacked along with your server, you’re out of luck. ALWAYS maintain a recent copy of your data off-site.
  5. Enable remote network access. Without remote access to your network, you and your staff won’t be able to keep working in the event that you can’t get into your office. To keep your business going, at the very minimum, you need a way for your IT specialist to quickly step in when needed.
  6. System images are critical. Storing your data off-site is a good first step. But if your system is compromised, the software and architecture that handles all that data MUST be restored for it to be useful. Imaging your server creates a replica of the original, saving you an enormous amount of time and energy in getting your network back in gear, should the need arise. Without it, you risk losing all your preferences, configurations, favorites and more.
  7. Maintain an up-to-date network “blueprint.” To rebuild all or part of your network, you’ll need a blueprint of the software, data, systems and hardware that comprise your company’s network. An IT professional can create this for you. It could save you a huge amount of time and money in the event your network needs to be restored.
  8. Don’t ignore routine maintenance. While fires, flooding and other natural disasters are always a risk, it’s ever more likely that you’ll have downtime due to a software or hardware glitch or cyber-attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Deteriorating hardware and corrupted software can wipe you out. Replace and update them as needed to steer clear of this threat.
  9. Test, Test, Test! If you’re going to go to the trouble of setting up a plan, at least make sure it works! An IT professional can check monthly to make sure your systems work properly and your data is secure. After all, the worst time to test your parachute is AFTER you jump out of the plane.

Contact us at 800-421-7151or info@wamsinc.com, or visit wamsinc.com to schedule our Disaster Recovery Audit FREE of charge. Contact us TODAY to get scheduled!

2017 IT: Where it’s been and Where it’s Headed

Although we are not even halfway through the year, the world of IT has already changed so much! The Internet of Things, CRM Intelligence, Artificial Intelligence, and Security have been the hottest topics of IT in 2017 thus far. We conducted a survey of more than 200 law firms in Southern California in order to determine the top priorities for IT projects this year as well as the major driving forces in IT spending/budget allocation for 2017. It has been forecasted that businesses and firms will move to a Hybrid Cloud Solution as the primary model, and although this projection is due to advancing security strategies, your best bet for protection will be determined by the training of your staff.

Computerworld’s Forecast 2017 Survey of 196 IT managers, directors, and executives determined that productivity, security and compliance, client satisfaction, new revenue streams, and maintenance of service were all top priorities of which companies were looking to gain from IT in 2017; each category’s importance was dispersed relatively evenly. We however saw a large shift in the response of the 200 law firms that we surveyed, in which security and compliance were the most important priority of what was expected from their 2017 IT strategies. For law firms, this comes as no surprise; security and compliance are top priorities in avoiding any sort of malpractice suit because your clients’ data is precious and valuable. There is a clear pattern as to why security is such a strong concern, especially when adopting new solutions.

The Internet of Things

There has been so much hype around the “Internet of Things” in tech blogs lately, but what exactly is it? The Internet of Things (or IoT, for short) refers to a network of physical objects that feature an IP address of internet connectivity, as well as the communication that occurs between these objects and other internet-enabled devices and systems. Many homes are set up with smart thermostats, security systems, and lighting systems that are all controlled by a mobile device; this is an internet of things. Although currently only 12% of IT managers are actively pursuing an IoT project, it is projected to be more prevalent in the workplace in the near future.

IoT trends are forecasted to move toward more standardized solutions and a more rapid adoption in the consumer market as IoT solutions become more viable. The IoT provides real-time data analytics to the manufacturers of these products and solutions in order to better assess necessary changes based on consumer behavior; this is great for you as a consumer to enjoy a better experience but also has caused some to be leery about utilization of these solutions. It is predicted that as the IoT grows, so will cybercriminals’ attempts to target and compromise your solutions. This should not keep you from enjoying the benefits of an IoT solution, but this does mean that you need to ensure that it is being executed safely, because as attack attempts increase, so will security standards for IoT devices. Such a solution in your workplace may include turning on a light in your break room before you enter it, or having your coffee made before you leave your desk to retrieve it; these may be little things, but they can actually increase productivity and efficiency in the workplace.

CRM Intelligence

For law firms specifically, 2017 has forecasted a major increase of CRM (Customer Relationship Management) solutions. For those unfamiliar, at its core a CRM application maintains categorized lists of clients, prospects, and other important contacts. For each one it stores addresses, phone numbers, e-mail addresses, legal needs, and interactions with you, plus a wealth of biographical information. The applications track your interactions with clients and prospects, personalizing your communications. The key features that a law firm should expect from a CRM solution include task management, campaign and case management, contact management, lead management, and marketing automation. Additional benefits include mass email, strengthened relationships with clients, remote access, and social media integration.

The biggest trends we are seeing in 2017 include real-time hyper targeting, AI powered bots, multi-channel capabilities for social media, and most importantly, more platforms tailored to your specific job function. Do your research to ensure that you choose the solution that is best tailored to your needs. Capterra’s list is a great place to start.

Hybrid Cloud

Whenever the term “Cloud Solution” comes to mind for law firms, the biggest questions encompass security and compliance, as well as the ability to keep using your legacy software. When implemented correctly, firms often get to enjoy not only a more secure, but also more flexible solution. With a hybrid solution, your data and backups are stored off-site, so if anything happens to your network you are covered and able to restore your backup. In a hybrid cloud solution, you truly get the best of both worlds, and often benefit from cost savings as well, since you aren’t paying for all those expensive servers.

You may be afraid to make the leap to a solution involving the Cloud, but what many fail to realize is that if you do any banking online, use Office 365, or use social media for business, you already are operating in the cloud. As with any solution, there are risks associated with Hybrid Cloud solutions. You must ensure that your data  is protected and can be recovered easily by having redundancy. Your provider must have and honor a service-level agreement ensuring uptime and security on their solution.. We implement Cloud and Hybrid Cloud solutions at WAMS for our clients. Security is our top priority and we provide for all of our Cloud Connect clients a detailed service agreement..

Artificial Intelligence

The three largest categories of Artificial Intelligence breaking out in 2017 are Advanced Machine Learning, Business Intelligence, and, probably the most Sci-Fi of them all, Virtual Personal Assistants (VPAs). Advanced Machine Learning, in the field of data analytics, is a method used to devise complex models and algorithms that lend themselves to prediction. Business intelligence, or BI, is a term used to describe software applications that analyze an organizations raw data and related activities including data mining, online analytical processing, querying, and reporting. Business intelligence is useful for areas of your business such as monitoring your staff’s online activity to ensure productivity and security. Advanced Machine learning takes BI a step further and basically creates algorithms to analyze data and helps you to make predictions based on patterns.

When you think of a virtual personal assistant, you may be thinking of something out of a movie. The realistic VPAs of this time would be more like Siri or Alexa, which have become the norm for many people. It is however, predicted that more and more businesses will use virtual assistants to greet you, such as at an airport or at a front desk, and some can even communicate with you in various ways. On a business level, it has been projected that Artificial Intelligence will be used this year to automate processes, better organize unstructured data, create chatbots for marketing and customer service, and make business predictions through machine learning. On the consumer level it is predicted that “smart” everything will become the norm.

There are pros and cons to utilizing artificial intelligence, and it is important to be aware of when it is appropriate. Error free processing, intricate process automation, faster data insights, and better research outcomes are all pros of using artificial intelligence in the workplace. The cons that you may face are the fact that it is never good to rely solely on technology and we have seen a predicted threaten of job losses and over concentration of power due to the small amount of people that are creating these solutions. The ultimate pro and con of artificial intelligence is that it is smart, but isn’t too smart just yet.

Security

When considering the implementation of all of these new solutions and technologies, the number one focus should always be security. Staff awareness and training to combat cybersecurity threats is vital to your firm’s success. The ransomware industry is becoming an industry of its own, with its own customer support and cybercrime products popping up left and right. It has also been forecasted that cybercriminals will exploit browsers to find better ways to attack individuals, and there has even been talks of a twenty four hour internet shut down. This is why it is vital to protect yourself, have backups in place that you could restore data before it was compromised, and properly train your staff on awareness. Whether you want to implement an IoT solution, are ready to implement a CRM , think it may be time to move to the Cloud, or want to use artificial intelligence to better monitor your team, do your due-diligence by researching and always ensure that any of these solutions are secure.

3 Reasons Why Security is Better in the Cloud

If small- and medium-sized businesses think cyber security is impossible to manage now, just think about what it was like before the internet provided a way to receive IT support remotely. In today’s business landscape, enterprise-level solutions and security can be delivered from almost anywhere in the world. Read on to find out why that’s even safer than you realize.

Hands-on Management

Unless you have an overinflated budget, relying on local copies of data and software means IT staff are forced to spread themselves across a bevy of different technologies. For example, one or two in-house tech support employees can’t become experts in one service or solution without sacrificing others. If they focus on just cybersecurity, the quality of hardware maintenance and helpdesk service are going to take a nosedive.

However, Cloud Service Providers (CSPs) benefit from economies of scale. CSPs maintain tens, sometimes thousands, of servers and can hire technicians who specialize in every subset of cloud technology.

Fewer Vulnerabilities

Cloud security isn’t only superior because more technicians are watching over servers. When all the facets of your business’s IT are in one place, the vulnerabilities associated with each technology get mixed together to drastically increase your risk exposure.

