Blog

April 26th, 2017

Microsoft Word is a staple business application. But since so many people use it on a daily basis, hackers work tirelessly to expose and exploit flaws in the system. In fact, cybercriminals stumbled upon a Word vulnerability that puts your sensitive data at risk. Read on to learn more about the exploit and what you can do about it.

The attack On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Published with permission from TechAdvisory.org. Source.

Topic Office
April 25th, 2017

Instead of an outright operating system update, Microsoft is now releasing named updates that come with enhancements and other features that individual users and businesses should get excited about. Its latest, Creators Update on Windows 10, includes new design touches and a handful of productivity features. Are the new features worth the updates?

Controlled updates

If you’ve been using Windows 10, you’re familiar with this scenario: While you’re on your computer, the system automatically reboots for automatic updates, interrupting your workflow. Although automatically having your system updated on time has advantages, it can also be a burden and a nuisance because it leaves you with no option to decline or delay an update -- which you might want to do especially when you’re in the middle of a critical task.

With the Creators Update, you can choose to pause updates for a week. It also lets you set Active Hours, an 18-hour window when Windows won’t install updates. It’s a minor enhancement that should be a welcome feature to users who like having better control over their system updates.

Improved privacy controls

When Windows 10 was launched, privacy was a big concern among users, mainly because of the amount and nature of data being collected. Users and certain regulatory bodies were alarmed that Microsoft, through Windows 10, didn’t have enough control over how it processes and collects data. Microsoft initially responded by announcing that setting up privacy protocols will be easier when it launches its new updates.

And now, Microsoft has taken steps to address these privacy issues. Creators Update introduces a Privacy Dashboard, which offers a more seamless and user-friendly way to control privacy settings, specifically in terms of location, speech recognition, diagnostics, tailored diagnostics data, and relevant ads.

Another privacy enhancement is in Windows Defender, which now features improved scanning options and better reporting of your PC’s performance and health.

Other small changes

Other interface enhancements and updates to the Windows 10 ecosystem also add a nice touch to the overall user experience. These updates include more vivid themes, a bluetooth-enabled lock function called Dynamic Lock, new display settings, videos and maps writing capabilities, and more.

Among the other new features, users might not immediately notice the upgraded storage settings. If you’re worried about all these new applications and programs taking up space in your PC, don’t fret. The new update also comes with a storage setting that auto-deletes unnecessary files when your storage space is about to run out.

All in all, businesses that use Windows 10 can expect better privacy, controlled updates, improved security, and a smoother user experience with the Creators Update. Microsoft is expected to introduce even more updates later this year, and if you want to know how you can make the most of these and other Microsoft features, we’re here to help.

Published with permission from TechAdvisory.org. Source.

Topic Windows
April 24th, 2017

You pay close enough attention to the links you click to avoid clicking on something like goolge.com or evrenote.com...right? Because if you’re not, you could end up exposing your computer or smartphone to a host of malware. The newest phishing attack strategy is the worst of all, and can catch even the most astute users off guard.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades -- and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com -- which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
April 21st, 2017

Since 2013 when the current Mac Pro model was released, nothing has been confirmed regarding the progeny of the high-end workstation, until now. When will the new Mac Pro be released? What can you expect under the hood? How much will it cost? We answer all that and more.

Processor

The new Mac Pro is rumored to feature the next-generation Intel Xeon E5 processor. While the current models are configurable up to 3.5GHz for the six-core option, 3.0GHz for the eight-core option, and 2.7GHz for the 12-core option, the 2018 model could offer up to 14 or 18 cores per processor. What’s more, each model will likely come equipped with the Iris Pro Graphics P580, a highly powerful graphics processing unit (GPU) that will make heavy file renders a breeze.

However, there’s a small chance that Apple might abandon Intel chips altogether and move to AMD’s RYZEN 7 CPUs, which just set a new standard for high performing CPU processors.

RAM and storage

The new Intel Xeon chips are rumored to have DDR4 memory controllers, and if that’s true, you can expect uber fast memory and low latency without having to worry about issues with overheating. Currently, the 15-inch MacBook Pro comes with 16GB RAM, so it’s likely that you could expect the same RAM with the updated entry-level model of the Mac Pro. And because Apple knows that users usually work with very large files, an option for 2TB flash storage could be possible.