For example, a server sitting on the same network as workstations could be compromised by an employee downloading malware. And this exposure extends to physical security as well. The more employees you have who aren’t trained in cyber security, the more likely it is that one of them will leave a server room unlocked or unsecured.

CSPs exist solely to provide their clients with cloud services. There are no untrained employees and there are significantly fewer access points to the network.

Business Continuity

The same technology that allows you to access data from anywhere in the world also allows you to erect a wall between your local network and your data backups. Most modern iterations of malware are programmed to aggressively replicate themselves, and the best way to combat this is by quarantining your backups in the cloud. This is commonly referred to as data redundancy in the cybersecurity world, and nowhere is it as easy to achieve as in the cloud.

The cloud doesn’t only keep your data safe from the spread of malware, it also keeps data safe from natural and manmade disasters. When data is stored in the cloud, employees will still have access to it in the event that your local workstations or servers go down.

The cloud has come a long way over the years. It’s not just the security that has gotten better; customized software, platforms and half a dozen other services can be delivered via the cloud. Whatever it is you need, we can secure and manage it for you. Call us today at 800-421-7151.

Tips on Prolonging Laptop Battery Life

Certain laptop brands have longer battery lives than others. But, there are power-saving techniques that help preserve battery power regardless of brand. Laptops are most useful to businesses with remote work policies, and if you spend the majority of your working hours on one, these tips on prolonging your its battery life will come in handy.

Manage Your Laptop’s Power Settings

Computer manufacturers are aware that battery life is an important consideration for most users, which is why many Windows and Apple computers have settings that help reduce battery consumption. Windows laptops have a Power Plan setting that lets you choose either a standard setting or a customized power plan; Energy Saver under MacOS’ ‘System Preferences’ offers a setting that allows you to adjust display and sleep controls.

Adjust Display and System Settings

You can also make adjustments to your laptop’s display and system settings to reduce brightness, turn off screensaver, disable Bluetooth and Wi-Fi (when they’re not used), and trigger the system to hibernate instead of sleep. A “sleeping” laptop consumes a little energy, but a “hibernating” laptop consumes absolutely none.

Use a Battery Monitor and Other Maintenance Tools

If you think your laptop battery drains unusually fast, access your system’s battery maintenance tool to check its status. If your laptop doesn’t have one, you can download an application that creates a battery health report. That report will include charge cycle count, which determines the number of charge cycles your laptop has; and battery life estimate, which states how much longer the battery will provide power based on its current settings.

Keep Your Laptop Operating Efficiently

One way to accomplish this is by managing your web browser usage. Having many tabs open on your browser drains your battery’s power and reduces your productivity.  When multitasking, close unused apps and programs – especially those that download files or play media, as they consume the most power. This not only helps reduce battery consumption, but also helps the user stay focused on the task at hand.

Handle your Laptop with Care

Laptops are delicate and require safe handling and a cool temperature. With the exception of a few models (e.g., Apple’s MacBook Air), many devices are designed with a cooling system that keeps its CPU, graphics processor, and other components from overheating; and not to mention, its battery from depleting fast.

For that reason, handling your laptop with great care ensures longer battery life and better overall performance. When using your laptop on-the-go, make sure you don’t block its vents from circulating air, which means you should never put it on a surface such as a bed or similar soft surface that could prevent its cooling fans from working. And while it may seem harmless – and appropriate – putting your laptop on your lap is actually unsafe.

For businesses with remote workers and/or bring your own device (BYOD) policies, a laptop that lasts all day allows employees to be more productive and saves your company from having to spend on new laptops or replace batteries as a result of neglect. For cost-effective strategies on business technology, call us today at 800-421-7151.

Homographs: The Newest Trend in Phishing

So much of cybersecurity depends on adequate awareness from users. Phishing for example, preys on people’s fears and desires to convince them to click on hyperlink images and text before checking where they actually lead to. However, with the latest trend in phishing, even the most cautious users can get swept up. Read on to educate yourself on how to avoid this dangerous scam.

What are Homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How Does This Lead to Phishing Attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The Solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today at 800-421-7151.

When Did You Last Update Your Firmware?

Most IT consultants constantly remind clients of how important it is to update and patch their software, but neglect the importance of updating hardware. We don’t mean replacing it with new hardware; we mean updating the applications and settings coded into the physical IT powering every modern office.

What is Firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is Firmware Security so Important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How Do I Protect Myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a D-Link or Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today at 800-421-7151.

Back Up your Mobile Devices Now

Mobile phones’ sizes and styles went through massive changes in the last few years. And as their looks and dimensions changed, so did their functions. With better capacity and bigger storage, mobile phones turned into veritable mini-computers that businesses were quick to adopt as a vital office tool. Naturally, hackers got the memo. With new schemes targeted specifically towards mobile devices, you’d be well served backing up the files in your mobile device, now.

Malware On Mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device Disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup Options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

6 Ways To Dodge A Data Disaster

You stride into the office early one Monday morning. You grab a cup of coffee, flip on your computer and start checking e-mail…

A note pops up that rivets your attention:

“Your files have been encrypted. Send $5,000 within five days or they will all be destroyed.”

You start sweating as your throat constricts and your chest tightens. Sure enough, every time you try to open a document, the same message appears. Your phone rings. It’s Bob in accounting, and he’s having the same problem. All files across your entire network have been encrypted. You contact the local police. They suggest you call the FBI. The FBI says they can’t help you. What do you do next?

  1. You pay the five grand, desperately hoping you’ll get your data back, or…
  2. You calmly call your IT pro, who says, “No problem, your backups are all current. No files were lost. Everything will be restored by noon, if not sooner.”

If your answer is “b,” you breathe a sigh of relief and get back to work as your backup plan kicks in…

Ransomware attacks are more common than ever, especially at smaller companies. That’s because small companies make easy marks for hackers. The average small business is much easier to hack than high-value, heavily fortified targets like banks and big corporations. According to Time magazine, cybersecurity experts estimate that several million attacks occur in the US alone every year. And that figure is climbing.

So how can you make sure you never have to sweat a ransomware attack or other data disaster? One sure solution is having a solid backup plan in place. When all your data and applications can be duplicated, you have plenty of options in the event of an attack. Here then are six ways to make sure you’re in good shape, no matter what happens to your current data:

Insist on regular, remote and redundant processes. A good rule of thumb is 3-2-1. That means three copies of your data are stored in two off-site locations and backed up at least once per day.

Guard against human error. Make sure people doing backups know exactly what to do. Take people out of the loop and automate wherever possible. And watch for situations where backups aren’t a part of someone’s regular duties.

Check backup software settings routinely. When new software or updates are put into service, a change in the way the settings are configured can cause incomplete backups, or backups that fail. Do the people who maintain your backups include this on their regular to-do list?

Make sure critical files aren’t getting left out. As resources are added and priorities shift, documents and folders can get misplaced or accidentally left off the backup list. Insist on a quarterly or annual meeting with your backup management team to make sure all mission-critical files are included in your organization’s data recovery systems.

Address network issues immediately. Any component in your network that isn’t working properly can introduce another point of failure in your backup process. Every juncture in your network, from a misconfigured switch to a flaky host bus adapter, can hurt your backups.

Ask for help with your data backup and recovery system. You cannot be expected to be an expert in all things. Yet data is the backbone of your business – its protection and recovery should not be left to chance. Leverage the knowledge, skill and experience of an expert who stays current with all the latest IT issues.

Data Recovery Review Reveals Backup System Vulnerabilities

Don’t let your company become yet another statistic. Just one ransomware attack can result in a serious financial blow if you’re not prepared. Visit wamsinc.com TODAY or call 800-421-7151 by April 30 for a FREE Data Recovery Review, ordinarily a $300 service. We’ll provide you with a complete on-site assessment of your current backup system to check for and safeguard against any gaps that could prove financially lethal to your business.

Why You Should Review Social Media Practices

With more and more social media platforms popping up all the time, it can be tough to keep track of social media policies and assess their effectiveness. However, if you fail to review them annually, your employees might get so obsessed with what’s trending on Twitter that they miss their deadlines. That would impact productivity and ultimately, your bottom line.

Avoid Legal Trouble
Do you remember Chipotle’s social media debacle in 2015? It lost a lawsuit for firing an employee that posted negative content on social media because it turned out that Chipotle’s social media policy violated federal labor laws. That’s why you should work with your legal team to keep your policies up to date: so they comply with the Federal Trade Commission and the National Labor Relations Board.

Protect Company Information
Social media policies can actually help safeguard sensitive data from hackers and cyber attacks, especially in a bring-your-own-device (BYOD) working environment. Employees must know the proprietary company information that must never be shared, as well as understand that confidential information – such as marketing tactics, non-public financials, and future product launches – are to be communicated only ‘internally.’ A good example is General Motor’s social media policy, which clearly spells out what can and can’t be disclosed to the public.

Define Which Kinds of Social Media Activities Aren’t Allowed
Although posting offensive or insensitive material on a company-branded social media page being is an obvious no-no, it still happens. For the people handling your company’s social media, what precautionary mechanisms are in place to avoid a public relations disaster? Are there rules for different platforms? Beyond that, however, is a lot of gray area when it comes to if and how employees will be held accountable for what they post on their personal profiles. When social media policies clearly outline how employees should behave online and the punishments that come with violating that agreement, you can deter rogue employee posts and avoid a viral fiasco.

Effective social media policies need to be fluid and responsive to the fast-paced modern business environment. Taking the time out to perform yearly social media policy reviews will save your employees a lot of confusion while helping your company steer clear of potential PR and legal nightmares. If you have further questions, don’t hesitate to send us an email or give us a call at 800-421-7151. We can direct you to software to help you monitor online activity.

Should Your Fear Government Surveillance?

Accusations of inappropriate government surveillance have been swirling after Wikileaks recently released thousands of pages supposedly detailing the CIA’s exploitation of compromised devices and applications. But in today’s climate, every headline needs to be taken with a grain of salt. Read on to find out what’s actually at stake and why you probably don’t need to worry.

What Devices and Apps are Supposedly Vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two Considerations before Freaking Out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering – and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS – surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today at 800-421-7151.

Malspam Campaign Personalizes Emails with Recipient’s Name and Address

A spam campaign is personalizing its emails with the recipient’s name and address so that more people will feel inclined to open the malicious attachment.

Sophos Labs has seen several versions of this scam pop up in recent weeks. But although the text differs across samples, all the emails generally follow the same format. The scam email includes the recipient’s first name in the salutation, their last name as the title of the attachment, and their physical address in the body of the message.

Here’s one example of the scam.

“Good day to you, [FIRST NAME]

I am disturbing you for a very important occasion. Though you don’t know me, but I have significant ammount of individual info about you. The fact is that, most probably mistakenly, the data your account has been emailed to me.

For instance, your address is:
[STREET ADDRESS] Borsetshire
ZZ99 3WZ

I am a lawful citizen, so I decided to personal details may have been hacked. I pinned the file – [LAST NAME].dot that I received, that you could view what data has become available for deceivers. Document password is – 3776.

Best regards,
[SENDER NAME] [sic]”

It’s not clear where the attackers obtain each recipient’s personal information. But considering the wealth of data breaches, it’s probable they purchased the data on an underground forum. They then could have used an automated tool to properly format the address based upon the recipient’s country of origin.

So what happens if the recipient clicks on the attachment?

Nothing too out of the ordinary. A Microsoft Word document opens and prompts the user to enter the password. It then asks them to “Enable Content”. If the user complies, the document tries two different web pages hosted on hacked servers and loads what appears to be a GIF file.

But as Sophos Labs senior security advisor Paul Ducklin explains in a blog post, there’s more to this file than meets the eye:

“In fact, the GIF file has just 10 bytes of valid header data, followed by a 256-byte decryption key, followed by about 0.5MB of binary data scrambled by XORing it with the decryption key repeated over and over. (This is known as a Vigenère cipher, named after a cryptographer from the 1500s who didn’t actually invent it.)

“The GIF header makes the file look innocent, even though it won’t display as an image, and the Vigenère scrambling means that the suspicious parts of the file aren’t obvious.”

At that point, the malicious code embedded in the Word document initiates a decryption process of the executable and saves it to the Temp folder. When Sophos Labs tested this attack vector, malware known as Troj/Agent-AURH infected their computer. The trojan enlisted their machine into a botnet and then awaited further instructions from its command and control (C&C) server.

This is not the first scam of its kind. We’ve seen other personalized campaigns targeting users in the UK and Germany. Those emails infected recipients with Maktub Locker ransomware and a banking trojan named Nymaim.B, respectively.

To defend against these types of scams, users should avoid clicking on suspicious links and email attachments. They should also not click on an attachment just because the email contains their personal information. Rather, they should generally assume someone gained their information from a data breach. They should therefore monitor their accounts for any signs that are indicative of fraud. If they believe the scam emails are more targeted in nature, they should report the attacks to law enforcement.

These are important online behaviors to keep your staff trained on. For more information on email security and training for best online practices, call us today at 800-421-7151.

As read on TripWire, article by David Bisson

Check Out this List of Free Ransomware Decryptors

We’ve gotten so caught up discussing ransomware prevention with our clients that we’ve neglected to mention that several strains have already been defeated. In fact, there’s a decent chance you can actually decrypt all your data for free. Always make sure to check these lists before responding to a cyber attacker’s demands.

The State of Ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.

In 2015, the FBI estimated that ransomware attacks cost victims $24 million, but in the first three months of 2016 it had already racked up more than $209 million. At the beginning of 2017, more than 10% of all malware infections were some version of ransomware.

Zombie Ransomware is Easy to Defeat

Not every type of infection is targeted to individual organizations. Some infections may happen as a result of self-propagating ransomware strains, while others might come from cyber attackers who are hoping targets are so scared that they pay up before doing any research on how dated the strain is.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

Kaspersky Lab’s No Ransom list
Avast’s free decryption tools
Trend Micro’s Ransomware File Decryptor
Fightransomware.com’s Breaking Free list
Prevention

But even when you can get your data back for free, getting hit with malware is no walk in the park. There are essentially three basic approaches to preventing ransomware. First, train your employees about what they should and shouldn’t be opening when browsing the web and checking email.

Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.

Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. If you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting against a never-ending stream of cyber attacks – hand it over to us and be done with it. Call today to find out more:800-421-7151.

Which Type of Firewall is Right for You?

Software solutions are almost always more user-friendly than hardware solutions. There’s no need to worry about cabling, firmware, and power consumption. But when it comes to firewalls, a software solution just can’t measure up to its hardware counterpart. Make sure you have all the facts before deciding which is right for you.

Software firewalls

Calling a piece of software a “firewall” is a bit of an exaggeration. Installing it on a local hard drive is more like locks on a door than impenetrable walls. When data is scanned for threats by a software firewall, the information it contains has already been passed through your router, network switch, and finally your local hard drive.

Once the whole cycle has finished, software firewalls can prohibit risky activities based on blacklisted IP addresses, known malware definitions, and suspicious application requests.

Although these solutions do have value, they can’t guarantee that malware won’t spread to other systems before each packet of data can be scanned, unless they’re standing guard at your business’s gateway to the internet. And whenever the computer with the firewall is powered off, everything it protects is left unguarded.

Hardware firewalls

Because the drawbacks of a software-based firewall are centered around their inefficient network position, a hardware solution is the safer option. Hardware firewalls sit directly behind your router, so every single packet of data coming from the internet must pass through your gatekeeper before landing on any of your internal drives.

Most of these solutions include far more sophisticated controls than just web filtering and basic data scanning. Like most developments in the IT industry, newer hardware firewalls focus on “intelligent” functions that analyze huge datasets to recognize malware and cyberattacks based on irregular activities instead of relying solely on cataloged viruses and attack vectors.

Another benefit of hardware firewalls is that they’re always on. There’s no need to worry about whether the workstation hosting your solution will crash because these devices are built for 24/7 protection. The only downside to this type of solution is the level of monitoring and maintenance it requires. Hardware firewalls are extremely complex and managing them is no easy task.

“Cloud” firewalls

The most recent, and undoubtedly best, solution to network perimeter security are “cloud” firewalls. These are on-site pieces of hardware with software interfaces that can be managed remotely by certified security professionals.

This service model means that experts will monitor your network performance and security for anomalies while your team goes about its business as usual. No need for onsite tweaks and updates — all of it can be done remotely.

You may hear a lot of experts telling you that the age of on-site hardware has passed and everything can be done in the cloud. Remote administration may be the next wave in network services, but the need for hardware will never go away. If you need someone to manage your physical devices, contact us today.

Selecting the Perfect Office 365 Plan

Office 365 Business, Business Premium, Enterprise E1, E3, and E5. Each of these Office 365 plans offer different features and services. Implement the wrong one, and you may end up with a solution that doesn’t fully meet your company’s needs. To help your business select the right Office 365 license, we’ve summarized and listed the different features of each plan.

Business or Enterprise?

If you’re running a cloud-first business, you’ll have to decide between Office 365 Business and Enterprise. Both may have access to Office Online and OneDrive, but there are some notable differences between the plan.

For one, Office 365 Enterprise E3 and E5 plans have unlimited archive and mail storage space, while Business plans have a 50-GB storage limit and don’t provide archive access from the Outlook client.

When it comes to SharePoint, Business plans are short on enterprise search, Excel services, and Visio features. Additionally, unified communication solutions, Power BI, and Delve analytics are also missing from the Office 365 Business offering.

Although it may seem like Enterprise subscriptions are superior — and in some ways they are — Business plans are perfect for smaller companies running on a tight budget. Office 365 Business and Business Premium cost $10 and $15 per user per month respectively, while E5, the biggest Enterprise plan, costs $35 per user per month.

As a general rule, start looking for Enterprise plans when your employee headcount exceeds 50 people and users require more storage space and solutions.

E1, E3, or E5?
If you do opt for Office 365 Enterprise plans, you’ll have to examine the features and choose one of three plans (E1, E3, and E5) that suits your needs.

E1 offers basic enterprise solutions such as Outlook and Word, OneNote, PowerPoint, and Excel online for only $8 per user per month. Apart from this, users also get access to SharePoint Team sites, video conferencing, and Yammer for enterprise social media.

E3 provides all E1 features and adds data loss prevention, rights management, and encryption to ensure business security and compliance. While E5 is a full enterprise-grade solution with all the aforementioned features plus analytics tools, advanced threat protection, flexible Skype for Business conferencing, and unified communication solutions.

Small- and medium-sized enterprises will usually select either E1 or E3 subscriptions and decide to add third-party applications to meet cloud security and VoIP demands. But if you have the resources and prefer a fully-managed suite of Microsoft applications, E5 plans are the way to go.