Ports

Claims that the new Mac Pro might offer more Thunderbolt ports in the form of USB-3 are also up in the air. This makes sense as it brings Thunderbolt to USB-C at 40Gbps which ensures faster data transfer speed.

While a number of users wish Apple would offer PCI slots so they could add faster SSDs and more powerful video cards, looking back at the company’s previous releases, we don’t think you should get your hopes up just yet.

Design

According to Apple, the triangular design of the Mac Pro’s thermal core was what limited them from offering updates to the machine. Because of that, we’ll probably see a completely new design in the 2018 model.

Prices

Apple just rolled out some minor updates to the current Mac Pro, including enhanced specs at lower price points. For the $2,999, you now get a 6-core Intel Xeon processor, dual AMD FirePro D500 GPUs and 16GB of memory. And for $3,999, you now get an 8-core processor and dual D700 GPUs.

Having said that, you can expect slightly higher prices for the new Mac Pro than the current models, like with most new Apple releases.

Release date

The timeframe is 2018, but keep in mind that the present Mac Pro was unveiled at WWDC in 2013 and supply was so restrained that people didn’t get theirs until the following spring. Therefore it’s highly possible that the new model will be launched at WWDC 2018 during summer and won’t probably ship until the end of the year.

Stay tuned for more updates on the new Mac Pro. And if you’d like to know more about other Apple products, or learn how they can streamline your operations, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Topic Apple
April 20th, 2017

2017April20Business_CIt makes a lot of sense for electronics firms to pack a variety of functions into mobile devices and expand their usefulness. Instead of confining their use to communications, companies such as Apple, Samsung, and others have turned mobile phones into mini-computers that can serve as a substitute for your laptop, or as a storage device. If you’re using mobile phones as a communications and storage device, backing up now would be a wise move.

Malware on mobile

More than 50% of the world’s adult population use a mobile phone with internet connection, so dangers in these handy devices are to be expected. Scarier than the thought of being offline is being online and exposed to malware.

If you use your mobile devices as an extension of your work computers, backing up is a must. Mobile phones have become as vulnerable to malware as laptops and desktops have, especially if you consider the fact that many professionals and business owners use them for emailing confidential documents and storing business-critical files.

Device disasters

Other than malware, other types of disasters can happen on your device. Because you carry it wherever your go, your device can easily be stolen, misplaced, or damaged. They may be easily replaceable, but the data contained in them may not. Having completely backed up data on your devices helps prevent a minor inconvenience from turning into a disastrous situation.

Backup options

Performing backups in iPhone and Android devices is a seamless process. Their operating systems require only minimal effort from users, and backing up entails nothing more than logging into their Apple or Google account. However, other users have different devices with different operating systems, slightly complicating the process.

Mobile devices’ safety is essential to business continuity plans. So whether your office users are tied to a single operating system or prefer different devices, there are options to back up all your organization’s mobile devices. There are cloud backup services that enable syncing of all devices and that back up files, contacts, photos, videos, and other critical files in one neat backup system. These mobile backup tools are offered on monthly or lifetime subscription schemes, which provides small businesses with enough flexibility to ensure protection.

Mobile phones have become so ubiquitous to how people function that many feel the need to have two or more phones, mostly to have one for personal use and another for business. With all these options on hand, there’s no excuse for not backing up data on your mobile devices.

Our experts can provide practical advice on security for your business’s computers and mobile devices. Call us for mobile backup and other security solutions today.

Published with permission from TechAdvisory.org. Source.

Topic business
April 19th, 2017

170px_shutterstock_313698662WordPress is one of the most powerful blogging and content management systems (CMS) to date. Since it powers approximately 27% of all websites, there’s no room for sluggish load times, potential security vulnerabilities, or search engine delistings. To avoid these problems altogether, sticking to the following checklists might help.

Make backups It’s crucial that you perform a daily offsite backup of your WordPress files and database. This ensures data security in the event of a network breach or natural disaster and facilitates the resumption of your business's regular operations. Although plugins like BackUpWordPress and hosting servers like SiteGround automate the backup process, you should still perform manual backups.