Migrating to an Office 365 platform is a big step, and if you’re still undecided about which plan to opt for, contact us today at 800-421-7151. We don’t just provide Office 365, we assess your business and find the best solution that meets your budget and objectives.

“What do you mean I’m not safe from All Ransomware Attacks?!”

If your IT provider is anything like WAMS, then they do everything in their power to
protect you from all types of viruses, malware, and ransomware out there. Chances are that you
are paying accordingly for your protection and are getting sound advice from your provider. So
how is it that your IT provider cannot protect you from all attacks? After all, they should know
everything shouldn’t they?

We aren’t going to sugar coat things here… the truth is, we don’t and we can’t. But, we
can keep you as safe as possible. It’s unfortunate the way the ransomware industry, yes,
industry, is growing and changing today. Recently cybercrime has evolved into a full blown
industry; who would have thought that Ransomware as a Service would become a thing?
Criminals are getting smarter and constantly learning ways to get past what used to be viewed
as everything-proof security. The ones creating malware these days are just as brilliant as your
security solution experts; they have simply chosen the dark side of IT. It’s definitely a scary
thought, which is exactly why you need to equip yourself with as much security and protection
as is available to you.

Try to think of it this way: your IT provider in many ways is to your network system what
your doctor is to you. You visit your doctor when you are ill and come up with a solution for how
you will recover; what kind of treatment you will be needing. Most people also have regular
checkups with their physician even when they feel healthy just to ensure that everything is going
smoothly. Your doctor offers many preventative solutions as well, such as vitamins, diet,
exercise, and vaccinations. Your doctor is the expert, and yet even when following directions,
you still occasionally catch something. There are two aspects that your doctor cannot control
that can cause you to become ill: the environment and your actions. We all know that you have
minimal control over the environment; more importantly, your doctor can make
recommendations over and over yet without proper execution you are at a higher risk. Be it the
flu, a cold, a hereditary illness, etc. Try to think of your IT provider in the same way. Your
systems are monitored, updates are constantly implemented, and they protect you to the best of
their abilities. Your IT providers are the experts, but sometimes there are attacks that have
evolved; brilliant culprits who have figured out how to get past even the most up-to-date security
settings. And without proper security training, your staff may be your biggest risk factor for
allowing these infections to occur. Undoubtedly, a solution to fight and/or prevent these attacks
will be found quickly in most cases; that doesn’t mean that you may not be vulnerable. Like your
body to illnesses, there is always something out there that will present as a threat to your
system.

If your IT provider doesn’t have all the answers, then what are you to do? The reality is
that nobody truly has all of the answers; and probably never will. The best strategy is to plan for
the worst and have steps in place to limit the negative impact. We can stay up to date in every
way possible, follow every IT security blog, and do everything in our power to stay updated and
ahead of the game on the latest attacks. The problem is that much like real-life illnesses,
ransomware is changing and evolving rapidly. When new ones begin to attack, there may not be
a set solution for neither prevention nor destruction, other than wiping your system and restoring
from a backup. However, below is WAMS’s prescription on the many ways that you can prevent
yourself from future attacks.

1. Stay updated.
Work with an IT provider that keeps you in the know on the latest updates
regarding major attacks and security breaches. For instance, WAMS posts vital information
on social media, to blogs, and sends out a WAMS Warning email any time there is a culprit
on the rise or a security issue coming forward.

2. Work with an IT provider that you know you can trust.
Why is this so important? Your
provider will make recommendations based on your system’s needs. You need to feel
excellent about the recommendations you receive from your provider, and more importantly,
be 110% confident that it is in your best interest to implement those recommendations if you
want your best chance at avoiding ransomware attacks.

3. Know that you are compliant
with all necessary data security obligations. It is important to
know that you are HIPAA, SEC, FERPA, FTC, and ITAR compliant in your security and data
storage. You also may be subject to the Payment Card Industry Data Security Standards as
well.

4. Have redundant backups in place.
We truly cannot stress enough to you just how
important this is. If you do not have a redundant backup system in place and you are hit with
ransomware, you cannot retrieve your data unless you pay for the decryption key. The
number one problem with ransomware is that no matter how hard even the most brilliant of
IT providers try, decrypting ransomware without a key is completely unheard of. We’d like to
wave our magic wands and rid you of these nasty infections, but that’s not an industry
possibility… yet.

5. Email security. At WAMS, we implement Mimecast’s solutions not only for our clients but
internally as well because we know that we are protected from multiple different types of
attacks. Our solutions provide security, archiving, continuity, malicious Url defense,
attachment sandboxing, data leak prevention, and email encryption.

6. Mandatory security training
for your staff. We can’t control everything out there affecting
your network, but we can provide your team with security training and assist you in putting
together policies that will keep your network safe.

We can’t stress enough to you that this “prescription” is a list of steps for your best shot
at protecting yourself and avoiding future hits. Never underestimate the power that you give
criminals when you do not take the necessary precautions and allow yourself to be vulnerable. It
is vital that you are just as careful about the health of your network as you are about your own
health. Let your IT provider be your network doctor, and allow them to keep your system healthy.

“Lucky Charm” Keeps Hackers Out

Ralph’s been a good employee for you. Shows up on time. Gets the job done. Doesn’t hassle anybody.

He’s also a porn addict. When nobody’s looking, he’s visiting sites – on your network – that you’d be appalled to see. IF…you knew about them. Without careful monitoring and filtering, this kind of Internet use on your network can remain hidden.

Shocking? Hard to believe it could happen at your company? A survey by International Data Corporation (IDC) revealed that 70% of all web traffic to Internet pornography sites occurs during the work hours of 9 a.m. to 5 p.m. Ralph’s little visits may seem harmless, but they’re adding a serious level of risk to the financial health and security of your company.

Here’s how. A visit to an adult website can be tracked. And if a logged-in user’s identity is leaked, it can be embarrassing, to say the least, to that user. The user may even become a victim of “sextortion” or blackmail. Just ask any of the people who used Ashley Madison, a dating site for illicit affairs. When the site was hacked, users were suddenly at risk of having their indiscretions revealed. This gives cybercriminals a powerful lever to pressure an employee into revealing sensitive company data. Considering that 60% of security breaches start from within the company, you have to wonder what someone at risk of being exposed might do to keep their little secret, well…secret.

Let’s face it, if you’re not carefully monitoring and managing how your network is being used, your company’s data could be in serious jeopardy.

Content Filtering In Today’s Web 2.0 World
Whether you’re already monitoring user activity on your network or not, you need to stay vigilant about evolving risks. And content filtering is key. If your business is like many, you may already be doing some filtering. But is it enough? As technology evolves, hackers drum up ever stealthier ways to invade your network.

Cloud-based filtering, for example, becomes a must when mobile devices tap into your network. The old concept of a static, location-based “firewall” just doesn’t cut it anymore when your staff goes mobile.

Then there’s social media. It’s like a big window into the personal lives of your personnel. It lets cybercriminals “case the joint” before breaking in. For instance, when users log in to a personal Facebook account at work and talk about vacations, favorite hangouts or weekend activities, hackers can use that information for social engineering and other ploys.

The number of ways your network is exposed to potentially damaging content grows daily. It’s no wonder that 90% of companies and government agencies surveyed by IDC detected computer security breaches within the previous 12 months. Eighty percent of those organizations acknowledged financial losses due to these breaches. With odds like that against you, an up-to-date content filtering system could well be THE “Lucky Charm” that keeps your company, and your data, safe from all kinds of harm.

Fileless Malware is Back; Are You at Risk?!

How many times have you read a shocking headline, only to find the attached article incredibly underwhelming? Over the last several weeks headlines decrying the threat of “fileless malware” have been everywhere, but the truth is a little less scary. Let’s take a look at what’s really going on and who’s actually at risk.

What is This New Threat?

To oversimplify the matter, fileless malware is stored somewhere other than a hard drive. For example, with some incredibly talented programming, a piece of malware could be stored in your Random Access Memory (RAM).

RAM is a type of temporary memory used only by applications that are running, which means antivirus software never scans it on account of its temporary nature. This makes fileless malware incredibly hard to detect.

This isn’t the First Time it’s Been Detected

Industry-leading cyber security firm Kaspersky Lab first discovered a type of fileless malware on its very own network almost two years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

Where is it now?

Apparently being infected by this strain of malware makes you an expert because Kaspersky Lab was the group that uncovered over 140 infections across 40 different countries. Almost every instance of the fileless malware was found in financial institutions and worked towards obtaining login credentials. In the worst cases, infections had already gleaned enough information to allow cyber attackers to withdraw undisclosed sums of cash from ATMs.

Am I at risk?

It is extremely unlikely your business would have been targeted in the earliest stages of this particular strain of malware. Whoever created this program is after cold hard cash. Not ransoms, not valuable data, and not destruction. Unless your network directly handles the transfer of cash assets, you’re fine.

If you want to be extra careful, employ solutions that analyze trends in behavior. When hackers acquire login information, they usually test it out at odd hours and any intrusion prevention system should be able to recognize the attempt as dubious.

Should I Worry About the Future?

The answer is a bit of a mixed bag. Cybersecurity requires constant attention and education, but it’s not something you can just jump into. What you should do is hire a managed services provider that promises 24/7 network monitoring and up-to-the-minute patches and software updates – like us. Call today at 800-421-7151 to get started.

Be the First to Enjoy New Office Apps

Microsoft churns out new Office 365 features for users almost every month. Last year, there were several additions to Word, Excel, and PowerPoint that further enhanced user experience. This year, Microsoft will likely introduce new features that can benefit businesses. If you want to stay on top of new Microsoft features and experience these advantages yourself, then the Office Insider program is for you.

Early access
Similar to the Windows 10 Insider program, the Office Insider program grants users early access to new features, security updates, and bug fixes months before they are available for the general public. Office Insider is available on two levels: the fast ring, where updates are rolled out more frequently but tend to have more issues, and the slow ring, where features are released slower but have little to no software bugs.

The features you have to look forward to include:

Calendar.help – When you sign up for the Office Insider Program you are immediately eligible to beta test Calendar.help, a machine learning feature that uses Cortana to schedule important calls, meetings, and events. When you need to set up an appointment over email, you can simply list your contact, add Cortana to the Cc: line, and state your meeting preferences.
Outlook – In January 30, Microsoft has increased Outlook 2016’s collaboration options. Insider subscribers can upload locally saved email attachments to OneDrive and collaborate with other employees.
Surface Pen – Surface device users in the Insider program can resize, rotate, and move objects in Word, Excel, and PowerPoint with the Surface Pen.
Competitive advantage
Because you’re getting early access to new applications, you’ll have more experience with the features compared to companies who wait for the general availability update. For example, you can test updates like PowerApps — a feature that allows businesses to create software without knowing how to code — and decide whether it’s right for your company months before other general users have worked with the product.

In other words, when your business can access and take advantage of Office 365 Insider features early, you’re essentially setting your company ahead of the competition since ‘late’ adopters will need to spend time getting acquainted with the new patch.

Feedback
The final benefit of the Office Insider program is that you get to voice your opinion on the upcoming features, raise awareness to certain software issues, and provide ideas on how Microsoft can make things better.

Overall, enrolling in the Office Insider program can open up your company to a wide variety of productivity-boosting features. The only question you have to ask yourself now is: Do I want to be at the bleeding edge of tech innovations?

Contact us today to find out how you can get on the inside and know the latest in Office updates.

3 Common Mistake in Virtualized Networks

Data storage may be one of the easiest facets of virtualization to explain, but that doesn’t make it immune to problems arising from confusion. There are a few things that can cause virtualized data storage to underperform, and most of them can be easily fixed by technicians who know their stuff. Read on to find out whether you might have fallen for one of these mistakes.

Poorly structured storage from the get go

Within a virtualized data storage framework, information is grouped into tiers based on how quickly that information needs to be accessible when requested. The fastest drives on the market are still very expensive, and most networks will have to organize data into three different tiers to avoid breaking the bank.

For example, archived or redundant data probably doesn’t need to be on the fastest drive you have, but images on your eCommerce website should get the highest priority if you want customers to have a good experience.

Without a virtualization expert on hand, organizing this data could quickly go off the rails. Ask your IT service provider to see a diagram of where your various data types are stored and how those connect to the software-defined drive at the hub of your solution. If there are too many relays for your server to pass through, it’ll be a slower solution than the non-virtualized alternatives.

Inadequately maintained virtualized storage

How long will your intended design last? Companies evolve and expand in short periods of time, and your infrastructure may look completely different months later. Virtualized data storage requires frequent revisions and updates to perform optimally.

Whoever is in charge of your virtualization solution needs to have intimate knowledge of how data is being accessed. If you’re using virtual machines to access your database and move things around, they need to be precisely arranged to make sure you don’t have 10 workstations trying to access information from the same gateway while five other lanes sit unoccupied.

Incorrect application placement

In addition to watching how your data is accessed as the system shifts and grows, administrators also need to keep a close eye on the non-human components with access to the system. Virtualized applications that access your database may suffer from connectivity problems, but how would you know?

The application won’t alert you, and employees can’t be expected to report every time the network seems slow. Your virtualization expert needs to understand what those applications need to function and how to monitor them closely as time goes on.

Deploying any type of virtualized IT within your business network is a commendable feat. However, the work doesn’t stop there. Without the fine-tuning of an experienced professional, you risk paying for little more than a fancy name. For the best virtualization advice in town, contact us today at 800-421-7151.

That Fake App Just Stole Your ID

Ryan loved tweaking photos on his Android phone.

He’d heard rave reviews from his friends with iPhones about Prisma, a new iOS app for image editing. So when he heard Prisma would soon be released for Android, he logged in to the Google Play Store to see if it was there yet.

To his surprise, he found one that looked just like what his friends were describing. Delighted, he downloaded and started using it. Meanwhile, the app (a fake) was busy installing a Trojan horse on his phone.

When he got to work the next day, he logged his phone into the company network as usual. The malware jumped from his phone to the network. Yet no one knew. Not yet, but that was about to change…

Now, this isn’t necessarily a true story (at least, not one we’ve heard of—yet…), but it absolutely could have been. And similar situations are unfolding as you read this. Yes, possibly even at your company…

Fake apps exploded onto iTunes and Google Play last November, just in time for holiday shopping. Apple “cleaned up” iTunes in an effort to quell users’ concerns, but hackers still find workarounds. Unfortunately, these fake apps pose a real threat to the security of your network. Especially if your company has anything but the strictest BYOD (bring your own device) policies in place. And the more your network’s users socialize and shop on their smartphones, the greater the risk of a damaging breach on your network.

Fake apps look just like real apps. They masquerade as apps from legitimate merchants of all stripes, from retail chains like Dollar Tree and Footlocker, to luxury purveyors such as Jimmy Choo and Christian Dior. Some of the more malicious apps give criminals access to confidential information on the victim’s device. Worse yet, they may install a Trojan horse on that device that can infect your company’s network next time the user logs in.

So what can you do?
First, keep yourself from being fooled. Anyone can easily be tricked unless you know what to look for. Take the following advice to heart and share it with your team:

Beware of Fake Apps!

In case you weren’t aware, one of the latest and most dangerous Internet scams is fake apps. Scammers create apps that look and behave like a real app from a legitimate store. These fake apps can infect your phone or tablet and steal confidential information, including bank account and credit card details. They may also secretly install on your device malicious code that can spread, including to your company network.

Take a moment and reflect on these five tips before downloading any app:
When in doubt, check it out. Ask other users before downloading it. Visit the store’s main website to see if it’s mentioned there. Find out from customer support if it’s the real McCoy.
If you do decide to download an app, first check reviews. Apps with few reviews or bad reviews are throwing down a red flag.
Never, EVER click a link in an e-mail to download an app. Get it from the retailer’s website, or from iTunes or Google Play.
Offer as little of your information as possible if you decide to use an app.
Think twice before linking your credit card to any app.

Most importantly, get professional help to keep your network safe. It really is a jungle out there. New cyberscams, malware and other types of network security threats are cropping up every day. You have more important things to do than to try and keep up with them all.

The Most “Bullet-Proof” Way To Keep Your Network Safe
Let’s not let your company become yet another statistic, hemorrhaging cash as a result of a destructive cyber-attack. Call WAMS TODAY at 800-421-7151, or e-mail me at alopp@wamsinc.com, and let’s make sure your systems are safe. We’ll provide you with a Cyber Security Risk Assessment to check for and safeguard against any points of entry for an attack.

How Can You Go From Reactive to Preventive IT?

Shopping around for a managed IT services provider is tough. You’re looking for a business to manage extremely complex and delicate technology, so they can’t be expected to get into the nitty gritty details of DNS-layer security, intrusion prevention systems, and encryption in their marketing content. But one thing does need clarification: What exactly are “proactive cyber-security” measures?

Understand the Threats You’re Facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate What It is You’re Protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a Baseline of Protection

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

Finalize a Plan

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
“Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.

Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
Antivirus software that specializes in the threats most common to your industry.
As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security by giving us a call for a demonstration at 800-421-7151.

Hyperconvergence Improves Virtualization

Don’t worry, we’ll keep this one simple. Virtualization is confusing enough, and hyperconvergence is one of the newest solutions within the field, making it even harder to grasp. The quick and easy summary is this: Hypconvergence is about virtualizing the hardware and software components required to deploy and manage databases and virtualized desktop infrastructures. Not simple enough? No problem, all we’re covering today is the great benefits you can achieve with this solution.

Using a hyperconvergence model to structure your network is very representative of the current trends in small- and medium-sized business technology. It’s about making enterprise-level solutions more accessible to those looking for a smaller scale. So although a lot of these benefits sound like the same points we argue for other technologies, let’s take a look at how they are unique to hyperconvergence.

Software-Centric Computing

It may not sound huge at first, but by packing everything you need into a single box, and wrapping that box with a flexible and adaptable management software, you empower your hardware infrastructure to receive more regular patches and updates. This makes it much easier to add more hardware later, or restructure what you’re currently using.

Unified Administration

Hyperconvergence consolidates a number of separate functions and services into one piece of technology. Whoever is managing your virtualization services can tweak storage, cloud, backup, and database settings and workloads from one place.

Streamlined Upgrading

Different hyperconvergence “boxes” come in different sizes and capabilities. So all it takes to scale up is buying another unit based on your forecasted needs. If you’re in a place where all you need is a little extra, purchase a smaller upgrade. But when you’re expecting rapid growth, a bigger box will ensure your IT can expand with your business.