Verify backups Not only should you be making backups, you should also be verifying them. By doing so, you are making sure that the backed up files are going where they are supposed to, and backups are being restored. The last thing you need is a failed backup strategy on the day you need it most!

Daily security reports If you ask any cybersecurity expert, “Is it crucial to maintain a daily network security report?” the answer will be a resounding YES. While you might not have enough time to carry out thorough inspections and create these reports yourself, you can rely on security monitoring services like Securi. Not only does it carry out the inspections, it sends an SMS notification of any suspicious activity and even emails you a daily status report.

Malware scans Cybercriminals are growing in both number and sophistication. With every passing day, new strains of malware are developed and released onto small- or medium-sized businesses. Unless you are a bonafide hacker yourself, detecting malware might be a little tricky. WordPress plugins like Wordfence keeps your website safe using the latest firewall rules, malware signatures, and malicious IP addresses.

Speed audits Slow and steady might be qualities valued by some, but not so much for your website. Plugins like Google PageSpeed Insights test how fast your site loads. Because if it takes more than five seconds, you should consider implementing caching and other measures to speed up your site. Slow sites put off visitors and lower search rankings.

Review your site For this step, sit down with an impartial friend and let them explore your website. A fresh pair of eyes might highlight issues you might have overlooked, such as forgetting to update the copyright date in your footer.

Forbes, National Geographic, and The New York Times are all powered by WordPress, which means you are in good company. By sticking to the checklist, you too can harness the power of this online, open-source website creation tool. Or, instead of signing up for half a dozen services that need daily check-ins, why not have us take care of all of it for you? If you have further questions, don’t hesitate to send us an email or give us a call!

Published with permission from TechAdvisory.org. Source.

Topic Web & Cloud
April 18th, 2017

2017April18Hardware_CAs workplace IT gets more and more hi-tech, the average user gets further from the building blocks that keep it running. At times that seems like a good thing, but if you aren’t aware of the most basic aspects of your hardware, you could be vulnerable to a nasty cyber attack. Make sure you’re secure with the help of our firmware advice.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Published with permission from TechAdvisory.org. Source.

Topic Hardware
April 14th, 2017

2017April14Android_CMigrating information from an old Android phone to a new one may be one of the least exciting tasks of buying a new gadget, but it’s usually the most crucial as well. Fortunately, Google has made it incredibly simple to move information from one phone to another. There are three possible approaches, and we’ve covered each in detail.

Backing up to Google

Google’s free services are so tightly integrated with the Android operating system that it would be crazy not to sign up for a Google account. If you do have one, it’s usually the easiest way to migrate your contacts between phones.
  1. Open the Settings application on your phone.
  2. Scroll down and select Accounts (depending on the phone manufacturer it may be labeled something slightly different).
  3. Tap Google.
  4. Select your preferred Gmail address.
  5. Enable Sync Contacts and select Sync Now at the bottom of the screen.
  6. Visit google.com/contacts and confirm that everyone is there.
Good, from this moment on contacts from that phone will automatically be synced to your preferred Google account. Then all you need to do is add that account to your new phone.
  1. Return to the Account window in your settings app (step #2 above).
  2. Scroll to the bottom and select Add account.
  3. Choose Google and enter your account login information.
  4. Open the settings window for that account (step #4 above).
  5. Select Sync Contacts.
That’s it! The first set of instructions exports contacts from your old phone to Google.com, and the second set downloads them to your new phone.

Backing up to your SIM card

SIM cards are how your cellular provider keeps track of your phone number and who you are. If you’re lucky, you can just pop your existing SIM into your new phone and the majority your data will move with it. Double-check that’ll happen with these steps:
  1. Open your Contacts application (sometimes named People).
  2. Tap the More option (sometimes this is three dots stacked vertically).
  3. Select Import/Export.
  4. Choose Export to SIM and pick which information you want to store on the SIM card.
Once that’s finished, everything should be downloaded to the new phone as soon as you plug in the SIM card!