Stronger Data Protections

Complexity is the achilles heel of most networked IT. When a small group of people are trying to stay on top of a mounting pile of account management settings, malware definitions, and data storage settings, it’s hard to keep constantly probing cyber-attackers from finding a security hole. But with a hyperconvergence infrastructure, your virtual machines aren’t built by bridging a series of third-party services together — it’s all one service.

Keep in mind that while hyperconvergence is simpler than most virtualization solutions, it’s not so simple as to be managed by in-house IT departments at more small- and medium-sized businesses. The benefit of a more unified virtualization solution when you already have a managed services provider is the speed at which your growth and evolution can be managed.

The better your technology, the faster we can make changes. And the faster we can accommodate your needs, the less downtime you experience. Call us today to find out more about a hyperconverged system.

4 Ways IoT Will Change the Game

From smart thermostats to wearable devices, the Internet of Things (IoT) has reinvented the ways both businesses and individuals connect. Many IT experts have even labeled IoT as a “game changer,” and while we’re usually skeptical of this term when it comes to new technology, IoT devices can open up your business to a multitude of possibilities. Here are four of them.

Improved Logistics
With IoT sensors, supply chain management and order fulfillment processes improve markedly to meet customer demand. For example, sensors on delivery containers and trucks in transit give managers real-time status updates, allowing them to track their items and ensure they reach the right location at the right time.

Streamlined Inventory
IoT also presents automation opportunities for businesses that need to manage and replenish their stock. When data recorded from IoT devices are tied to your enterprise resource planning (ERP) system, you can accurately monitor your inventory, analyze purchase and consumption rates of a particular product, and automatically reorder items when IoT sensors detect that supply is running low. This minimizes out-of-stock incidents and prevents excess stock build-up.

Fast Payment
Given how most payments are done electronically via point-of-sale systems or the internet, IoT has the potential to revolutionize the way businesses process transactions. We’re already seeing a few examples of this today as ApplePay not only allows users to purchase goods and services using smartphone applications, but through wearable technology as well.

Soon enough, IoT devices might even allow restaurants and retailers to register or charge their customers the moment they walk through the door.

Market insight
Businesses that can somehow make sense of IoT-collected data will gain a competitive edge. Marketers, for example, can gather valuable insight into how their products are used and which demographic is utilizing them the most. This information can then inform future marketing efforts and give businesses more direction on how to improve their products and services for their customers.

Although businesses will certainly face many challenges in implementing the Internet of Things, those who manage to overcome them will reap all the benefits of this burgeoning technology.

Want to know if an IoT deployment is right for your business? Contact our certified IT consultants today.

5 Reasons to Purchase CRM Software

Failure to understand your customers’ needs and wants could result in ill-informed marketing strategies. When your company can’t satisfy their demands, they’ll likely turn to your competitors instead. To prevent this, deploying a customer relationship management (CRM) system can make a world of difference. Here’s a handful of reasons to make the switch.

Grows With Your Business
The ol’ Rolodex may have been useful for managing a few clients, but you’re going to need a better solution if you plan to maintain relationships with hundreds, possibly thousands, more. CRM scales with your business, meaning it can handle larger data sets and more clients as you expand your sales operation.

Organizes Your Data
CRM software acts as a central database for all your sales records and transactions. This means important customer information can be retrieved in just a few clicks rather than rifling through thousands of documents, sticky-notes, and disorganized cabinets. And since CRM is hosted in the cloud, sales data, customer interactions, and other actionable information are available for the entire company.

Improves Customer Service
Your sales team could be the most persuasive individuals in the world, but this means nothing if they can’t recall anything about their clients and their preferences. When your sales staff follows up on leads or existing customers, CRM will automatically retrieve contact history, past purchases, and customer preferences from your client database and display them on a single page during the call.

From here, sales representatives, armed with detailed customer information, will be able to recommend products and services that meet the client’s needs. So instead of struggling through a sales call, marketing employees can focus on delivering a professional sales pitch.

Streamlines Your Sales Funnel
CRM comes equipped with workflow management functions, supporting your sales pipeline in a number of ways. For example, you can configure your CRM to send instant follow-up emails when a lead visits a particular product page. You can even use automation to track where certain leads are in the sales pipeline and delegate the task to one of your closers.

Analyzes Sales Data
With real-time sales information, business managers can track marketing campaigns and adjust their strategy accordingly. For instance, you might notice that click-through-rates for promotional emails and company newsletters are higher during Tuesday afternoon rather than Friday night. Having this information can help you focus your marketing efforts and message to generate more leads.

In addition, you can use CRM to analyze customer calling activity, market demographics, lead conversion rates, and key performance indicators to help inform future business decisions.

Understanding your customers can put you several steps ahead of the competition. If you need to manage contacts, eliminate time-consuming procedures, and improve your sales performance, CRM is the perfect business solution.

Email us today to find out whether CRM is the right fit for your business at info@wamsinc.com.

Chrome and Safari: Hackers’ Newest Tools

Filling out web forms often seems like an unbearably monotonous obstacle that gets in the way of online shopping, booking a plane ticket, and doing other types of online registration. With many of today’s transactions done online, people have become accustomed to relying on their browsers’ autofill function to save time. But being able to save time from manually filling in your information comes at a price, especially if you’re using Google Chrome, Safari, and Apple’s mobile-only Opera.

How Do They Do It?

By concealing other fields in a sign-up form, users are tricked into thinking they only have to fill out a few fields. The trickery at work is that upon auto-sign up, other fields, which could include your usernames, passwords, billing address, phone number, credit card number, cvv (the 3-digit code used to validate credit card transactions), and other sensitive information, are auto-filled with the user none the wiser.

This sinister trick is nothing new, but since there hasn’t been any countermeasure since it was first discovered, the threat it poses is worth emphasizing. Finnish whitehat hacker Viljami Kuosmanen recently brought to light how users of Chrome and Safari are particularly vulnerable, and he even came up with a demonstration of how this phishing technique is perpetrated. The technique is so sneaky, it’s enough to make one give up online shopping forever.

Using plugins such as password managers is also fraught with the security risk, as having access to such a utility empowers cyberthieves to do more than just obtain your credit card info; it opens them up to a great amount of personal details. As an alternative, we recommend using a secure software for passwords and usernames, such as LastPass of Dashline.

Preventing an Autofill-Related Theft: So what can you do to avoid falling prey?

Using Mozilla Firefox is one of the easiest available solutions. As of today, Mozilla hasn’t devised a mechanism that affords its users the same convenience that Chrome and Safari users enjoy with autofill. When filling web forms on Firefox, users still have to manually pre-fill each data field due to a lack of a multi-box autofill functionality – a blessing in disguise, given the potential for victimization in autofill-enabled browsers.

Another quick fix is disabling the autofill feature on your Chrome, Safari and Opera (for Apple mobile devices) browsers. This would mean that when filling out web forms, you’d have to manually type responses for every field again, but at least you’d be more secure.

It’s not exactly the most sophisticated form of online data and identity theft, but complacency can result in being victimized by cyber swindlers. Take the first step in ensuring your systems’ safety by getting in touch with our security experts today at 800-421-7151.

The Latest Apple Malware Takes Over Webcams

“The first…of the new year,” is often a coveted title – but not always. With a reputation as a hardware provider whose devices outshine its competitors in the field of cybersecurity, Apple certainly isn’t happy that “The first Apple malware of the new year,” was awarded so early on. We strongly believe in the safeguards installed on Mac computers, but that doesn’t mean you can justify a lax stance on cybersecurity. Take a closer look at this latest strain.

Where Did it Come From?

Dubbed ‘Fruitfly’ by the powers that be at Apple, it looks as though this relatively harmless malware has been hiding inside of OS X for several years. Fruitfly contains code that indicates it was adapted to move from a previous build of OS X to ‘Yosemite,’ which makes it at least three years old.

In fact, there are some lines of code from a library that hasn’t been used since 1998. It’s possible these were included to help hide Fruitfly, but experts have no idea how long it has been holed up inside the infected machines, or who created it.

What Does it Do?

So far, most of the instances of Fruitfly have been at biomedical research institutions. The administrators who discovered the malware explained that it seems to be written to grab screenshots and gain access to a computer’s webcam.

Considering the specific nature of its victims, and what it can accomplish, Fruitfly seems to be a targeted attack that won’t affect the majority of Mac users. However, Apple has yet to release a patch, and dealing with malware is not something to be put off for another day.

How should I Proceed?

We’re always harping on the importance of network monitoring, and now we finally have proof that we are right. Fruitfly was first discovered by an administrator that noticed abnormal outbound network traffic from an individual workstation. Until Apple releases a patch, a better-safe-than-sorry solution is to contact your IT provider about any possible irregularities in your network traffic.

We recommend these additional steps as well:
– Install a full-service internet security suite on your device and keep it updated.
– Keep all software up to date, as this helps to patch vulnerabilities in your software.
– Keep your firewall turned on.
– Never click on suspicious links or open suspicious emails.
– Don’t chat with strangers online.
– Lock down your wireless network with a strong, unique password.
– For maximum security, use a virtual private network for maximum security.

This particular malware targets apple products, but in the age of the Internet of Things it is vital to understand that hackers and malware are compromising webcams on all devices. Once the culprits are in your webcam, they can access anything that you have linked to your network. For additional advice and resources on how to keep your network secure, email us at info@wamsinc.com.

New Malware Tests Virtualization Security

One of the core principles of virtualized technology is the ability to quarantine cyber security threats easily. For the most part, vendors have been winning this security tug-of-war with hackers, but that may change with the resurrection of a long-dormant piece of malware that targets virtualized desktops. If your business employs any form of virtualization, learning more about this updated virus is critically important to the health of your technology.

What is It?

Back in 2012, a brand new virus called “Shamoon” was unleashed onto computers attached to the networks of oil and gas companies. Like something out of a Hollywood film, Shamoon locked down computers and displayed a burning American flag on the display while totally erasing anything stored on the local hard disk. The cybersecurity industry quickly got the virus under control, but not before it destroyed data on nearly 30,000 machines.

For years, Shamoon remained completely inactive – until a few months ago. During a period of rising popularity, virtualization vendors coded doorways into their software specifically designed to thwart Shamoon and similar viruses. But a recent announcement from Palo Alto Networks revealed that someone refurbished Shamoon to include a set of keys that allow it to bypass these doorways. With those safeguards overcome, the virus is free to cause the same damage it was designed to do four years ago.

Who is at Risk?

As of the Palo Alto Networks announcement, only networks using Huawei’s virtual desktop infrastructure management software are exposed. If your business uses one of those services, get in touch with your IT provider as soon as possible to address how you will protect yourself from Shamoon.

On a broader scale, this attack shows how virtualization’s popularity makes it vulnerable. Cyber attackers rarely write malware programs that go after unpopular or underutilized technology. The amount of effort just isn’t worth the pay off.

Headlines decrying the danger of Shamoon will be a siren call to hackers all over the globe to get in on the ground floor of this profitable trend. It happened for ransomware last year, and virtual machine viruses could very well turn out to be the top security threat of 2017.

How Can I Protect My Data?

There are several things you need to do to ensure the safety of your virtual desktops. Firstly, update your passwords frequently and make sure they’re sufficiently complex. Shamoon’s most recent attempt to infect workstations was made possible by default login credentials that had not been updated.

Secondly, install monitoring software to scan and analyze network activity for unusual behavior. Even if legitimate credentials are used across the board, accessing uncommon parts of the network at odd hours will sound an alarm and give administrators precious time to take a closer look at exactly what is happening.

Ultimately, businesses need virtualization experts on hand to protect and preserve desktop infrastructures. Thankfully, you have already found all the help you need. With our vast experience in all forms of virtualized computing, a quick phone call is the only thing between you and getting started. Call us today at 800-421-7151!

3 “Must-Do” IT Resolutions For 2017

“Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” That’s what The Evolution of Ransomware, a study by Mountain View, California-based cybersecurity firm Symantec, reported recently.

If you have any illusions that your company is safe from cyber-attack in 2017, consider just a few findings stated in a recent report by the Herjavec Group, a global information security firm:
-Every second, 12 people online become a victim of cybercrime, totaling more than 1 million victims around the world every day.
-Nearly half of all cyber-attacks globally last year were committed against small businesses.
-Ransomware attacks rose more than an astonishing 300% in 2016.
-The world’s cyber-attack surface will grow an order of magnitude larger between now and 2021.
-The US has declared a national emergency to deal with the cyberthreat.
-There is no effective law enforcement for financial cybercrime today.

Clearly, your company’s information and financial well-being are at greater risk than ever in 2017. You cannot count on the federal or state government or local police to protect your interests. That’s why we STRONGLY SUGGEST that you implement the following resolutions starting TODAY.

Resolution #1: Tune up your backup and recovery system. The #1 antidote to a ransomware attack is an up-to-date backup copy of all your data and software. Yet managing backups takes more than just storing a daily copy of your data. For one thing, if your business is at all typical, the amount of data you store grows by 35% or more PER YEAR. If your data management budget doesn’t expand likewise, expect trouble.

Resolution #2: Harness the power of the cloud — but watch your back. Huge productivity gains and reduced costs can be achieved by making full use of the cloud. Yet it’s a double-edged sword. Any oversight in security practices can lead to a breach. Here are two things you can do to harness the cloud safely:

– Determine which data matters. Some data sets are more crucial to your business than others. Prioritize what must be protected. Trying to protect everything can take focus and resources away from protecting data such as bank account information, customer data and information that must be handled with compliance and regulatory requirements in mind.

– Select cloud providers carefully. Cloud vendors know that data security is vital to your business and promote that fact. Yet not all cloud vendors are the same. You can’t control what happens to your data once it’s in the cloud, but you can control who’s managing it for you.

Resolution #3: Set and enforce a strict Mobile Device Policy. As BYOD becomes the norm, mobile devices open gaping holes in your network’s defenses. Don’t miss any of these three crucial steps:
1. Require that users agree with acceptable-use terms before connecting to your network. Be sure to include terms like required use of very strong passwords, conditions under which company data may be “wiped” and auto-locking after periods of inactivity.

2. Install a Mobile Device Management System on all connected devices. A good system creates a virtual wall between personal and company data. It lets you impose security measures, and it protects user privacy by limiting company access to work data only.

3. Establish a strong protocol for when a connected device is lost or stolen. Make sure features that allow device owners to locate, lock or wipe (destroy) all data on the phone are preset in advance. That way, the user can be instructed to follow your protocol when their phone is lost or stolen.

Managed Services for Cyber Security

Ransomware, Trojan horses, spyware and malware are things firms like yours don’t ever want to come across. While the term cyber security was once thrown around to scare businesses into purchasing security software, today’s sophisticated threats can have an immense impact, and often one that antivirus solution alone can’t handle. With that in mind, we’ve rounded up top cyber attack statistics that illustrate why you need managed services in order to remain safe and operational.

The Numbers

Small businesses are not at risk of being attacked, but worse, they’ve already fallen victim to cyber threats. According to Small Business Trends, 55 percent of survey respondents say their companies have experienced cyber attack sometime between 2015 and 2016. Not only that, 50 percent reported that they have experienced data breaches with customer and employee information during that time, too. The aftermath of these incidents? These companies spent an average of $879,582 to fix the damages done to their IT assets and recover their data. To make matters worse, disruption to their daily operations cost an average of $955,429.

The Attacks

So what types of attack did these businesses experience? The order from most to least common are as follows: Web-based attacks, phishing, general malware, SQL injection, stolen devices, denial of services, advanced malware, malicious insider, cross-site scripting, ransomware and others.

Why Managed Services?

Managed services is the most effective prevention and protection from these malicious threats. They include a full range of proactive IT support that focuses on advanced security such as around the clock monitoring, data encryption and backup, real-time threat prevention and elimination, network and firewall protection and more.

Not only that, but because managed services are designed to identify weak spots in your IT infrastructure and fix them, you’ll enjoy other benefits including faster network performance, business continuity and disaster recovery as well as minimal downtime. One of the best things about managed services is the fact that you get a dedicated team of IT professionals ready to assist with any technology problems you might have. This is much more effective and budget-friendly than having an in-house personnel handling all your IT issues.

Being proactive when it comes to cyber security is the only way to protect what you’ve worked hard to built. If you’d like to know more about how managed services can benefit your business, just give us a call at 800-421-7151, we’re sure we can help.

Don’t Dismiss Disaster Recovery for 2017

Over the previous months, you’ve probably heard about new and disruptive trends like virtual assistants, smartphones, and automation technologies. Some of these IT solutions may even be placed on top of your business priority list. However, with floods, fires, and power outages just around the corner, disaster recovery and business continuity plans should always have a place on your annual budget.

DR Isn’t A Huge Investment
A common misconception about disaster recovery is that it’s a large, bank-breaking investment. Expensive secondary data centers, networks, and server maintenance usually come into mind when a business owner is confronted with the idea of business continuity. And while that may have been true in the past, establishing a strong disaster recovery plan today is as simple – and as cheap – as going to a cloud-based disaster recovery provider and paying for the data and services that your business needs. Subscription pricing models are actually incredibly low, meaning you can have minimal downtime while still having enough to invest in new tech.

Onsite Backups Just Won’t Cut It

Although you might feel secure with a manual backup server down the hall, it is still susceptible to local disasters and, ultimately, does very little in minimizing company downtime. When disaster recovery solutions are hosted in the cloud or in a virtualized server, restoring critical data and applications only take a few minutes.

Business Disasters Can be Man-Made, Too
Even if your workplace is nowhere near frequent disaster zones, cyber attacks and negligent employees can leave the same impact on your business as any natural disaster can. Setting a weak password, clicking on a suspicious link, or connecting to unsecured channels is enough to shut down a 5-, 10-, or even 50-year-old business in mere minutes.

Sure, installing adequate network security is a critical strategy against malicious actors, but last year’s barrage of data breaches suggests that having a Plan B is a must. A suitable disaster recovery plan ensures that your data’s integrity is intact and your business can keep going, no matter the malware, worm, or denial-of-service attack.

Downtime Will Cost You
A business without a DR plan might come out unscathed after a brief power outage, but why risk the potential damages? Either way, downtime will cost your business. First, there’s the general loss of productivity. Every time your employees aren’t connected to the network, money goes down the drain. Then there’s the cost of corrupted company data, damaged hardware, and the inevitable customer backlash. Add all those variables together, and you end up with a business-crippling fee.

So, if you want 2017 to be the best year for your business, make the smart choice and proactively take part in creating your company’s business continuity plan. Your business will be in a better position financially with it than without it.

Keep your business safe, recover from any disaster, and contact us today at 800-421-7151.