Using a third-party app

Verified apps, downloaded from the Google Play store, further simplify this process if you’re willing to go through the hassle of choosing one of the dozens of options. If you pick this approach, most apps are no more complicated than a checklist of which contacts you want to transfer with a Send button at the bottom. As long as you’ve installed the app on your new phone as well, and linked the two with a password, that’s all it takes.

Contact migration sounds easy enough, but it’s no simple task if you’ve got an entire fleet of company phones to migrate. Our fully-managed solutions cover all your Android needs, and if you’d rather we take care of some menial task, we can do it in no time. Just drop us a line to find out more!

Published with permission from TechAdvisory.org. Source.

Topic android
April 13th, 2017

2017April13Virtualization_CWhether or not you understand virtualization, there’s a good chance you’ve never had a hands-on experience with a virtualized desktop. As one of the most basic applications of virtualization technology, network-based desktops are the perfect example of how businesses can benefit from any form of virtualization. Read on to test out an example desktop!

What is virtualization?

The simplest definition is this: It’s the act of creating a virtual (rather than physical) version of something, including hardware platforms, storage devices, and computer network resources. But that doesn’t do much for those outside of the IT industry.

We could paint a colorful analogy to try to better explain it, or we could let you paint with your very own virtualized demo. Follow these steps so you can see how virtualization works:

  1. Visit this website.
  2. Wait while your virtualized 1991 Macintosh boots up.
  3. Double-click the ‘Kid Pix’ desktop icon.
  4. Write “This is virtualization” on the blank canvas.
  5. Click (and hold) File, and select Save As.
  6. Click the Save button in the new window.
  7. Quit ‘Kid Pix’.
Voilà! Your picture was saved to that old-school Mac's virtual hard drive. That’s because everything -- from the operating system to the processor -- is running on a server located somewhere else on the internet. And it’s not just some remote desktop viewing trick, this ’90s-era Mac and its hardware have been created by software installed on a server that is concurrently processing a million other tasks.

It’s a fun demonstration, but modern-day virtualization can accomplish much more.

Divide up hardware resources

The dated nature of that machine actually helps us better illustrate the biggest benefit of virtualization. The software that lets us create virtual machines also allows us to define exactly how much hardware each workstation gets.

For example, this Mac has only 3.8 MB of hard drive space, but if your virtualization server has 10,000 GB of space, you can create 100 virtual desktops with 100 GB of storage space. It’s a bit of an oversimplification, but that’s essentially how it works with storage hardware, CPUs, RAM, and other hardware.

Reduce on-site costs

The bulk of your workstation and server hardware is usually hosted off-site, which means lower utility bills, computer equipment requirements, and maintenance overhead. Instead of patching and upgrading each workstation’s software and hardware individually, virtualization allows you to apply changes to all your machines at once.

Disaster recovery

If your virtualization server is hosted off-site, what happens when natural disasters, power outages, theft, or vandalism strikes your office? Or, as a simpler example, where did you store your Kid Pix masterpiece? Certainly not on the machine you’re reading this blog from.

Virtualization allows you to keep mission-critical data stored safely away from the office so your team can get back to work as soon as your IT provider gets them access to the server again. And with a single point of management (i.e., your off-site server), that can take place in virtually no time at all.

Ending your dependence on individual machines and their hardware is just one of the many ways to utilize the power of virtualization. You can define network hardware and configurations with software, run applications on any operating system, and so much more. To find out which solution is best for your business, call us today!

Published with permission from TechAdvisory.org. Source.

April 11th, 2017

2017April11Office_CHave you recently created and uploaded a Microsoft file on Microsoft’s free document-sharing platform, docs.com? Did you know that other than yourself and the small group of people you wish to share documents with, your uploaded documents can be publicly viewed and searched via Google or Bing? Regardless of your reasons for using docs.com, your files should never be made available to complete strangers.

What’s the damage?

Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers -- all these were some of the supposedly leaked documents, which were clearly meant to be private. But, a security researcher discovered that these sensitive files were accessible using docs.com’s search function.

After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function.

Recent updates

To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease.

Microsoft’s final word

Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site.

In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground.

Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services.

If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now for advice.

Published with permission from TechAdvisory.org. Source.

Topic Office