New Ransomware Demands Sacrifice

It’s scary to think you can be simply browsing the Internet when WHAM! A screen pops up out of nowhere claiming that you have been hijacked and will need to pay a bitcoin to free your computer. Unfortunately, ransomware like this is not uncommon. But now there’s a new, more devastating virus that asks victims to pick other victims to replace them in order to get their computer information back safely. Read on to find out how Popcorn Time is turning the ransom game on its head – and how you can protect yourself from it.

Ransomware is nothing new. Cybersecurity miscreants have been taking advantage of online users for years by requiring payment to “unlock” a victim’s computer. What Popcorn Time does differently is give users the option to spread the virus to two other victims in the hopes that they will pay the ransom — a tactic that promises to double their money at the expense of your sense of morality (and at the expense of your friendships as well).

The Cost of Popcorn

When you inadvertently download this ransomware, you will be met with a screen that explains that your files have been hijacked/encrypted, and that to get them back you will need to pay one Bitcoin for a decryption key that they keep stored remotely. The Bitcoin fee is usually more than $700, a hefty price to pay during any season but particularly difficult for those infected right after the holiday season.

Spread the Wealth and Hope they Bite

What makes Popcorn Time unique is the option victims have to take their cost away by allowing the ransomware to affect two of their friends for a chance to get a free decryption code. Of course, it works only if both friends pay the ransom, which leaves you looking (and feeling) like a criminal yourself.
Avoiding Popcorn Time this Season

The easiest way to avoid downloading ransomware is to stay off of sites that might contain questionable files. However, this is nearly impossible for modern users, and many hackers are getting good at making their files look legitimate. Limit your exposure to potential ransomware by keeping your software up-to-date and your computer protected with a security program from a reputable company. If you need to learn more about how to avoid running into ransomware while you’re online, give our professional cybersecurity consultants a call at 800-421-7151. We’ll keep you away from the popcorn this year.

Collaboration-Driving Office 365 Updates

Communication might be the key to personal relationships, but collaboration is the key to business connections. That’s why many small- and medium-sized businesses are looking into Office 365, a productivity and collaboration-enhancing software that allows employees to stay productive on-the-go. Recently, Microsoft announced some new Office 365 features, and we’ve rounded up the four latest updates:

Real-time Collaboration in PowerPoint

Users will now be able to share a PowerPoint deck and update documents with others in real time. This means you’ll be able to see edits as your colleagues make them. Microsoft was committed to expanding real-time co-authoring of a company’s native applications, with Microsoft Word already rolling out this feature beforehand. Currently, real-time collaboration is available for PowerPoint on Windows desktops for Office 365 subscribers in the Office Insider program and for PowerPoint Mobile on Windows tablets.

Move Attachments to the Cloud and Share with Colleagues in Outlook

According to Kirk Koenigsbauer, corporate vice president for the Office team, this feature allows users to transform a traditional document into a shared cloud document within Outlook. Previously, Outlook users could only attach cloud-based documents to an email, but this new feature makes it easier to send large files and to collaborate on those files with ease.

Users can upload files into their own OneDrive or a document library as part of an Office 365 group and then designate sharing permissions for the email recipients. The new feature is currently available in Outlook on the web as well as Outlook on Windows desktops for Office 365 subscribers.

Mobile Notifications for Changes to Shared Documents

With this new update, users will be notified when any cloud documents in Word, Excel and PowerPoint are being shared or edited. These notifications let you know when changes are being made, even if you are away from a particular document, so you’re always connected and know when you have to act. This feature can be integrated with the activity feed on Windows desktops, and help businesses improve user collaboration. Koenigsbauer says that Microsoft will continue working on the notification feature “to provide more detail and transparency around shared document activity in the future.” Sharing and editing notifications are available for Word, Excel, and PowerPoint users on Android and Windows Mobile for Office Insiders. This feature will be available for commercial users in all Office mobile applications in the coming months.

Find, Open, and Save Documents in a ‘Shared with Me’ and ‘Recent Folders’ Tab

Microsoft’s “Shared with Me” tab in Word, Excel, and PowerPoint makes it easier for enterprise users to find and open shared documents without having to leave the app you’re working in. At the moment, the Shared with Me tab is available on Windows desktops and Macs for all Office 365 subscribers, iOS and Android devices included. And soon, it will be available on Windows Mobile. And the “Recent Folders” tab — used to help quickly locate files as well — is now available in Word, Excel and PowerPoint on Windows desktops for Office 365 subscribers in the Office Insider program.

Technology has become an integral part of modern businesses, and investing in the right IT resources is needed in order to achieve success. With the latest additions to Microsoft Office 365, small- and medium-sized businesses will enjoy enhanced staff collaboration, increased corporate productivity, and an overall competitive advantage.

Cyberhack Underscores Law Firms’ Vulnerability

Major U.S. law firms have become more vigilant in recent years about the risks of cyberattacks, but revelations this week of a major hack on two New York firms are a reminder that the industry remains vulnerable. 


The Manhattan U.S. attorney’s office unsealed a criminal indictment Tuesday against three Chinese men accused of using stolen law-firm employees credentials to access troves of internal emails at two law firms. The men, according to prosecutors, used details they obtained in law-firm partner emails about pending deals to make more than $4 million in illegal stock trades.

Legal-industry experts say law firms often lag behind corporate clients in data-security measures, even though they are entrusted with valuable trade secrets, market-moving deal news and other sensitive information that is attractive to hackers.
The reason behind the gap is twofold: Lawyers have only felt the treat recently, and law firms traditionally lag behind other industries in tying to become more efficient through technology, largely because they bill their services based on time.

“Law firms aren’t necessarily committed to things that don’t make them money per se,” said Neil Watkins, the senior vice president of security, risk, compliance, and privacy at legal-services company Epic Systems. Mr. Watkins said law firms are at least three years behind what’s become standard of data security in finance and other industries, though he says awareness is improving.

Starting a few years ago, large banks began requiring their top law firms to undergo data-security audits and meet stringent standards.
That level of scrutiny is now being applied by other sectors. Marsh, and McLennon Cos. general counsel, Peter Beshar, said that in recent months, he’s begun requiring his top 10 outside law firms to meet six cybersecurity standards, including using encrypted transmissions when sending messages externally, having detailed incident-response plans and securing $5 million in cybersecurity insurance coverage.

To help stay ahead of a breach, law firms have formed an information-sharing group to learn about new potential threats and system weaknesses from both each other and government agencies. The group, which so far counts more than 100 firms, helped disseminate information on a potential threat a few months ago and thwarted a hack, said Bill Nelson, chief executive officer of the Financial Services information Sharing and Analysis Center, which oversees the legal group and similar entities that focus on other industries. Los angeles family-law lawyer Stacy Phillips said the need to protect the personal information of her clients was at the top of her mind earlier this year the she merged hr boutique law firm into Blank Rome, LLP, a 600-lawyer firm based in Philadelphia. Investing in adequate data-security technology was becoming “prohibitively expensive” at the smaller firm, she said. “It was very much a stress,” she added.

Now at Blank Rome, she said the matrimonial practice, which holds extremely private information from client divorces and custody battles, has a double layer of security to ensure no one else at the firm can access their files.

As read in the Wall Street Journal
Written by Sara Randazzo

Why HTML5 leads the Charge for Chrome

Most people are familiar with the problems associated with loading a Flash-based page, from slower loading times to page crashes that require restarting the browser altogether. Now, Google has announced that its browser will disable Flash and initiate an HTML5 default that will eventually trickle down to every Chrome user. Learn more about how Google will transition the format of the information you find using Chrome and how this will impact your browsing experience.

The Current State of HTML5

HTML5 first hit the market in 2008 as a modification to its 4.0 version, adding a few changes and fixing bugs (as happens with most newer versions of programs). But it also promised to change the way developers design webpages and influence how browsers search for and view online information.

Most websites currently utilize a Flash-based display protocol, which is often slow and uses significantly more resources than HTML5 to accomplish the same tasks. By changing to an HTML5 default and requesting permission to use Flash, users have the advantage of faster load times and a more efficient browsing experience.

The Use of Adobe Flash

One benefit of using Flash for developers is purely aesthetic: Flash makes the website look good because the designs, colors and motion on the page are generally more eye pleasing. Unfortunately, the disadvantages far outweigh the advantages. Using Flash on a commercial website means slower performance, confusing navigation schemes, incompatibility with web analytics software, and limited visibility in some formats.

Google’s Plan to Phase Out Flash

Google Chrome users should begin to notice a change in how they browse websites starting this month, December 2016. Only 1% of Chrome users (and a handful of users using the beta browser) will be asked whether they wish to run Flash as they go about their Christmas shopping.

In January 2017, Google’s proprietary browser will begin asking users whether they wish to use Flash whenever they visit a new website. In February 2017, with the release of the newest iteration of the Chrome browser, users will be asked before Flash components run on a page. Finally, by October 2017 all sites will load using HTML5 by default and require users to physically enable the Adobe Flash to experience anything delivered in that medium.

Developers at Chrome hope that by stretching out the introduction of HTML5 default settings, web designers will have time to adjust their strategies away from Flash and toward a more user-friendly design strategy.

We suggest that you keep an eye on your website and keep up with your web developer to ensure that your site continues to run correctly on all browsers. Your web developer should be aware of the updates of all web browsers and must continuously check your site on these browsers to ensure that your site is displaying correctly and staying gorgeous.